Some DNS help, setting up properly

Hello everyone,

alright, I don't know too much about DNS and name servers etc. (I mean I know enough to get by and I can understand all the technical terms) but I need to figure out what is going on here.

Here is my delema, I have 3 sites (1 .com, 1.org, and 1.ca)

www.polarixlabs.com (seemingly works fine)
www.cochrane-environment.org (DNS error or cannot find host)
www.coyoteloghomes.ca (DNS error or cannot find host)

Now this is how my network is set up:

-Router (Static not DHCP, manualy configured workstations
with default gateway as my router's IP,
and DNS addresses (2) from my ISP,
my server also has various ports unblocked DNS, POP3 etc etc... so that I can host web sites etc.)

Now this is how I registered my web sites:
(I registered these sites @ different registrars if that makes any difference which it should not)

in the settings when creating the domain (at purchase time) you can specify at least 2 name servers with corresponding IP addressres, I put in whatever, for polarixlabs I belive it was pl1.polarixlabs.com and pl2.polarixlabs.com (mapped to my public address)

I did the same similarly for coyoteloghomes.ca and cochrane-environment.org ns1.polarixlabs.com and ns2.polarixlabs.com both mapped to IP addresses corresponding to my public IP address

Now... I have Windows 2000 Advanced Server (which is really a waste and just like Win2k Server)

What I need to know is how to set up my DNS properly which means I need to know what records are required to make these 2 non functioning domains functional.

for my first domain, polarixlabs.com I have the standard whatever the wizard creates for 'polarixlabs.com' and then I added a host record with a value of 'www' pointing to my public address. Then in IIS I mapped www.polarixlabs.com to a local dir and voila the site works, as does my MX record and mail server.

Now my problem, coyoteloghomes.ca and cochrane-environment.org do not work, and I have followed the exact same procedure so there must be something amiss, I noticed sections to create records for name servers etc. Is there something I have to configure there? or should I go rename the Name Servers @ the registrar's website to ns1.coyoteloghomes.ca etc... does it make a difference.

I am a loss here, and in need of some help. Any assistance or help you can lend is greatly appriciated. Also any more info you may need (which is'nt much i would'nt think) I would be happy to give to you.

Chris

[EDIT]

BTW, those name servers I mentioned earlier (ns1.polarixlabs.com etc.) I did'nt do anything with them, i.e I just came up with them @ that moment, and merely mapped them to my IP address @ the registrar's web site when setting up the domains, do I need to do soemthing with those 'nameserver' names on my server? uhhgg, thanks again, any help is appriciated

This post is a comprehensive list of problems with the polarixlabs.com zone:

DNS Servers for polarixlabs.com as returned by the GTLD core dns servers:

pl1.polarixlabs.com (68.147.134.179) - UDP works, TCP fails
pl2.polarixlabs.com (68.147.134.189) - UDP fails, TCP fails.

Symptoms of the above problem. Long DNS responses impossible cause TCP port 53 is blocked on the primary server. DNS resolution will sometimes fail and sometimes work. Typo on the secondary server IP address?

The zone contents as far as I was able to discover:

polarixlabs.com. SOA omega. admin. 16 15m 10m 1d 1h
polarixlabs.com. NS omega.
polarixlabs.com. MX 10 mail.polarixlabs.com.

www.polarixlabs.com A 68.147.134.179
mail.polarixlabs.com A 68.147.134.179
pl1.polarixlabs.com CNAME www.polarixlabs.com
pl2.polarixlabs.com CNAME www.polarixlabs.com

[polarixlabs.com SOA record]
The OWNER (Primary Server) is set to omega. This is not a valid DNS server domain. pl1.polarixlabs.com is expected.

The MailBox field is set to admin. This is not a valid mailbox domain. Something like admin.polarixlabs.com. is expected.

The erroneous fields can be viewed here:

http://serialcoders.sytes.net/cgi-b...e=ALL&submit=DS

[polarixlabs.com NS record]

There is only 1 when there should be 2. The only NS record is set to 'omega' when that is not a valid DNS server domain. Delete the current NS record and create an NS record for pl1.polarixlabs.com and another for pl1.polarixlabs.com.

