I finished, then ran a check through my non-InterWorx server via dig:
[root@vh1 ~]# dig @ip-of-interworx-server janszenkiel.cf axfr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @ip-of-interworx-server janszenkiel.cf axfr
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
(ip-of-interworx-server is my InterWorx server IP). I also ran a check through http://www.solvedns.com/janszenkiel.cf (janszenkiel.cf is a domain of a friend I’m hosting) and it says that my secondary name server (the one assigned to the bind server) is not responding to queries. That would mean it’s not working.
What did I do wrong here, am I missing something? Help would be appreciated.
Hi Liam
Many thanks
It is harder to test without details, but assuming your NS are pointing to your 2 servers, then your first issue is a block on port 53, both UDP and TCP (note you may want to open Port 53 TCP on both servers) on ns2.liamdemafelix.com.
So, can you confirm port 53 is open for UDP/TCP on ns2.liamdemafelix.com, if so, then it has to be a block upstream at your service provider level (unless you are cheapvps), but testing shows port 53 UDP TCP closed (please note IP and NS have been obscured).
scan report for nnn.nnnnnnn.nnn (1.2.3.4)
Host is up (0.096s latency).
PORT STATE SERVICE
53/udp closed domain
PORT STATE SERVICE
53/tcp closed domain
Also, your RDNS on ns2.liamdemafelix.com is wrong and should be corrected, however, the RDNS should not stop DNS
Once the port is allowed, as long as your bind is working, you should be good to go.
I hope that helps
Many thanks
John
Actually, thinking about DNS, I have setup our test domain/server to sync to a production server, using IW sync, and it works lovely with no effort on my part, and I was thinking of any downsides, in terms of security etc… But then I thought even if your AFXR zones, albeit you limit to the IP address, it still goes out over port 53, but on IW sync, it’s secured by API.
So if you want to check out 3sh.co.uk, you should see it’s fine
Even more, IW logs this and should be easy to see if there’s any issues on sync
Yes, I can confirm UDP and TCP for Port 53 is not blocked by the upstream provider nor a firewall. I used this setup through Virtualmin in the past and never had problems.
What log files should I check specifically? This is my first time dealing with DNS issues so please bear with me.
Many thanks, I’m sure you’ve setup correctly but at some point in the network, it is been blocked, unless you have set port 53 to respond only to certain IP addresses, but that defeats the object of DNS live.
Are you sure there is no block, and have you netstat to confirm on your ns2 server, it is open for connections in/out for port 53.
I can try retest, but prefer if you pm me the actual server IP, so I know that I’m dealing with correct server for test, or confirm that the detail is correct for ns2.
It could be that there is old cached entries if you have recently changed the NS IP
I don’t know what I did, but it’s still not showing as responding to queries through tests on intodns.com. Is there a way to manually synchronize the zones to test?