-1

I tried using dig and I got the error in the title.

My /etc/resolv.conf is this

nameserver 67.207.67.2
nameserver 67.207.67.3

nameserver ns1.name.com
nameserver ns2.name.com
nameserver ns3.name.com
nameserver ns4.name.com

The first two are the default digital ocean dns, the other are for my domain registrar.

So I tried to add two cloudflare dns, and the file is this:

nameserver 1.1.1.1
nameserver 1.0.0.1

nameserver 67.207.67.2
nameserver 67.207.67.3

nameserver ns1.name.com
nameserver ns2.name.com
nameserver ns3.name.com
nameserver ns4.name.com

After I did, dig still didn't work.

But if I comment the *name.com nameservers, dig works:

nameserver 1.1.1.1
nameserver 1.0.0.1

nameserver 67.207.67.2
nameserver 67.207.67.3

#nameserver ns1.name.com
#nameserver ns2.name.com
#nameserver ns3.name.com
#nameserver ns4.name.com

The fact is that if I comment these *name.com nameservers, my site went (and still is, trying do fix) down after some minutes.

So how can I leave these *name.com nameservers and be able to use dig and nslookup and stuff like that?

EDIT: users below noticed that I must have misconfigured something in my site. And it's true. I noticed that there is a "domain" setting in digitalocean panel, and I never configured that. Now I did it and also changed the nameservers of my registrar to the digitalocean nameserver. Now I should only wait for nameserver propagation I guess?

My tcpdump -ni any port 53 | tee dns_problem.log output as suggested by a user below:

08:27:34.721547 IP MYSERVERIP.55951 > 67.207.67.2.53: 20768+ AAAA? ams3.sonar.digitalocean.com. (45)
08:27:34.721634 IP MYSERVERIP.41382 > 67.207.67.2.53: 28628+ A? ams3.sonar.digitalocean.com. (45)
08:27:34.722304 IP 67.207.67.2.53 > MYSERVERIP.55951: 20768 0/1/0 (103)
08:27:34.722304 IP 67.207.67.2.53 > MYSERVERIP.41382: 28628 1/0/0 A 5.101.110.176 (61)
08:29:34.732206 IP MYSERVERIP.44766 > 67.207.67.2.53: 29521+ AAAA? ams3.sonar.digitalocean.com. (45)
08:29:34.732384 IP MYSERVERIP.45803 > 67.207.67.2.53: 49118+ A? ams3.sonar.digitalocean.com. (45)
08:29:34.734239 IP 67.207.67.2.53 > MYSERVERIP.44766: 29521 0/1/0 (103)
08:29:34.734239 IP 67.207.67.2.53 > MYSERVERIP.45803: 49118 1/0/0 A 5.101.110.176 (61)
08:29:34.844794 IP 54.91.82.218.54035 > MYSERVERIP.53: 23982+ ANY? www.example.com. (33)
08:31:34.740307 IP MYSERVERIP.54008 > 67.207.67.2.53: 47094+ AAAA? ams3.sonar.digitalocean.com. (45)
08:31:34.740643 IP MYSERVERIP.49591 > 67.207.67.2.53: 21439+ A? ams3.sonar.digitalocean.com. (45)
08:31:34.741079 IP 67.207.67.2.53 > MYSERVERIP.54008: 47094 0/1/0 (103)
08:31:34.741079 IP 67.207.67.2.53 > MYSERVERIP.49591: 21439 1/0/0 A 5.101.110.176 (61)
08:32:48.328903 IP 54.91.82.218.33095 > MYSERVERIP.53: 53251+ A? www.example.com. (33)
08:33:34.748240 IP MYSERVERIP.33811 > 67.207.67.2.53: 20882+ AAAA? ams3.sonar.digitalocean.com. (45)
08:33:34.748596 IP MYSERVERIP.40348 > 67.207.67.2.53: 63964+ A? ams3.sonar.digitalocean.com. (45)
08:33:34.749127 IP 67.207.67.2.53 > MYSERVERIP.33811: 20882 0/1/0 (103)
08:33:34.749127 IP 67.207.67.2.53 > MYSERVERIP.40348: 63964 1/0/0 A 5.101.110.176 (61)
08:35:34.762328 IP MYSERVERIP.46593 > 67.207.67.2.53: 52540+ AAAA? ams3.sonar.digitalocean.com. (45)
08:35:34.762875 IP MYSERVERIP.34757 > 67.207.67.2.53: 23545+ A? ams3.sonar.digitalocean.com. (45)
08:35:34.763153 IP 67.207.67.2.53 > MYSERVERIP.46593: 52540 0/1/0 (103)
08:35:34.763208 IP 67.207.67.2.53 > MYSERVERIP.34757: 23545 1/0/0 A 5.101.110.176 (61)
08:37:34.772318 IP MYSERVERIP.60307 > 67.207.67.2.53: 25440+ AAAA? ams3.sonar.digitalocean.com. (45)
08:37:34.772691 IP MYSERVERIP.35584 > 67.207.67.2.53: 14199+ A? ams3.sonar.digitalocean.com. (45)
08:37:34.773173 IP 67.207.67.2.53 > MYSERVERIP.60307: 25440 0/1/0 (103)
08:37:34.773225 IP 67.207.67.2.53 > MYSERVERIP.35584: 14199 1/0/0 A 5.101.110.176 (61)
08:39:34.782271 IP MYSERVERIP.35598 > 67.207.67.2.53: 17037+ AAAA? ams3.sonar.digitalocean.com. (45)
08:39:34.782652 IP MYSERVERIP.41388 > 67.207.67.2.53: 46756+ A? ams3.sonar.digitalocean.com. (45)
08:39:34.783076 IP 67.207.67.2.53 > MYSERVERIP.35598: 17037 0/1/0 (103)
08:39:34.783100 IP 67.207.67.2.53 > MYSERVERIP.41388: 46756 1/0/0 A 5.101.110.176 (61)
08:41:34.790595 IP MYSERVERIP.37914 > 67.207.67.2.53: 25940+ AAAA? ams3.sonar.digitalocean.com. (45)
08:41:34.790929 IP MYSERVERIP.42627 > 67.207.67.2.53: 1440+ A? ams3.sonar.digitalocean.com. (45)
08:41:34.791391 IP 67.207.67.2.53 > MYSERVERIP.37914: 25940 0/1/0 (103)
08:41:34.791493 IP 67.207.67.2.53 > MYSERVERIP.42627: 1440 1/0/0 A 5.101.110.176 (61)
08:41:49.641648 IP MYSERVERIP.53649 > 67.207.67.2.53: 5397+ [1au] A? google.com. (51)
08:41:49.642872 IP 67.207.67.2.53 > MYSERVERIP.53649: 5397 6/0/1 A 108.177.126.138, A 108.177.126.102, A 108.177.126.100, A 108.177.126.139, A 108.177.126.101, A 108.177.126.113 (135)
08:43:34.799037 IP MYSERVERIP.53977 > 67.207.67.2.53: 3711+ AAAA? ams3.sonar.digitalocean.com. (45)
08:43:34.799376 IP MYSERVERIP.37354 > 67.207.67.2.53: 64810+ A? ams3.sonar.digitalocean.com. (45)
08:43:34.799854 IP 67.207.67.2.53 > MYSERVERIP.53977: 3711 0/1/0 (103)
08:43:34.799869 IP 67.207.67.2.53 > MYSERVERIP.37354: 64810 1/0/0 A 5.101.110.176 (61)
08:45:34.810213 IP MYSERVERIP.37036 > 67.207.67.2.53: 49990+ AAAA? ams3.sonar.digitalocean.com. (45)
08:45:34.810328 IP MYSERVERIP.47914 > 67.207.67.2.53: 4935+ A? ams3.sonar.digitalocean.com. (45)
08:45:34.811003 IP 67.207.67.2.53 > MYSERVERIP.47914: 4935 1/0
Mnkisd
  • 111
  • 1
  • 3

