I have been struggling with this for about 3 days now. I will continue to work on it as I wait for anyone to help but I'm having the following problem. I will use examples in this post to mask the domains and IPs somewhat. This is not to make more work for you I just don't want it easily cached in search results on google etc. Thank you in advance for any help
I have installed WHM on a Cloudlinux system hosted on a VM using VMWare. The domain(In this case lets call it domain.co.za) was used as the hostname of the system and if you go to that domain it actually loads. That domain name is pointing to Cloudflare which in turn points back A records to the WHM server as the nameservers i would like to use. This system is currently using PowerDNS as well
Now what I also have encountered is that the ns1.domain.co.za is working fine(This is also the machines hostname) but the ns2.domain.co.za is not
If I try to set nameservers for any other domains it does not allow me to change them and they are giving the following errors
Authoritative Nameserver failure for domain
This I am assuming is because of the following error when I use intoDNS to check what the problem is(this is not for domain.co.za this is for a domain I own called orginc.co.za which only the ns1.domain.co.za is accepted and not ns2.domain.co.za)
The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers
When I use a dig command I get the following results for ns2(Please note actual IPs changed)
Host 20.20.20.164.in-addr.arpa. not found: 3(NXDOMAIN)
[root#ns1 ~]# dig ns2.domain.co.za
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> ns2.domain.co.za
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 61082
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns2.domain.co.za. IN A
;; Query time: 0 msec
;; SERVER: 164.20.20.20#53(164.20.20.20)
;; WHEN: Sat Feb 13 12:11:12 SAST 2021
;; MSG SIZE rcvd: 51
I have been reading around and it seems like the general consensus is that it is a reverse DNS issue but I'm not sure how to proceed. I get answers like the following that I found on a cPanel forum
This functionality only works if your data center has delegated permission to your server to control the entry
But at the end of the day, we own the physical hardware that we put in at the data center.
I do not know how to proceed at the moment but will keep trying in the meantime
I am assuming domain.co.za is a dummy domain name and not the actual one.
From what I’ve read so far, it seems that you may have some troubles with domain NS.
first thing to check is who’s configured as NS for `domain.co.zak
$ dig NS domain.co.za
Then make sure whatever NS entries are returned, those servers must have the zone entries for the domain. What I am assuming is the case is that you have ns1.domain.co.za as well as ns2.domain.co.za but for one reason or another, only one of these is aware of your entries.
Typically you’d host your zone on ns1.domain.co.zak and then you authorise ns2.domain.co.za` to fetch your zone entries (known as AXFR) so this way both name servers are in sync and have all the zone entries. This might be where the problem is if ns2 is unable to fetch the zone. This is a long shot in the dark here, but you can try this:
ns2$ dig #ns1.domain.co.za AXFR domain.co.za
NS2 should be able to obtain zone entries from NS1.
Again, all the above is just a wild guess ;-)
Ok everyone so the sequence of events went as follows.
List item There was an A record mismatch on WHM itself as ns2.iclixhosting.co.za was not set in the iclixhosting.co.za zones
Reverse DNS had to then propagate
We then had a firewall issue that needed a bypass for port 53 on that IP
In other words for future people reading this answer make sure of the above-mentioned items if you have problems similar to this
Related
Does a UPnP portmapping update automatically when the local computers IP updates dynamically? If not then how will you remove the old port mapping if you now have a new IP and will not be "authorised" to do so.
Suppose I could forward right before and remove right after I need the connection to be made. My issue is; what if the computer shuts down mid connection and turns back on with a different IP? Surely something must've been made in order to circumvent this.
Found an answer
UPnP is soft-state.
In [1], section 4.1, PortMappingLeaseDuration is described as a state variable that describes that a mapping is only leased for a certain duration. (indeed soft state) also [1], section 5.10, describes that if your router is set up as DHCP it must delete any IGD state for that IP if it changes
[1] https://www.rfc-editor.org/rfc/rfc6970
I am working with IBM MQ. I managed to get a basic Handshake / Put Message(s) / Get Message(s) / Disconnect .net solution going on, a couple of days ago, but it only works on a local level, and I now need to update the solution so it works remotely as well.
After reading and experimenting for a while, I decided to follow IBM Knowledge Center's Point to Point scenario step by step. However, I can't start the Sender Channel as instructed by the guide's last step; the Sender Channel's status ping-pongs between Binding and Retrying, and the logs come up with the following error codes; AMQ9002, AMQ9202 and AMQ9999, meaning, as far as I can tell, there is some kind of trouble finding and/or connecting with the host, as explained by the error logs.
