Ispmanager 6 lite, pro, host documentation

Issues with DNS-server

 

This article provides solutions to the most common issues you may have when using ISPmanager Lite (Pro, Host).

DNS-server logs and files

FilesCentOSDebian, Ubuntu
BIND configuration file/etc/named.conf/etc/bind/named.conf
BIND Domain zone files/var/named/*/etc/bind/domains
PowerDNS configuration file/etc/pdns/pdns.conf/etc/powerdns/pdns.conf
PowerDNS domain zone records.
The records are kept in MySQL databases, a separate base for every name space.
The default name space is powerdns.The default name space is pdns.
BIND and PowerDNS logs/var/log/messages/var/log/syslog

Master DNS-server diagnostics

DNS server does not respond to request for domain zone

Make sure the DNS-server on the master server responds to requests for the domain zone:

dig <domain> @<IP address> ANY +short
View details

A response will look something like this:

dig domain.name @1.1.1.1 ANY +short
mary.me. root.example.com. 2014041800 10800 3600 604800 86400
ns2.example.com.
ns1.example.com.
"v=spf1 ip4:1.1.1.1 a mx ~all"
10 mail.domain.name.
1.1.1.1

The following response indicates that the DNS-server is not running:

dig domain.nam @1.1.1.1 ANY +short
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.nam @1.1.1.1 ANY +short
;; global options: +cmd
;; connection timed out; no servers could be reached

An empty response indicates that the DNS-server doesn't have information about the domain. Perhaps, it could not upload the domain zone. Open the log for more details.

BIND could not upload the domain zone

The most common cause of this issue is an incorrect zone file.

Please check:

  1. If both the domain and name servers are from the same zone, A-records for the name servers must be specified in the domain zone file. For example, the domain domain.com and the name servers ns1.domain.com, ns2.domain.com. If A-records are not present, you will see the following information in the log file:
    zone domain.name/IN: NS 'ns1.domain.name' has no address records (A or AAAA)
    zone domain.name/IN: NS 'ns2.domain.name' has no address records (A or AAAA)
    zone domain.name/IN: not loaded due to errors. 
    To resolve this issue, add A-records into the zone file:
    ns1 IN A <IP address of the primary name server>
    ns2 IN A <IP address of the secondary name server>
  2. The A and CNAME records cannot be specified for the same subdomain:
    me.domain.name.   IN      A       8.8.8.8
    me.domain.name.   IN      CNAME   google.com
    This can cause the following error:
    zone domain.name/IN: loading from master file /var/named/domain.name failed: CNAME and other data
    zone domain.name/IN: not loaded due to errors.
    Also, it is not possible to create the CNAME record for second-level domains.

Slave name server diagnostics

Checking connection with the DNS-server

Try to connect to port 53 of the master server through telnet:

telnet <IP address of the master server> 53

If you cannot connect, check the Firewall settings on the master and slave servers.

Checking domain zone transfer from the master to the slave server

Execute the command:

dig <domain> @<IP address> axfr
View details

The response should look like this:

dig domain.name @1.1.1.1 axfr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.name @1.1.1.1 axfr
;; global options: +cmd
domain.name.		3600	IN	SOA	mary.me. root.example.com. 2014041800 10800 3600 604800 86400
domain.name.		3600	IN	NS	ns1.example.com.
domain.name.		3600	IN	NS	ns2.example.com.
domain.name.		3600	IN	TXT	"v=spf1 ip4:1.1.1.1 a mx ~all"
domain.name.		3600	IN	MX	10 mail.domain.name.
domain.name.		3600	IN	A	1.1.1.1
ftp.domain.name.	3600	IN	A	1.1.1.1
mail.domain.name.	3600	IN	A	1.1.1.1
pop.domain.name.	3600	IN	A	1.1.1.1
smtp.domain.name.	3600	IN	A	1.1.1.1
www.domain.name.	3600	IN	A	1.1.1.1
domain.name.		3600	IN	SOA	mary.me. root.example.com. 2014041800 10800 3600 604800 86400

A possible cause: the file of the DNS-server domain zone in allow-transfer includes the private IP address, which is not accessible from the secondary server.

Access permissions

The following information is displayed in the log file during domain zone transfer:

zone domain.name/IN: loading from master file /var/named/domain.name failed: permission denied
one domain.name/IN: not loaded due to errors.

It indicates insufficient permissions for the zone file. The zone file must belong to the user who runs BIND:

ls -ld /var/named/domain.name
-rw------- 1 named named 395 Apr 18 06:24 /var/named/domain.name

Also check the /var/named/ directory permissions:

ls -ld /var/named/
drwxr-x--- 5 root named 4096 Apr 18 06:32 /var/named/