« Return to Thread: Difficulty changing nameservers on domain registar's site
Re: Difficulty changing nameservers on domain registar's site
by Jani Karlsson
::
Rate this Message:
Hi,
Your problem is with SOA DNS-record:
The given nameservers return different SOA entries.
So either your SOA serial, data or TTL differs between servers. Or it
just that other server doesn't respond to SOA request that is making the
SOA check fail, even though the problem is not with SOA but in that the
nameserver isn't responding (common GoDaddy error), blaims SOA missing
or faulty when actually the problem is that the nameserver isn't responding.
I hope this clears things a bit.
Cheers,
Jani Karlsson
SashaB wrote:
> Ken,
>
> I'm not sure what you mean. For example, so we didn't have to enter
> different NS for 50 domains, I registered a domain name specifically for
> use with NS (that is their sole purpose) and I've set up NS for multiple
> website domain names that are identical--kinda like a webhosting company
> does? There are four NS on two different servers at two datacenters in
> different parts of a region (for which I haven't mirrored or set up
> round-robin yet, though I intend to do so--and research shows I can on
> pdns). Actually, two of the NS point to the same IP address as does the
> one in question and several other NS point to that IP, too. All server
> diffent content--blogs, websites, web interfaces for pdns, web guis for
> various applications, webmail servers--just fine.
>
> This works, in part, because the actual content is served, in most
> cases, though not all, from an entirely different IP addresses from the
> NS IP addresses (and the virtual host settings on apache reflect that).
> Yet, we have no problem reaching any of that content, even where the NS
> IP address are shared with content-serving hostnames rather than
> dedicated only to doing NS resolution like other IP addresses. Again,
> domain resolution isn't only about the nameservers--it's about the hosts
> and host.conf files, as well as whatever backends we use, too. (There
> are some other factors, like resolvers, but you get my point.)
>
> So, as I explained, my mail/webmail NS are on different IP addresses
> under its domain name from the content the webmail server and mail
> server 'serves'. All DNS records for the domain are contained on its
> master server, including both NS, which point back to those IP
> addresses. The secondary NS has it's own master record on the server
> where it's located and contains only its IP address, since pdns doesn't
> use "pointer" records, relying instead on it's native ability to resolve
> properly configured DNS.
>
> Since I've created an "A" record for those IP addresses from which
> actual content is served in the DNS records on our registrar's site (and
> have properly configured the vhosts in apache), when we enter either our
> webmail server IP address or its hostname, my webmail server software
> admin page loads--just like it should.
>
> When I load up the gui interface for our mailserver under either the
> hostname, which is something like "mailservertype.maildomain.eu", it
> loads perfectly. This stuff's fairly idiot proof because apache, mysql
> and pdns all let you know when you've misconfigured stuff by not working
> right--or at all.
>
> Therefore, I don't know how your answer relates to my problem and it
> doesn't address the issue of the registrar not being able to reach the
> secondary NS, which is on an entirely different server and has a
> separate IP address. This doesn't appear, as you suggested when I posted
> my last question about how PDNS works differently from BIND and again in
> this post, as my lack of understanding DNS. I'm new to PDNS, not to DNS.
> I couldn't have set this system up if I didn't have DNS understanding
> and the registrar for my other domain names seems to have no problem
> adding our changed NS to their system, so, our NS configuration aren't
> the problem.
>
> If anyone else has any suggestions--especially those in the EU where
> this seems to be an issue--at least when I bing(.com) it, I would
> greatly appreciate your help.
>
> Sasha
>
> On Thu, Jul 2, 2009 at 9:40 AM, Kenneth Marshall <ktm@...
> <mailto:ktm@...>> wrote:
>
> On Thu, Jul 02, 2009 at 09:15:03AM -0400, SashaB wrote:
> > Hello all,
> >
> > This is a long post with a lot of info since I thought you should
> know as
> > much as possible about these NS before (a) having to ask the obvious
> > questions and (b) so you can offer suggestions.
