Bind nameserver in Virtualmin and DNS query timing out

Question

I installed Virtualmin GPL on CentOS 6.2. The hostname of the machine is srv01.[mydomain.tld] (where [mydomain.td] is an actual registered domain). On the server I have only 1 IP, so I assigned it to both ns1.[mydomain.tld] and ns2.[mydomain.tld]. After this I updated the nameserver details for my domain on the domain registrar and pointed both ns1 and ns2 to the IP of the server.

The first issue I received was BIND-chroot issue, and after searching on the net, I removed BIND from chroot and BIND started. At this stage I was sure that everything will work normal, so I created a virtual server for [mydomain.tld]. At this point, I was sure that I can now access my site using the domain name.

So I opened network-tools.com and tried to perform a tracert for [mydomain.tld] but it failed to resolve the domain name and following are the details from the page:

Retrieving DNS records for [mydomain.tld]...
DNS servers
ns1.[mydomain.tld] [1.2.3.4]
Query for DNS records for [mydomain.tld] failed: Timed out
Whois query for [mydomain.tld]...

I tried to ping srv01.[mydomain.tld] and failed. Then I tried to ping ns1.[mydomain.tld] and it worked. My first guess was that maybe the NS on my server isn’t working, so I SSHed and performed nslookup google.com:

$ nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: google.com
Address: 173.194.33.39

I think that the NS is working properly on my server. After this, I performed:

$ nslookup [mydomain.tld]
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: [mydomain.tld]
Address: IP

It looks like the server is resolving the name properly locally, but not working on the Internet. I also checked all the Zone records for [mydomain.tld] and it contains the following records:

[mydomain.tld]. -- NS -- ns1.[mydomain.tld].  
[mydomain.tld]. -- NS -- ns2.[mydomain.tld].  
[mydomain.tld]. -- A -- IP  
www.[mydomain.tld]. -- A -- IP  
ns1.[mydomain.tld]. -- A -- IP  
ns2.[mydomain.tld]. -- A -- IP

plus A records for subdomains ftp.[mydomain.tld], m.[mydomain.tld], localhost.[mydomain.tld], webmail.[mydomain.tld], admin.[mydomain.tld] and mail.[mydomain.tld] pointing to the server’s IP, plus MX and SPF records.

Answer 1

To troubleshoot it from the beginning to the end, do the following

1. Find address of your TLD nameservers: dig TLD NS

2. Find how your domain authoritative nameservers configured in the TLD: dig @[one-of-tld-nameservers] [mydomain.tld] NS. You expect to get your authoritative servers: ns1.[mydomain.tld] and ns2.[mydomain.tld] and their IP addresses (which are both pointing to your single IP). If this is NOT what you get, your problem is that you did not register your authoritative servers with your registrar.

3. Query your server: dig @[your IP] www.[mydomain.tld] if you request times-out, port 53 on your server is unreachable for some reason. Since it IS reachable locally, it could be firewall or NAT issue.

Now to various specifics of your question:

I tried to ping srv01.[mydomain.tld] and failed...

In the zone records in your post I don't see a record for srv01. Ping will not be able to resolve srv01 without appropriate DNS record.

Timed out Whois query for [mydomain.tld]...

Whois have nothing to do with DNS resolution, I presume it's DNS and not Whois. It seems that the nameserver defined as authoritative for mydomain.tld is not accessible.

I tried to ping ns1.[mydomain.tld] and VOLA it worked

I'm not sure, but possibly your DNS resolver knows the address ns1.[mydomain.tld] from TLD nameservers, and NOT from authoritative nameserver (also I'm not sure whether it's correct behavior or not).

Conlusion: my best guess is that port 53 of your server is not accessible from the internet.