I have looked through a lot of questions regarding these errors in particular, but while I have followed most of the proposed solutions (I made sure the Receiver's listener is running, I tried turning off Firewalls, I tried with different ports, I have performed tests Telnet, I have stopped/restarted/resolved the Sender channel a few times, and I have tried setting this up from both, the command line and MQ Explorer), I have yet to get a successful communication going on between two different PCs.
I am aware the error could be either temporary, or the result of problems within the Network itself, but I have been trying to establish a successful connection for almost three days now, and before I pass this unto my bosses I would like to make sure I have exhausted every other possibility.
How can I complete IBM's Point To Point set up guide, or is there anything that could point me towards a different / better approach to get two PCs talking with each other via IBM MQ v9?
Although hastily translated from Japanese, you can find the detailed error logs below.
2017/09/19 17:34:09 - Process (234212.1) User (MUSR_MQADMIN) Program
(runmqchl.exe)
Host (DESKTOP - UP 4 D 363) Installation (Installation 1)
VRMF (9.0.3.0) QMgr (QM 1)
Time (2017-09-19T08: 34: 09.201 Z)
AMQ9002: Channel 'TO.QM2' is starting.
Description: Channel 'TO.QM2' is starting.
ACTION: None.
2017/09/19 17:34:30 - Process (234212.1) User (MUSR_MQADMIN) Program
(runmqchl.exe)
Host (DESKTOP - UP4D363) Installation (Installation 1)
VRMF (9.0.3.0) QMgr (QM 1)
Time (2017-09-19T08: 34: 30.824Z)
AMQ 9202: The remote host 'DESKTOP-1AV4LM3 (The correct ip address) (1415)' can not be used.Please try again later.
Description: Using TCP / IP to host 'DESKTOP-1AV4LM3 (The correct ip
address) of channel TO.QM2 (1415) 'trying to allocate a conversation,
but it did not succeed. However, It is temporary and there is also the
possibility that TCP / IP conversation can be allocated normally
later.
If the remote host can not be determined, '????' is displayed. .
ACTION: Please try the connection later. If the failure persists,
record the error value Please contact the stem administrator. The
return code from TCP / IP is 10060 (X'274C ').The cause of this
failure may be that the host can not reach the destination host.
Alternatively, There is a possibility that the host 'DESKTOP-1AV4LM3
(The correct ip address) (1415)' listener isn't running. If that is
the case, start the listener and try again.
2017/09/19 17:34:30 - Process (234212.1) User (MUSR_MQADMIN) Program (runmqchl.exe)
Host (DESKTOP - UP 4 D 363) Installation (Installation 1)
VRMF (9.0.3.0) QMgr (QM 1)
Time (2017-09-19T08: 34: 30.825Z)
AMQ9999: Channel 'TO.QM2' for host 'DESKTOP-1AV4LM3 (1415)' terminated abnormally
Description: The host 'DESKTOP-1AV4LM3 (1415)' cannot be determined.
ACTION: Check the error log for the preceding error message for
this channel program Please determine the cause of failure....
".
The 'interesting' bit of the error messages above is that the sender is attempting to start a channel to port 1415 on the destination and is getting a 10060 return code (WSAETIMEDOUT). This is different from an immediate rejection because the other end doesnt have a socket open, for example.
You will also note its timing out after about 21 seconds if your times are to be believed. The only time I've seen this kind of things is DNS resolution - There was an APAR for example showing that reverse DNS can cause delays in channel startup, and this could be for a successful or unsuccessful startup
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96408
A new attribute was added to MQ to disable reverse DNS lookups if its the cause - See https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.pro.doc/q113120_.htm#q113120___chlauth
If this is the case, on the receiving end (or both!) try runmqsc , 'ALTER QMGR REVDNS(DISABLED)'. You might have to restart the qmgr for it to be effective (I'm not sure, sorry)
I'd also echo the comment added to your question by JoshMc, to check the receiving end logs for messages (both global errors but more likely the qmgr specific AMQERR01.LOG files) when this occurs - I have a feeling that the timeout is only part of your problem.
As we know google has more than one IP addresses. If we use the website https://toolbox.googleapps.com/apps/dig/#A/google.com#8.8.8.8 it results more than one IP addresses of google.
