New Server Not Propagating

My VPS host had a problem. Luckily, I had backups.

I’ve successfully restored my backups, and am able to log into my MAIB GUI and see all my precious data.

The PTR has been set and can be found with a lookup. I’ve changed my nameservers with my registrar. For some reason, even after days, I am unable to get the nameservers to fully propagate to my server.

I’ve re-ran the installation command again as well. Restarted. I just don’t know what to do.

I just don’t know what else to do to find a reason why this is occuring.

Without the actual domain, it is more difficult to resolve. (you PM me, if you prefer).

Is the output of dig the IP address of your current server:

dig ns1.box.example.com

and

dig ns2.box.example.com

I’m hesitant for privacy reasons, but I’ve capitulated:

root@box:~# dig ns1.box.aaronweiss.me;dig ns2.box.aaronweiss.me

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ns1.box.aaronweiss.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61411
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 26e505483f501a18f904e80d62d02082971293a36c306764 (good)
;; QUESTION SECTION:
;ns1.box.aaronweiss.me.INA

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 14 08:56:18 CDT 2022
;; MSG SIZE  rcvd: 78


; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ns2.box.aaronweiss.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46547
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 51c998bf10e0adb36da611ed62d0208c8a2428f0932b36f6 (good)
;; QUESTION SECTION:
;ns2.box.aaronweiss.me.INA

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 14 08:56:28 CDT 2022
;; MSG SIZE  rcvd: 78

Try logging into the dashboard using the IP address of the server, and please post all of the errors in the Status Checks page.

My guess is that you did not create a glue record, or in Namecheap terms a “Personal DNS Server” record:

Thank you for your quick replies.

I have created the glue records at namecheap and even was confirmed in writing by Namecheap support that Glue records are indeed correct. They are saying that the A records need to be setup by hosting (in this case MAIB).

MAIB is saying the glue records aren’t correct. This is the situation where all the providers are pointing the blame at each other. I’ve attached a screenshot.

2022-07-14_10-01-17800×507 143 KB

There is a tool called Gwhois that performs lookups on every request, meaning that the site does not cache anything. It is reporting that there is no response from the DNS server failed to resolve.

It seems like the server is responding with simple telnet 203.0.113.180 53, but I didn’t look much further than that.

What is this IP?

And why the hell do responses need to be 20 characters! GRRR

No, actually MiaB is saying that the lookup timed out.

And yes, your Glue records are fine.

Who is your VPS provider??? Are you certain that they do not have some firewall in place preventing access to the necessary ports ???

It’s posted in the image. I always anonymize in case the user decides to anonymize their post.

Ahh ok. I cannot reach the DNS servers. Looks like a firewall issue to me … or running at home behind a router.

I get a response from telnet:

$ telnet 203.0.113.180 53
Trying 203.0.113.180...
Connected to 203.0.113.180.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

But dig doesn’t find anything:

$ dig ns example.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> ns example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37270
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com.			IN	NS

;; Query time: 5444 msec
;; SERVER: 108.61.10.10#53(108.61.10.10)
;; WHEN: Thu Jul 14 14:01:03 PDT 2022
;; MSG SIZE  rcvd: 42

Curl resolves when I use --connect-to option:

$ curl -I http://ns1.box.example.com --connect-to ns1.box.example.com:80:203.0.113.180
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 14 Jul 2022 21:03:51 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://box.example.com/

But not without options:

curl -I http://ns1.box.example.com
curl: (6) Could not resolve host: ns1.box.example.com

This is from a Vultr Ubuntu server in New Jersey.

My provider is NextArray. This is a new Openstack VPS. They moved from OpenVZ, which is where this issue first arose. I had a glorious box with a clean IP address. I was able to get my emails in all my client’s inboxes.

Could there be an issue with their platform? And what should I go to them with to help remediate?

I’m just flabbergasted. I’ve never had this problem when using Digital Ocean or the original OpenVZ VPS.

In the meantime, Namecheap has responded:

Thank you for getting back to us.

Let us clarify that the private nameservers ns1.box.aaronweiss.me and ns2.box.aaronweiss.me have been successfully created and pointed to the 192.109.165.180 IP address.

Also, there is another tool that you can use to check whether the glue records for the private nameservers are registered.

Feel free to use the following link: http://registrar.verisign-grs.com/webwhois-ui/index.jsp -> then go to the Nameservers tab -> enter your nameserver.

