Troubleshooting domain name transfer

From ISPWiki
Jump to: navigation, search

This articles goes you through the steps you need to perform for troubleshooting domain name transfer. Let's consider the example when name servers are configured as master - slave and named is used as name server.

General information

Centos 6

named configuration file - /etc/named.conf

logs are located in /var/log/messages

Debian 7

Configuration file - /etc/bind/named.conf

Logs - /var/log/syslog

Master name server diagnostics

Name server does not respond to request for domain zone

Make sure the domain zone is created on the master server and name server responds to requests for the domain zone

dig domain.name @1.1.1.1 ANY +short

where domain.name is the name of the domain

1.1.1.1 - IP address of the name server (usually it matches the IP address of the server)

The response should look something like this:

dig domain.name @1.1.1.1 ANY +short
mary.me. root.example.com. 2014041800 10800 3600 604800 86400
ns2.example.com.
ns1.example.com.
"v=spf1 ip4:1.1.1.1 a mx ~all"
10 mail.domain.name.
1.1.1.1

Response

dig domain.nam @1.1.1.1 ANY +short
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.nam @1.1.1.1 ANY +short
;; global options: +cmd
;; connection timed out; no servers could be reached

means that the server is not running.

If the response is empty, the name server has no information about our domain and does not upload the zone. View the logs for more details.

Possible causes :

Incorrect domain zone

The most common cause of this issue is an incorrect zone file. Causes:

  • A records for private name server are not present.

If both the domain and name servers are from the same zone (for example, domain.com and the ns1.domain.com/ns2.domain.com names servers ), A records for name servers must be specified in the zone file, otherwise it is considered incorrect. Review the logs:

zone domain.name/IN: NS 'ns1.domain.name' has no address records (A or AAAA)
zone domain.name/IN: NS 'ns2.domain.name' has no address records (A or AAAA)
zone domain.name/IN: not loaded due to errors. 

To resolve this issue, add the following records into the zone file:

ns1 IN A <master name server IP>
ns2 IN A <slave name server IP>
  • CNAME record
zone domain.name/IN: loading from master file /var/named/domain.name failed: CNAME and other data
zone domain.name/IN: not loaded due to errors.
A and CNAME records cannot be specified for the same subdomain:
me.domain.name.   IN      A       8.8.8.8
me.domain.name.   IN      CNAME   google.com

Also, it is not possible to create CNAME record for second-level domains.

Slave name server diagnostics

Connection checks

Try to connect to port 53 of the master server through telnet

telnet 1.1.1.1 53
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.

where 1.1.1.1 is the IP address of the master server

If connection fails, check the Firewall settings on the master and slave servers.

Transfer checks

dig -b 2.2.2.2 domain.name @1.1.1.1 axfr

where 1.1.1.1 is the IP address of the master server

2.2.2.2 is the IP address specified in the transfer-source directive for view. If you run DNSmanager, you can find this address in the user configuration form. The response should look like this:

dig -b 2.2.2.2 domain.name @1.1.1.1 axfr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -b 2.2.2.2 domain.name @1.1.1.1 axfr
;; global options: +cmd
domain.name.		3600	IN	SOA	mary.me. root.example.com. 2014041800 10800 3600 604800 86400
domain.name.		3600	IN	NS	ns1.example.com.
domain.name.		3600	IN	NS	ns2.example.com.
domain.name.		3600	IN	TXT	"v=spf1 ip4:1.1.1.1 a mx ~all"
domain.name.		3600	IN	MX	10 mail.domain.name.
domain.name.		3600	IN	A	1.1.1.1
ftp.domain.name.	3600	IN	A	1.1.1.1
mail.domain.name.	3600	IN	A	1.1.1.1
pop.domain.name.	3600	IN	A	1.1.1.1
smtp.domain.name.	3600	IN	A	1.1.1.1
www.domain.name.	3600	IN	A	1.1.1.1
domain.name.		3600	IN	SOA	mary.me. root.example.com. 2014041800 10800 3600 604800 86400

Very often, when configuring IP addresses in DNSmanager (in the "IP address management" module) users provide arbitrary grey or white IPs that might not work on that server. Due to such configuration you won't be able to transfer the domain as it requires that IP address.

Also domain transfer can be refused on the master server. See the directive allow-transfer on the master server.

Access permissions

The following information in the log file during domain transfer

zone domain.name/IN: loading from master file /var/named/domain.name failed: permission denied
one domain.name/IN: not loaded due to errors.

indicates insufficient permissions on the zone file

The zone file must belong to the user who is running named.

ls -ld /var/named/domain.name
-rw------- 1 named named 395 Апр 18 06:24 /var/named/domain.name
Also check permissions on the directory /var/named/
ls -ld /var/named/
drwxr-x--- 5 root named 4096 Апр 18 06:32 /var/named/

Review logs for more detailed information.