Bizarre installation problem re: specific domain name

Hello all!

I’m having a bizarre issue setting up a new install. We’re moving from hosted to self-hosting our installation, and are using the domain www.pidforum.org. I have spun up an Ubuntu server, and am using the standard install. Domain is currently pointing at the IP of the server with @, *, and www. all set as A names.

installation appears to go without a hitch…everything looks like it’s working. Initial domain check says it’s ok, installation proceeds and completes. But it doesn’t work. Server isn’t listening on 443 or 80, and when i discourse doctor it says:

Discourse version at www.pidforum.org: NOT FOUND
Discourse version at localhost: NOT FOUND

Now here’s the weird thing…if i redo discourse-setup, and change ONLY the domain name to another domain i control (discourse.xxxxxxx.yyy) it works fine. Everything else is the same…same server, same everything, ONLY changing the domain name.

What could cause this? Help, I’m going insane trying to sort this out.

1 Like

Are you sure the DNS records are set up correctly? When I check from here, neither address is resolving:

~ ❯ host www.pidforum.org
Host www.pidforum.org not found: 2(SERVFAIL)
~ ❯ host pidforum.org 
Host pidforum.org not found: 2(SERVFAIL)
1 Like

i can ping it

image

up might want to wait for the dns records to update.

1 Like

yes, your dns records have not been updated yet. so you have to wait.

3 Likes

For what it’s worth: it’s been at least 36 hours since i made any change to the DNS. Those failures are persistent.

1 Like

well, check your TTL on your dns. that might be set to high

1 Like

Pretty sure, just set them up as a standard @ and www A names pointing at the IP, and then a * as a CNAME reconciling to the www

1 Like

TTL are set to 600, for specifically that reason.

1 Like

I’ve been futzing with this since Thursday of last week…i’m increasingly thinking it’s something with the Domain name specifically, but that makes NO sense at all (and also has no effective troubleshooting steps).

Is there anything I can test/try to narrow my problem scope? I’m comfortable as a sysadmin, but this has me questioning my life.

1 Like

your NS is set to DO. so maybe reach out to DO support ?

1 Like

Did you recently change your nameserver to Digital Ocean? It looks like you have DNSSEC enabled for pidforum.org, but the Digital Ocean nameservers are not returning any signatures. Therefore, DNS servers like 8.8.8.8 are detecting the broken chain of trust, and refusing to return the records.

You can see more information using tools like this:

https://dnsviz.net/d/pidforum.org/dnssec/
https://zonemaster.iis.se/en/?resultid=ab6652c87db6b5f9

If you want to disable/modify DNSSEC, you should be able to do that via your domain registrar.

(thanks @supermathie for the tip on DNSSEC - it’s not something I’d investigated before)

4 Likes

Ok, so the DNSSEC thing is weird, and not something I’d ever dealt with either, so thanks for the pointer.

I’ve tried to uncomplicate things by removing the digital ocean nameserver jump from the equation, and am now just using network solutions as both registrar and nameserver to try and eliminate possible errors/issues. That is propagating now (but i have tested this setup, and it doesn’t work either for reasons i don’t understand).

I’ll check the DNSSEC stuff after the nameserver change has some time to happen. But I am betting there’s something else going on as well.

1 Like

your domain is still looking for the dnssec

contact your registrar and ask them to disable secureDNS

1 Like

I confirmed with my registrar that they are not using DNSSEC. I am at such a loss as to what is going on here.

1 Like

And they were no help at all.

Going to try moving to a different host (from MediaTemple to Digital Ocean) and see if the DNSSEC errors move with me.

2 Likes

Does anyone have any idea what 199.19.56.1 is? Why is that in this response loop at all? It’s not my server…

1 Like

after some research, the DS record needs to be removed from your domain.

1 Like

…Network solutions has assured me that DNSSEC is off, and there is no interface for adding or removing a DS record in the admin interface for my domain.

Thanks for tracking this down, but i have no freaking clue where it’s living.

1 Like

are you using cloudflare by any chance ?

1 Like

I am not, but a friend just suggested i move my DNS there so that I have DNSSEC controls.

1 Like