I have two name servers setup with bind. website, example.com, pings and displays fine so I know the dns record for it is ok. But, browsing to mail.example.com and pinging mail.example.com is a fail 90% of the time.
The funny thing is that sometimes a ping test does find mail.example.com and I can check my webmail just fine by browsing to mail.example.com but that only last for about 30 minutes then any ping test after that is back to not being able to resolve mail.example.com and I am not able to navigate to mail.example.com.
by the way, If I ping the mail server just by its public IP and not by the host name mail.example.com, everything is fine and resolving 100% of the time. I can also navigate to my mail server IP in the browser 100% of the time to check my mail and everything is fine. I know this is not a server issue, its got to be DNS.
I don't have something right with my DNS server.
please have a look at my information below and see if you can tell me what I am doing wrong.
When mail.example.com does load in the browser, I run a ping test and this is what I get.
Pinging mail.phrixis.com [52.27.16.178] with 32 bytes of data:
Request timed out.
its actually showing the IP to my mail server.
When I browse to mail.example.com and it doesn't load, I do a ping test and this is what I get.
ping mail.phrixis.com
ping: uknown host mail.phrixis.com
its not picking up the mail server IP at all this time, so that is why its not loading in the browser.
its as if my dns server half the time is saying, " yea, I know where mail.example.com is located" and then the other half of the time it saying "nope, I forgot where mail.example.com is at".
when logged into the ns1.example.com, I dig for mail.example.com and this is what I get.
[root@ns1 ~]# dig @localhost mail.phrixis.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.1 <<>> @localhost mail.phrixis.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8581
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mail.phrixis.com. IN A
;; ANSWER SECTION:
mail.phrixis.com. 86400 IN A 52.27.16.178
;; AUTHORITY SECTION:
phrixis.com. 86400 IN NS ns1.phrixis.com.
phrixis.com. 86400 IN NS ns2.phrixis.com.
;; ADDITIONAL SECTION:
ns1.phrixis.com. 86400 IN A 107.170.58.69
ns2.phrixis.com. 86400 IN A 138.197.212.168
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon May 8 20:00:02 2017
;; MSG SIZE rcvd: 118
[root@ns1 ~]#
When logged into ns1.example.com, I dig example.com and this is what I get.
[root@ns1 ~]# dig @localhost phrixis.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.1 <<>> @localhost phrixis.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31758
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;phrixis.com. IN A
;; ANSWER SECTION:
phrixis.com. 86400 IN A 162.243.60.215
;; AUTHORITY SECTION:
phrixis.com. 86400 IN NS ns1.phrixis.com.
phrixis.com. 86400 IN NS ns2.phrixis.com.
;; ADDITIONAL SECTION:
ns1.phrixis.com. 86400 IN A 107.170.58.69
ns2.phrixis.com. 86400 IN A 138.197.212.168
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon May 8 20:03:58 2017
;; MSG SIZE rcvd: 113
[root@ns1 ~]#
Here is my named.conf file
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
#listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { localhost; 138.197.212.168; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "phrixis.com" IN {
type master;
file "phrixis.com.zone";
allow-update { none; };
};
Here is my example.com.zone file
$TTL 86400
@ IN SOA ns1.phrixis.com. root.phrixis.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
; Specify our two nameservers
IN NS ns1.phrixis.com.
IN NS ns2.phrixis.com.
; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses.
ns1 IN A 107.170.58.69
ns2 IN A 138.197.212.168
; Define hostname -> IP pairs which you wish to resolve.
@ IN A 162.243.60.215
WWW IN A 162.243.60.215
mail IN A 52.27.16.178
IN MX 10 mail.phrixis.com.
any response is greatly appreciated as I am new to running DNS servers.
It is obvious that why the DNS resolution some times works and sometimes it doesn't. You have advertised two authoritative name servers -
ns1.phrixis.com.
andns2.phrixis.com.
. One of them -ns2.phrixis.com.
- is not resolving the dns entry -Solution - make sure that ns2 has the right record as well. I can see that you have the allow-transfer block for ns2
allow-transfer { localhost; 138.197.212.168; };
But you need to validate the zone records are being replicate to ns2.If ns2 is a secondary dns server, make sure it has the right configuration and that the zone transfer from ns1 to ns2 is working.
Also make sure that ns2 doesn't have any firewall blocking port 53 udp/tcp.
Reference to setup slave dns server - http://www.microhowto.info/howto/configure_bind_as_a_slave_dns_server.html