Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I did not put these there, but I am wondering If I can use these in a zone domain file?
exmaple
/etc/resolv.conf
Code:
nameserver 44.55.66.77
nameserver 55.66.77.88
/var/named/mydomain.com.db
Code:
...
ns1.domain.com IN NS 44.55.66.77
ns2.domain.com IN NS 55.66.77.88
...
Would this be valid?
Ignoring for now the fact that you seem to want to add two name servers for the rather odd subdomains ns1.domain.com.domain.com and ns2.domain.com.domain.com (you have FQDNs in the domain field for the NS records, and you haven't terminated them with a period), you're basically asking if two random DNS servers you found in your resolv.conf file should be added as authoritative DNS servers for your domain.
Well, it's your domain; are these servers configured as slave servers for the domain in question? Since you don't seem to know anything about these two servers, the answer is probably a resounding "no". In that case, they certainly have no business being in your zone file.
Edit: And one more thing, NS records should point to names, not IP addresses.
well see the first line of your resolv.conf it would have info how it got generated.. either by Network Manager or by DHCP-client script
Ufortunatly not.
Quote:
Originally Posted by Ser Olmy
Ignoring for now the fact that you seem to want to add two name servers for the rather odd subdomains ns1.domain.com.domain.com and ns2.domain.com.domain.com (you have FQDNs in the domain field for the NS records, and you haven't terminated them with a period), you're basically asking if two random DNS servers you found in your resolv.conf file should be added as authoritative DNS servers for your domain.
Well, it's your domain; are these servers configured as slave servers for the domain in question? Since you don't seem to know anything about these two servers, the answer is probably a resounding "no". In that case, they certainly have no business being in your zone file.
Edit: And one more thing, NS records should point to names, not IP addresses.
Thanks for the many corrections, I should of not been so lazy in my example - I have updated it for now.
You are correct about them being random to me, however I wondered why they existed in /etc/resolv.conf in the first place but because I have forgot alot about BIND, I am shooting in the dark hoping to wake up to a working domain.
My goal is to setup a nameserver(preferably just 1) for my domain, using only the server which I also host the content on.
The reason why I say 1 nameserver is because it seems pointless having 2,3,4,5 if I am hosting it on 1 server, if the servers down for 1 its down for all.
Regarding my /etc/resolv.conf, Should I remove those two nameserver's and replace it with my server ip? Then in my zone file use this IP - as I do want it as a authoritative DNS server for my domain
Lastly - Is it possible to have just 1 nameserver in the zone file, which is also the IP of your server hosting the zone file itself?
My goal is to setup a nameserver(preferably just 1) for my domain, using only the server which I also host the content on.
The reason why I say 1 nameserver is because it seems pointless having 2,3,4,5 if I am hosting it on 1 server, if the servers down for 1 its down for all.
You are absolutely correct, and I wish the providers of the "dnsdynamic" service had your insights (look at the NS records for dnsdynamic.net in whois).
I believe ICANN guidelines more or less demands two DNS servers per domain, but fail to specify their physical/logical location.
Quote:
Originally Posted by VolkHe
Regarding my /etc/resolv.conf, Should I remove those two nameserver's and replace it with my server ip? Then in my zone file use this IP - as I do want it as a authoritative DNS server for my domain
These two servers know nothing about your domain. If they are configured to perform recursive lookups, they will be able to resolve records, but only after querying the authoritative server. If they come across an NS record pointing back to themselves, you may cause a loop. I'm not sure how the various DNS servers would handle such a scenario.
If you keep these servers in your zone file, other servers and clients on the Internet will mistakenly believe them to be authoritative for your domain, but any query will reveal that they themselves believe they are not. This will cause them to be classified as "lame servers".
Quote:
Originally Posted by VolkHe
Lastly - Is it possible to have just 1 nameserver in the zone file, which is also the IP of your server hosting the zone file itself?