> >
> > Here's the situation. I have set up the NS for our domains (on
> four servers)
> > and nearly all resolving properly to the domains to which they
> point. (For
> > those few that are not, I have figured out and corrected the
> issue; now
> > we're waiting for the changes to propogate.)
> >
> > However, we I have a specific domain registered via a registrar
> in the EU
> > for one of our mail/webmail servers and, each time I try to
> change the NS
> > (domain 'owners' can modify their own DNS on the registrar's site
> similar to
> > (but far simpler than) GoDaddy's "Total DNS"), I get the
> following errors:
> >
> > ns1.maildomain.eu --->"The given nameservers return different
> SOA entries."
> > ns2.maildomain.eu --->"Connection to server failed."
> >
> > Before providing your help, you should know the following:
> >
> > 1) The nameservers are shared by other NS, all of which have
> domain names
> > associated for their specific purposes. (For example:
> ns1.foodomain.net <http://ns1.foodomain.net>,
> > dns1.thisdomain.com <http://dns1.thisdomain.com>,
> ns1.maildomain.eu, etc.). I've pointed all "ns1"
> > domains to one IP address on each server and "ns2" are pointed to a
> > different IP address on each server but share the same IP address
> on that
> > server, etc.
> > 2) The NS for this domain are on different servers in the same
> region and
> > located in entirely different datacenters.
> > 2) While there is a master record for the ccTLD itself on its
> resident
> > server, I've also set up a separate master record for the NS1 so
> I can see
> > updating serial numbers for just the NS. Because I also set up, as a
> > supermaster, the hostname for the servers on which each of their
> NS has its
> > master record, without creating each NS as a slave on the master
> server for
> > that record, they each show on the other server as a slave and
> their serial
> > numbers (and my logs, which I've set up to view by secure
> webserver) show
> > they have been updating regularly.
> > 3) Websites and other applications, some with the same NS IP (but
> different
> > domain name), are resolving correctly.
> > 3) All NS point to IP addresses, not CNAMEs or redirects. In
> fact, I tend to
> > use IP addresses over hostnames because they resolve better if we
> make DNS
> > changes to hostnames.
> > 4) I 'played around' with the NS to learn how pdns works and
> determine how
> > best to set them up, especially for security and convenience. In that
> > process, I found it was just easier to point the NS for all of
> our domains
> > to the same IPs on each server and use other IPs for other
> purposes (like
> > pointing a domain's webservers to). So, I changed the IP
> addresses for the
> > NS, deleted and recreated NS records, updated SOA records, etc.
> That may
> > affect the SOA entries.
> > 5) The NS have been live for at least 24 hours each.
> > 6) The NS point to different IPs from the domain's other records,
> like the
> > MX and webmail server, which have their own IP addresses. I've
> configured my
> > virtual hosts in apache accordinly (except I did not create any
> for the NS.)
> > 7) The SOA record of NS record on each server points to the
> appropriate IP
> > address and is configured, "ns1.maildomain.eu
> > hostmaster.masterrecordserver.com
> <http://hostmaster.masterrecordserver.com>". Since each is on
> different servers, the
> > "hostmaster" domain name is for that server, not the master
> server (ns1) of
> > the domain itself.
> > 8) I've given the registrar's IP address access to my server (via
> > hosts/csf.allow and the firewall) and added its network address
> to the
> > 'axfr' setting in pdns.conf. The pdns-recursor is not active on
> one server
> > (configuration issues) but is on the other. On the server with
> pdns-recursor
> > running, each master record has a corresponding "in-address.arpa"
> entry. I'm
> > still working on that for the other server. Neither server,
> however, is
> > experiencing resolution issues with the domains not associated
> with these in
> > question.