Note: Your 2 DNS server domains are properly configured with the CNAME to www.polarixlabs.com which in turn resolves to the valid IP 68.147.134.179. Just edit your registrar record for pl2.polarixlabs.com and you are good to go.

[missing polarixlabs.com A record]

People may wish to access your website via either www.polarixlabs.com or polarixlabs.com. However, with the way you have it setup, only the www host will work. Create an A record under the polarixlabs.com root domain for 68.147.134.179. You may choose to CNAME all other domains to polarixlabs.com to make IP address changes convenient.

[Reverse Lookup Zone for 68.147.134.179 does not exist]

This may not be a problem at all. Currently your ISP owns your IP address reverse resolution (resolving the IP to a domain). However, if you want to play around with your DNS server you should create a zone for '179.134.147.68.IN-ADDR.ARPA' and create a PTR record under it for polarixlabs.com.

179.134.147.68.IN-ADDR.ARPA PTR polarixlabs.com.

If your IP changes however, you may choose to create the following zone and record instead:

147.68.IN-ADDR.ARPA PTR polarixlabs.com.

If your IP changes drastically however, you will be forced to create multiple reverse IP zone files. So it is up to you if you don't want to worry about this section at all.

Now I'll post this and get to the next zone...

This post is a comprehensive list of problems with the cochrane-environment.org zone:

DNS Servers for polarixlabs.com as returned by the NSTLD dns servers:

NS1.POLARIXLABS.COM (unable to resolve)
NS2.POLARIXLABS.COM (unable to resolve)

The NSTLD did not even return 'A' records in the Additional section like it did with the previous domain. See the contrast here:

polarixlabs.com

http://serialcoders.sytes.net/cgi-b...s.com&submit=DS

cochrane-environment.org

http://serialcoders.sytes.net/cgi-b...t.org&submit=DS

Did you not tell the registrar what IP those domains map to?

I attempted to manually resolve ns1.polarixlabs.com to see what happened. The core GTLD DNS servers are returning an IP address for your ns1.polarixlabs.com and ns2.polarixlabs.com which appears to be an IP you USED to have, but is no longer valid.

http://serialcoders.sytes.net/cgi-b...S.COM&submit=DS

ns1.polarixlabs.com and ns2.polarixlabs.com do CNAME to www.polarixlabs.com so it should resolve fine. I do not know why my OS/DNS server combonation was unable to resolve the domain. It should resolve to an IP - whether it would resolve to the correct IP I do not know.

Suggested solution? Tell the registrar for "cochrane-environment.org" that your DNS servers are:

pl1.polarixlabs.com (68.147.134.179)
pl2.polarixlabs.com (68.147.134.179)

Delete the ns1.polarixlabs.com and ns2.polarixlabs.com records from your polarixlabs.com zone. To answer one of your specific questions, it does not matter what name you use for your dns servers.

Moving on to the actual zone file:

http://serialcoders.sytes.net/cgi-b...e=ALL&submit=DS

As you can see, this zone is similarily misconfigured as polarixlabs.com. Reread my post above this one, if necessary, to correct the problems with this zone.

And that concludes the report on this zone. Moving on to the next...

Well that was quick. "coyoteloghomes.ca" shares all the same problems as "cochrane-environment.org". Do the suggested solution found in post 2 with this zone. Do the same changes to this zone as I've mentioned in post 1.

Read my first post and second post at least twice. Use the links I have provided to my script to test your changes as you make them. Of course, if you did not understand any of my instructions, feel free to ask in a reply. Once you have made all the suggested changes, let us know so that we can be sure everything is as it should be (even if your domains work).

I had a sudden urge to explain something only briefly mentioned in my first post.

Once you have fixed your DNS server domains, they'll all be allowing UDP requests, but not TCP requests. I don't know if you want this. The reason lies with your router. You are forwarding UDP port 53 but you are not forwarding TCP port 53.

TCP is used only rarely in the DNS system. When making a request via UDP, the response can only be 512 bytes long. If a domain has large records - or many records - to be returned, some will be truncated and unable to be seen cause of the size limits. The server will tell the client that the response was truncated and the client may then try to make the request again via TCP so that the size limits no longer apply. Considering how your zones are fairly basic, you do not absolutely NEED to allow TCP DNS requests.