The server hosting the zone must be one of the NS servers. Specifically, it must have its name listed in the SOA record and have an identical NS record, and of course an A record, if the name exists in the zone file itself.
If the name server has a name in the zone it's hosting, a glue A record should be created in the parent domain. Otherwise, you get a catch-22 situation where clients need to resolve the name to reach the server, but needs to reach the server in order to resolve the name.
A domain will work perfectly fine with just one primary DNS server, but if that server goes down, the whole domain disappears off the Internet. One or more slave servers are therefore strongly recommended.
You are absolutely correct, and I wish the providers of the "dnsdynamic" service had your insights (look at the NS records for dnsdynamic.net in whois).
I believe ICANN guidelines more or less demands two DNS servers per domain, but fail to specify their physical/logical location.
These two servers know nothing about your domain. If they are configured to perform recursive lookups, they will be able to resolve records, but only after querying the authoritative server. If they come across an NS record pointing back to themselves, you may cause a loop. I'm not sure how the various DNS servers would handle such a scenario.
If you keep these servers in your zone file, other servers and clients on the Internet will mistakenly believe them to be authoritative for your domain, but any query will reveal that they themselves believe they are not. This will cause them to be classified as "lame servers".
The server hosting the zone must be one of the NS servers. Specifically, it must have its name listed in the SOA record and have an identical NS record, and of course an A record, if the name exists in the zone file itself.
If the name server has a name in the zone it's hosting, a glue A record should be created in the parent domain. Otherwise, you get a catch-22 situation where clients need to resolve the name to reach the server, but needs to reach the server in order to resolve the name.
A domain will work perfectly fine with just one primary DNS server, but if that server goes down, the whole domain disappears off the Internet. One or more slave servers are therefore strongly recommended.
I spoke to my host regarding those ips in resolv, they gave me 2 additional ips, which I have now put inside /etc/resolv.conf and in my /var/named/d.org.db file.
Can you please check my setup files, They are as follows.
the IP I use to login to my server via SSH is 44.44.44.44
the additional IPS my host gave me are 55.55.55.11, 55.55.55.22
/var/named/d.org.db
Quote:
$TTL 1000
@ IN SOA ns1.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL
(Could you please use "code" tags rather than "quote" tags around configuration setting and such?)
Quote:
Originally Posted by VolkHe
I spoke to my host regarding those ips in resolv, they gave me 2 additional ips, which I have now put inside /etc/resolv.conf and in my /var/named/d.org.db file.
When you say "they gave [you] two additional IPs", what do you mean? For what purpose? What did you ask them for?
Quote:
Originally Posted by VolkHe
Can you please check my setup files, They are as follows.
the IP I use to login to my server via SSH is 44.44.44.44
the additional IPS my host gave me are 55.55.55.11, 55.55.55.22
/var/named/d.org.db
Code:
$TTL 1000
@ IN SOA ns1.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL
server IN A 44.44.44.44
@ IN A 44.44.44.44
@ IN NS ns1.d.org.
@ IN NS ns2.d.org.
ns1 IN A 55.55.55.11
ns2 IN A 55.55.55.22
localhost IN A 127.0.0.1
www IN CNAME @
Right, this zone file specifies ns1.d.org as the authoritative server for the domain in the SOA record, so this zone file must then reside on that server. It also says that both ns1.d.org and ns2.d.org are name servers for the domain, which would make ns2.d.org a secondary (slave) server. There's no mention of any other name servers.
If your server is hosting this zone and its hostname is not ns1.d.org, then the information in this file is wrong.
This only tells you the contents of the A records for the servers ns1.d.org and ns2.d.org. OK, so the names resolve to valid IP addresses. That's great, but it says nothing about your domain.
The first command will show you the registration details for your domain and the name(s) of the authoritative name server(s). The second command will return the Start of Authority record for your domain, containing the name of the authoritative name server. The third command will return the names of any and all registered name servers for your domain, as well as their IP addresses.
