DNSmanager Documentation

FAQ

This article describes the frequently asked questions about DNSmanager.

Files and logs of DNS-servers


BIND configuration file

CentOS: /etc/named.conf

Debian: /etc/bind/named.conf

BIND domain zone configuration file

CentOS: /var/named/*

Debian: /etc/bind/domains

PowerDNS configuration file

CentOS: /etc/pdns/pdns.conf

Debian: /etc/powerdns/pdns.conf

PowerDNS domain zone records

The records are stored in MySQL tables, a separate database for every name space. The default space is powerdns for CentOS and pdns for Debian.

BIND and PowerDNS logs

CentOS: /var/log/messages

Debian: /var/log/syslog

Master DNS-server diagnostics


DNS server does not respond to request for domain zone

Make sure the DNS-server on the master server responds to requests for the domain zone:

dig <domain> @<IP address> ANY +short
 View details

<domain> — domain name.

<IP address> — DNS-server IP address. Usually, it matches the primary IP address of the server.

A response will look something like this: 

dig domain.name @1.1.1.1 ANY +short
mary.me. root.example.com. 2014041800 10800 3600 604800 86400
ns2.example.com.
ns1.example.com.
"v=spf1 ip4:1.1.1.1 a mx ~all"
10 mail.domain.name.
1.1.1.1

The following response indicates that the DNS-server is not running:

dig domain.nam @1.1.1.1 ANY +short
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.nam @1.1.1.1 ANY +short
;; global options: +cmd
;; connection timed out; no servers could be reached

An empty response indicates that the DNS-server doesn't have information about the domain. Perhaps, it could not upload the domain zone. Open to the log for more details. 

BIND could not upload the domain zone

The most common cause of this issue is the incorrect zone file. 

Please check:

  1. If both the domain and name servers are from the same zone, A-records for the name servers must be specified in the domain zone file. For example,  the domain domain.com and the name servers ns1.domain.com, ns2.domain.com. If A-records are not present, you will see the following information in the log file:  

    zone domain.name/IN: NS 'ns1.domain.name' has no address records (A or AAAA)
    zone domain.name/IN: NS 'ns2.domain.name' has no address records (A or AAAA)
    zone domain.name/IN: not loaded due to errors. 

    To resolve this issue, add A-records into the zone file: 

    ns1 IN A <master name server IP>
    ns2 IN A <slave name server IP>
  2. A and CNAME records cannot be specified for the same subdomain::

    me.domain.name.   IN      A       8.8.8.8
    me.domain.name.   IN      CNAME   google.com

    This can cause the following error:

    zone domain.name/IN: loading from master file /var/named/domain.name failed: CNAME and other data
    zone domain.name/IN: not loaded due to errors.

    Also, it is not possible to create the CNAME record for second-level domains. 

Slave name server diagnostics


Checking connection with the DNS-server 

Try to connect to port 53 of the master server through telnet:

telnet <IP address of the master server> 53

If you cannot connect, check the Firewall settings on the master and slave servers.

Checking domain zone transfer from master to slave

Execute the command:

dig <domain> @<IP-address> axfr
 View details

<domain> — domain name.

<IP address> — the IP address of the master server in the transfer-source directive in the BIND configuration file. You can see it on the edit form of the domain zone owner: Accounts→ Users→ EditIP address.

The response should look like this:

dig domain.name @1.1.1.1 axfr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.name @1.1.1.1 axfr
;; global options: +cmd
domain.name.		3600	IN	SOA	mary.me. root.example.com. 2014041800 10800 3600 604800 86400
domain.name.		3600	IN	NS	ns1.example.com.
domain.name.		3600	IN	NS	ns2.example.com.
domain.name.		3600	IN	TXT	"v=spf1 ip4:1.1.1.1 a mx ~all"
domain.name.		3600	IN	MX	10 mail.domain.name.
domain.name.		3600	IN	A	1.1.1.1
ftp.domain.name.	3600	IN	A	1.1.1.1
mail.domain.name.	3600	IN	A	1.1.1.1
pop.domain.name.	3600	IN	A	1.1.1.1
smtp.domain.name.	3600	IN	A	1.1.1.1
www.domain.name.	3600	IN	A	1.1.1.1
domain.name.		3600	IN	SOA	mary.me. root.example.com. 2014041800 10800 3600 604800 86400

Very often, when configuring IP addresses in DNSmanager (in the "IP address management" module) users provide arbitrary grey or white IPs that might not work on that server. Due to such configuration, you won't be able to transfer the domain as it requires that IP address.

Also domain transfer can be refused on the master server. View the allow-transfer directive on the master server.

Possible causes:

  1. A private IP address which is not accessible from the slave server is specified for the user.
  2. The slave server IP address is not specified in allow-transfer of the domain zone. To add the IP address of the slave server, log into DNSmanager as User (the owner of the domain zone) → Settings→ DNS settingsAllow-transfer.

Access permissions

The following information is displayed in the log file during domain zone transfer: 

zone domain.name/IN: loading from master file /var/named/domain.name failed: permission denied
one domain.name/IN: not loaded due to errors.

It indicates insufficient permissions for the zone file. The zone file must belong to the user who runs BIND:

ls -ld /var/named/domain.name
-rw------- 1 named named 395 Апр 18 06:24 /var/named/domain.name

Also check the  /var/named/ directory permissions:

ls -ld /var/named/
drwxr-x--- 5 root named 4096 Апр 18 06:32 /var/named/