troubleshooting domain

The other day my other website stopped responding to requests from the web. I kept getting connection refused error messages. I set about trying to figure out what was going on with it.

I started out with a ping on the address to see if the server was functioning:

PING am401.36bit.com (205.166.94.4) 56(84) bytes of data.
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=1 ttl=244 time=52.5 ms
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=2 ttl=244 time=52.4 ms
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=3 ttl=244 time=52.7 ms
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=4 ttl=244 time=52.4 ms
...
--- am401.36bit.com ping statistics ---
19 packets transmitted, 19 received, 0% packet loss, time 18019ms
rtt min/avg/max/mdev = 52.368/52.536/52.721/0.233 ms

The above told me two things: a) The DNS is resolving to the IP address b) the server is up. I ran dig and double checked the DNS resolving alright and confirming that it’s all functioning alright:

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> am401.36bit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27475
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;am401.36bit.com.		IN	A

;; ANSWER SECTION:
am401.36bit.com.	43073	IN	A	205.166.94.4

;; AUTHORITY SECTION:
36bit.com.		43073	IN	NS	ns-d.sdf.org.
36bit.com.		43073	IN	NS	ns-a.sdf.org.
36bit.com.		43073	IN	NS	ns-c.sdf.org.
36bit.com.		43073	IN	NS	ns-b.sdf.org.

;; ADDITIONAL SECTION:
ns-d.sdf.org.		84330	IN	A	50.78.42.82
ns-a.sdf.org.		84330	IN	A	205.166.94.20
ns-c.sdf.org.		84330	IN	A	178.63.35.194
ns-b.sdf.org.		84330	IN	A	192.67.63.35

That told me that it's all sorted on that end. Connection refused was another hint that it is likely to be either a firewall issue or the web server not listening on the right port. I ran nmap on the address to see what ports were open/listening:

# Nmap 6.40 scan initiated Fri Sep  6 08:46:52 2019 as: nmap -oN nmap_result.xt am401.36bit.com
Nmap scan report for am401.36bit.com (205.166.94.4)
Host is up (0.053s latency).
Not shown: 986 closed ports
PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    open     ssh
23/tcp    open     telnet
53/tcp    open     domain
70/tcp    open     gopher
110/tcp   open     pop3
111/tcp   open     rpcbind
113/tcp   open     ident
143/tcp   open     imap
443/tcp   open     https
445/tcp   filtered microsoft-ds
993/tcp   open     imaps
1011/tcp  open     unknown
10000/tcp filtered snet-sensor-mgmt

Just as I thought, port 80 was missing, which was causing the connection to fail. Since then port 80 has been opened back up and we are back in business with the issue fixed! But this was a good experience to test my theories on what was wrong with the system. I saw no issues on the host and I was able to ssh in to the server itself without problems. Using nmap I was able to confirm my theory on the issue!

Leave a Reply

Your email address will not be published. Required fields are marked *