No valid SOA record came back!

[Miki]

berikut ini isi dari dns manage:

[MRatWork]

Yang merah bagian mana?. Sebutkan saja domain anda itu agar saya bisa periksa di intodns.com.

[Miki]

SOA record - No valid SOA record came back!

MX Records - Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!

Missing nameservers reported by your nameservers - You should already know that your NS records at your nameservers are missing, so here it is again:

Multiple Nameservers - ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.

DNS servers responded - ERROR: One or more of your nameservers did not respond:
The ones that did not respond are: ip publik

Mismatched NS records - WARNING: One or more of your nameservers did not return any of your NS records.

[Miki]

hapir semua domain yang ditanam rapotnya merah 

[MRatWork]

Katakan saja 'domain.tld' adalah domain anda, 'IP public' adalah IP dari VPS anda.

Pertanyaannya:
1. Apa isian dari 'MX record' anda. Apakah 'domain.tld MX 10 mail.domain.tld'?.
2. Apakah '1.1.1.1' adalah 'IP public'?. Intodns melaporkan bahwa IP ini tidak 'menjawab' ketika ditanya
3. Kalau hanya pakai 1 IP maka 'Multiple Nameservers' akan selalu merah (bahkan IP berbeda tapi dalam 1 subnet)

[MRatWork]

Coba ganti dns servernya. Jika DJBDns maka ganti ke Bind dan sebaliknya.

Untuk memastikan (jika pakai DJBDns), jalankan 'service djbdns setup; sh /script/fixdns; sh /script/restart-dns'.

[Miki]

Katakan saja 'domain.tld' adalah domain anda, 'IP public' adalah IP dari VPS anda.

Pertanyaannya:
1. Apa isian dari 'MX record' anda. Apakah 'domain.tld MX 10 mail.domain.tld'?.
2. Apakah '1.1.1.1' adalah 'IP public'?. Intodns melaporkan bahwa IP ini tidak 'menjawab' ketika ditanya
3. Kalau hanya pakai 1 IP maka 'Multiple Nameservers' akan selalu merah (bahkan IP berbeda tapi dalam 1 subnet)

domain.tld adalah sebuah istilah dari domain aslinya.

1. isian dari mx record sudah benar : domain.tld mx 10 maildomain.tld
2. ip 1.1.1.1 juga istilah dari ip-publik vps. - yang manggil intodns tidak vps dijawab. tapi kalau yang nanya mozila atau crome mau menjawab. ini yang sulit dimengerti.
3. nomor 3 ini bisa ditoleransi karena hanya ada 1 ip.

lantas bagaimana dengan SOA dan Missing nameservers reported by your nameservers?

[Miki]

Coba ganti dns servernya. Jika DJBDns maka ganti ke Bind dan sebaliknya.

Untuk memastikan (jika pakai DJBDns), jalankan 'service djbdns setup; sh /script/fixdns; sh /script/restart-dns'.

untuk kesempatan yang ini sudah pernah dicoba dan hasilnya tetap sama rapotnya merah.
secara restart bind maupun djbdns berjalan normal. hanya saja berdasarkan rapot dari intodns tidak berubah sedikitpun.
saat ini sudah terlanjur menjalankan 'sh /script/mysql-optimize --select=optimize' sehingga belum bisa berbuat apa-apa karena belum selesai defrag nya entah ini berapa lama defrag nya selesai..?!!

[MRatWork]

'SOA record' ada di 'General Settings' pada 'DNS manage'.

Coba dari ssh jalan 'dig hostspectra.com MX' (ganti MX ke SOA atau TXT atau NS untuk periksa record lain) dan bandingkan dengan domain anda.

[Miki]

dig hostspectra.com MX

; <<>> DiG 9.9.4-P1 <<>> hostspectra.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9481
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hostspectra.com.               IN      MX

;; Query time: 1 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jan 02 20:30:07 WIB 2014
;; MSG SIZE  rcvd: 44

dig domain.tld MX

; <<>> DiG 9.9.4-P1 <<>> domain.tld MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33807
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.tld.                 IN      MX

;; ANSWER SECTION:
domain.tld.          86000   IN      MX      10 domain.tld.

