LinuxQuestions.org
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Useage of nameserver ips in /etc/resolv.conf (https://www.linuxquestions.org/questions/linux-server-73/useage-of-nameserver-ips-in-etc-resolv-conf-4175528709/)

VolkHe 12-18-2014 07:45 PM
Useage of nameserver ips in /etc/resolv.conf
 
I noticed I have some IPS already listed in /etc/resolv.conf that appear in a similar range to my server(Im guessing they are ownedby my webhost)

I did not put these there, but I am wondering If I can use these in a zone domain file?

exmaple

/etc/resolv.conf
Quote:
nameserver 44.55.66.77
nameserver 55.66.77.88
/var/named/mydomain.com.db
Quote:
...
domain.com. IN NS ns1.domain.com.
domain.com. IN NS ns2.domain.com.

ns1.domain.com. IN A 44.55.66.77
ns2.domain.com. IN A 55.66.77.88
...
Would this be valid?

SAbhi 12-18-2014 08:52 PM
Quote:
Originally Posted by VolkHe (Post 5287213)
I did not put these there, but I am wondering If I can use these in a zone domain file?
well see the first line of your resolv.conf it would have info how it got generated.. either by Network Manager or by DHCP-client script
Quote:
Would this be valid?
should be ! unless you know which network you are sitting in.. :)

Ser Olmy 12-18-2014 09:10 PM
Quote:
Originally Posted by VolkHe (Post 5287213)
I did not put these there, but I am wondering If I can use these in a zone domain file?

exmaple

/etc/resolv.conf
Code:
nameserver 44.55.66.77
nameserver 55.66.77.88
/var/named/mydomain.com.db
Code:
...
ns1.domain.com IN NS 44.55.66.77
ns2.domain.com IN NS 55.66.77.88
...

Would this be valid?
Ignoring for now the fact that you seem to want to add two name servers for the rather odd subdomains ns1.domain.com.domain.com and ns2.domain.com.domain.com (you have FQDNs in the domain field for the NS records, and you haven't terminated them with a period), you're basically asking if two random DNS servers you found in your resolv.conf file should be added as authoritative DNS servers for your domain.

Well, it's your domain; are these servers configured as slave servers for the domain in question? Since you don't seem to know anything about these two servers, the answer is probably a resounding "no". In that case, they certainly have no business being in your zone file.

Edit: And one more thing, NS records should point to names, not IP addresses.

VolkHe 12-18-2014 09:32 PM
Quote:
Originally Posted by SAbhi (Post 5287235)
well see the first line of your resolv.conf it would have info how it got generated.. either by Network Manager or by DHCP-client script
Ufortunatly not.

Quote:
Originally Posted by Ser Olmy (Post 5287244)
Ignoring for now the fact that you seem to want to add two name servers for the rather odd subdomains ns1.domain.com.domain.com and ns2.domain.com.domain.com (you have FQDNs in the domain field for the NS records, and you haven't terminated them with a period), you're basically asking if two random DNS servers you found in your resolv.conf file should be added as authoritative DNS servers for your domain.

Well, it's your domain; are these servers configured as slave servers for the domain in question? Since you don't seem to know anything about these two servers, the answer is probably a resounding "no". In that case, they certainly have no business being in your zone file.

Edit: And one more thing, NS records should point to names, not IP addresses.
Thanks for the many corrections, I should of not been so lazy in my example - I have updated it for now.

You are correct about them being random to me, however I wondered why they existed in /etc/resolv.conf in the first place but because I have forgot alot about BIND, I am shooting in the dark hoping to wake up to a working domain.

My goal is to setup a nameserver(preferably just 1) for my domain, using only the server which I also host the content on.
The reason why I say 1 nameserver is because it seems pointless having 2,3,4,5 if I am hosting it on 1 server, if the servers down for 1 its down for all.

Regarding my /etc/resolv.conf, Should I remove those two nameserver's and replace it with my server ip? Then in my zone file use this IP - as I do want it as a authoritative DNS server for my domain

Lastly - Is it possible to have just 1 nameserver in the zone file, which is also the IP of your server hosting the zone file itself?