Here are the screenshots with the result for

ns1.box.aaronweiss.me - https://img.namecheap.com/xfQfFguaoNwSC8zex4NqXm.png
ns2.box.aaronweiss.me - https://img.namecheap.com/fVK6f85PYcv6x85FeTA41C.png

And here is an example how unregistered nameservers look like in this tool: https://img.namecheap.com/rKgB2AvCaTfHeyHdbMyY6L.png

In other words, nameservers are registered.

Also, there is another public dig tool that you can use to check whether the domain resolves to the needed nameservers and whether the corresponding A records are created on the hosting end. Here is a link to it: https://ip.iiidefix.net/dig?hostnames=aaronweiss.me&type=&ns=resolver&resolver=8.8.8.8&nameservers=&colorize=on&trace=on&ip=

According to this tool, the nameservers are created and the domain resolves to them, however, there are no A records for these nameservers created on the hosting end. Here is the screenshot where this information is marked: https://img.namecheap.com/iBjxT8978nGewRKQWVC42Q.png

Unfortunately, we can't assist you with this issue in any way since we don't have access to the DNS or Zone Management menu of your hosting control panel.

Feel free to provide this information to your hosting provider support and they will be able to investigate the issue further.

Can you paste the top portion of the status page please? @ehehron

Are you hosting email for just the one domain, or are you hosting email for multiple domains?

Is the VPS behind any firewall provided by the ISP?

Did you make any changes to the installation script when you reinstalled MiaB on this VPS???

I am concerned because when I telnet to port 587 I am not receiving the banner that I am expecting. (note to @openletter )

My last question is which version of MiaB is installed? The status page screen cap should show me that, but just asking to confirm.

If you can visit the MiaB Slack chat we can troubleshoot this properly.

Update

Original response might not be correct. I may misunderstand how the whois tool works:

dig +norec @b2.nic.me. example.me NS

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> +norec @b2.nic.me. example.me NS
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36920
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.me.			IN	NS

;; AUTHORITY SECTION:
example.me.		86400	IN	NS	ns1.box.example.me.
example.me.		86400	IN	NS	ns2.box.example.me.

;; ADDITIONAL SECTION:
ns1.box.example.me.	86400	IN	A	<correct IP address>
ns2.box.example.me.	86400	IN	A	<correct IP address>

;; Query time: 11 msec
;; SERVER: 2001:500:4f::1#53(2001:500:4f::1)
;; WHEN: Fri Jul 15 06:10:43 PDT 2022
;; MSG SIZE  rcvd: 114

=============

Request to be elevated to the next level of support, because that support agent has not demonstrated anything related to the glue record (“personal DNS record”). What is probably the case is the computer system of Namecheap says the glue record is configured, but the computer system of ICANN says the glue record is not configured.

$ whois ns1.box.example.com  | grep "NOT FOUND\|IP"
NOT FOUND
$ whois edns1.registrar-servers.com. | grep "NOT FOUND\|IP"
   IP Address: 2001:41D0:800:2D2C:0:0:0:2
   IP Address: 51.89.217.44

In their own response they have demonstrated that they failed to register the IP address of the glue record, because those screen shots show a) the hostname of the nameserver is registered and b) the nameserver is not responding.

Tell them to use the IP address of your server to perform the dig tests and they will see all of the records responding correctly.

Also tell them if this is not resolved within 48 hours you will be reporting them to ICANN and include the following link:

https://www.icann.org/compliance/complaint

The technical support person handling your ticket so far doesn’t understand what a glue record is.

The name server is no longer MiaB. It is no longer possible to troubleshoot these problems.

I’ve had too much downtime, and I just couldn’t wait much longer. I waited 4 days for the nameservers to propagate, nothing. I chose to point the domain to nameservers, which I know are working, to a cpanel instance where I’ll host my email instead.

Except, similarly, these nameservers aren’t propagating fully either. It seems like the nameservers aren’t being recognized in the US. So I’m really starting to think it really is a Namecheap issue. And I’m afraid they will now say that cpanel too doesn’t have an A record set. But I can’t add a domain to cpanel until it seems the nameservers are correct. Catch 22 baby.

I’m going to follow up with Namecheap, again, to explain that now, a different set of nameservers, which work, aren’t fully propagating.

No need to troubleshoot further until I hear back from Namecheap.

If we can connect, I am certain that we can solve your issues. But we need to connect.

I’m so appreciative of your instance that you and the MAIB community can resolve this, and I’m certain that you can. I just need to got back to, even temporarily, what I know works.

So much of my personal brand has been down for nearly a week and I just can’t stomach it any more. I’ve really been F’ed over by the hosting company which is how this mess started, and now I’m just not getting answers from the registrar.