Nameservers are not resolving to IP for a domain

Solution 1:

If there are NS records but no corresponding A records, you could be missing Glue Records from the parent zone. The error message None of your nameserver names contain glue or A records. This error is fatal. Your domain is not resolveable is consistent with that.

If this domain is example.com and the name servers are its subdomains ns1.example.com and ns2.example.com, it's not enough that you have the A records on the zone itself, as it would cause an infinite loop:

1. Hello .com, what are the nameservers for example.com?
2. They are ns1.example.com and ns2.example.com.
3. Ok. What are their IP addresses?
4. I don't know. You should ask from the name servers of example.com.
5. Ok. What are the nameservers for example.com?

Therefore, the com requires to have and give this information directly, as the Glue Records. You can't set these records on your own DNS server, but at the registrar.

The network unreachable resolving './NS/IN': 2001:dc3::35#53 errors are probably not related to your current problem. These are DNS request from your DNS server and related to its recursive functionality i.e. when it's trying to resolve domains it doesn't know by itself, authoritatively.

Keep in mind that recursive and authoritative DNS servers should be separated, i.e. by the IANA Technical requirements for authoritative name servers:

No open recursive name service

The authoritative name servers must not provide recursive name service. This requirement is tested by sending a query outside the jurisdiction of the authority with the “RD”-bit set.

If your DNS server does need to have recursive functionality, you should of course fix these errors, too. You should also limit the network ranges that are allowed to use the server recursively, in BIND with allow-recursion { 198.51.100.0/24; };.

Solution 2:

Did you register and ns1.SERVER_DOMAIN.com and ns2.SERVER_DOMAIN.com as nameserver at your registrar. changing only nameserver of your domain can not redirect dns queries to your server. First you should register 2 two nameserver. then you should change your ns record to your registered nameservers.

To verify configuration:

1. Do a whois query to get ns: whois SERVER_DOMAIN.com |grep -i "name server:"
2. Do a ns record query: dig -t ns SERVER_DOMAIN.com

First query should have ns1.SERVER_DOMAIN.com and ns2.SERVER_DOMAIN.com In second query, in answer section should contain an answer.

Then the query will forwarded to your servers. For verify it, open tcpdump at port 53 on your server. And from another location (not from your servers) perform a soa dns query like dig -t soa SERVER_DOMAIN.com. The answer section should contain the line at your zone file. If not look your tcpdump output, if there is no output, there is a firewall blocking the dns port, if there is output, then dns configuration has errors. Do a config test with:

named-checkconf /etc/named.conf named-checkzone SERVER_DOMAIN.com /var/named/[ZONEFILE]

Probably, at least one of them will be failed. Fix the errors. And reperform soa dns query.

Then debug, DOMAIN_IN_QUESTION.com.

First check TLD records same as SERVER_DOMAIN.com. Same steps:

1. Do a whois query to get ns: whois DOMAIN_IN_QUESTION.com |grep -i "name server:"
2. Do a ns record query: dig -t ns DOMAIN_IN_QUESTION.com

All of these steps should return "(ns1|ns2).SERVER_DOMAIN.com. If not, the configuration at registrar has problems. Contact them.

Check conf and zone conf

named-checkconf /etc/named.conf named-checkzone DOMAIN_IN_QUESTION.com /var/named/[ZONEFILE]

If there is errors then fix it.

Do a soa record query. This query should be answered by your dns server. Open a tcpdump and check also dns traffic packets.

SOA answer should match as your SOA line at zone config file.