Kind regards

Ser Olmy 12-18-2014 10:00 PM
Quote:
Originally Posted by VolkHe (Post 5287256)
My goal is to setup a nameserver(preferably just 1) for my domain, using only the server which I also host the content on.
The reason why I say 1 nameserver is because it seems pointless having 2,3,4,5 if I am hosting it on 1 server, if the servers down for 1 its down for all.
You are absolutely correct, and I wish the providers of the "dnsdynamic" service had your insights (look at the NS records for dnsdynamic.net in whois).

I believe ICANN guidelines more or less demands two DNS servers per domain, but fail to specify their physical/logical location.
Quote:
Originally Posted by VolkHe (Post 5287256)
Regarding my /etc/resolv.conf, Should I remove those two nameserver's and replace it with my server ip? Then in my zone file use this IP - as I do want it as a authoritative DNS server for my domain
These two servers know nothing about your domain. If they are configured to perform recursive lookups, they will be able to resolve records, but only after querying the authoritative server. If they come across an NS record pointing back to themselves, you may cause a loop. I'm not sure how the various DNS servers would handle such a scenario.

If you keep these servers in your zone file, other servers and clients on the Internet will mistakenly believe them to be authoritative for your domain, but any query will reveal that they themselves believe they are not. This will cause them to be classified as "lame servers".
Quote:
Originally Posted by VolkHe (Post 5287256)
Lastly - Is it possible to have just 1 nameserver in the zone file, which is also the IP of your server hosting the zone file itself?
The server hosting the zone must be one of the NS servers. Specifically, it must have its name listed in the SOA record and have an identical NS record, and of course an A record, if the name exists in the zone file itself.

If the name server has a name in the zone it's hosting, a glue A record should be created in the parent domain. Otherwise, you get a catch-22 situation where clients need to resolve the name to reach the server, but needs to reach the server in order to resolve the name.

A domain will work perfectly fine with just one primary DNS server, but if that server goes down, the whole domain disappears off the Internet. One or more slave servers are therefore strongly recommended.

VolkHe 12-19-2014 05:28 PM
Quote:
Originally Posted by Ser Olmy (Post 5287267)
You are absolutely correct, and I wish the providers of the "dnsdynamic" service had your insights (look at the NS records for dnsdynamic.net in whois).

I believe ICANN guidelines more or less demands two DNS servers per domain, but fail to specify their physical/logical location.

These two servers know nothing about your domain. If they are configured to perform recursive lookups, they will be able to resolve records, but only after querying the authoritative server. If they come across an NS record pointing back to themselves, you may cause a loop. I'm not sure how the various DNS servers would handle such a scenario.

If you keep these servers in your zone file, other servers and clients on the Internet will mistakenly believe them to be authoritative for your domain, but any query will reveal that they themselves believe they are not. This will cause them to be classified as "lame servers".
The server hosting the zone must be one of the NS servers. Specifically, it must have its name listed in the SOA record and have an identical NS record, and of course an A record, if the name exists in the zone file itself.

If the name server has a name in the zone it's hosting, a glue A record should be created in the parent domain. Otherwise, you get a catch-22 situation where clients need to resolve the name to reach the server, but needs to reach the server in order to resolve the name.

A domain will work perfectly fine with just one primary DNS server, but if that server goes down, the whole domain disappears off the Internet. One or more slave servers are therefore strongly recommended.
I spoke to my host regarding those ips in resolv, they gave me 2 additional ips, which I have now put inside /etc/resolv.conf and in my /var/named/d.org.db file.

