DNS/NS issue

[laughingbuddha]

Hi,

About 3-4 weeks ago I moved my 2nd nameserver off of the dedicated server it was on (it was on the same server as ns1, differnt IP), to one of the VPSes I run.

Everything is working fine, domains are resolving happy and all is well.....until now.

I've got a domain that I host on the dedicated server (ns1) and recently I've put a subdomain of that domain on the VPS (ns2). I've done this before and it worked fine, but for some odd reason only on this new subdomain, I'm having intermitant issues connecting to the subdomain via FTP. I have no probs through the browser, just via FTP.

Here's my DNS settings on the main domain on the dedicated server:-

http://yfrog.com/08dns01j

And here's the DNS settings for the subdomain on the VPS:-

http://yfrog.com/08dns02j

Help. This is only happening on this subdomain, and not on another one I did a week ago. I even tried adding an A record for the subdomain to the DNS of the main domain on NS1, but it hasn't made any differnts yet. I changed the domain nameserver entries at 123 Reg about 48 hours ago now, so it should've updated by now.

Matt

[BruceLee]

Maybe thats the reason:
Your nameservers disagree as to which version of your DNS is the latest (1242743176 versus 1242745098). This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 1242745098 is the correct serial.
It's not ok if you have a misconfig in the sync of the two servers.

The serial numbers reported by each DNS server are:
212.241.214.187: 1242745098
80.175.53.226: 1242743176

It could explain the error. Because you receive responses from one or the other, if it's configured as primary/secondary

[laughingbuddha]

NS2 being the VPS is setup as the Secondary to the dedicated server NS1.

How do I resolve this issue?

[BruceLee]

if those two ns servers are your authoritative nameservers for your domain, you have to make sure that both servers respond the same for the domain. either by configuring it manually or better with sync by zonetransfer.
I'm not sure what kind of servers your nameservers are. It seems that you are using your Plesk Servers, so try this:
http://kb.parallels.com/1338

Have you added the server under Plesk>DNS>Shared ACL?

[laughingbuddha]

"Have you added the server under Plesk>DNS>Shared ACL?" Ugh?

No idea. To make the second nameserver I modified the master dns under server to match that of NS1, then I added the domain I use for the nameservers to the server (being youandtheweb.net) then hit Switch DNS Service Mode.

Any more than that I have no idea. I found it very difficult to find any guides online as to how to do it. I did find one, but can't remember what site that was now.

Matt

[BruceLee]

well, as I see, your plesk servers on which you are hosting your domains are also your authoritative nameservers.
That meens, that those two nameservers should respond everything for any domain you are hosting on each of your two
plesk servers with the same responses.
e.g.
ns1.youandtheweb.net >> 80.175.53.226 and
ns2.youandtheweb.net >> 212.241.214.187
should respond the same and compelete DNS config
for secure.limegardens.co.uk and limegardens.co.uk.

Right now you have configured each nameserver to respond correctly for one of those two domains.
The hosting server is not meant to be a good solution for authoritative nameserver, even though it's possible.

I don't think that you can create a dns zone via plesk gui for a domain you don't host on this particular server.
Adding the config into /etc/named.conf manually might also not work because plesk overwrites it.

the solution I see right now is the mentioned article http://kb.parallels.com/1338 :
At first you should allow zone transfer for the secondary DNS server in Plesk. To allow it, secondary DNS server's IP should be listed in NS records for all zones on Plesk server or it should be added to Access Control List (ACL). ACL is be managed on the Server->DNS Settings->Common ACL page in Plesk CP.
If you wish to use Plesk server as Slave DNS server, you have to switch all DNS zones on the Slave Plesk server to 'slave' mode and specify Master nameserver. It can be done by means of "Domains -> DOMAIN NAME -> DNS Settings -> Switch DNS Service Mode". Then add Primary NS address using "Add Record" button.

of course after that you have to create all necessaryentries for secure.limegardens.co.uk on the primary nameserver/plesk server. those entries will be transfered on the slave nameserver.

[laughingbuddha]

The secondary server is listed as a nameserver via the DNS Template on both servers (the dns templates on both servers are identical).

When you say "If you wish to use Plesk server as Slave DNS server, you have to switch all DNS zones on the Slave Plesk server to 'slave' mode and specify Master nameserver." by what do you mean? For example if I'm hosting a subdomain on NS2 (secure.limegardens.co.uk) and the main domain is hosted on NS1 (www.limegardens.co.uk) do I then need to switch the DNS for the subdomain on NS2 to slave?

But then if I have a domain only hosted on NS2 (example www.mydomain.com) do I also switch that to slave? If so that would defeat the point of making it easier to distribute and add domains to other servers. I'm trying to become less reliant on NS1 or at least if NS1 went down for any reason, the domains hosted on NS2 would continue to work.

