skip to Main Content

I have been struggling with this for about 3 days now. I will continue to work on it as I wait for anyone to help but I’m having the following problem. I will use examples in this post to mask the domains and IPs somewhat. This is not to make more work for you I just don’t want it easily cached in search results on google etc. Thank you in advance for any help

I have installed WHM on a Cloudlinux system hosted on a VM using VMWare. The domain(In this case lets call it domain.co.za) was used as the hostname of the system and if you go to that domain it actually loads. That domain name is pointing to Cloudflare which in turn points back A records to the WHM server as the nameservers i would like to use. This system is currently using PowerDNS as well

Now what I also have encountered is that the ns1.domain.co.za is working fine(This is also the machines hostname) but the ns2.domain.co.za is not

If I try to set nameservers for any other domains it does not allow me to change them and they are giving the following errors

Authoritative Nameserver failure for domain

This I am assuming is because of the following error when I use intoDNS to check what the problem is(this is not for domain.co.za this is for a domain I own called orginc.co.za which only the ns1.domain.co.za is accepted and not ns2.domain.co.za)

The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers

When I use a dig command I get the following results for ns2(Please note actual IPs changed)

Host 20.20.20.164.in-addr.arpa. not found: 3(NXDOMAIN)
[root@ns1 ~]# dig ns2.domain.co.za

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> ns2.domain.co.za
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 61082
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns2.domain.co.za.                IN      A

;; Query time: 0 msec
;; SERVER: 164.20.20.20#53(164.20.20.20)
;; WHEN: Sat Feb 13 12:11:12 SAST 2021
;; MSG SIZE  rcvd: 51

I have been reading around and it seems like the general consensus is that it is a reverse DNS issue but I’m not sure how to proceed. I get answers like the following that I found on a cPanel forum

This functionality only works if your data center has delegated permission to your server to control the entry

But at the end of the day, we own the physical hardware that we put in at the data center.

I do not know how to proceed at the moment but will keep trying in the meantime

2

Answers


  1. Chosen as BEST ANSWER

    Ok everyone so the sequence of events went as follows.

    1. List item There was an A record mismatch on WHM itself as ns2.iclixhosting.co.za was not set in the iclixhosting.co.za zones
    2. Reverse DNS had to then propagate
    3. We then had a firewall issue that needed a bypass for port 53 on that IP

    In other words for future people reading this answer make sure of the above-mentioned items if you have problems similar to this


  2. I am assuming domain.co.za is a dummy domain name and not the actual one.

    From what I’ve read so far, it seems that you may have some troubles with domain NS.

    first thing to check is who’s configured as NS for `domain.co.zak

    $ dig NS domain.co.za
    

    Then make sure whatever NS entries are returned, those servers must have the zone entries for the domain. What I am assuming is the case is that you have ns1.domain.co.za as well as ns2.domain.co.za but for one reason or another, only one of these is aware of your entries.

    Typically you’d host your zone on ns1.domain.co.zak and then you authorise ns2.domain.co.za` to fetch your zone entries (known as AXFR) so this way both name servers are in sync and have all the zone entries. This might be where the problem is if ns2 is unable to fetch the zone. This is a long shot in the dark here, but you can try this:

    ns2$ dig @ns1.domain.co.za AXFR domain.co.za
    

    NS2 should be able to obtain zone entries from NS1.

    Again, all the above is just a wild guess 😉

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search