> >
> > So, that all said, I have a few questions that might be a source
> of some
> > issues:
> >
> > 1) I've taken the extra step of creating an "A" record for each
> NS in the
> > domain's DNS settings on the registrar's site as well as updating
> the other
> > records for the domain in the registrar's DNS as well, thinking
> that may
> > help. Will that affect the SOA records?
> > 2) Do the changes I've made to the master records, i.e., changing
> the IP
> > address of the NS several times before deciding on a final
> configuration,
> > cause such problems? (The NS for my websites, which have totally
> different
> > NS, in part, so we don't have these issues with them, have been
> 'cast in
> > stone' for several weeks and haven't changed so they're resolving
> > correctly.)
> > 3) My understanding is that mysql acts as recursor when
> pdns-recursor. How
> > can I tell if the records in mysql are correct? (I've looked at
> the records
> > via Webmin but they don't contain full record entries or have IP
> numbers
> > associated, so I can't tell how accurate they are.)
> > 4) How does pdns-recursor and rDNS configuration affect
> resolution? Could
> > that be part of the issue?
> >
> > Finally, I've done searches online and found that others have
> this issue
> > with EU-based registrars. Ostensibly, this is to prevent NS
> > misconfiguration. But, I'm finding pdns is pretty good at that so
> I'm not
> > understanding the problem. But, since I have three more domains
> with this
> > registrar, I've got to so I can fix it. Please provide your
> > solutions-oriented assistance in trying to ressolve this issue so
> we can use
> > our own NS for our mail/webmail servers.
> >
> > If you've read this far, thank you and I look forward to your help.
> >
> > Sasha
>
> Hi Sasha,
>
> Thank you for the detailed description, but I think that the problem
> is described correctly by the error message you received from your
> domain registrar:
>
> your nameservers have different SOA records (paraphrasing)
>
> All nameservers for a domain, by definition should have and serve
> identical content. I think that once you fix this inconsistancy it
> will all work.
>
> Regards,
> Ken
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@...
> http://mailman.powerdns.com/mailman/listinfo/pdns-users_______________________________________________
Pdns-users mailing list
Pdns-users@...
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Your problem is with SOA DNS-record:
The given nameservers return different SOA entries.
So either your SOA serial, data or TTL differs between servers. Or it
just that other server doesn't respond to SOA request that is making the
SOA check fail, even though the problem is not with SOA but in that the
nameserver isn't responding (common GoDaddy error), blaims SOA missing
or faulty when actually the problem is that the nameserver isn't responding.
I hope this clears things a bit.
Cheers,
Jani Karlsson
SashaB wrote:
> Ken,
>
> I'm not sure what you mean. For example, so we didn't have to enter
> different NS for 50 domains, I registered a domain name specifically for
> use with NS (that is their sole purpose) and I've set up NS for multiple
> website domain names that are identical--kinda like a webhosting company
> does? There are four NS on two different servers at two datacenters in
> different parts of a region (for which I haven't mirrored or set up
> round-robin yet, though I intend to do so--and research shows I can on
> pdns). Actually, two of the NS point to the same IP address as does the
> one in question and several other NS point to that IP, too. All server
> diffent content--blogs, websites, web interfaces for pdns, web guis for
> various applications, webmail servers--just fine.
>
> This works, in part, because the actual content is served, in most
> cases, though not all, from an entirely different IP addresses from the
> NS IP addresses (and the virtual host settings on apache reflect that).
> Yet, we have no problem reaching any of that content, even where the NS
> IP address are shared with content-serving hostnames rather than
> dedicated only to doing NS resolution like other IP addresses. Again,
> domain resolution isn't only about the nameservers--it's about the hosts
> and host.conf files, as well as whatever backends we use, too. (There
> are some other factors, like resolvers, but you get my point.)
>
> So, as I explained, my mail/webmail NS are on different IP addresses
> under its domain name from the content the webmail server and mail
> server 'serves'. All DNS records for the domain are contained on its
> master server, including both NS, which point back to those IP
> addresses. The secondary NS has it's own master record on the server
> where it's located and contains only its IP address, since pdns doesn't
> use "pointer" records, relying instead on it's native ability to resolve
> properly configured DNS.
