CentOS with ISPConfig3 not resolving

Matt asked:

I have recently setup a Centos 6.3 VPS running ISPConfig3 and Webmin with Nginx as the web server and BIND as the DNS server. This is the first time I’ve tinkered with ISPConfig, Webmin and Nginx.

I did have it all up and running however needed to reboot it the other day. So far I’ve not been able to get any domain names to resolve to it since the reboot. I’ve run through all the firewall settings, confirmed the DNS zones checked the nameservers etc with no luck.

I can access ISPConfig and Webmin via the server IP address, I can SSH into the server via the IP, and dig returns noerror for both nameservers either from my local computer or from the server:

dig ns3.terraserve.com.au

; <<>> DiG 9.8.3-P1 <<>> ns3.terraserve.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6408
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;ns3.terraserve.com.au.     IN  A

ns3.terraserve.com.au.  9685    IN  A

;; Query time: 26 msec
;; WHEN: Wed Feb 27 14:24:26 2013
;; MSG SIZE  rcvd: 55

This has got me a bit stumped given it was all running perfectly fine before the reboot.

The domain is terraserve.com.au and the nameservers are ns3.terraserve.com.au and ns4.terraserve.com.au.

Going to terraserve.com.au should show an Nginx index.html file at present.

Any ideas to point me in the right direction would be greatly appreciated!

My answer:

OK, you have two major issues here:

  1. Your host does not respond to DNS queries or even to pings. Since this is the only listed nameserver for your domain, it is therefore impossible for anyone to resolve any records in your domain.

    I see, however, that it does respond on port 22, which indicates that you have misconfigured your firewall. Fix the firewall configuration: You need to allow inbound port 53 on UDP and TCP; and it’s also a good idea not to block ICMP (as you have).

  2. You only have one nameserver. You cheated by assigning two hostnames the same IP address. This is a bad idea because if the single nameserver has a problem, there is no backup. (RFC 2182)

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.