;; AUTHORITY SECTION:
domain.tld.          86000   IN      NS      ns2.domain.tld.
domain.tld.          86000   IN      NS      ns1.domain.tld.

;; ADDITIONAL SECTION:
domain.tld.          86000   IN      A       1.1.1.1
ns1.domain.tld.      86000   IN      A       1.1.1.1
ns2.domain.tld.      86000   IN      A       1.1.1.1

;; Query time: 818 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jan 02 20:30:30 WIB 2014
;; MSG SIZE  rcvd: 142

[Miki]

setelah kembali mencoba cleanup ada yang berubah tapi sekarang kesulitan

sh /script/resetpassword master {newpassword}
Notice : The resource you have requested doesn't exist. The server returned the error message: <br>  not_admin_cannot_modify_general   <br>

Thx.

[MRatWork]

Bisa jadi ada masalah di mysql yang tidak running. Coba 'chkconfig mysqld on; service mysql restart'.

[GentZu]

pak mustafa, saya kalau pakek djbdns juga error gitu buat ip kedua...
untuk semua domain yg berada di ip kedua itu dp merah semua di intodns, dan gk bisa di akses...
misal saya punya ip utama 173.45.xxx dan yg kedua 173.44.xxx
dalam ip 173.45.xxx ada beberapa domain ns1 dan ns2 mengarah ke ip yang sama yaitu 173.45.xxx
nah, dalam ip 173.44.xxx ada juga beberapa domain pakek ns 1 dan ns2 ipnya sama ke 173.44.xxx
tapi jika menggunakan djbdns semua domain yg mengarah ke 173.44.xxx dp merah semua alias gk bisa di akses, tapi kalau pakek bind gk ada masalah sama sekali...
jadi solusinya gimana pak?

[MRatWork]

pak mustafa, saya kalau pakek djbdns juga error gitu buat ip kedua...
untuk semua domain yg berada di ip kedua itu dp merah semua di intodns, dan gk bisa di akses...
misal saya punya ip utama 173.45.xxx dan yg kedua 173.44.xxx
dalam ip 173.45.xxx ada beberapa domain ns1 dan ns2 mengarah ke ip yang sama yaitu 173.45.xxx
nah, dalam ip 173.44.xxx ada juga beberapa domain pakek ns 1 dan ns2 ipnya sama ke 173.44.xxx
tapi jika menggunakan djbdns semua domain yg mengarah ke 173.44.xxx dp merah semua alias gk bisa di akses, tapi kalau pakek bind gk ada masalah sama sekali...
jadi solusinya gimana pak?

DjbDNS memang agak aneh. Sekarang ini forum sudah Kloxo-MR 6.5.1.a (biarpun masih ada bug). VPS untuk forum pakai 'nsd' sebagai dns server dan 'hiawatha-proxy' untuk web server. Sejauh ini masih lancar saja. Memang masih ada beberapa setting di Hiawatha yang perlu di-fix.

DjbDNS memang bermasalah untuk 'cname' (tentunya juga 'fcname') sehingga dalam untuk config-nya perlu ada proses convert dari 'cname' ke 'A' record.

[Miki]

  ini berdasarkan refernsi dari versi bind yang didapat dari '/usr/share/doc/bind-9.9.4/sample/etc/named.conf'.. apakah versi MR x ini sudah sesuai? atau di saya nya yang belum pas configurasinya..!! 

Code: [Select]

/*
 Sample named.conf BIND DNS server 'named' configuration file
 for the Red Hat BIND distribution.

