Bizarre installation problem re: specific domain name

Installation
1

Hello all!

I’m having a bizarre issue setting up a new install. We’re moving from hosted to self-hosting our installation, and are using the domain www.pidforum.org. I have spun up an Ubuntu server, and am using the standard install. Domain is currently pointing at the IP of the server with @, *, and www. all set as A names.

installation appears to go without a hitch…everything looks like it’s working. Initial domain check says it’s ok, installation proceeds and completes. But it doesn’t work. Server isn’t listening on 443 or 80, and when i discourse doctor it says:

Discourse version at www.pidforum.org: NOT FOUND
Discourse version at localhost: NOT FOUND

Now here’s the weird thing…if i redo discourse-setup, and change ONLY the domain name to another domain i control (discourse.xxxxxxx.yyy) it works fine. Everything else is the same…same server, same everything, ONLY changing the domain name.

What could cause this? Help, I’m going insane trying to sort this out.

1 Like
2

Are you sure the DNS records are set up correctly? When I check from here, neither address is resolving:

~ ❯ host www.pidforum.org
Host www.pidforum.org not found: 2(SERVFAIL)
~ ❯ host pidforum.org 
Host pidforum.org not found: 2(SERVFAIL)
1 Like
3

i can ping it

image

up might want to wait for the dns records to update.

1 Like
4

yes, your dns records have not been updated yet. so you have to wait.

image
image1291×671 80.1 KB

3 Likes
5

For what it’s worth: it’s been at least 36 hours since i made any change to the DNS. Those failures are persistent.

1 Like
6

well, check your TTL on your dns. that might be set to high

1 Like
7

Pretty sure, just set them up as a standard @ and www A names pointing at the IP, and then a * as a CNAME reconciling to the www

1 Like
8

TTL are set to 600, for specifically that reason.

1 Like
9

I’ve been futzing with this since Thursday of last week…i’m increasingly thinking it’s something with the Domain name specifically, but that makes NO sense at all (and also has no effective troubleshooting steps).

Is there anything I can test/try to narrow my problem scope? I’m comfortable as a sysadmin, but this has me questioning my life.

1 Like
10

your NS is set to DO. so maybe reach out to DO support ?

1 Like
11

Did you recently change your nameserver to Digital Ocean? It looks like you have DNSSEC enabled for pidforum.org, but the Digital Ocean nameservers are not returning any signatures. Therefore, DNS servers like 8.8.8.8 are detecting the broken chain of trust, and refusing to return the records.

You can see more information using tools like this:

https://dnsviz.net/d/pidforum.org/dnssec/
https://zonemaster.iis.se/en/?resultid=ab6652c87db6b5f9

If you want to disable/modify DNSSEC, you should be able to do that via your domain registrar.

(thanks @supermathie for the tip on DNSSEC - it’s not something I’d investigated before)

5 Likes
12

Ok, so the DNSSEC thing is weird, and not something I’d ever dealt with either, so thanks for the pointer.

I’ve tried to uncomplicate things by removing the digital ocean nameserver jump from the equation, and am now just using network solutions as both registrar and nameserver to try and eliminate possible errors/issues. That is propagating now (but i have tested this setup, and it doesn’t work either for reasons i don’t understand).

I’ll check the DNSSEC stuff after the nameserver change has some time to happen. But I am betting there’s something else going on as well.

1 Like
13

your domain is still looking for the dnssec

image
image1282×584 19.9 KB

contact your registrar and ask them to disable secureDNS

1 Like
14

I confirmed with my registrar that they are not using DNSSEC. I am at such a loss as to what is going on here.

1 Like
15

And they were no help at all.

Going to try moving to a different host (from MediaTemple to Digital Ocean) and see if the DNSSEC errors move with me.

2 Likes
16

Screen Shot 2021-09-14 at 1.57.28 PM
Screen Shot 2021-09-14 at 1.57.28 PM1289×270 48.9 KB

Does anyone have any idea what 199.19.56.1 is? Why is that in this response loop at all? It’s not my server…

1 Like
17

after some research, the DS record needs to be removed from your domain.

image
image1059×321 5.36 KB

1 Like
18

…Network solutions has assured me that DNSSEC is off, and there is no interface for adding or removing a DS record in the admin interface for my domain.

Thanks for tracking this down, but i have no freaking clue where it’s living.

1 Like
19

are you using cloudflare by any chance ?

image
image1109×343 4.02 KB

1 Like
20

I am not, but a friend just suggested i move my DNS there so that I have DNSSEC controls.

1 Like