DNS / Nameserver / GANDI / glue records Issues

tr0t · September 30, 2014, 11:25pm

Following the setup guide, i probably did something wrong (/noobie mistake?) Please call me out!

Errors i’m having a hard time resolving…

Nameserver glue records are incorrect. The ns1.box.MYDOMAIN.me and ns2.box.MYDOMAIN.me nameservers must be configured at your domain name registrar as having the IP address 111.111.111.111. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

This domain must resolve to your box’s IP address (111.111.111.111) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registar’s control panel to set the nameservers to ns1.box.MYDOMAIN.me; ns2.box.MYDOMAIN.me.

This domain should resolve to your box’s IP address (111.111.111.111) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

Over at GANDI, i have my glueservers set up as - ns1.box.MYDOMAIN.me , ns2.box.MYDOMAIN.me both pointing at my DigitalOcean VPS IP “111.111.111.111” . Then, setup my DNS Nameservers (in GANDI Control Panel) as ns1.box.MYDOMAIN.me and ns2.box.MYDOMAIN.me

I assume that’s correct? No zone file is being used at my register (Gandi). In the GANDI control panel the DNS is set to “External DNS” which has the above nameservers as entries.

On another machine i can nslookup and resolve my domainname. Example output -

:~$ host ns1.box.MYDOMAIN.me
ns1.box.MYDOMAIN.me has address 111.111.111.111
:~$ host -t ns MYDOMAIN.me
MYDOMAIN.me name server ns1.box.MYDOMAIN.me.
MYDOMAIN.me name server ns1.box.MYDOMAIN.me.

However, on my VPS (mail-in-a-box) server, it cannot resolve. Which i assume is why my status page is bleeding red errors on DNS.

$ host ns1.box.MYDOMAIN.me
Host ns1.box.MYDOMAIN.me not found: 2(SERVFAIL)

$ host -t ns MYDOMAIN.me
Host MYDOMAIN.me not found: 2(SERVFAIL)

Any idea where i’m going wrong?? The “External DNS” section in Super Advanced Options, do i have to set those up at DigitalOcean VPS? Or Gandi?!?

Any help would be appreciated! Thanks!

JoshData · October 1, 2014, 12:14am

Could you try just giving your box a reboot?

tr0t · October 1, 2014, 1:41am

Yeah, just tried that again. No love. For testing on my VPS I ran the host command against google.com, thats resolving fine.

I went over to pingability.com , some intersrting warnings that are yelling at me about a probably misconfigured DNS setting somewhere I just can’t figure out where i went wrong…

Info Type Message
Warning MYDOMAIN.me does not have an IP Address (A) record.
Information 1,076 milliseconds to complete zone checks.

Error
None of this zone’s name servers responded on the request for ‘MYDOMAIN.me’ records. Giving up.
Heads-up
None of the name servers had an SOA record, randomly selecting ns1.box.MYDOMAIN.me as the master name server.

Warning
Did not find any IP Address (A) records for the name server
‘ns1.box.MYDOMAIN.me’. Normally the parent name server will list
them. These name server A records are also called ‘host records’ and
are usually set by the domain name registrar.
Heads-up
Found a glue record (111.111.111.111) at the
parent name servers but it appears ns1.box.MYDOMAIN.me is missing an
IP Address (A) record.
Error
The name server did not return any SOA records. This could indicate a ‘lame’ nameserver -
one that is listed as authoratative, but does not return any information
for the zone.

Thanks for the help/response JoshData!

JoshData · October 1, 2014, 2:46am

Can you post or email me (jt@occams.info) the domain name and IP address?

JoshData · October 1, 2014, 11:49am

Thanks for emailing me the details.

The problem is DNSSEC. It’s actually reported in the system status checks but it’s buried between all of the other errors so I can see how you would miss it.

Try turning it off at Gandi to see if things start to resolve. Then once the box says it’s working you can try setting up DNSSEC again to see if that works. DNSSEC setup is very opaque. I had a lot of trouble with some of my domains. In fact, I thought I had a .me domain working with DNSSEC but this morning it’s not working. Maybe there was something wrong at .me itself.

Samuele · October 1, 2014, 1:55pm

Hi tr0t,
I’m finding the same issue.
If u set the glue records with the same ip address (as the setup guide suggests), gandi will give u an error when u set the nameservers.
I’ve tried to define only the first nameserve, but no luck too.
I’ll try to put the first name server as the glued one, and the second one as something else (digitalocean ns2 for example).
I’ll let u know if I find a solution.

tr0t · October 1, 2014, 7:27pm

Thanks guys! @JoshData , that did the trick! Thanks for taking the time to help. Now I can ditch gmail servers .

Today i learned, DNSSEC is touchy. I must of created my KSK wrong… ill have to revisit the documentation on the dnssec-keygen command.

@Samuele , check your DNSSEC man. My nameserver setup with GANDI seems cool. I also had to not use a zone file, that was eff’n it up.

Thanks again!