I'm a little new to developing a hosting structure, but not to servers in general as I've built (hardware wise) many over the years (servers for both LAN and internet for corps) but never had to configure the OSes. I'm aiming to put together some level of redundency, although I still need to sort out a back up solutions to complement the RAID that is already running, altough I'm due to get another dedicated server soon.

Matt

[BruceLee]

The secondary server is listed as a nameserver via the DNS Template on both servers (the dns templates on both servers are identical).

100% exactly the same for limegardens.co.uk and secure.limegardens.co.uk?
can't believe that beacuse a nslookup on ns2.youandtheweb.net for limegardens.co.uk ends up with no response.

When you say "If you wish to use Plesk server as Slave DNS server, you have to switch all DNS zones on the Slave Plesk server to 'slave' mode and specify Master nameserver." by what do you mean? For example if I'm hosting a subdomain on NS2 (secure.limegardens.co.uk) and the main domain is hosted on NS1 (www.limegardens.co.uk) do I then need to switch the DNS for the subdomain on NS2 to slave?

yes, i would configure the common ACL on the primary and add ns2 in there.
configure whole dns on primary for limegardens.co.uk and secure.limegardens.co.uk
on secondary ns2 switch to slave under dns domain settings

But then if I have a domain only hosted on NS2 (example www.mydomain.com) do I also switch that to slave? If so that would defeat the point of making it easier to distribute and add domains to other servers. I'm trying to become less reliant on NS1 or at least if NS1 went down for any reason, the domains hosted on NS2 would continue to work.

no, but in this case you should not configure a Ns-Record with ns1, because the ns1 won't reply anything.
you need two nameservers which respond the same for all domains you host on any of your hostingservers.
they should be configured as primary and secondary so that the dns configs are transfered via zone transfer from the primary to the secondary. so you need to configure just the primary.
thats one of the reasons hosting servers are not usually used as authoritative nameservers.
for domains with subdomains you only host on one server, you could simply just configure one NS-Record, what i would not do. But it's possible.
with a domain on server1 as ns1, and the corresponding subdomain on server2 as ns2 you should set the ACL and slave option.

[Highland]

I found this project of Scott's to be highly useful for doing what you're describing. Very low maintenance. The only Plesk change you would need would be adding the ACL.
http://www.atomicrocketturtle.com/Jooml ... iew/50/29/

[laughingbuddha]

100% exactly the same for limegardens.co.uk and secure.limegardens.co.uk?
can't believe that beacuse a nslookup on ns2.youandtheweb.net for limegardens.co.uk ends up with no response.

I was refering to the main DNS template for the server, not the domain limegardens.co.uk.

Right I've gone on to the main server, into Server -> DNS Zone Template -> Common ACL and added the IP for NS2.

I've then logged into NS2 and switched the subdomain secure.limegardens.co.uk to slave.

Hope that's right.

Eventually I want to use a DNS service as a backup DNS to these servers, but I'm not 100% clear on how to do that at the moment.

Matt

[laughingbuddha]

One thing though, if I log into NS2 and goto the DNS settings for secure.limegardens.co.uk and hit the Switch DNS Service Mode button, there's no DNS master servers/IP listed.

Matt

[BruceLee]

after you are done with configuring check it via nslookup

[laughingbuddha]

Well I've done an nslookup and it seems to be working without having to switch the domain into service mode/slave.

I think the reason it is working without being in slave mode, is that I only added secure.limegardens.co.uk to the server, and not www.limegardens.co.uk.

Thanks for your help guys. I will try and find time inbetween web development projects to build a guide to nameserver creation for dummies/newbies (like me) and add ACL to the guide. I do plan to make the guides I write public, but haven't decided how I will do this yet, be it a personal blog or part of the business website.

Matt

[BruceLee]

sorry to tell you that, but no, it's not correctly set up. Give it a week and you secure subdomain won't work.
you have to set up a working primary/secondary nameserver system.
right now ns2 is not responding authoritatively for your domain and the dns records do not match, soa record is missing.
it seems that ns1 is pretty slow.

[laughingbuddha]

I have an NS1 and NS2 that's ns1.youandtheweb.net and ns2.youandtheweb.net

I've got another subdomain already on the server, which has been happly working for the last month or so. Again, like with limegardens the main domain is hosted on s1.youandtheweb.net which is also ns1.youandtheweb.net, then I added an A record to point to the IP of s2.youandthenet.net which is also ns2.youandtheweb.net where the subdomain ONLY has been added.

Here's a screen grab of the DNS: http://yfrog.com/5ilgdnsj

Its still working ok this morning, and the FTP is also not giving me any probs.

Matt