Guest h4ckd0wn Posted March 22, 2020 Posted March 22, 2020 Hi, I am having a DNS problem with my domain kanboard.mlI get;; rcode = REFUSED ;; QUESTION SECTION (1 record) ;; ;kanboard.ml. IN ANY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (0 records)
Krydos Posted March 22, 2020 Posted March 22, 2020 Have you added that domain as an alias or addon domain?
wolstech Posted March 22, 2020 Posted March 22, 2020 @Krydos: This is an ongoing issue. cPanel won't let you add the domain claiming the name servers aren't set...even though they are. It never propagates (I had one guy wait almost a week). Only once I manually park the domain for the user does the DNS propagate (and it does so within the hour). Eu.org is the worst affected, but I've had a few other freenom domains like this do the same thing. The issue is that our name servers return REFUSED instead of NXDOMAIN like they should. The REFUSED code keeps the registrar from propagating the records for some reason. If you take a look through the past week or so, you'll see me manually parking a bunch of these for this issue.
Guest h4ckd0wn Posted March 22, 2020 Posted March 22, 2020 (edited) @Krydos It's as the main domain, I changed it today@fasouza well it's more that heliohost's nameservers refuse to answer DNS requests for kanboard.ml and thus dig tools give the REFUSED or SERVFAIL error @wolstech The nameservers are correctly set you can check whois Edited March 22, 2020 by h4ckd0wn
wolstech Posted March 22, 2020 Posted March 22, 2020 I know. I can see them set here: https://bybyron.net/php/tools/dns_records.php?domain=kanboard.ml&rec=NS My experience has been that a registrar will not propagate NS records for a name server that sends REFUSED as a response. The REFUSED code is meant for when a server wants to refuse to provide an answer at all, as opposed to answering the query but saying "I don't know about that domain" (NXDOMAIN). Our NS should be returning either a valid zone, or NXDOMAIN if not known/parked. If I manually park the domain (or manually create a zone file for it), the REFUSED goes away and the server will return a valid zone. Once I do this, the DNS propagates across the internet, usually within the hour. What I don't know is what's causing the server to send that REFUSED back for some domains but not others (which correctly return NXDOMAIN). I can't think of any good reason our servers should ever return REFUSED as it currently stands. The main problem is that domains usually don't propagate well (if at all) while being answered as REFUSED, yet the domain needs to propagate so it can be added and stop being refused. As a result, the only fix I've found is for an admin to manually park it (which bypasses the DNS check) unless you use as the main domain.
Guest h4ckd0wn Posted March 22, 2020 Posted March 22, 2020 (edited) I still get the same problem, and according to herehttp://heliohost.grd.net.pl/dns-checker/ Edited March 22, 2020 by h4ckd0wn
wolstech Posted March 22, 2020 Posted March 22, 2020 It likely fixed itself because you put it as your main domain (which forces the zone to create). Glad to see it's working now.
Krydos Posted March 22, 2020 Posted March 22, 2020 If another of these happens please don't park the domain for them, but rather escalate it to me.
wolstech Posted March 22, 2020 Posted March 22, 2020 That's what I was trying to do with this guy but he decided on the main domain route. I'll let you know when I get one.
Recommended Posts