Ask Question Forum:

Model Library:2025-02-08 Updated:A.I. model including DeepSeek is online for auto reply question page

Show

ASK RECENT

My website is down but domain name is okay(NOT expired)

Asked by duncanb7

at 2024-07-26 07:07:17

Point:500 Replies:23 POST_ID:828616USER_ID:11059

Topic:

Apache Web Server;Linux Networking;Domain Name Service (DNS)

Recently I play around my VPSX2 server for DNS sever training,

I don't know what I made to let my website http is down(
I did see any my webpage on mysite, e-hftrade.com)

my hosting company said it is related to DNS zone issue on my server
and they won't provide any service to unmanaged VPS client.

THey just give me hint to check my domain name at
http://www.intodns.com/e-hftrade.com and show me the result

DNS servers responded ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
212.1.213.78

I ping it 212.1.213.78 that is connected , Why my domain name is in problem even
they told the domain name is NOT expired

Please advise

Duncan

Author: duncanb7 replied at 2024-07-27 12:10:49

Since the bug or solution is found by my hosting company support who suppose
not provide service to unmaged VPS account or client. This time is exceptional since I request them
every hour and every day , and they used 6 hours to get the bug finally

Thanks for all of your reply and

This thread score is based on how much triggering to me to ask the support help from
hosting company

The modification of the zone file causing domain name issue that will be for my next DNS study or new thread.

Author: duncanb7 replied at 2024-07-27 12:06:06

The final bug is found by the hosting comany supports, and they
found out the e-hftrade.com.db zone file is modified before and
the group and owner was changed from named to root so the
system could NOT read the e-hftrade.com.db file by group name, "named" correctly
The change causing the bug that should be made by myself since I was doing the DNS study and test

Duncan

Author: duncanb7 replied at 2024-07-26 12:31:14

but my file of resolv.conf is just nameserver 8.8.8.8

how my server is DNS server with my 212.1.x.x without editing
the resolv.conf file and echo "nameserver 212.1.x.x." >resolve.conf

for example, if my server is DNS server why my existing file of resolv.conf is with only line
of nameserver 8 .8.8.8 ? Why in whosis or other DNS webiste
always say my nameserver is 212.1.x.x

Please advise it in detail

Ducan

Assisted Solution

Expert: spravtek replied at 2024-07-26 11:48:29

62 points EXCELLENT

the file of /etc/resolv.conf not metions anything about

You need to manually enter the DNS server in the file

Why external client go to the root instead of going to /etc/resolve.conf file to resolve
the IP ?

External clients don't go to the root ... Your system uses the DNS that is set in resolv.conf, if you point it to the DNS server, your system will use the locally configured DNS....

Assisted Solution

Expert: spravtek replied at 2024-07-26 11:41:08

62 points EXCELLENT

root permission

I'm not talking about the system's root, I'm talking about DNS root servers:

https://en.wikipedia.org/wiki/Root_name_server

https://www.iana.org/domains/root/servers

Author: duncanb7 replied at 2024-07-26 11:40:52

Why external client go to the root instead of going to /etc/resolve.conf file to resolve
the IP ?

So it is strange if you said my server is name server or DNS server but
the file of /etc/resolv.conf not metions anything about

nameserver 212.1.213.x ( that is my nameser IP for ns1.e-hftrade,com)

Author: duncanb7 replied at 2024-07-26 11:37:10

DNS servers don't use this file if they can go to the "." root for resolving names

How they can go to root if they don't have root permission ?

Assisted Solution

Expert: spravtek replied at 2024-07-26 10:58:34
62 points EXCELLENT

tovarishch,

Yes, you installed what I imagine it being BIND on your system and configured it...

There is no real difference, a name server is the server component of DNS so to speak, the actual service that takes care of the translation of domain names and hostnames into IP's...

the resolv.conf is the file where you configure the name server or DNS server, this file is then used by applications to resolve domain or hostnames ... DNS servers don't use this file if they can go to the "." root for resolving names... You need to set a DNS server in this file yourself ...

If you don't really need to host the DNS on your own server then you might be better of to configure the DNS with your provider or some other third party, that way you might run into issues like your website being down ...

Author: duncanb7 replied at 2024-07-26 10:40:30

May I ask simple question ?

My server is DNS server, right ?
What is different between DNS server and nameserver ?

If my serverice DNS server,
why my file at /etc/resolve.conf is no namesever 212.1.213.78 (my nameserver IP) ?

Please advise

Duncan

Assisted Solution

Expert: spravtek replied at 2024-07-26 09:17:16
62 points EXCELLENT

I still think it's weird there's no sign of port 53 being used to allow queries...