>
> Since I've created an "A" record for those IP addresses from which
> actual content is served in the DNS records on our registrar's site (and
> have properly configured the vhosts in apache), when we enter either our
> webmail server IP address or its hostname, my webmail server software
> admin page loads--just like it should.
>
> When I load up the gui interface for our mailserver under either the
> hostname, which is something like "mailservertype.maildomain.eu", it
> loads perfectly. This stuff's fairly idiot proof because apache, mysql
> and pdns all let you know when you've misconfigured stuff by not working
> right--or at all.
>
> Therefore, I don't know how your answer relates to my problem and it
> doesn't address the issue of the registrar not being able to reach the
> secondary NS, which is on an entirely different server and has a
> separate IP address. This doesn't appear, as you suggested when I posted
> my last question about how PDNS works differently from BIND and again in
> this post, as my lack of understanding DNS. I'm new to PDNS, not to DNS.
> I couldn't have set this system up if I didn't have DNS understanding
> and the registrar for my other domain names seems to have no problem
> adding our changed NS to their system, so, our NS configuration aren't
> the problem.
>
> If anyone else has any suggestions--especially those in the EU where
> this seems to be an issue--at least when I bing(.com) it, I would
> greatly appreciate your help.
>
> Sasha
>
> On Thu, Jul 2, 2009 at 9:40 AM, Kenneth Marshall <ktm@...
> <mailto:ktm@...>> wrote:
>
> On Thu, Jul 02, 2009 at 09:15:03AM -0400, SashaB wrote:
> > Hello all,
> >
> > This is a long post with a lot of info since I thought you should
> know as
> > much as possible about these NS before (a) having to ask the obvious
> > questions and (b) so you can offer suggestions.
> >
> > Here's the situation. I have set up the NS for our domains (on
> four servers)
> > and nearly all resolving properly to the domains to which they
> point. (For
> > those few that are not, I have figured out and corrected the
> issue; now
> > we're waiting for the changes to propogate.)
> >
> > However, we I have a specific domain registered via a registrar
> in the EU
> > for one of our mail/webmail servers and, each time I try to
> change the NS
> > (domain 'owners' can modify their own DNS on the registrar's site
> similar to
> > (but far simpler than) GoDaddy's "Total DNS"), I get the
> following errors:
> >
> > ns1.maildomain.eu --->"The given nameservers return different
> SOA entries."
> > ns2.maildomain.eu --->"Connection to server failed."
> >
> > Before providing your help, you should know the following:
> >
> > 1) The nameservers are shared by other NS, all of which have
> domain names
> > associated for their specific purposes. (For example:
> ns1.foodomain.net <http://ns1.foodomain.net>,
> > dns1.thisdomain.com <http://dns1.thisdomain.com>,
> ns1.maildomain.eu, etc.). I've pointed all "ns1"
> > domains to one IP address on each server and "ns2" are pointed to a
> > different IP address on each server but share the same IP address
> on that
> > server, etc.
> > 2) The NS for this domain are on different servers in the same
> region and
> > located in entirely different datacenters.
> > 2) While there is a master record for the ccTLD itself on its
> resident
> > server, I've also set up a separate master record for the NS1 so
> I can see
> > updating serial numbers for just the NS. Because I also set up, as a
> > supermaster, the hostname for the servers on which each of their
> NS has its
> > master record, without creating each NS as a slave on the master
> server for
> > that record, they each show on the other server as a slave and
> their serial
> > numbers (and my logs, which I've set up to view by secure
> webserver) show
> > they have been updating regularly.
> > 3) Websites and other applications, some with the same NS IP (but
> different
> > domain name), are resolving correctly.
> > 3) All NS point to IP addresses, not CNAMEs or redirects. In
> fact, I tend to
> > use IP addresses over hostnames because they resolve better if we
> make DNS
> > changes to hostnames.