Can you please check my setup files, They are as follows.

the IP I use to login to my server via SSH is 44.44.44.44
the additional IPS my host gave me are 55.55.55.11, 55.55.55.22

/var/named/d.org.db

Quote:
$TTL 1000
@ IN SOA ns1.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL


server IN A 44.44.44.44

@ IN A 44.44.44.44

@ IN NS ns1.d.org.
@ IN NS ns2.d.org.

ns1 IN A 55.55.55.11
ns2 IN A 55.55.55.22

localhost IN A 127.0.0.1

www IN CNAME @
/etc/resolv.conf
Quote:
nameserver 44.44.44.44
nameserver 55.55.55.11
nameserver 55.55.55.22
/etc/hosts
Quote:
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
93.190.137.187 server.d.org server
My servers have now been offline for 5 days because of this, Its really stressing me that none of this is working.

My domain is not showing any results at whatsmydns.net
yet using cmd

nslookup ns1.d.org
Quote:
Server: 44.44.44.44
Address: 44.44.44.44#53

Name: ns1.d.org
Address: 55.55.55.11
nslookup ns2.d.org
Quote:
Server: 44.44.44.44
Address: 44.44.44.44#53

Name: ns2.d.org
Address: 55.55.55.22
Which to me looks correct.

Ser Olmy 12-19-2014 06:38 PM
(Could you please use "code" tags rather than "quote" tags around configuration setting and such?)
Quote:
Originally Posted by VolkHe (Post 5287776)
I spoke to my host regarding those ips in resolv, they gave me 2 additional ips, which I have now put inside /etc/resolv.conf and in my /var/named/d.org.db file.
When you say "they gave [you] two additional IPs", what do you mean? For what purpose? What did you ask them for?
Quote:
Originally Posted by VolkHe (Post 5287776)
Can you please check my setup files, They are as follows.

the IP I use to login to my server via SSH is 44.44.44.44
the additional IPS my host gave me are 55.55.55.11, 55.55.55.22

/var/named/d.org.db
Code:
$TTL 1000
@ IN SOA ns1.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL


server IN A 44.44.44.44

@ IN A 44.44.44.44

@ IN NS ns1.d.org.
@ IN NS ns2.d.org.

ns1 IN A 55.55.55.11
ns2 IN A 55.55.55.22

localhost IN A 127.0.0.1

www IN CNAME @
Right, this zone file specifies ns1.d.org as the authoritative server for the domain in the SOA record, so this zone file must then reside on that server. It also says that both ns1.d.org and ns2.d.org are name servers for the domain, which would make ns2.d.org a secondary (slave) server. There's no mention of any other name servers.

If your server is hosting this zone and its hostname is not ns1.d.org, then the information in this file is wrong.
Quote:
Originally Posted by VolkHe (Post 5287776)
/etc/resolv.conf
Code:
nameserver 44.44.44.44
nameserver 55.55.55.11
nameserver 55.55.55.22
This just tells your server to use these three name servers to perform name resolution.
Quote:
Originally Posted by VolkHe (Post 5287776)
/etc/hosts
Code:
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
93.190.137.187 server.d.org server
This hosts file links a specific IP address to the hostname server.d.org. It will only affect name resolution on this specific host.
Quote:
Originally Posted by VolkHe (Post 5287776)
My servers have now been offline for 5 days because of this, Its really stressing me that none of this is working.

My domain is not showing any results at whatsmydns.net
yet using cmd

nslookup ns1.d.org
Code:
Server: 44.44.44.44
Address: 44.44.44.44#53

Name: ns1.d.org
Address: 55.55.55.11
nslookup ns2.d.org
Code:
Server: 44.44.44.44
Address: 44.44.44.44#53

Name: ns1.d.org
Address: 55.55.55.22
Which to me looks correct.
This only tells you the contents of the A records for the servers ns1.d.org and ns2.d.org. OK, so the names resolve to valid IP addresses. That's great, but it says nothing about your domain.

Try these commands:
Code:
whois your.domain
nslookup -q=SOA your.domain 8.8.8.8
nslookup -q=NS your.domain 8.8.8.8
The first command will show you the registration details for your domain and the name(s) of the authoritative name server(s). The second command will return the Start of Authority record for your domain, containing the name of the authoritative name server. The third command will return the names of any and all registered name servers for your domain, as well as their IP addresses.