The only other thing affected is that I'm not able to make a zone transfer request. With a single request, (a single page returned on my DNS Crawler) I would be able to view your entire zone file. Since I was not able to make that request, I had to do many UDP requests to find the zone contents. But then again, maybe you don't want people to have easy viewing access to your entire zone. I'll let you decide. If you want to just test out what it means to have a zone transfer request performed on you, try the following URLs after you forward TCP port 53.

http://serialcoders.sytes.net/cgi-b...=AXFR&submit=DS

http://serialcoders.sytes.net/cgi-b...=AXFR&submit=DS

http://serialcoders.sytes.net/cgi-b...=AXFR&submit=DS

I have to thank you SilentRage, it appears that I have gotten all my sites to work now. Maybe you could run another one of your tests just to see if anything is amiss, or needs to be added?

THANKS again!

Chris

[EDIT]

How would I set up wither an A record or CNAME so that when people type in just 'polarixlabs.com' OR 'www.polarixlabs.com' it will still go to my site??

Thanks

I was offline for a long time, and since my site is self-hosted, it was down as well. So all the DNS Crawler links above now work (as soon as the DNS servers update with my new IP).

To answer your question...

http://serialcoders.sytes.net/cgi-b...=AXFR&submit=DS

Currently you have a ton of A records. And a lot of IP addresses to change should the IP need changing. To fix this change all the 'A' records to CNAME records with the last field being the zone name:

www.polarixlabs.com. CNAME polarixlabs.com.

Lastly, you need to add an 'A' record to the polarixlabs.com root with the proper IP:

polarixlabs.com. A 123.123.123.123

Since I'm back online and I have many things to do, I haven't the time to give you a full test. :-)

Hi Silent Rage,

I'm trying to set up the system like what colonel_klink did, but it doesn't work. please help...

I had applied a domain name mpgsb.com.my and a fixed IP. I would like to set up my own DNS server, an only one. And I had registed the server (mpgsvr.mpgsb.com.my) as one of the name server in the domain registrant. Since it required at least two name server, I just put it a dummy address for it (mpgsb2.com.my).

I try to used your DNS Crawler to check it with colonel_klink's DNS server and below is the result:

http://serialcoders.sytes.net/cgi-bin/DNS/index.pl?server..=IN&submit=Send+Query

Looks like I can't get respond from my server. I am loss here, and in need of some help. Any help is very much appreciated.


Regards
Fong

When I clicked on the link I got a response. I got a non-authoritative response with no records in the ANSWER section, your 2 name servers in the AUTHORITY section, and 1 ADDITIONAL record providing an IP address for one of the name servers.

Since the response was non-authoritative, it means your server doesn't think it is the owner of that zone. This could be due to a misconfigured zone. Please put your named.conf and zone file on a webserver or something so that you can give me a link to them so that I can see them for myself (if you HAVE to paste them into a post then fine, but I REALLY don't like that).

Sorry, I can't link the file to you. Because... I can't even get my server up to the internet

FYI, my DNS is running on Windows 2003 server and in AD-integrated mode. Below is the content of the zone file (sorry for that). By the way, what is named.conf file? where can I find it.


; Database file mpgsb.com.my.dns for mpgsb.com.my zone.
; Zone version: 680
;

@ IN SOA mpgsvr.mpgsb.com.my. hostmaster.mpgsvr.local. (
680 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL

;
; Zone NS records
;

@ NS mpgsb.com.my.
@ NS mpgsvr.mpgsb.com.my.

