Our DNS *sometimes* works and I can't figure out the problem!

[Kevin Darcy]

Your domain is delegated to DNS.GENESISCOM.COM and NS2.GENESISCOM.COM but
you're only advertising "blastpoint.com" in your NS records. This is a
*big* problem when the "blastpoint.com" A record happens to expire from a
nameserver's cache, since then there is no way for it to resolve anything in
your domain until the NS record also expires from the cache, at which time a
fresh delegation is fetched, the name resolves, and the cycle repeats.
Basically, you're creating a periodic chicken-and-egg dilemma for nameservers
all over the Net.

Repeat after me: THE NS RECORDS IN A ZONE SHOULD ALWAYS BE THE SAME AS,
OR A SUPERSET, OF THE DELEGATION NS RECORDS. The fact that
"blastpoint.com" happens to have the same IP address as
DNS.GENESISCOM.COM doesn't grant any exemption from that fundamental rule.

Not to mention that only advertising 1 NS record -- regardless of whether it
matches a delegation record or not -- is a bad idea anyway, from the standpoint
of redundancy...


- Kevin

Joe Emenaker wrote:

> Okay, here's the setup:
>
> We've got a domain: blastpoint.com
> Our account with Internic has our servers as 207.114.134.1 and
> 207.114.134.150. The first is a Linux box running BIND as a master, the
> second is a Win2k machine setup as a slave to the Linux box.
>
> The problem is that, when I try to connect to a machine in the domain, I'll
> often (but not always) get DNS failures reported by the browser or mail
> program. Also, we're getting a lot of outgoing mail rejected by other MTA's
> claiming that they couldn't do a lookup on "blastpoint.com".
>
> Here's the wierd part. If I run nslookup from any machine I have access to
> (outside of the blastpoint.com domain, of course), the lookups succeed. It's
> almost as if nslookup is secretly trying a little harder than my browser or
> mail-reader.
>
> Anyway, I'm totally stumped on this one. Does anyone have any tools that are
> more sophisticated than plain ol' nslookup that I can use to figure out what
> is going wrong? Or, do any DNS gurus just want to see if they can figure it
> out and tell me?
>
> Regards,
> - Joe