How to fix dns errors on ubuntu?

centosfan · 01-15-2008, 08:34 PM

.....................................

JimBass · 01-15-2008, 09:48 PM

1) This is not a valid IP address - 12.46.148.788. That is part of the problem.

2) You do not have agreement between your listed nameservers and the ones set by your registrar. You generally don't want that. Whatever the servers are within your zone file should exactly match what you have configured with your registrar. Some people like the use of a stealth server, but you don't leak the stealth info if you are doing that.

3) This is an extension of the previous problem. Also, hiding your domain name is a very poor choice for DNS problems. If you posted the true name, I could tell you specifically what you need to change.

4) Still the same problem as above.

Adding openDNS won't help at all with this problem. OpenDNS is a resolver only, and this is a problem with an authoritative DNS problem. OpenDNS just gives an answer to "what IP does google.com have", it can't answer about your domain. They have nothing to do with one another.

Peace,
Jim

centosfan · 01-16-2008, 06:07 AM

JimBass · 01-16-2008, 07:10 AM

Nope. DNS is not something that hides info. By its nature, it should be visable for the whole world. Also, DNS is not an attack vector. Knowing that such and such a domain name has its DNS done by such and such servers isn't a problem. Besides, then the next person looking for help with the same problem can't find the answer here.

Please post the domain name here, I don't work over PM.

Peace,
Jimbass

centosfan · 01-16-2008, 07:50 AM

JimBass · 01-16-2008, 06:32 PM

You have some problems, mostly the setup of authority.

The simple part of your problem (the one that lead to most of your errors above) is that you registered 2 authoritative nameservers with your registrar (Moniker Online Services) named ns1.lukastgp.biz and ns2.lukastgp.biz, but then in the zone file on your DNS servers, instead of identifying and naming ns1 and ns2, you set the start of authority (SOA for short) to ns.lukastgp.biz. That mismatch is the problem. Since your registrar things your DNS servers are ns1 and ns2, you have to define ns1 and ns2, set the SOA to one of those, and setup NS records to both ns1 and ns2, and define those IP addresses with A records. This is how I would setup the beginning of the zonefile to correct those problems:

Code:

$ORIGIN .
$TTL 7200       ; 2 hours
lukastgp.biz           IN SOA  ns1.lukastgp.biz. root.lukastgp.biz. (
                                2008011700 ; serial
                                7200       ; refresh (2 hour)
                                500        ; retry (8 minutes 20 seconds)
                                1209600    ; expire (2 weeks)
                                7200       ; minimum (2 hours)
                                )
                        NS      ns1.lukastgp.biz.
                        NS      ns2.lukastgp.biz.

                        A       72.11.142.229
                        MX      10 mail.lukastgp.biz.

$ORIGIN lukastgp.biz.
mail                    A       72.11.142.229
www                     A       72.11.142.229
ns1                     A       72.11.142.229
ns2                     A       72.11.142.230

That will correct the whole stealth server problem.

You have a nameserver running at 72.11.142.229, but when I ask for the same info from 72.11.142.230, I get no reply. The NS2 nameserver should NOT be the same machine as NS1! Since the IP addresses are right next to each other, I suspected they were the same box. They might be, but they shouldn't be. Here is what I get when I query your nameservers - the first is not great but works, the second is useless, as it gives no info:

Code:

jim@ns1:~$ dig lukastgp.biz @72.11.142.229

; <<>> DiG 9.3.3 <<>> lukastgp.biz @72.11.142.229
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59001
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;lukastgp.biz.                  IN      A

;; ANSWER SECTION:
lukastgp.biz.           86400   IN      A       72.11.142.229

;; AUTHORITY SECTION:
lukastgp.biz.           86400   IN      NS      ns.lukastgp.biz.

;; ADDITIONAL SECTION:
ns.lukastgp.biz.        86400   IN      A       72.11.142.229

The bad ->

Code:

jim@ns1:~$ dig lukastgp.biz @72.11.142.230

; <<>> DiG 9.3.3 <<>> lukastgp.biz @72.11.142.230
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

The whois info, wherein your authoritative servers are named:

Code:

jim@ns1:~$ whois lukastgp.biz
Domain Name:                                 LUKASTGP.BIZ
Domain ID:                                   D17079169-BIZ
Sponsoring Registrar:                        MONIKER ONLINE SERVICES, LLC
Sponsoring Registrar IANA ID:                228
Domain Status:                               clientDeleteProhibited
Domain Status:                               clientTransferProhibited
Domain Status:                               clientUpdateProhibited
Registrant ID:                               MONIKER1151056
Registrant Name:                             Luka Horvatic
Registrant Address1:                         rapoceva 5
Registrant City:                             Varazdin
Registrant State/Province:                   Varazdinska zupanija
Registrant Postal Code:                      42000
Registrant Country:                          Croatia
Registrant Country Code:                     HR
Registrant Phone Number:                     +385.917657722
Registrant Email:                            jacobkell@7223.net
Administrative Contact ID:                   MONIKER1151057
Administrative Contact Name:                 Luka Horvatic
Administrative Contact Address1:             Rapoceva 5
Administrative Contact City:                 Varazdin
Administrative Contact State/Province:       Varazdinska zupanija
Administrative Contact Postal Code:          42000
Administrative Contact Country:              Croatia
Administrative Contact Country Code:         HR
Administrative Contact Phone Number:         +385.917657722
Administrative Contact Email:                jacobkell@7223.net
Billing Contact ID:                          MONIKER1151057
Billing Contact Name:                        Luka Horvatic
Billing Contact Address1:                    Rapoceva 5
Billing Contact City:                        Varazdin
Billing Contact State/Province:              Varazdinska zupanija
Billing Contact Postal Code:                 42000
Billing Contact Country:                     Croatia
Billing Contact Country Code:                HR
Billing Contact Phone Number:                +385.917657722
Billing Contact Email:                       jacobkell@7223.net
Technical Contact ID:                        MONIKER1151057
Technical Contact Name:                      Luka Horvatic
Technical Contact Address1:                  Rapoceva 5
Technical Contact City:                      Varazdin
Technical Contact State/Province:            Varazdinska zupanija
Technical Contact Postal Code:               42000
Technical Contact Country:                   Croatia
Technical Contact Country Code:              HR
Technical Contact Phone Number:              +385.917657722
Technical Contact Email:                     jacobkell@7223.net
Name Server:                                 NS1.LUKASTGP.BIZ
Name Server:                                 NS2.LUKASTGP.BIZ
Created by Registrar:                        GODADDY.COM, INC.
Last Updated by Registrar:                   MONIKER ONLINE SERVICES, LLC
Last Transferred Date:                       Fri Sep 28 16:01:53 GMT 2007
Domain Registration Date:                    Wed Mar 28 17:01:16 GMT 2007
Domain Expiration Date:                      Fri Mar 27 23:59:59 GMT 2009
Domain Last Updated Date:                    Tue Dec 18 12:40:28 GMT 2007

The DNS stuff page told you precisely how to make your server not be an open relay, and instead of following the directions, you posted here. Boy, they actually want you to edit a file! And restart BIND who would have though it would be soooooo difficult! Follow the directions here, and you'll no longer be an open DNS server - http://member.dnsstuff.com/info/opendns.php

You'll only need to change the zonefile for lukastgp.biz, change the allow relay line in named.conf, and get a BIND server set up at the address you have for NS2. If you do all that, your DNS problems will be cleared up.

Peace,
JimBass