All DNS information will be fetched from "8.8.8.8", one of Google's public DNS servers.

VolkHe 12-19-2014 07:13 PM
Quote:
When you say "they gave [you] two additional IPs", what do you mean? For what purpose? What did you ask them for?
I have now emailed them to ask this, my host is really poor in all honesty.


Quote:
This just tells your server to use these three name servers to perform name resolution.
Regarding the ips in resolv.conf, are they in anyway related to the zone SOA file? could I just leave my server ip there(44.44.44.44) and remove the other two ips?


Quote:
This hosts file links a specific IP address to the hostname server.d.org. It will only affect name resolution on this specific host.
I set this here myself, thinking there was a connection with the SOA file and the domain registrar ns settings, does a connection exist or is this just something I have done that's not necessary and has no impact?


Quote:
Right, this zone file specifies ns1.d.org as the authoritative server for the domain in the SOA record, so this zone file must then reside on that server. It also says that both ns1.d.org and ns2.d.org are name servers for the domain, which would make ns2.d.org a secondary (slave) server. There's no mention of any other name servers.

If your server is hosting this zone and its hostname is not ns1.d.org, then the information in this file is wrong.
I only have one server, and one zone file - the one I posted above.(thats hosted on this one server).

Regarding wat u said, should I setup the SOA like

Code:
$TTL 1000
@ IN SOA server.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL


server IN A 44.44.44.44

@ IN A 44.44.44.44

@ IN NS ns1.d.org.
@ IN NS ns2.d.org.

ns1 IN A 55.55.55.11
ns2 IN A 55.55.55.22

localhost IN A 127.0.0.1

www IN CNAME @

Ideally, I dont even want to use the additional IPS they gave me, or the ns1, ns2 type convention.
I would rather just use my one and only server ip(the one I use to login), and 1 nameserver, we cud call it server or ns.

All the rest I am just doing as I did this 2-3 years ago and it worked, I now forgot it all and am just shooting in the dark hoping its going to work.

Theoretical example would be something like

Code:
$TTL 1000
@ IN SOA server.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL


server IN A 44.44.44.44

@ IN A 44.44.44.44

@ IN NS server.d.org

localhost IN A 127.0.0.1

www IN CNAME @





The A record for the domain(nslookup check I missed in previuos post) is

nslookup d.org
Code:
Server:        44.44.44.44
Address:        44.44.44.44#53

Name:  d.org
Address: 44.44.44.44

Now onto your cmds


whois d.org
Code:
...
Domain Name:D.ORG
...
Name Server:NS1.D.ORG
Name Server:NS2.D.ORG
...
DNSSEC:Unsigned
...
(stripped alot of info from this which I thought was not important)


nslookup -q=SOA d.org 8.8.8.8
Code:
Server:        8.8.8.8
Address:        8.8.8.8#53

** server can't find d.org: NXDOMAIN
nslookup -q=NS d.org 8.8.8.8
Code:
Server:        8.8.8.8
Address:        8.8.8.8#53

** server can't find d.org: SERVFAIL

Ser Olmy 12-19-2014 07:37 PM
Quote:
Originally Posted by VolkHe (Post 5287820)
Regarding the ips in resolv.conf, are they in anyway related to the zone SOA file? could I just leave my server ip there(44.44.44.44) and remove the other two ips?
Yes.
Quote:
Originally Posted by VolkHe (Post 5287820)
I set this here myself, thinking there was a connection with the SOA file and the domain registrar ns settings, does a connection exist or is this just something I have done that's not necessary and has no impact?
Precisely.
Quote:
Originally Posted by VolkHe (Post 5287820)
whois d.org
Code:
...
Domain Name:D.ORG
...
Name Server:NS1.D.ORG
Name Server:NS2.D.ORG
...
DNSSEC:Unsigned
...
(stripped alot of info from this which I thought was not important)
The important part is the name of the registrar and the names of any authoritative DNS servers. Not every whois record contains name server information, so there might not have been any in yours.
Quote:
Originally Posted by VolkHe (Post 5287820)
nslookup -q=SOA d.org 8.8.8.8
Code:
Server:        8.8.8.8
Address:        8.8.8.8#53

