• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Secondary DNS Problem

S

StephanK

Guest
Secondary DNS Problem (slv2.1und1.de)

Maybe somebody out here can help me, i am truely stuck. We're currently evaluating a root server running Plesk 7.5.2 on Suse 9.1 at 1and1 (Germany). We're trying to setup DNS Servers.

As Primary DNS, we're using: ns.myserver.de
As Secondary DNS we were given: slv2.1und1.de by our provider.

Primary DNS is working properly, however: changes made to a domain in Plesk never propagate to slv2.1und1.de.

In other words:

i've setup: www.clientdomain.com. Now, I do a
Code: 
 dig @ns.myserver.de clientdomain.com
and i get the proper answer. Now, if I try a
Code: 
dig @slv2.1und1.de clientdomain.com
it turns out that slv2.1und1.de has no info for clientdomain.com

I changed the default DNS Templates and I've added slv2.1und1.de's IP address to the ACL List in Plesk. Also made sure that the DNS settings for clientdomain.com is matching. To the best of my knowledge, which admittedly isn't much, these are correct. According to /var/log/messages notifications are sent by named to somehwere. But i do not see any indication that slv2.1und1.de actually did transfer the zones.
If it helps, i'll create a textfile with named.conf, zone files, and anything else that might prove helpful, just let me know if there is anything that might prove helpful.

I can add .com/net domains to this server, as they only require 1 ns to be working. But trying to add a .de domain for example fails, because they need both ns to respond.

Dnsreport.com reports slv2.1und1.de as lame server when i check clientdomain.com there.

Something is wrong, but i have no clue what and how to fix this. My ISP (1and1) just informed me that they dont know and wont be able to get back to me for another week at least..

Can anybody help?
 
Try checking your log to see if there are any clues. The default is that all named messages are logged in /var/log/messages

If you can't find any output, try restarting the named service:

/etc/init.d/named restart

Then recheck your log...

Also, check your Firewall settings... Make sure you're not blocking outgoing traffic on port 53
 
StephanK, it look like you;ve gone through most of the suggestions I have below but if you have the firewall module installed, see my comments below.

Here's some general information for anyone switching to this new version on Plesk with new features - and new things to learn. Of course, substitute 1and one for your particular provider in all this.

If you have the 1and1 DNS server(s) set as slave servers then they need to be able to access and download the DNS information for the domain(s) on your server.

If you have the 1and1 server listed in the DNS settings for a domain, then I believe "Zone Transfers/ACL" should be allowed to the1and1 servers.

You should be recieving a daily "LogWatch" email from Plesk. Included in this email is the logged information from Named. This is your first clue if the 1and1 servers are able to retrieve the DNS info for the domain(s) inquestion. It should look something like:
zone mydomain.com/IN: loaded serial XXXXXXXXXX: 2 Time(s)
zone mydomain.com/IN: sending notifies (serial XXXXXXXXXX): 1 Time(s)

For whatever reason, this sometimes doesn't work, or access isn't allowed automatically so there are two things you should check if things don't seem to be working.

1. I usually do this anyhow - just to be sure my provider's DNS servers always have access, irresepctive of the domains DNS settings.
In Plesk under Server > DNS > Common ACL add a new entry for each of the 1and1 DNS servers you need to allow access to.

2. Check the Firewall Module settings if you have that module installed. I konw in my case I had to set the following rule (note, allowing tcp access only isn't enough):
Allow incoming from xx.xxx.xx.xx, xx.xxx.xx.xx on ports 52/udp, 53/tcp

StephanK, I hope the second suggestion about the firewall helps. If not then hopefully this info will be able to help someone out who ran into similar problems to mine.
 
Thanks so much for your help so far!

Here is the relevant portion of /var/log/mesages when doing a named stop/start:

Code: 
Feb 14 05:46:08 www named[4456]: shutting down: flushing changes
Feb 14 05:46:08 www named[4456]: stopping command channel on 127.0.0.1#953
Feb 14 05:46:08 www named[4456]: no longer listening on 333.222.111.101#53
Feb 14 05:46:08 www named[4456]: no longer listening on 127.0.0.1#53
Feb 14 05:46:08 www named[4454]: exiting
Feb 14 05:46:24 www named[19975]: starting BIND 9.2.3 -t /var/lib/named -u named
Feb 14 05:46:24 www named[19975]: using 1 CPU
Feb 14 05:46:24 www named[19977]: loading configuration from '/etc/named.conf'
Feb 14 05:46:24 www named[19977]: listening on IPv4 interface eth0, 212.227.63.101#53
Feb 14 05:46:24 www named[19977]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 05:46:24 www named[19977]: command channel listening on 127.0.0.1#953
Feb 14 05:46:24 www named[19977]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 20010622
Feb 14 05:46:24 www named[19977]: zone 111.222.333.in-addr.arpa/IN: loaded serial 1108229511    (thats my main IP)
Feb 14 05:46:24 www named[19977]: zone domain.com/IN: loaded serial 1108229511
Feb 14 05:46:24 www named[19977]: zone my-server.de/IN: loaded serial 1108185785
Feb 14 05:46:24 www named[19977]: zone another-domain.de/IN: loaded serial 1108185237
Feb 14 05:46:24 www named[19977]: running
Feb 14 05:46:24 www named[19977]: zone my-server.de/IN: sending notifies (serial 1108185785)
Feb 14 05:46:24 www named[19977]: zone domain.com/IN: sending notifies (serial 1108229511)
Feb 14 05:46:24 www named[19977]: zone another-domain.de/IN: sending notifies (serial 1108185237)
Feb 14 05:46:24 www named[19977]: received notify for zone 'domain.com'
Feb 14 05:46:24 www named[19977]: received notify for zone 'another-domain.de'


I have added a rule to the firewall module to allow incoming traffic from slv2.1und1.de IP 212.227.123.29 on ports 53 TCP and 52 UDP. Will see if that makes a change.

Anybody see anything unusual here (excep the odd domain names and the changed IP of my server)?
 
As it turned out, the culprit was slv2.1und1.de. Or more specifically: the fact that slv2.1und1.de is unable to resolve its own name. That is a faulty setup at my providers end and nothing we users have control over.

I stopped trying to use slv2.1und1.de completely and instead added another IP in a different Subnet to my box and am now using the same box for primary and secondary NS. Not optimal, but working, until i get the 2nd Plesk server up and running and then let the 2nd server do secondary NS for me.

Thank you for your help!
 
You must log in or register to reply here.

Similar threads

H.W.B
Issue DNSSEC with Ubuntu Problems
Replies
4
Views
2K
H.W.B
H.W.B
Dennis Oppelt
Issue cannot solve "Reverse DNS does not match SMTP Banner"
Replies
2
Views
5K
Dennis Oppelt
Dennis Oppelt
yavuzyayla
Issue Denic Settings - Can't Set Up DNS Settings
Replies
0
Views
1K
yavuzyayla
yavuzyayla
rattikarl
Question DNS Setup
Replies
1
Views
622
IgorG
IgorG
C
Issue Bad DNS PTR resource record
Replies
0
Views
3K
CupTea
C
Back
Top