Domain unresolved in Singapore
Chris Buxton
cbuxton at menandmice.com
Tue Feb 19 23:44:07 UTC 2008
This is something I get asked from time to time: How big a deal is it
that the servers have one set of names in the delegation, and another
set of names in the authoritative NS records? I mean, assuming the
names all resolve to the same set of addresses, as is the case here?
$ dig +short ns1.guentner.co.id ns1.guentner-asiapacific.com
ns2.guentner.co.id ns2.guentner-asiapacific.com
222.124.211.227
222.124.211.227
222.124.211.228
222.124.211.228
Now granted, using the .id names in the delegation means there's no
glue with the delegation, so this adds 3 extra queries to the
resolution, but we're still talking about roughly the same amount of
work for the resolver as www.yahoo.com.
Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbuxton at menandmice.com
www.menandmice.com
Men & Mice
We bring control and flexibility to network management
This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to which
it is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any retention, dissemination,
distribution or copy of this e-mail is strictly prohibited. If you
have received this e-mail in error, please notify us immediately by
reply e-mail and immediately delete this message and all its attachment.
On Feb 19, 2008, at 2:29 PM, Mark Andrews wrote:
>
>>
>> On Tue, 2008-02-19 at 09:43 +0100, Stephane Bortzmeyer wrote:
>>> On Tue, Feb 19, 2008 at 03:30:48PM +0700,
>>> Kadek Hendra Lesmana <ikadek at gmail.com> wrote
>>> a message of 10 lines which said:
>>>
>>>> Why this address is unresolved in Singapore but it's okay in
>>>> Germany?
>>>> I checked with DNS Report from DNS-Stuff and no error, only some
>>>> warning.
>>>
>>> Bad tools, use another tool.
>>>
>>> Zonecheck (http://www.zonecheck.fr/) clearly indicates the problem:
>>> only two name servers and probably in the same room, which means
>>> that
>>> any network glitch will prevent name resolution. Use more diverse
>>> name ser
>> vers.
>>
>> The fact that these servers are on the same subnet or in the same AS
>> does not necessarily mean they're in the same room. There are
>> plenty of
>> ways to build fault tolerance into the underlying network that render
>> this kind of warning meaningless.
>>
>> Maybe they are in the same room, and there was a problem with one or
>> both at the time the OP was testing. They certainly are up now.
>>
>> Is the problem ongoing? What does a dig +trace guentner-
>> asiapacific.com
>> from Singapore look like?
>
> It would help to fix the broken delegation. Nothing will be
> reliable until that is fixed.
>
> guentner-asiapacific.com. 172800 IN NS ns1.guentner.co.id.
> guentner-asiapacific.com. 172800 IN NS ns2.guentner.co.id.
> ;; Received 97 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 446
> ms
>
> slox.guentner-asiapacific.com. 300 IN A 222.124.211.242
> guentner-asiapacific.com. 300 IN NS ns2.guentner-
> asiapacific.com.
> guentner-asiapacific.com. 300 IN NS ns1.guentner-
> asiapacific.com.
> ;; Received 131 bytes from 222.124.211.227#53(ns1.guentner.co.id) in
> 496 ms
>
>
>>> w> IP addresses are likely to be all on the same subnet
>>> | Adv: ZoneCheck
>>> | To avoid loosing all connectivity with the authoritative DNS
>>> in case
>>> | of network outage it is advised to host the DNS on different
>>> networks.
>>> |
>>> | Ref: IETF RFC2182 (Abstract)
>>> | The Domain Name System requires that multiple servers exist
>>> for every
>>> | delegated domain (zone). This document discusses the selection of
>>> | secondary servers for DNS zones. Both the physical and topological
>>> | location of each server are material considerations when selecting
>>> | secondary servers. The number of servers appropriate for a zone
>>> is also
>>> | discussed, and some general secondary server maintenance issues
>>> | considered.
>>> `----- -- -- - - -
>>> : All the servers are likely to be on the subnet
>>> 222.124.211.224/28,
>>> : try moving some of them to another subnet.
>>> `..... .. .. . . .
>>> => generic
>>>
>>> w> Nameservers are all part of the same AS
>>> | Adv: ZoneCheck
>>> | To avoid loosing all connectivity with the authoritative DNS
>>> in case
>>> | of a routing problem inside your Autonomous System, it is
>>> advised to
>>> | host the DNS on different AS.
>>> `----- -- -- - - -
>>> : All the nameservers are part of the same Autonomous System (AS
>>> number
>>> : 17974), try to have some of them hosted on another AS.
>>> `..... .. .. . . .
>>> => generic
>>>
>> --
>> Jeff Reasoner
>> HCCA
>> 513 728-7902 voice
>>
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
>
More information about the bind-users
mailing list