LogoفارسیFA

DNS Troubleshooting in DirectAdmin – When named is Running but Domains Do Not Resolve

Sometimes the named (BIND) service runs normally, yet DNS queries fail or domains do not resolve from outside. This guide provides a complete troubleshooting workflow for checking named listeners, firewall rules, named.conf configuration, DNS propagation issues, subdomain problems, resolv.conf errors, and common Apache/Nginx misconfigurations.

DNS Troubleshooting

~3 min read • Updated Mar 1, 2026

1. named Is Running but No One Can Query It


This is the most common DNS issue: named is active, but external DNS queries fail.

Step 1: Check if named is listening on all IPs


netstat -lnp | grep named

Or for IPv6:


ss -lnp | grep :53

You should see something like:


tcp LISTEN 0 128 0.0.0.0:53 0.0.0.0:* users:(("named",pid=1234))
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("named",pid=1234))

If you only see 127.0.0.1:53 or ::1:53 → named is listening only on localhost.

---

Step 2: Fix /etc/named.conf

These lines should NOT exist (or must be commented):


listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
allow-query { localhost; };

Replace with:


listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };
allow-recursion { localhost; localnets; };

Restart named:


systemctl restart named
---

Step 3: Check firewall (port 53 TCP + UDP)

Test from inside the server:


dig google.com @127.0.0.1

If this works but external queries fail → firewall is blocking port 53.

Temporarily disable firewall for testing:

firewalld:


systemctl stop firewalld

iptables:


service iptables stop

CSF:


csf -x

If DNS works after disabling firewall → open port 53:


firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload
---

Step 4: Test from outside

Best tool:


https://www.intodns.com

Or manual test:


dig domain.com @YOUR_SERVER_IP
---

2. www.domain.com Does Not Work but domain.com Works


This is almost always a DNS propagation issue.

Fix:

  • Wait 4–24 hours
  • Before major IP changes, reduce TTL to 300–600 seconds
  • Check global propagation:

https://www.whatsmydns.net
---

3. sub.domain.com Does Not Work but domain.com/sub Works


Checklist:

  • Does an A record exist for the subdomain?
  • Test from inside the server:

dig sub.domain.com @127.0.0.1
  • If it does not resolve → named or task.queue is not working
  • If it resolves but the website does not load:

Check VirtualHost:

  • DNS IP must match the VirtualHost IP in Apache/Nginx
  • DocumentRoot must be correct (Sub-Domains Setup → Document Root Override)

If using external DNS:

Add the A record manually in the external DNS provider.

---

4. Check resolv.conf and Local DNS Servers


If the server itself cannot resolve domains, check:


/etc/resolv.conf

Correct example:


nameserver 8.8.8.8
nameserver 8.8.4.4

Test:


dig google.com @8.8.8.8
---

5. Why Do I See “Apache is functioning normally” or “This IP is shared”?


Main reasons:

  • The domain resolves to the wrong IP
  • No VirtualHost exists for the domain

Quick checks:

Check DNS IP:


dig domain.com

Check DirectAdmin IP assignment:


Admin Level → Show All Users → Domain → Assigned IP

If they do not match → fix the A record or wait for propagation.

Rebuild webserver configs:


cd /usr/local/directadmin/custombuild
./build rewrite_confs

Written & researched by Dr. Shahin Siami

Next Article