** server can't find d.org: NXDOMAIN
nslookup -q=NS d.org 8.8.8.8
Code:
Server:        8.8.8.8
Address:        8.8.8.8#53

** server can't find d.org: SERVFAIL
This is the interesting part. The lack of a SOA record tells me your domain either isn't properly registered, or all DNS servers are offline. There's nothing you can do about the former yourself; you'll need to speak with your registrar. As for the latter: If you used to run the DNS server in question, you should be able to fix it by setting up one using the same IP address.

When a domain is registered, a DNS delegation is created in the parent zone. For a domain like "company.com", the parent zone is "com". The operators of the "com" top-level domain must create an NS record for the subdomain "company", pointing to the authoritative DNS server for the domain.

It could be that your domain doesn't have an NS record in its parent zone, meaning there's no delegation in the TLD (or whatever domain is the parent for your particular domain). If you've paid your annual registration fees, then your registrar is most likely to blame for this. They'll have to get in touch with the operators of the parent zone (which is either ICANN for the international TLDs or a national registry for any country-specific TLD) and get this fixed.

The exact name of the registrar and the relevant contact information is in the whois record.

Ser Olmy 12-19-2014 07:46 PM
If yours is an international domain, you should be able to get to the bottom of this by running the following command:
Code:
nslookup -q=NS your.domain 192.5.6.30
192.5.6.30 is one of the 13 root servers, and it doesn't do recursive lookups. What it will do, is return the contents of the delegation NS record, if one exists.

VolkHe 12-19-2014 07:50 PM
Quote:
It could be that your domain doesn't have an NS record in its parent zone
This is unlikely, my domain was working 5 days ago, but my host had a power failure(or hack, who knows), since then multiple parts of my server was broke, my host said sorry and handed me a brand new server(only centos) and told me to transfer everything, its now 5 days and all my sites are offline. Anyway the point here is the domain use to work. So its unlikely a domain registrar error.


Code:
nslookup -q=NS d.org 192.5.6.30
Server:        192.5.6.30
Address:        192.5.6.30#53

Non-authoritative answer:
*** Can't find d.org: No answer

Authoritative answers can be found from:
.      nameserver = a.root-servers.net.
.      nameserver = b.root-servers.net.
.      nameserver = c.root-servers.net.
.      nameserver = d.root-servers.net.
.      nameserver = e.root-servers.net.
.      nameserver = f.root-servers.net.
.      nameserver = g.root-servers.net.
.      nameserver = h.root-servers.net.
.      nameserver = i.root-servers.net.
.      nameserver = j.root-servers.net.
.      nameserver = k.root-servers.net.
.      nameserver = l.root-servers.net.
.      nameserver = m.root-servers.net.

This doesnt look like a good result, if so, what exactly is the problem here?
I dont quite know what else I can provide, these are all the files I have modified.

service named status
Code:
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
named (pid  5048) is running...
Regarding your reply "precisely" to me setting up /etc/hosts 44.44.44.44 server.d.org server, just to clarify you was replying that its not necessary to do this right?

Thanks

Ser Olmy 12-19-2014 08:11 PM
Quote:
Originally Posted by VolkHe (Post 5287826)
Code:
nslookup -q=NS d.org 192.5.6.30
Server:        192.5.6.30
Address:        192.5.6.30#53

Non-authoritative answer:
*** Can't find d.org: No answer

Authoritative answers can be found from:
.      nameserver = a.root-servers.net.
.      nameserver = b.root-servers.net.
.      nameserver = c.root-servers.net.
.      nameserver = d.root-servers.net.
.      nameserver = e.root-servers.net.
.      nameserver = f.root-servers.net.
.      nameserver = g.root-servers.net.
.      nameserver = h.root-servers.net.
.      nameserver = i.root-servers.net.
.      nameserver = j.root-servers.net.
.      nameserver = k.root-servers.net.
.      nameserver = l.root-servers.net.
.      nameserver = m.root-servers.net.