A named file should have options kinda like this:

allow-query { localhost; }; listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; dnssec-enable yes; dnssec-validation yes;};

1:2:3:4:5:6:7:

Select All Code

Author: duncanb7 replied at 2024-07-26 08:50:36

Please see those file

named.conf
================
include "/etc/rndc.key";

controls {
      inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/

// query-source port 53;

/* We no longer enable this by default as the dns posion exploit
has forced many providers to open up their firewalls a bit */

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
/* memstatistics-file "data/named_mem_stats.txt"; */
allow-transfer {"none";};
};

logging {
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named").
* By default, SELinux policy does not allow named to modify the /var/named" directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { 127.0.0.0/24; };
match-destinations { localhost; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";
};

view "internal" {
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "vps.e-hftrade.com" {
      type master;
      file "/var/named/vps.e-hftrade.com.db";
};

zone "e-hftrade.com" {
      type master;
      file "/var/named/e-hftrade.com.db";
};

};

view "external" {
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries

zone "vps.e-hftrade.com" {
      type master;
      file "/var/named/vps.e-hftrade.com.db";
};

zone "e-hftrade.com" {
      type master;
      file "/var/named/e-hftrade.com.db";
};

};

Author: duncanb7 replied at 2024-07-26 08:39:30

THe iptables file is last modified on July 10 , so the wbesite is down today so
it is not related to iptables

# Generated by iptables-save v1.4.7 on Wed Jul 10 15:06:49 2013
*nat
:PREROUTING ACCEPT [1466:88238]
:POSTROUTING ACCEPT [6086:372923]
:OUTPUT ACCEPT [6086:372923]
COMMIT
# Completed on Wed Jul 10 15:06:49 2013
# Generated by iptables-save v1.4.7 on Wed Jul 10 15:06:49 2013
*mangle
:PREROUTING ACCEPT [117622:123807231]
:INPUT ACCEPT [117622:123807231]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [123002:44913130]
:POSTROUTING ACCEPT [123002:44913130]
COMMIT
# Completed on Wed Jul 10 15:06:49 2013
# Generated by iptables-save v1.4.7 on Wed Jul 10 15:06:49 2013
*filter
:INPUT ACCEPT [5:356]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:636]
:acctboth - [0:0]
-A INPUT -j acctboth
-A INPUT -s 188.143.233.30/32 -j DROP
-A INPUT -s 183.60.213.5/32 -j DROP
-A OUTPUT -j acctboth
-A acctboth -s 212.1.213.78/32 ! -i lo -p tcp -m tcp --dport 80
-A acctboth -d 212.1.213.78/32 ! -i lo -p tcp -m tcp --sport 80
-A acctboth -s 212.1.213.78/32 ! -i lo -p tcp -m tcp --dport 25
-A acctboth -d 212.1.213.78/32 ! -i lo -p tcp -m tcp --sport 25
-A acctboth -s 212.1.213.78/32 ! -i lo -p tcp -m tcp --dport 110
-A acctboth -d 212.1.213.78/32 ! -i lo -p tcp -m tcp --sport 110
-A acctboth -s 212.1.213.78/32 ! -i lo -p icmp
-A acctboth -d 212.1.213.78/32 ! -i lo -p icmp
-A acctboth -s 212.1.213.78/32 ! -i lo -p tcp
-A acctboth -d 212.1.213.78/32 ! -i lo -p tcp
-A acctboth -s 212.1.213.78/32 ! -i lo -p udp
-A acctboth -d 212.1.213.78/32 ! -i lo -p udp
-A acctboth -s 212.1.213.78/32 ! -i lo
-A acctboth -d 212.1.213.78/32 ! -i lo
-A acctboth ! -i lo
COMMIT
# Completed on Wed Jul 10 15:06:49 2013

Assisted Solution

Expert: spravtek replied at 2024-07-26 08:28:12
63 points EXCELLENT

You are hosting your own DNS server for your website?

When doing a domain check we get following error:

FAIL: While reading domain NS records at parent name servers, we found name servers without A records

Are you allowing DNS queries through the firewall? Are you using the iptables on this server?

vi /etc/sysconfig/iptables

1:

Select All Code

Look for something like this:

-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT

Just to be sure, check your config as well wit, e.g:

named-checkconf /etc/named.conf

1:

Select All Code

named-checkconf /etc/named.rfc1912.zones

1:

Select All Code

named-checkzone e-hftrade.com /var/named/fwd.e-hftrade.com

1:

Select All Code

Author: duncanb7 replied at 2024-07-26 08:23:34

Please review this thread,

Why there is no record for e-hftrade.com
even I get correct e-hftrade.com.db zone file

Assisted Solution

Expert: savone replied at 2024-07-26 08:15:08
63 points EXCELLENT

No SOA record.