> > 4) I 'played around' with the NS to learn how pdns works and
> determine how
> > best to set them up, especially for security and convenience. In that
> > process, I found it was just easier to point the NS for all of
> our domains
> > to the same IPs on each server and use other IPs for other
> purposes (like
> > pointing a domain's webservers to). So, I changed the IP
> addresses for the
> > NS, deleted and recreated NS records, updated SOA records, etc.
> That may
> > affect the SOA entries.
> > 5) The NS have been live for at least 24 hours each.
> > 6) The NS point to different IPs from the domain's other records,
> like the
> > MX and webmail server, which have their own IP addresses. I've
> configured my
> > virtual hosts in apache accordinly (except I did not create any
> for the NS.)
> > 7) The SOA record of NS record on each server points to the
> appropriate IP
> > address and is configured, "ns1.maildomain.eu
> > hostmaster.masterrecordserver.com
> <http://hostmaster.masterrecordserver.com>". Since each is on
> different servers, the
> > "hostmaster" domain name is for that server, not the master
> server (ns1) of
> > the domain itself.
> > 8) I've given the registrar's IP address access to my server (via
> > hosts/csf.allow and the firewall) and added its network address
> to the
> > 'axfr' setting in pdns.conf. The pdns-recursor is not active on
> one server
> > (configuration issues) but is on the other. On the server with
> pdns-recursor
> > running, each master record has a corresponding "in-address.arpa"
> entry. I'm
> > still working on that for the other server. Neither server,
> however, is
> > experiencing resolution issues with the domains not associated
> with these in
> > question.
> >
> > So, that all said, I have a few questions that might be a source
> of some
> > issues:
> >
> > 1) I've taken the extra step of creating an "A" record for each
> NS in the
> > domain's DNS settings on the registrar's site as well as updating
> the other
> > records for the domain in the registrar's DNS as well, thinking
> that may
> > help. Will that affect the SOA records?
> > 2) Do the changes I've made to the master records, i.e., changing
> the IP
> > address of the NS several times before deciding on a final
> configuration,
> > cause such problems? (The NS for my websites, which have totally
> different
> > NS, in part, so we don't have these issues with them, have been
> 'cast in
> > stone' for several weeks and haven't changed so they're resolving
> > correctly.)
> > 3) My understanding is that mysql acts as recursor when
> pdns-recursor. How
> > can I tell if the records in mysql are correct? (I've looked at
> the records
> > via Webmin but they don't contain full record entries or have IP
> numbers
> > associated, so I can't tell how accurate they are.)
> > 4) How does pdns-recursor and rDNS configuration affect
> resolution? Could
> > that be part of the issue?
> >
> > Finally, I've done searches online and found that others have
> this issue
> > with EU-based registrars. Ostensibly, this is to prevent NS
> > misconfiguration. But, I'm finding pdns is pretty good at that so
> I'm not
> > understanding the problem. But, since I have three more domains
> with this
> > registrar, I've got to so I can fix it. Please provide your
> > solutions-oriented assistance in trying to ressolve this issue so
> we can use
> > our own NS for our mail/webmail servers.
> >
> > If you've read this far, thank you and I look forward to your help.
> >
> > Sasha
>
> Hi Sasha,
>
> Thank you for the detailed description, but I think that the problem
> is described correctly by the error message you received from your
> domain registrar:
>
> your nameservers have different SOA records (paraphrasing)
>
> All nameservers for a domain, by definition should have and serve
> identical content. I think that once you fix this inconsistancy it
> will all work.
>
> Regards,
> Ken
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@...
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
Pdns-users mailing list
Pdns-users@...
http://mailman.powerdns.com/mailman/listinfo/pdns-users
« Return to Thread: Difficulty changing nameservers on domain registar's site
| Free embeddable forum powered by Nabble | Forum Help |
