domain won't resolve with www prefix

[Trialsman]

Hi, folks. I have just spent four hours on my RH7.1 DNS server and it finally resolves my domain name for the first time ever. Sort of.

My domain name is discovermountainbiking.net and that works, try it. BUT! I don't understand this and nothing I have done fixed it,

http://www.discovermountainbiking.net

does NOT resolve.

I need help!

Thanks much.

 

[Trialsman]

Hi, Optimised.

My RH7.1 server sits behind a firewall, so I did not install IPchains when I configured my server. All I had to do was instruct my firewall to forward any port 53 request to my RH7.1 server IP address.

However, if your server isn't behind a firewall, you'll need to leave IPchains running. By default, during installation the IPchains firewall is set at HIGH for maximum security, it also closes all ports. You'll have to set a rule to open port 53 (DNS), 80 (www) and 21 (FTP). There are more for POP, SMTP, Telnet etc.

Here is a way to test if your RH server is filtering or blocking port 53. Shut down your firewall by going to the console and typing setup. On the menu, select Firewall, then select NO firewall. Reboot. Do your checks to see if things are working or not. If DNS is working, quickly go back to setup, configure the firewall for HIGH and reboot again. Then you can go back to setup, firewall, Customize, and open port 53 under the heading Other ports. If DNS did NOT work after you turned it off, you have other problems, it's not your firewall. In any case, make sure you go back and reactivate your firewall.

I have now collected five different documents on setting up DNS, each one incomplete. Between them all I was able to get my server partially functional.

I can send you the links to all those documents if you like. They still aren't enough though. It still isn't 100%.

 

[optimised]

Hi,
Thanks for the firewall setup tip. Works now. I still can only get to my beta test page using my ip 206.107.69.66
in browser.
You had mentioned you were using c-class ip addresses for your virtualhost.
I'd be interested in a snippet of your httpd.conf virtual host section, named.conf and zone files.
Maybe between us we can get this going.
hometoolz@hometoolz.com ~one of my other sites I'd like to transfer to my server.
Hang-in there. It's been quite a test so far for me .
I like those post where people say it worked right out of the box. hehehe
take care..

 

[Trialsman]

Glad I could help Optimised. I can guide you a great deal more. I can access two domains by name. It's just a little screwy. I'll send you an e-mail.

 

[marsd]

Hi optimised,
Looks like you never have run out of troubles..sorry to
hear it..

Some ideas:
DNS only uses tcp for zone transfers and large zone queries:
those over 512 bytes,which, for my sites, are rare.
A firewall blocking udp port 53 will block all queries to your sites dns so this is a no-no. On the other hand
blocking tcp at your firewall may seem to work,. but technically, dns will still be broken. You need udp
both ways from 53 at a bare minimum.

Zone transfers should be allowed to your slaves only; and for this there are acls. In earlier posts you said you were using one of the newer "secure" bind implementations. Maybe
you should just run a minimal test config (like caching
dns with a forwarder) and see if that works, then move up from there?


You had an earlier question about virtual hosting:
This works the same as any othe entry-apache points to it from a "bind-address:" listing and your dns records the
record like anything else

fwd zone

dns info for mydomain.com. here..

IN NS 204.x.x.x
IN NS 204.x.x.x
IN MX 10 204.x.x.x

NS1 IN A 204.x.x.x
NS2 IN A 204.x.x.x

web1 IN A 204.x.x.x
IN HINFO rh7.1 web
IN MX 50 relayer.isp.net

web2 IN CNAME web1.mydomain.com.
IN TXT Virthost


The reverse zone was where your question was. You do not
set up another conf entry for each reverse. The reverse
zone file takes care of this.

(206.107.69.x/24 range ip address)
reverse zone file info for mydomain.com.

66 IN PTR web1.mydomain.com.
64 IN PTR ns1.mydomain.com.
63 IN PTR ns2.mydomain.com.

You will notice that there is no reverse for the virthost-
:it is not necessary: if the name resolves for the cname at
web1.

A final note: unless you are behind a proxy it makes no sense for anyone to filter or block udp dns traffic so
I can't imagine that your isp is doing this....

 

[marsd]

optimized, posted while you were posting, too late, congrats.

 

[ifincham]

Hi,





I've been playing with the apache name-based virtual hosting and here's how it works as simply as possible :





You need the following in your httpd.conf:





NameVirtualHost 172.16.16.1:80





<VirtualHost 172.16.16.1>


UseCanonicalname off


ServerName vhost1.mydomain.com


DocumentRoot /var/

http://www/html/vhost1

</VirtualHost>





<VirtualHost 172.16.16.1>


UseCanonicalname off


ServerName vhost2.mydomain.com


DocumentRoot /var/

http://www/html/vhost2

</VirtualHost>





Obviously you put the site content into those two sub-directories...