 See the BIND Administrator's Reference Manual (ARM) for details, in:
   file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
 Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
 its manual.
*/

options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
        statistics-file "data/named_stats.txt";
        memstatistics-file "data/named_mem_stats.txt";


/*
  Specify listenning interfaces. You can use list of addresses (';' is
  delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; };

//listen-on-v6 port 53 { any; };
listen-on-v6 port 53 { ::1; };

/*
  Access restrictions

  There are two important options:
    allow-query { argument; };
      - allow queries for authoritative data

    allow-query-cache { argument; };
      - allow queries for non-authoritative data (mostly cached data)

  You can use address, network address or keywords "any"/"localhost"/"none" as argument
  Examples:
    allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
    allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
*/

allow-query { localhost; };
allow-query-cache { localhost; };

// Enable/disable recursion - recursion yes/no;
recursion yes;

/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */

/* Enable serving of DNSSEC related data - enable on both authoritative
     and recursive servers DNSSEC aware servers */
dnssec-enable yes;

/* Enable DNSSEC validation on recursive servers */
dnssec-validation yes;

/* Enable DLV by default, use built-in ISC DLV key. */
dnssec-lookaside auto;
};

logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

/*
 Views let a name server answer a DNS query differently depending on who is asking.

 By default, if named.conf contains no "view" clauses, all zones are in the
 "default" view, which matches all clients.

 Views are processed sequentially. The first match is used so the last view should
 match "any" - it's fallback and the most restricted view.

 If named.conf contains any "view" clause, then all zones MUST be in a view.
*/

view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
match-clients { localhost; };
recursion yes;

# all views must contain the root hints zone:
zone "." IN {
        type hint;
        file "/var/named/named.ca";
};

        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
* not leak to the other nameservers:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
match-clients { localnets; };
recursion yes;

zone "." IN {
        type hint;
        file "/var/named/named.ca";
};

        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
* not leak to the other nameservers:
*/
include "/etc/named.rfc1912.zones";
 
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

/*
  NOTE for dynamic DNS zones and secondary zones:

  DO NOT USE SAME FILES IN MULTIPLE VIEWS!

  If you are using views and DDNS/secondary zones it is strongly
  recommended to read FAQ on ISC site (www.isc.org), section
  "Configuration and Setup Questions", questions
  "How do I share a dynamic zone between multiple views?" and
  "How can I make a server a slave for both an internal and an external
   view at the same time?"
*/

zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type master;
allow-update { key ddns_key; };
file "dynamic/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
};

key ddns_key
{
algorithm hmac-md5;
secret "use /usr/sbin/dnssec-keygen to generate TSIG keys";
};

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not match any above view:
 */
match-clients { any; };

zone "." IN {
        type hint;
        file "/var/named/named.ca";
};

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

// These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};

/* Trusted keys

  This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
  have to configure at least one trusted key.

  Note that no key written below is valid. Especially root key because root zone
  is not signed yet.
*/
/*
trusted-keys {
// Root Key
"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
             E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
             zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
             MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
             /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
             iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
             Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";

// Key for forward zone
example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
                      3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
                      OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
                      lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt
                      8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b
                      iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn
                      SCThlHf3xiYleDbt/o1OTQ09A0=";

// Key for reverse zone.
2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
                                VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0
                                tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
                                yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ
                                4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06
                                zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL
                                7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD
                                52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib";
};
*/

A. Kloxo-MR: 6.5.0.f-2014010101

B. OS: CentOS release 5.10 (Final) i686

C. Apps:
   1. MySQL: mysql55-5.5.35-1.ius.el5
   2. PHP: php54-5.4.23-3.ius.el5
   3. Httpd: httpd-2.2.26-1.el5
   4. Lighttpd: --uninstalled--
   5. Nginx: --uninstalled-- ( karena menggunakan nginx-special dan nginx-proxy)
   6. Qmail: qmail-toaster-1.03-1.3.29.mr.el5
      - with: courier-imap-toaster-4.1.2-1.3.14.mr.el5
   7. Dns: bind-9.9.4-1.P1.el5

D. Php-type (for Httpd/proxy): php-fpm_event

E. Memory:
                total       used       free     shared    buffers     cached
   Mem:          2469       2428         41          0        382        992
   -/+ buffers/cache:       1053       1416
   Swap:        11999          0      11999