All DNS information will be fetched from "8.8.8.8", one of Google's public DNS servers.
Last edited by Ser Olmy; 12-19-2014 at 06:42 PM.
Reason: removed whois -h parameter
When you say "they gave [you] two additional IPs", what do you mean? For what purpose? What did you ask them for?
I have now emailed them to ask this, my host is really poor in all honesty.
Quote:
This just tells your server to use these three name servers to perform name resolution.
Regarding the ips in resolv.conf, are they in anyway related to the zone SOA file? could I just leave my server ip there(44.44.44.44) and remove the other two ips?
Quote:
This hosts file links a specific IP address to the hostname server.d.org. It will only affect name resolution on this specific host.
I set this here myself, thinking there was a connection with the SOA file and the domain registrar ns settings, does a connection exist or is this just something I have done that's not necessary and has no impact?
Quote:
Right, this zone file specifies ns1.d.org as the authoritative server for the domain in the SOA record, so this zone file must then reside on that server. It also says that both ns1.d.org and ns2.d.org are name servers for the domain, which would make ns2.d.org a secondary (slave) server. There's no mention of any other name servers.
If your server is hosting this zone and its hostname is not ns1.d.org, then the information in this file is wrong.
I only have one server, and one zone file - the one I posted above.(thats hosted on this one server).
Regarding wat u said, should I setup the SOA like
Code:
$TTL 1000
@ IN SOA server.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL
server IN A 44.44.44.44
@ IN A 44.44.44.44
@ IN NS ns1.d.org.
@ IN NS ns2.d.org.
ns1 IN A 55.55.55.11
ns2 IN A 55.55.55.22
localhost IN A 127.0.0.1
www IN CNAME @
Ideally, I dont even want to use the additional IPS they gave me, or the ns1, ns2 type convention.
I would rather just use my one and only server ip(the one I use to login), and 1 nameserver, we cud call it server or ns.
All the rest I am just doing as I did this 2-3 years ago and it worked, I now forgot it all and am just shooting in the dark hoping its going to work.
Theoretical example would be something like
Code:
$TTL 1000
@ IN SOA server.d.org. m.gmail.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
1000 ) ;Minimum TTL
server IN A 44.44.44.44
@ IN A 44.44.44.44
@ IN NS server.d.org
localhost IN A 127.0.0.1
www IN CNAME @
The A record for the domain(nslookup check I missed in previuos post) is
Regarding the ips in resolv.conf, are they in anyway related to the zone SOA file? could I just leave my server ip there(44.44.44.44) and remove the other two ips?
Yes.
Quote:
Originally Posted by VolkHe
I set this here myself, thinking there was a connection with the SOA file and the domain registrar ns settings, does a connection exist or is this just something I have done that's not necessary and has no impact?
Precisely.
Quote:
Originally Posted by VolkHe
whois d.org
Code:
...
Domain Name:D.ORG
...
Name Server:NS1.D.ORG
Name Server:NS2.D.ORG
...
DNSSEC:Unsigned
...
(stripped alot of info from this which I thought was not important)
The important part is the name of the registrar and the names of any authoritative DNS servers. Not every whois record contains name server information, so there might not have been any in yours.
Quote:
Originally Posted by VolkHe
nslookup -q=SOA d.org 8.8.8.8
Code:
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find d.org: NXDOMAIN
nslookup -q=NS d.org 8.8.8.8
Code:
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find d.org: SERVFAIL
This is the interesting part. The lack of a SOA record tells me your domain either isn't properly registered, or all DNS servers are offline. There's nothing you can do about the former yourself; you'll need to speak with your registrar. As for the latter: If you used to run the DNS server in question, you should be able to fix it by setting up one using the same IP address.
When a domain is registered, a DNS delegation is created in the parent zone. For a domain like "company.com", the parent zone is "com". The operators of the "com" top-level domain must create an NS record for the subdomain "company", pointing to the authoritative DNS server for the domain.
