Issues with DNS-server
This article provides solutions to the most common issues you may have when using ISPmanager Lite (Pro, Host).
DNS-server logs and files
Files | CentOS | Debian, Ubuntu |
---|---|---|
BIND configuration file | /etc/named.conf | /etc/bind/named.conf |
BIND Domain zone files | /var/named/* | /etc/bind/domains |
PowerDNS configuration file | /etc/pdns/pdns.conf | /etc/powerdns/pdns.conf |
PowerDNS domain zone records. The records are kept in MySQL databases, a separate base for every name space. | The default name space is powerdns. | The default name space is pdns. |
BIND and PowerDNS logs | /var/log/messages | /var/log/syslog |
Master DNS-server diagnostics
DNS server does not respond to request for domain zone
Make sure the DNS-server on the master server responds to requests for the domain zone:
dig <domain> @<IP address> ANY +short
A response will look something like this:
dig domain.name @1.1.1.1 ANY +short
mary.me. root.example.com. 2014041800 10800 3600 604800 86400
ns2.example.com.
ns1.example.com.
"v=spf1 ip4:1.1.1.1 a mx ~all"
10 mail.domain.name.
1.1.1.1
The following response indicates that the DNS-server is not running:
dig domain.nam @1.1.1.1 ANY +short
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.nam @1.1.1.1 ANY +short
;; global options: +cmd
;; connection timed out; no servers could be reached
An empty response indicates that the DNS-server doesn't have information about the domain. Perhaps, it could not upload the domain zone. Open the log for more details.
BIND could not upload the domain zone
The most common cause of this issue is an incorrect zone file.
Please check:
- If both the domain and name servers are from the same zone, A-records for the name servers must be specified in the domain zone file. For example, the domain domain.com and the name servers ns1.domain.com, ns2.domain.com. If A-records are not present, you will see the following information in the log file: To resolve this issue, add A-records into the zone file:
zone domain.name/IN: NS 'ns1.domain.name' has no address records (A or AAAA) zone domain.name/IN: NS 'ns2.domain.name' has no address records (A or AAAA) zone domain.name/IN: not loaded due to errors.
ns1 IN A <IP address of the primary name server> ns2 IN A <IP address of the secondary name server>
- The A and CNAME records cannot be specified for the same subdomain: This can cause the following error:
me.domain.name. IN A 8.8.8.8 me.domain.name. IN CNAME google.com
Also, it is not possible to create the CNAME record for second-level domains.zone domain.name/IN: loading from master file /var/named/domain.name failed: CNAME and other data zone domain.name/IN: not loaded due to errors.
Slave name server diagnostics
Checking connection with the DNS-server
Try to connect to port 53 of the master server through telnet:
telnet <IP address of the master server> 53
If you cannot connect, check the Firewall settings on the master and slave servers.
Checking domain zone transfer from the master to the slave server
Execute the command:
dig <domain> @<IP address> axfr
The response should look like this:
dig domain.name @1.1.1.1 axfr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.name @1.1.1.1 axfr
;; global options: +cmd
domain.name. 3600 IN SOA mary.me. root.example.com. 2014041800 10800 3600 604800 86400
domain.name. 3600 IN NS ns1.example.com.
domain.name. 3600 IN NS ns2.example.com.
domain.name. 3600 IN TXT "v=spf1 ip4:1.1.1.1 a mx ~all"
domain.name. 3600 IN MX 10 mail.domain.name.
domain.name. 3600 IN A 1.1.1.1
ftp.domain.name. 3600 IN A 1.1.1.1
mail.domain.name. 3600 IN A 1.1.1.1
pop.domain.name. 3600 IN A 1.1.1.1
smtp.domain.name. 3600 IN A 1.1.1.1
www.domain.name. 3600 IN A 1.1.1.1
domain.name. 3600 IN SOA mary.me. root.example.com. 2014041800 10800 3600 604800 86400
A possible cause: the file of the DNS-server domain zone in allow-transfer includes the private IP address, which is not accessible from the secondary server.
Access permissions
The following information is displayed in the log file during domain zone transfer:
zone domain.name/IN: loading from master file /var/named/domain.name failed: permission denied
one domain.name/IN: not loaded due to errors.
It indicates insufficient permissions for the zone file. The zone file must belong to the user who runs BIND:
ls -ld /var/named/domain.name
-rw------- 1 named named 395 Apr 18 06:24 /var/named/domain.name
Also check the /var/named/ directory permissions:
ls -ld /var/named/
drwxr-x--- 5 root named 4096 Apr 18 06:32 /var/named/