;
; Zone records
;

@ 600 A 219.94.124.114
@ 600 A 192.168.0.1
@ 600 A 219.94.124.113

;
; Delegated sub-zone: _msdcs.mpgsb.com.my.
;
_msdcs NS mpgsvr.mpgsvr.local.
; End delegation

_gc._tcp.Default-First-Site-Name._sites 600 SRV 0 100 3268 mpgsvr.mpgsb.com.my.
_kerberos._tcp.Default-First-Site-Name._sites 600 SRV 0 100 88 mpgsvr.mpgsb.com.my.
_ldap._tcp.Default-First-Site-Name._sites 600 SRV 0 100 389 mpgsvr.mpgsb.com.my.
_gc._tcp 600 SRV 0 100 3268 mpgsvr.mpgsb.com.my.
_kerberos._tcp 600 SRV 0 100 88 mpgsvr.mpgsb.com.my.
_kpasswd._tcp 600 SRV 0 100 464 mpgsvr.mpgsb.com.my.
_ldap._tcp 600 SRV 0 100 389 mpgsvr.mpgsb.com.my.
_kerberos._udp 600 SRV 0 100 88 mpgsvr.mpgsb.com.my.
_kpasswd._udp 600 SRV 0 100 464 mpgsvr.mpgsb.com.my.
DomainDnsZones A 219.94.124.113
600 A 192.168.0.1
600 A 219.94.124.114
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones 600 SRV 0 100 389 mpgsvr.mpgsb.com.my.
_ldap._tcp.DomainDnsZones 600 SRV 0 100 389 mpgsvr.mpgsb.com.my.
ForestDnsZones A 219.94.124.113
600 A 192.168.0.1
600 A 219.94.124.114
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones 600 SRV 0 100 389 mpgsvr.mpgsb.com.my.
_ldap._tcp.ForestDnsZones 600 SRV 0 100 389 mpgsvr.mpgsb.com.my.
mpgsvr A 219.94.124.114
A 192.168.0.1
www CNAME mpgsb.com.my.



Have one more questions, hope you can help.

The ISP provide us a fix IP, which is 219.94.124.113. I had configure the IP for my server as 219.94.124.114 and gateway 219.94.124.113. Is that correct? With that settings, we don't have any problem accessing the internet. But I wondering how browser able to see my computer with 219.94.124.113 while my server is set to 219.94.124.114?

Thanks in advance.

Regards,
Fong

Sorry for the long wait on a response. I had never done delegation before, and didn't know what it was for, how to do it, or how it works. Now I do, and can understand what's going on better.

However, there's a lot of things wrong with your zone. I decided to rewrite the thing, but in the process I changed a few things and I don't know if you will like the changes. I really don't know how well you knew what you were doing so some "problems" I've left in there just in case there was some reason for them. Here's the zone file which is confirmed to work on my BIND server. Since you said you don't know what "named.conf" is, then you might not be using BIND in which case I can't guarantee it would work for YOUR server.

In any case, here's my draft of your zone:

http://serialcoders.sytes.net/BIND/mpgsb.com.my.zone

This is my first time setting up our own DNS and Web server. Still need to learn alot. Hope you don't mind advising me. Thanks!

May be I should tell you more on our current setup. Windows 2003 server install with DNS, AD and NAT on a server with two NIC, one connected to the internet and one to the LAN. That's why you find some additional configuraiton in the DNS zone file (e.g. 198.168.0.1).

I had try out your settings, and even change the name server settings of mpgsb2.com.my in registrant to ns2.mpgsb.com.my, but still doesn't work. The error is shown as below

http://serialcoders.sytes.net/cgi-bin/DNS/index.p...it=Send+Query

What else the problems could it be? Looks like the DNS server does not have the authorization. or DNS can not sit together with NAT in windows?

Any advise is very much appreciated! Thanks!

Regards

I did a little packet sniffing to determine exactly what happened in the TCP/IP protocol to produce that error. It appears that when I send a UDP packet to that port, I get in response a ICMP packet saying that the port is unreachable. I did a little searching online to determine why you'd send such a packet and found something.

This may be a firewall issue. Check to be sure that whatever you're using allows UDP packets from the outside world to your port 53 on the computer with the IP of 219.94.124.113.

In addition, let's see if you can access your server locally:

DOS interchange:
----------------------------------------------------------------------------
C:\>nslookup - 219.94.124.113
nslookup warns you maybe and says it'll use that IP as the server

> set type=a
> mpgsb.com.my
nslookup outputs a response
----------------------------------------------------------------------------

So what response did you get?