This doesnt look like a good result, if so, what exactly is the problem here?
You're getting very close. The server provided you with the names of a number of servers that will tell you if and how your domain is registered. Try again with:
Code:
nslookup -q=NS your-domain a.root-servers.net
That query should return either the name of the authoritative name server, which would be the server you need to get online for things to start working again, or it will return an error, which would mean that your registrar has made a mistake and allowed your domain to expire.

As for whether it is likely or not that a DNS delegation could be missing when your domain worked only a few days ago, know that these records are expunged automatically if a registration is allowed to lapse.

VolkHe 12-19-2014 08:19 PM
Quote:
Originally Posted by Ser Olmy (Post 5287833)
You're getting very close. The server provided you with the names of a number of servers that will tell you if and how your domain is registered. Try again with:
Code:
nslookup -q=NS your-domain a.root-servers.net
That query should return either the name of the authoritative name server, which would be the server you need to get online for things to start working again, or it will return an error, which would mean that your registrar has made a mistake and allowed your domain to expire.

As for whether it is likely or not that a DNS delegation could be missing when your domain worked only a few days ago, know that these records are expunged automatically if a registration is allowed to lapse.
nslookup -q=NS d.org a.root-servers.net
Code:
Server:        a.root-servers.net
Address:        198.41.0.4#53

Non-authoritative answer:
*** Can't find d.org: No answer

Authoritative answers can be found from:
org    nameserver = d0.org.afilias-nst.org.
org    nameserver = b2.org.afilias-nst.org.
org    nameserver = b0.org.afilias-nst.org.
org    nameserver = c0.org.afilias-nst.info.
org    nameserver = a2.org.afilias-nst.info.
org    nameserver = a0.org.afilias-nst.info.
d0.org.afilias-nst.org  internet address = 199.19.57.1
d0.org.afilias-nst.org  has AAAA address 2001:500:f::1
b2.org.afilias-nst.org  internet address = 199.249.120.1
b2.org.afilias-nst.org  has AAAA address 2001:500:48::1
b0.org.afilias-nst.org  internet address = 199.19.54.1
b0.org.afilias-nst.org  has AAAA address 2001:500:c::1
c0.org.afilias-nst.info internet address = 199.19.53.1
c0.org.afilias-nst.info has AAAA address 2001:500:b::1
a2.org.afilias-nst.info internet address = 199.249.112.1
a2.org.afilias-nst.info has AAAA address 2001:500:40::1
a0.org.afilias-nst.info internet address = 199.19.56.1
a0.org.afilias-nst.info has AAAA address 2001:500:e::1

Ser Olmy 12-19-2014 08:23 PM
The Domain Name System is really giving you the runaround today. Looks like you have to query yet another server:
Code:
nslookup -q=NS your.domain d0.org.afilias-nst.org
(Your domain name isn't really "d.org", is it?)

VolkHe 12-19-2014 08:27 PM
Quote:
Originally Posted by Ser Olmy (Post 5287841)
The Domain Name System is really giving you the runaround today. Looks like you have to query yet another server:
Code:
nslookup -q=NS your.domain d0.org.afilias-nst.org
(Your domain name isn't really "d.org", is it?)
No lol, just using it for easy referring

nslookup -q=NS d.org d0.org.afilias-nst.org
Code:
Server:        d0.org.afilias-nst.org
Address:        199.19.57.1#53

Non-authoritative answer:
*** Can't find d.org: No answer

Authoritative answers can be found from:
d.org  nameserver = ns1.d.org.
d.org  nameserver = ns2.d.org.
ns1.d.org      internet address = 55.55.55.11
ns2.d.org      internet address = 55.55.55.22


All times are GMT -5. The time now is 10:29 AM.
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page