2 Answers2

1

Not sure why you are trying to do it, but putting your registrar's servers in your resolv.conf is almost certainly the wrong thing to do.

Likewise, putting in the DNS names into a resolv.conf is the wrong thing to do. The resolv.conf is used to define servers that translate names to IP. If you commented out the other servers, how are you expecting DNS to work at all? How would your dns client know what IP to connect to ns1.name.com to attempt to resolve a name?

The nameserver directive in the resolv.conf should have IP addresses. (see the man excerpt below).

The fact is that if I comment these *name.com nameservers, my site goes down after some minutes. So how can I leave these *name.com nameservers.

You should not try to leave them. Having them there is wrong. Instead you should figure out the 'real' problem and fix that.

Perhaps you need to run a local DNS server with a 'forward zone' for some reason, so that your domain is always redirected to your registrar. Perhaps you have improperly configured your DNS somewhere else. You need to find and fix that.

If it was me, I would probably remove those lines and then start a tcpdump session in screen/tmux and watch all DNS traffic. Wait for whatever failure you are seeing to happen. Then look at see what DNS requests are failing. Then fix them.

The command you might want to use to have a long-running dns capture with tcpdump command like this.

tcpdump -ni any port 53 | tee dns_problem.log

For your reference, see the man page of resolv.conf.

http://man7.org/linux/man-pages/man5/resolv.conf.5.html

   RESOLV.CONF(5) 
   ...
   nameserver Name server **IP address**
   Internet address of a name server that the resolver should
   query, either an IPv4 address (in dot notation), or an IPv6
   address in colon (and possibly dot) notation as per RFC 2373.
   ...
Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • You are right, I had wrongly configured my site. I noticed that there is a "domain" setting in digitalocean panel, and I never configured that. Now I did it and also changed the nameservers of my registrar to the digitalocean nameserver. Now it should work. I also used tcpdump command you wrote, and I have some digital ocean errors. Is it normal during nameservers propagation? I put the errors in the thread. – Mnkisd May 01 '20 at 09:07
0

You can't use domain names. Name servers need to be IP addresses.

You can convert the name servers into IP addresses and list those, but frankly I'm not sure what you are trying to do and expect that while this will not error it won't work as you expect.

davidgo
  • 5,964
  • 2
  • 21
  • 38