2

I am running a VPS that is hosting five different domains. Everything has been fine until I wanted to use our inactive domain to setup Google for Business Apps. I am unable to verify the domain because the DNS on that one domain is really messed up. To me the setup looks no different than the others that are working fine. This is an unmanaged VPS so I'm hoping that someone here may see what is wrong.

The server uses it's own name servers which are correctly set at the registrar. They are like so:

enter image description here

My first domain, plangator.com, is mostly reporting OK at intodns. Here is it's Zone file:

; Zone file for plangator.com
$TTL 14400
plangator.com.  86400   IN      SOA     ns1.lamardesigngroup.com.       rlamar4088.aol.com.     (
                                            2016020105 ;Serial Number
                                            86400 ;refresh
                                            7200 ;retry
                                            3600000 ;expire
                                            86400 ;minimum
    )
plangator.com.  86400   IN      NS      ns1.lamardesigngroup.com.
plangator.com.  86400   IN      NS      ns2.lamardesigngroup.com.
plangator.com.  14400   IN      A       212.1.213.8
localhost       14400   IN      A       127.0.0.1
plangator.com.  14400   IN      MX      0       plangator.com.
mail    14400   IN      CNAME   plangator.com.
www     14400   IN      CNAME   plangator.com.
ftp     14400   IN      A       212.1.213.8
cpanel  14400   IN      A       212.1.213.8
webmail 14400   IN      A       212.1.213.8
plangator.com.  14400   IN      TXT     "v=spf1 mx a ip4:212.1.213.8     include:plangator.com ~all"

One thing that I notice is that it doesn't report the correct IP's for the name servers. 212.1.213.8 is the IP of the Server.

Nameserver records returned by the parent servers are:

ns1.lamardesigngroup.com. ['212.1.213.8'] [TTL=172800]

ns2.lamardesigngroup.com. ['212.1.213.8'] [TTL=172800]

My problem domain is gator.digital. Here is it's Zone file:

; Zone file for gator.digital
$TTL 14400
gator.digital.  86400   IN      SOA     ns1.lamardesigngroup.com.         rlamar4088.aol.com.     (
                                            2015101316 ;Serial Number
                                            86400 ;refresh
                                            7200 ;retry
                                            3600000 ;expire
                                            86400 ;minimum
    )
gator.digital.  86400   IN      NS      ns1.lamardesigngroup.com.
gator.digital.  86400   IN      NS      ns2.lamardesigngroup.com.
gator.digital.  14400   IN      A       212.1.213.8
www     14400   IN      CNAME   gator.digital.
cpanel  14400   IN      A       212.1.213.8
gator.digital.  14400   IN      TXT     google-site-verification=l5pn02kvh4kCGScCaA-IUIb7toL82RnLdiuXdHw0dB8
gator.digital.  3600    IN      MX      1       aspmx.l.google.com.
gator.digital.  3600    IN      MX      5       alt1.aspmx.l.google.com.
gator.digital.  3600    IN      MX      5       alt2.aspmx.l.google.com.
gator.digital.  3600    IN      MX      10      alt3.aspmx.l.google.com.
gator.digital.  3600    IN      MX      10      alt4.aspmx.l.google.com.
gator.digital.  14400   IN      TXT     "'v=spf1 include:_spf.google.com ~all'"
localhost       14400   IN      A       127.0.0.1

Here is how the name servers are seen for gator.digital.

Nameserver records returned by the parent servers are:

ns2.lamardesigngroup.com. ['198.20.251.114'] (NO GLUE) [TTL=86400]

ns1.lamardesigngroup.com. ['198.20.251.113'] (NO GLUE) [TTL=86400]

And then all of the errors:

NS records from your nameservers NS records got from your nameservers listed at the parent NS are: Oups! I could not get any nameservers from your nameservers (the ones listed at the parent server). Please verify that they are not lame nameservers and are configured properly.

Same Glue Hmm,I do not consider this to be an error yet, since I did not detect any nameservers at your nameservers.

Glue for NS records OK. Your nameservers (the ones reported by the parent server) have no ideea who your nameservers are so this will be a pass since you already have a lot of errors!

Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records.

DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 198.20.251.114 198.20.251.113

Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.

Missing nameservers reported by your nameservers You should already know that your NS records at your nameservers are missing, so here it is again:

ns2.lamardesigngroup.com. ns1.lamardesigngroup.com.

It seems that although these are both setup to use the same nameservers the DNS check is looking in two different places.

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
Harley H.
  • 35
  • 1
  • 3
  • Please take an opportunity to review [Should we host our own nameservers?](http://serverfault.com/questions/23744/should-we-host-our-own-nameservers) - several mistakes have been revealed over the course of this Q&A. All of them were made with good intentions but jeopardize the stability of these domains, and I'm not convinced that they will cease to happen going forward. – Andrew B Mar 22 '16 at 22:24

2 Answers2

7

Focusing on the actual problem with your domains:

Following the chain of delegations for lamardesigngroup.com you'll see a delegation to ns1.lamardesigngroup.com and ns2.lamardesigngroup.com with glue referring to 212.1.213.8.

lamardesigngroup.com.   172800  IN      NS      ns1.lamardesigngroup.com.
lamardesigngroup.com.   172800  IN      NS      ns2.lamardesigngroup.com.
ns1.lamardesigngroup.com. 172800 IN     A       212.1.213.8
ns2.lamardesigngroup.com. 172800 IN     A       212.1.213.8

However, the authoritative records served by 212.1.213.8 are:

lamardesigngroup.com.   86400   IN      NS      ns2.lamardesigngroup.com.
lamardesigngroup.com.   86400   IN      NS      ns1.lamardesigngroup.com.
ns1.lamardesigngroup.com. 14400 IN      A       198.20.251.113
ns2.lamardesigngroup.com. 14400 IN      A       198.20.251.114

There's clearly an inconsistency between the glue and authoritative address records for the nameserver names, leading to different addresses being used in different situations.

This in turn also affects your other domains that use ns1.lamardesigngroup.com and ns2.lamardesigngroup.com as nameservers.

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • Nice catch there! – Michael Hampton Mar 22 '16 at 22:01
  • Good catch, just saw the 212.1.213.8 glue as well. I went ahead and deleted my answer, but it's still worth pointing out that all of the nameserver IPs are responding to `NS` record requests for both domains. It should be noted that *all versions* of these `NS` records (glue and otherwise) violate [BCP 16](https://tools.ietf.org/html/bcp16) in some way, so it becomes difficult to have any certainty how stable these domains will be through intermittent routing issues. – Andrew B Mar 22 '16 at 22:01
  • In lamardesigngroup.com. I have A records for ns1 and ns2 pointing to 198.20.251.113 and 198.20.251.114 respectively. Is that my problem? – Harley H. Mar 22 '16 at 22:06
  • @AndrewB I get no response at all from either of `198.20.251.113` and `198.20.251.114`. – Håkan Lindqvist Mar 22 '16 at 22:10
  • 1
    @HarleyH. The glue and authoritative records must match; whichever addresses are correct is what you should have in both places. (I can only observe that `212.1.213.8` seems to work while `198.20.251.113` and `198.20.251.114` do not appear to respond.) – Håkan Lindqvist Mar 22 '16 at 22:12
  • @Håkan Correct again, validation error on my part. I tested the direct IP for 212.1.213.8, but my earlier tests were invalid because they were referring to the nameservers by name. The additional section reporting the 198 IPs tripped me up. Thanks for keeping me honest, as usual. – Andrew B Mar 22 '16 at 22:18
  • I removed those ns1 and ns2 A records from lamardesigngroup.com, I'll see what happens. – Harley H. Mar 22 '16 at 22:19
  • 1
    @Harley You need to add those back or you'll run into a different problem. They should match your registrar defined IPs of "212.1.213.8" for both. – Andrew B Mar 22 '16 at 22:20
  • OK, addes them back both pointing to 212.1.213.8 – Harley H. Mar 22 '16 at 22:48
0

Nameserver Record Report updates usually pertaining to some clock or when you transfer an account and though you made the changes the Nameserver Record Report might not show until 24 hours later. From the Nameserver Report in WHM if you use it one can edit the zone and change the IP's.