If I run the following command then the scenario is different:
gyan#localhost:~/codes/java/net$ dig google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11777
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 269 IN A 216.58.220.46
;; Query time: 0 msec
;; SERVER: 10.100.171.1#53(10.100.171.1)
;; WHEN: Fri Nov 04 16:18:07 IST 2016
;; MSG SIZE rcvd: 55
gyan#localhost:~/codes/java/net$
Only one IP address returned which is not same as what returned by above website. This IP address is also changing time to time.
But if I run dig command for amazon.com:
gyan#localhost:~/codes/java/net$ dig amazon.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> amazon.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55090
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;amazon.com. IN A
;; ANSWER SECTION:
amazon.com. 34 IN A 54.239.26.128
amazon.com. 34 IN A 54.239.17.7
amazon.com. 34 IN A 54.239.25.192
amazon.com. 34 IN A 54.239.25.208
amazon.com. 34 IN A 54.239.25.200
amazon.com. 34 IN A 54.239.17.6
;; Query time: 74 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Nov 04 16:23:17 IST 2016
;; MSG SIZE rcvd: 135
gyan#localhost:~/codes/java/net$
These 6 IP addresses never change for amazon.com. And the website https://toolbox.googleapps.com/apps/dig/#A/amazon.com#8.8.8.8 also returns same 6 IP addresses.
My doubt is how DNS lookup for the google.com is different from the amazon.com? Why google results in just one record, not more than one like amazon?
As we know google has more than one IP addresses.
True. But that doesn't mean a client needs to know more than one of them.
In the past it was quite common for services to respond with multiple IP addresses to a DNS query, in order to perform load balancing. The replies would be often randomized, meaning that a client would get a random subset of a few addresses out of a large pool of addresses of servers that all behaved identically.
DNS based load balancing has always been a hack. It has problems due to caching: if an ISP's DNS resolver is caching the reply, a large number of users would all connect to those few IP addresses, reducing the effectiveness of load balancing. The workaround for this is to lower the TTL of the records, to make sure the entries stay in the cache for a small amount of time, after which a new query is performed. For example, the TTL is set to 34 seconds for amazon.com A records in the dig output you have posted.
The method doesn't work very well. Reducing the TTL further causes increases in latency for small HTTP requests. Also the outcome of DNS load balancing is a bit unpredictable, in the sense that it doesn't guarantee that the servers will handle the load uniformly.
However if you have a load balancer that works at the network level (think of it as a reverse NAT box: one IP is facing the internet, multiplexing traffic to a large number of servers behind it) that can handle a lot of connections, and also has a good uptime, there is no need to do load balancing at the DNS level.
So it is likely that the Google datacenters you connect to do not use DNS load balancing, while the Amazon ones do.
The other question is why if you query 8.8.8.8 from the toolbox you get multiple addresses, while querying from your machine you get only one.
Firstly, it's important to understand that when querying from the toolbox, it's the web server that sends the DNS query, not your computer.
DNS servers do not have to return identical replies to different clients. Actually it is common to return different replies based on the geographical location of the client: for example, if a user in Europe queries google.com, it would get an IP address for a datacenter in Europe, not the US.
In this case I think DNS geolocation is used for some clients, and not for the others. It might have something to do with the size of the network from which the query is sent, and the capacity of the network load balancer. For example if the load balancer can handle 1,000,000 simultaneous connections, and the network from which you send the query has 100,000 IPs, there is no need to do DNS load balancing. But if the network is large (in your example, the size of the datacenter running the toolbox, the network load balancer might not be able to handle it, so DNS load balancing is enabled and you get multiple random IP addresses from a pool.
Note: by "network" I mean the set of machines that all use the same DNS resolver.
Another reason to return multiple IP addresses is to do DNS-based failover. When one of the machines stops working, the client tries to connect to another one. But that's not a great way of doing failover, since some applications do not store all IP addresses (although I think most browsers do) and again, DNS caches get in the way.
My Asterisk set up is as follows:
- I have 2 grandstream GXP 2000 phones connected to my router
- My small linux server (with asterisk) is connected to the router as well
I have a dynamic ip from my isp provider, but I signed up for DynDNS
When I started I could call people and talk to them. If people rang me, the phone would ring, and I could hear them speak. They could not hear me. I found out this was because of the directmedia / canreinvite setting. So I set this to:
canreinvite=no
directmedia=no
Now, people could call me and I could answer. However, due to this change I can call people, but as soon as they answer, I can't hear them, I only hear static. When I remove the two lines I add, everything is back as it was before.
What could be the issue ? The 5060 port is forwarded to my server ,as well as the 1000 - 2000 udp rang.