# dig SOA e-hftrade.com

; <<>> DiG 9.9.3-rl.156.01-P1-RedHat-9.9.3-3.P1.fc18 <<>> SOA e-hftrade.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54110
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;e-hftrade.com.                  IN      SOA

;; Query time: 246 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jul 26 11:14:32 EDT 2013
;; MSG SIZE rcvd: 42

Author: duncanb7 replied at 2024-07-26 07:41:44

it is met your requirement, RIght ?

Author: duncanb7 replied at 2024-07-26 07:40:12

my zone file at /var/named/e-hftrade.com.db

; cPanel first:11.32.4.15 (update_time):1363609799 Cpanel::ZoneFile::VERSION:1.3 hostname:vps.e-hftrade.com latest:11.34.1.7
; Zone file for e-hftrade.com
$TTL 14400
e-hftrade.com.      86400      IN      SOA      ns1.e-hftrade.com.      duncanduncan684.yahoo.com.hk.      (
                                    2013031603 ;Serial Number
                                    86400 ;refresh
                                    7200 ;retry
                                    3600000 ;expire
                                    86400 ;minimum
      )
e-hftrade.com.      86400      IN      NS      ns1.e-hftrade.com.
e-hftrade.com.      86400      IN      NS      ns2.e-hftrade.com.
e-hftrade.com.      14400      IN      A      212.1.213.78
localhost      14400      IN      A      127.0.0.1
e-hftrade.com.      14400      IN      MX      0      e-hftrade.com.
mail      14400      IN      CNAME      e-hftrade.com.
www      14400      IN      CNAME      e-hftrade.com.
ftp      14400      IN      A      212.1.213.78
e-hftrade.com.      14400      IN      TXT      "v=spf1 ip4:212.1.210.166 +a +mx +ip4:96.9.161.90 ?all"
webdisk      14400      IN      A      212.1.213.78
whm      14400      IN      A      212.1.213.78
webmail      14400      IN      A      212.1.213.78
cpanel      14400      IN      A      212.1.213.78
ns1      14400      IN      A      212.1.213.78
ns2      14400      IN      A      212.1.213.78

Assisted Solution

Expert: Chris Millard replied at 2024-07-26 07:37:01
63 points EXCELLENT

Check your DNS entries. You should have at least the following:-

e-hftrade.com. 86400 IN SOA ns1.e-hftrade.com.
e-hftrade.com. 86400 IN NS ns1.e-hftrade.com.
e-hftrade.com. 86400 IN NS ns2.e-hftrade.com.
e-hftrade.com. 14400 IN A 212.1.213.78
www 14400 IN CNAME e-hftrade.com

Author: duncanb7 replied at 2024-07-26 07:20:58

But at /etc/resolv.conf there is just one line only but it is so before and after the website
is down, like "nameserver 8.8.8.8" and nothing related to nameserver 212.1.213.78

Author: duncanb7 replied at 2024-07-26 07:19:03

TYping mistake:
I don't know what I made to let my website http is down(
I could NOT see any my webpage on mysite, e-hftrade.com)

Author: duncanb7 replied at 2024-07-26 07:17:17

How can I know my server is enabling DNS server or not ?

Author: duncanb7 replied at 2024-07-26 07:16:53

yes, I also got fail at nslookup e-hftrade.com

212.1.213.78 is my server IP

domain: e-hftrade.com :212.1.213.78
nameserver: ns1.e-hftrade.com: 212.1.213.78
nameserver:ns2.e-hftrade.com: 212.1.213.78

THe ip for nameserver and domain name is same

I reboot and restart up my server that is still not working

Accepted Solution

Expert: Chris Millard replied at 2024-07-26 07:12:12
63 points EXCELLENT

When I try using nslookup with your DNS server:-

nslookup e-hftrade.com 212.1.213.78

I get the following error:-

*** Unknown can't find e-hftrade.com: Server failed

This would lead me to believe the there is some form of problem with the DNS server service on 212.1.213.78. Can you stop and restart the DNS Server service?

&nbps;

About Us|Service|Pricing

即時新聞:↓

即時新聞:↑

On Balance Volume (OBV):

Ask Question Forum:

My website is down but domain name is okay(NOT expired)

Video♬:↓

Your Information

Members/Profolio