It could be that your domain doesn't have an NS record in its parent zone, meaning there's no delegation in the TLD (or whatever domain is the parent for your particular domain). If you've paid your annual registration fees, then your registrar is most likely to blame for this. They'll have to get in touch with the operators of the parent zone (which is either ICANN for the international TLDs or a national registry for any country-specific TLD) and get this fixed.
The exact name of the registrar and the relevant contact information is in the whois record.
If yours is an international domain, you should be able to get to the bottom of this by running the following command:
Code:
nslookup -q=NS your.domain 192.5.6.30
192.5.6.30 is one of the 13 root servers, and it doesn't do recursive lookups. What it will do, is return the contents of the delegation NS record, if one exists.
It could be that your domain doesn't have an NS record in its parent zone
This is unlikely, my domain was working 5 days ago, but my host had a power failure(or hack, who knows), since then multiple parts of my server was broke, my host said sorry and handed me a brand new server(only centos) and told me to transfer everything, its now 5 days and all my sites are offline. Anyway the point here is the domain use to work. So its unlikely a domain registrar error.
This doesnt look like a good result, if so, what exactly is the problem here?
I dont quite know what else I can provide, these are all the files I have modified.
service named status
Code:
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
named (pid 5048) is running...
Regarding your reply "precisely" to me setting up /etc/hosts 44.44.44.44 server.d.org server, just to clarify you was replying that its not necessary to do this right?
This doesnt look like a good result, if so, what exactly is the problem here?
You're getting very close. The server provided you with the names of a number of servers that will tell you if and how your domain is registered. Try again with:
Code:
nslookup -q=NS your-domain a.root-servers.net
That query should return either the name of the authoritative name server, which would be the server you need to get online for things to start working again, or it will return an error, which would mean that your registrar has made a mistake and allowed your domain to expire.
As for whether it is likely or not that a DNS delegation could be missing when your domain worked only a few days ago, know that these records are expunged automatically if a registration is allowed to lapse.
You're getting very close. The server provided you with the names of a number of servers that will tell you if and how your domain is registered. Try again with:
Code:
nslookup -q=NS your-domain a.root-servers.net
That query should return either the name of the authoritative name server, which would be the server you need to get online for things to start working again, or it will return an error, which would mean that your registrar has made a mistake and allowed your domain to expire.
As for whether it is likely or not that a DNS delegation could be missing when your domain worked only a few days ago, know that these records are expunged automatically if a registration is allowed to lapse.
nslookup -q=NS d.org a.root-servers.net
Code:
Server: a.root-servers.net
Address: 198.41.0.4#53
Non-authoritative answer:
*** Can't find d.org: No answer
Authoritative answers can be found from:
org nameserver = d0.org.afilias-nst.org.
org nameserver = b2.org.afilias-nst.org.
org nameserver = b0.org.afilias-nst.org.
org nameserver = c0.org.afilias-nst.info.
org nameserver = a2.org.afilias-nst.info.
org nameserver = a0.org.afilias-nst.info.
d0.org.afilias-nst.org internet address = 199.19.57.1
d0.org.afilias-nst.org has AAAA address 2001:500:f::1
b2.org.afilias-nst.org internet address = 199.249.120.1
b2.org.afilias-nst.org has AAAA address 2001:500:48::1
b0.org.afilias-nst.org internet address = 199.19.54.1
b0.org.afilias-nst.org has AAAA address 2001:500:c::1
c0.org.afilias-nst.info internet address = 199.19.53.1
c0.org.afilias-nst.info has AAAA address 2001:500:b::1
a2.org.afilias-nst.info internet address = 199.249.112.1
a2.org.afilias-nst.info has AAAA address 2001:500:40::1
a0.org.afilias-nst.info internet address = 199.19.56.1
a0.org.afilias-nst.info has AAAA address 2001:500:e::1
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.