Regards,
Digits
First of all, you should probably read the sip.conf.sample file delivered with Asterisk. Specifically, read the NAT SUPPORT section. canreinvite and directmedia (which are the same setting by the way) attempt to set up the RTP streams directly between the UAs involved in a call, bypassing Asterisk. Thus, while that setting is affected by NAT, it does not necessarily control the channel driver behavior with respect to NAT - so its not surprising you're still having issues.
Without knowing whether or not the UAs in question are sending rport, its difficult to know for sure what your settings should be. That being said, based on your problem description, you may want to set the 'nat' parameter in your [general] section to either:
nat = force_rport,comedia
; or, depending your version
nat = yes
Note that you can set nat on a peer by peer basis, but that's discouraged for security reasons.
Additionally, you may also need to explore the extern* settings, such as externhost.
Ok, some information for other people in the same situation:
- check your codecs, make sure you get no errors in the Asterisk CLI (command line interface). I got errors, but it worked, so I didn't care. That was a mistake
- upgrade to asterisk 1.8
- set directmedia = no
- it's upd range 10000 to 20000 (I missed a 0).
This all fixed this problem.
In my application, I have to send notification e-mails from time to time. In order to send mail (over SMTP), I have to get the MX server of that particular domain (domain part of e-mail address). This is not a Unix application but an Embedded one.
What I do goes like this ::
1 - Send a DNS query (MX type) containing the domain to the current DNS
2 - If the response contains the MX answer , return success from this function
3 - Read the first NS record and copy its IP address to the current DNS , goto 1
This may loop a few times and this is expected but what I do not expect is that the response contains NS records of servers named like ns1.blahblah.com but not their IP addresses. In this case, I have to send another query to find the IP of this NS. I have seen this for only 1 e-mail address (1 domain), the other addresses worked without any problem.
Is this normal behaviour ? IMHO, it is a misconfig on the DNS records. Any thoughts ?
Thanks in advance...
The authority section in the message, as well as the additional section are optional. Ie, the name servers and their IPs don't have to be in the response to the MX query. It is up to the DNS server to decide to send that extra information even when the server already has the data.
You are stuck having to query for the MX and then query for the IP of the mail server
Short answer to your question: RFC 1035 says,
NS records cause both the usual additional section processing to locate
a type A record, and, when used in a referral, a special search of the
zone in which they reside for glue information.
...the additional records section contains RRs
which relate to the query, but are not strictly answers for the
question.
...When composing a response, RRs which are to be inserted in the
additional section, but duplicate RRs in the answer or authority
sections, may be omitted from the additional section.
So the bottom line in my opinion is that, yes, if the response does not contain the A record matching the NS record it some section, something is likely misconfigured somewhere. But, as the old dodge goes, "be liberal in what you accept;" if you are going to make the queries, you will need to handle situations like this. DNS is awash in these kinds of problems.
The longer answer requires a question: how are you getting the original DNS server where you are starting the MX lookup?
What you are doing is a non-recursive query: if the first server you query does not know the answer, it points you at another server that is "closer" in the DNS hierarchy to the domain you are looking for, and you have to make the subsequent queries to find the MX record. If you are starting your query at one of the root servers, I think you will have to follow the NS pointers yourself like you are.
However, if the starting DNS server is configured in your application (i.e. a manual configuration item or via DHCP), then you should be able to make a recursive request, using the Recusion Desired flag, which will push the repeated lookup off onto the configured DNS server. In that case you would just get the MX record value in your first response. On the other hand, recursive queries are optional, and your local DNS server may not support them (which would be bizarre since, historically, many client libraries relied on recursive lookups).
In any case, I would personally like to thank you for looking MX records. I have had to deal with systems that wanted to send mail but could not do the DNS lookups, and the number and variety of bizarre and unpleasant hacks they have used has left me with emotional scars.
It could be that the domain simply does not have a MX record. I completely take out the MX entry for my unused / parked domains, it saves my mail server a lot of grief (SPAM).
There really is no need to go past step 2. If the system (or ISP) resolver returned no MX entry, its because it already did the extra steps and found nothing. Or, possibly, the system host resolver is too slow (i.e. from an ISP).
Still, I think its appropriate to just bail out if either happened, as its clearly a DNS or ISP issue, not a problem with the function. Just tell the user that you could not resolve a MX record for the domain, and let them investigate it on their end.
Also, is it feasible to make the resolvers configurable in the application itself, so users could get around a bunky NS?