Then you need to edit your mydomain.com zone file ... The trick seems to be to only have one 'A' (address) record for the ip address and set the others as canonical names (CNAME entries) only :





(snip)


ns1 IN A 172.16.16.1


vhost1 IN CNAME ns1


vhost2 IN CNAME ns1





Then wake up named & httpd...





It works for me like that anyway - e.g. using

http://vhost1.mydomain.com

and

http://vhost2.mydomain.com.

(actually I've done it without a reverse-zone file so try it that way first..) I'm sure you could adapt it to use different domains pointing at the same IP...





Regards

 

[optimised]

Still unable to get response from server. I have posted my config files at 206.107.69.66 seems this is the only way I can get a response is by using my ip in browser.

Thanks everyone for all you help!

 

[Trialsman]

Well, to let everyone know that has been posting here...

I can enter any of my domain names now and they all resolve to my Apache default page. I guess that's good. At least DNS is set up well enough to get Apache to respond on all domains.

I have no idea what is wrong now. I have all zones set up, virtual hosts specified in Apache and hosts specified in /etc/hosts. Everything works perfectly on the server itself. But only the Apache default page comes up from the outside.

Guess I'll try to Apache server group next. Thanks for all your ideas...

 

[ifincham]

Hi,

If all your sites are on the same IP address and the canonical names are being resolved correctly to that IP address via your bind server, then it is indeed the apache virtual hosting you need to look at.

The examples I gave earlier require HTTP 1.1 compliant browsers (its to do with sending the canonical name in the host: header). Netscape 4.7x should work although its really only HTTP 1.0 compliant because it nonetheless includes the host info when it sends a 'get' request. So that could be a problem if you're using an older browser. You would also have had to have the module not commented- out in your config - i.e. vhost_alias_module .

To cover people using older browsers, you can set it up so that the url is redirected - e.g. using syntax

http://www.abc.com/site1

which would be received as x.x.x.x/site1 so the '/site' is the only info upon which you can redirect.

Have a look at -->

http://www.apache.org/docs-2.0/vhosts/

and also

http://www.apache.org/docs-2.0/mod/mod_vhost_alias.html

.

Regards

 

[optimised]

Hi folks,
Still can only get page by using ip address. I'm missing something somewhere and can't find it. Could someone please review my files. Thanks for all your help...

machine hostname = ns1.myhostman.com
server name = ns1.myhostman.com
my registered beta domain name

http://www.myhostman.com

my ns1.myhostman.com ip =206.107.69.66
my ns2.myhostman.com ip =206.107.69.67
I am using named vhosting but I think it's a dns problem
dig @127.0.0.1

http://www.myhostman.com

= fine
dig @127.0.0.1 myhostman.com = serverfail
dig

http://www.myhostman.com

or myhostman.com= serverfail
ping ip and ns1 fine
ping domain fails

//Host file
127.0.0.1 localhost.localdomain localhost
206.107.69.66 ns1.myhostman.com myhostman

//my zone file
$TTL 86400
@ IN SOA ns1.myhostman.com. hostmaster.myhostman.com. (
20010814; Serial
12H ; Refresh
1H ; Retry
2W ; Expire
1D ) ; Minimum
IN NS ns1.myhostman.com.
IN NS ns2.myhostman.com.

http://www IN

A 206.107.69.66
ftp IN A 206.107.69.66

http://www IN

A 206.107.69.67
mail IN A 206.107.69.67
IN MX 5 mail.myhostman.com.

//resolve.conf
search mydomain.com
nameserver ip of isp's nameserver

btw-I have servers off right now until
I resolve this problem.

 

[Trialsman]

To ifincham,

My setup is not like what you posted a couple days ago, since that was name-base vhosting.

My public IPs are used by firewall boxes which use port forwarding to send DNS, http, ftp etc requests to the correct srvers.

Behind my firewalls I have two servers with DNS and web on each (for now until I get more boxes and move DNS off), and they are entirely class C IP driven. I am using IP-based virtual hosts. I have my DNS configured to the point that all my domain names at least get a response from my web servers with the Apache test page. I believe this means all my forward zones are correct.

Furthermore, DIG verfies that my forward domain zones and 0.0.127 zone are configured correctly.

I have a /etc/hosts file that I am certain is correct. It's a very simple file, as I am sure you know, and I have very good documentation on that file.

The host.conf file is also very simple, and I don't see a problem with it. I found very good documentation on it.

I have no idea if my resolve.conf is correct. I can't find any definitive documentation on resolve.conf at all. Some documents say to have as the first line:
search mydomain.com, other documents say to have: domain my.domain.com, and still other documents say to have other things. I have found no document describing the alternatives, when to use them and why.

