DNS probs
Jeremy Gardner
jeremy at quetico.net
Wed Mar 7 06:43:33 UTC 2001
Thanks for pointing out that sleepy.giant.net had snuck in as
authoritative. It wasn't something I was intending to do, but apparently
an old record on one of Avalon's dns servers still had the reference to
sleepy.
I've removed all references to sleepy as an authoritative nameserver for
my domain, and even removed dns3 and dns4 as authoritative so that it
matches up with root nameservers.
One problem is that I can't seem to get to sleepy.giant.net to update the
DNS. Since its no longer listed as an authoritative DNS server for the
domain, will this be a problem? It seems like it so far...
When I run dig on various different name servers, it will show a TTL value
of 2D (something inherited from the incorrect DNS entry on sleepy). I'm
picking nameservers that probably didn't have my domain in their cache,
yet when I go to query them it still shows up with the wrong IP address
for pierna.quetico.net, and a TTL of 2D. Sometimes, when I check back,
that 2D has started counting down, and on other servers it will remain 2D.
I'm picking nameservers for domains like nbc.com (ns2.ge.com) and
sprint.com (reston-ns1.telemail.net). I'll query them, and the TTL will
have then just started counting down from 2D. If its just caching the
entry, how is it pickup up info that seems to only be coming from sleepy,
and not from dns1.avalon.net and dns2 (the only authoritative servers for
the domain).
What am I missing here?
Thanks!
Jeremy
On Mon, 5 Mar 2001, Brad Knowles wrote:
> At 8:29 PM -0700 3/4/01, Jeremy Gardner wrote:
>
> > How come some servers are referencing the incorrect entries
> > in sleepy.giant.net, whereas other servers dont' seem to pick up any
> > reference to sleepy.giant.net at all?
>
> You haven't checked your delegations, or the way your domain is
> set up on the avalon.net nameservers, have you?
>
> Here's what a typical root nameserver think about your domain:
>
> $ dig @a.gtld-servers.net. quetico.net. any
>
> ; <<>> DiG 8.1 <<>> @a.gtld-servers.net. quetico.net. any
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; quetico.net, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> quetico.net. 2D IN NS DNS1.AVALON.NET.
> quetico.net. 2D IN NS DNS2.AVALON.NET.
>
> ;; AUTHORITY SECTION:
> quetico.net. 2D IN NS DNS1.AVALON.NET.
> quetico.net. 2D IN NS DNS2.AVALON.NET.
>
> ;; ADDITIONAL SECTION:
> DNS1.AVALON.NET. 2D IN A 204.71.106.8
> DNS2.AVALON.NET. 2D IN A 204.71.106.2
>
> ;; Total query time: 73 msec
> ;; WHEN: Mon Mar 5 04:51:45 2001
> ;; MSG SIZE sent: 29 rcvd: 137
>
> However, when you ask the avalon.net nameservers, they provide a
> different answer:
>
> $ dig @dns1.avalon.net. quetico.net. any
>
> ; <<>> DiG 8.1 <<>> @dns1.avalon.net. quetico.net. any
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 5, ADDITIONAL: 7
> ;; QUERY SECTION:
> ;; quetico.net, type = ANY, class = IN
>
> ;; ANSWER SECTION:
> quetico.net. 12H IN MX 10 pierna.quetico.net.
> quetico.net. 12H IN MX 20 argo.quetico.net.
> quetico.net. 12H IN NS dns1.avalon.net.
> quetico.net. 12H IN NS dns2.avalon.net.
> quetico.net. 12H IN NS dns3.avalon.net.
> quetico.net. 12H IN NS dns4.avalon.net.
> quetico.net. 12H IN NS sleepy.giant.net.
> quetico.net. 12H IN A 198.76.15.10
> quetico.net. 12H IN SOA pierna.quetico.net.
> jeremy.quetico.net. (
> 2001030300 ; serial
> 3H ; refresh
> 1H ; retry
> 1W ; expiry
> 12H ) ; minimum
>
>
> ;; AUTHORITY SECTION:
> quetico.net. 12H IN NS dns1.avalon.net.
> quetico.net. 12H IN NS dns2.avalon.net.
> quetico.net. 12H IN NS dns3.avalon.net.
> quetico.net. 12H IN NS dns4.avalon.net.
> quetico.net. 12H IN NS sleepy.giant.net.
>
> ;; ADDITIONAL SECTION:
> pierna.quetico.net. 12H IN A 198.76.15.10
> argo.quetico.net. 12H IN A 204.71.106.169
> dns1.avalon.net. 12H IN A 204.71.106.8
> dns2.avalon.net. 12H IN A 204.71.106.2
> dns3.avalon.net. 12H IN A 205.140.160.8
> dns4.avalon.net. 12H IN A 205.140.160.9
> sleepy.giant.net. 12H IN A 204.71.106.3
>
> ;; Total query time: 182 msec
> ;; WHEN: Mon Mar 5 04:53:45 2001
> ;; MSG SIZE sent: 29 rcvd: 424
>
> You need to go back to the folks who operate the avalon.net
> nameservers and get them to fix the way they're serving your zone,
> and you should also get the delegation from the root nameservers
> fixed so as to at least match the list of nameservers provided by
> avalon.net.
>
>
> If you had run the DNS debugging tool "doc" on this zone, you
> would have quickly found out these differences, and you would have
> been able to start working on getting them fixed immediately.
>
> You can find the latest official version of "doc" that I have at
> <http://www.shub-internet.org/brad/dns/index.html>. I haven't yet
> updated "doc" to work with BINDv9, but I hope to be able to do this
> soon. I also hope to be able to fully integrate all the
> functionality of "doc" into Dave Barr's program "dnswalk" (another
> good DNS debugging tool, although it requires the ability to do a
> zone transfer of your data), so that we can reduce by one the number
> of DNS debugging tools you need to be aware of.
>
> --
> ======================================================================
> Brad Knowles, <brad.knowles at skynet.be>
>
____________________________
"All of life's riddles are
answered in the movies"
Steve Martin, GRAND CANYON
____________________________
More information about the bind-users
mailing list