DNS Help

[Brad Knowles]

At 11:18 PM -0400 6/26/01, Eric Ward wrote:

>  	1)We can resolve www4.domain.com, but we can not resolve
>  www.domain.com.  The problem is not just with www it seems to randomly
>  resolve some records and not others. The problem only happens when accessed
>  externally. Everything seems to work fine from the local machine.

	I'd be willing to bet that a delegation error is involved in this 
problem.  If you can give us some example domain names, we can check 
them out with standard DNS debugging tools.

>  	Here is example of one of our zone files:
>  $TTL 43200
>  ;
>  ; Database file 36productions.com for 36productions zone.
>  ;
>  @		IN	SOA	ns1.	root.domain.com. (
>  			6222001	; Serial Number
>  			900		; Refresh
>  			600		; Retry
>  			1209600	; Expire
>  			43200	)	; Minimum TTL

	Okay, well first off, the "master" server name is wrong here.  It 
shouldn't be "ns1.", it should be something more like 
"ns1.domain.com."  I'm not sure about the serial number -- I 
recommend using the YYYYMMDDNN format, but if you're using automated 
tools to help you keep this up-to-date, that may not be necessary.

	You really don't want the refresh and retry to be so low -- 3600 
seconds (an hour) should be more than enough for refresh, and retry 
should usually be something like one-third to one-fourth the refresh 
period (but I don't think that the smaller number should be five 
minutes or less).

>  ;
>  ; Zone Records for 36productions.com.
>  ;
>  			NS	domain.com.
>  			MX	10	mail.domain.com.
>  @			A	192.168.0.3
>  www			A	192.168.0.3
>  www4			A	192.168.0.5
>  mail.domain.com	A	192.168.0.1

	Now, note that this NS record doesn't match the master nameserver 
listed in the SOA.  Again, this is probably not what you want. 
Moreover, you should have two nameservers for this domain.


	Let's look at this domain with the standard DNS delegation 
debugging tool "doc":

% doc -d 36productions.com
Doc-2.2.2: doc -d 36productions.com
Doc-2.2.2: Starting test of 36productions.com.   parent is com.
Doc-2.2.2: Test date - Wed Jun 27 01:22:08 EDT 2001
DEBUG: digging @a.gtld-servers.net. for soa of com.
soa @a.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @b.gtld-servers.net. for soa of com.
soa @b.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @c.gtld-servers.net. for soa of com.
soa @c.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @d.gtld-servers.net. for soa of com.
soa @d.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @e.gtld-servers.net. for soa of com.
soa @e.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @f.gtld-servers.net. for soa of com.
soa @f.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @g.gtld-servers.net. for soa of com.
soa @g.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @h.gtld-servers.net. for soa of com.
soa @h.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @i.gtld-servers.net. for soa of com.
soa @i.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @j.gtld-servers.net. for soa of com.
soa @j.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @k.gtld-servers.net. for soa of com.
soa @k.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @l.gtld-servers.net. for soa of com.
soa @l.gtld-servers.net. for com. has serial: 2001062600
DEBUG: digging @m.gtld-servers.net. for soa of com.
soa @m.gtld-servers.net. for com. has serial: 2001062600
SOA serial #'s agree for com. domain
Found 0 NS and 0 glue records for 36productions.com. 
@a.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@b.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@c.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@d.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@e.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@f.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@g.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@h.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@i.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@j.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@k.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@l.gtld-servers.net. (AUTH)
Found 0 NS and 0 glue records for 36productions.com. 
@m.gtld-servers.net. (AUTH)
DNServers for com.
    === 13 were also authoritatve for 36productions.com.
    === 0 were non-authoritative for 36productions.com.
Servers for com. that are also authoritative for 36productions.com.
    === agree on NS records for 36productions.com.
DEBUG: domservaa =
WARNING: a.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: b.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: c.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: d.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: e.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: f.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: g.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: h.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: i.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: j.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: k.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: l.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
WARNING: m.gtld-servers.net. claims authoritative for 36productions.com.
    == but no NS record at parent zone
NS list summary for 36productions.com. from parent (com.) servers
   ==
SYSerr: No servers for 36productions.com. returned SOAs ...
Summary:
    YIKES: doc aborted while testing 36productions.com.  parent com.
    WARNINGS issued for 36productions.com. (count: 13)
    Incomplete test for 36productions.com. (1)
Done testing 36productions.com.  Wed Jun 27 01:22:14 EDT 2001

	Well, you can't really go much further than that.  There aren't 
any ".com" gTLD nameservers that know anything about this domain.


	I also don't find any information registered for this domain at 
either the InterNIC or Network Solutions WHOIS databases:

% whois 36productions.com

Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for "36PRODUCTIONS.COM".

>>>  Last update of whois database: Sun, 24 Jun 2001 09:21:04 EDT <<<

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.

% whois -h whois.networksolutions.com. 36productions.com.
The Data in Network Solutions' WHOIS database is provided by Network
Solutions for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Network Solutions does not guarantee its accuracy.  By submitting a
WHOIS query, you agree that you will use this Data only for lawful
purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or  (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems).  Network Solutions
reserves the right to modify these terms at any time.  By submitting
this query, you agree to abide by this policy.

NO MATCH: This domain is available!

Go to www.networksolutions.com to register it now!


	Try registering this domain with the ".com" gTLD nameservers, or 
giving us a real domain name that we can try to debug.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'