My httpd.conf has VirtualHost directives following the typical format, I have found very good documentation on it:
<VirtualHost 192.168.123.x>
DocumentRoot /home/sitename/

http://www/html

ServerName discovermountainbiking.net
HostNameLookups On
</VirtualHost>

I am uncertain that my reverse zone is correct at all. I have the standard entries plus:
IN NS ns1.discovermountainbiking.net.
1 IN PTR localhost.
201 IN PTR discovermountainbiking.net.
202 IN PTR absolutelybrilliant.net.
203 IN PTR discovermountainbiking.org.

I now believe that the localhost record does not belong there. There is no PC on 192.168.123.1 and my localhost certainly isn't there. But all the documentation I have says that line goes there. I have no CNAME records and have found no documentation that clearly explains how to use canonical names. Whenever I try to use them as the poor documentation shows, BIND loads with errors and nothing works.

I know my problems are related to one or more of:
resolve.conf
mydomains.zone
httpd.conf

Do you have any further advice, ifincham?

Thanks again.

 

[Trialsman]

An addendum to my previous post. There are so many bases to cover with this issue that I forgot some things.

My local sites reside at class C IPs:
192.168.123.201, 202, 203
which matches the reverse zone file of course.

I didn't mention that ALL domains work flawlessly from my web server consoles. They resolve names and IPs correctly and Apache serves up the correct sites.

Even from my personal PC on the same class C network, I only get the Apache test page.

I may as well go ahead and explain where I believe the fault is, in case this jogs anybody's brain. This may be long-winded...

As I sit at my office PC (I guess I'm not working too hard, huh?), I type

http://www.discovermountainbiking.net

into my browser. The browser automatically goes to the Verisign Global Registry or some other global nameserver and looks for a nameserver for discovermountainbiking.net. Or maybe it looks in a cache somewhere. The return information is ns1.discovermountainbiking.net 4.36.122.184, which is correct. My browser then makes a request or is forwarded to 4.36.122.184, which is my firewall which then forwards the request to my DNS services residing on machine name ns1.discovermountainbiking.net. My DNS services says YES! it is authoritative for

http://www.discovermountainbiking.net

and that it knows the location of the site. It reports the site being located at 4.36.122.184. This is only partially correct and this is where the problem lies.

Obviously my sites aren't actually at 4.36.122.184, they are behind a firewall at that IP. I can change my forward zone to instruct my DNS to report 192.168.123.201 for

http://www.discovermountainbiking.net.

But that is clearly incorrect since it will only try to resolve it as a class C IP on whatever local network the request was made from. My belief is that my forward zone MUST report 4.36.122.184 since that is the only way to get to my box, and then I guess some other feature or process recognizes the name request.

Back to my browser at work. It receives information from my ns1 server that

http://www.discovermountainbiking.net

is at 4.36.122.184. At this point, is my browser going to 4.36.122.184 and requesting

http://www.discovermountainbiking.net?

Or is it simply making a port 80 http request on 4.36.122.184? Or does my DNS forward the request internally using lookups? If it goes to 4.36.122.184 and requests

http://www.discovermountainbiking.net,

my virtual servers are not responding. And I don't even see how that could work. If it goes to 4.36.122.184 with a port 80 request, my Apache server is doing it's job by serving the default page and AGAIN I don't see how this will ever work. The only solution I see is that my DNS forwards the request for

http://www.discovermountainbiking.net

internally, and somehow it isn't working...

Whew... Any thoughts?

 

[ifincham]

Hi,

Sorry for delay.. been fairly busy lately...

Anyway, seems you are trying to use IP based virtual hosts in a way that won't work. IP based virtual hosting is used where you have multiple real IP addresses but you host them all on a single box. Apache would use different sub-directories, etc, depending on the IP address received. Your problem is that you only have one origin address, i.e. 4.36.122.184. So, I can't see how IP based virtual hosting will work at all for you - unless you used different ports which would not be practical really. The fact is that a client 'out there' must use a public IP address to get to you so you have to resolve your dns to the public address. You could use network address translation /port forwarding behind the scenes, as I believe you already are, but you'd only ever get one ip address arriving at the Apache server (be it internal or external).

By comparison, name based virtual hosting is intended to run multiple sites on one IP address. You just point the various canonical names to the same ip address with dns, route internally to the apache server as you are already doing, then let apache split it up by examining the '

http://www.xxxx.net'

contained in the http header. So, I'd suggest you try named-based virtual hosting instead - using something like this (httpd.conf extract) :

NameVirtualHost 192.168.123.201:80

<VirtualHost 192.168.123.201>
UseCanonicalname off
ServerName

http://www.discovermountainbiking.net

DocumentRoot /var/

http://www/html/vhost1

</VirtualHost>

<VirtualHost 192.168.123.201>
UseCanonicalname off
ServerName

http://www.absolutelybrilliant.net

DocumentRoot /var/

http://www/html/vhost2

</VirtualHost>


In your dns both

http://www.discovermountainbiking.net

&

http://www.absolutelybrilliant.net

names would need to resolve to 4.36.122.184 .

Regards.