Difficult debug (long-ish)

Kevin Darcy kcd at daimlerchrysler.com
Wed Nov 20 01:42:13 UTC 2002 

The mors.org zone only publishes one nameserver -- dns1.onlineaccesscards.com
-- as does the onlineaccesscards.com zone itself. Furthermore, it publishes
that lone NS record with a relatively-short TTL in both cases (1 hour for
mors.org and 30 minutes for onlineaccesscards.com). This is extremely fragile:
it takes only one medium-length network hiccup to take the whole domain "off
the air".

What's more puzzling to me is why restarting your local nameserver "fixes" the
problem. There is an extra nameserver -- dns2.onlineaccesscards.com -- in the
mors.org delegation records but which is not in the zone's NS records. Maybe
you've been lucky so far, and that nameserver coincidentally happened to be up
whenever the other one was down (although dns2.onlineaccesscards.com appears
to be down right now) (??) It's even possible that this is some misguided form
of failover, i.e. bring up dns2 automatically when dns1 is down. If that's the
case, though, then at the very least they should put *both* names in the
zone's NS records: do they expect _everyone_ to restart their nameservers?


- Kevin

"Steven L. Sesar" wrote:

> Here's the problem:
>
> Users on our domain periodically complain that they cannot access
> www.mors.org. Typically, what others have done to remedy this was to bounce
> named (9.2.1) on our external DNS servers. A colleague and I decided that
> enough is enough and we set off to figure out what the root cause of this
> problem is.
>
> We started by attempting to get to www.mors.org from outside of our domain.
> Initially, we were successful, but subsequent tries failed, presumably
> because www.mors.org expired out of my ISP's cache.
>
> I'm hoping that someone can at least point me in the right direction as far
> as debigging our problem goes.
>
> Here's the output of dig +trace www.mors.org.
>
> [trixee at maleah trixee]$ dig +trace www.mors.org.
>
> ; <<>> DiG 9.2.1 <<>> +trace www.mors.org.
> ;; global options:  printcmd
> ..                       457356  IN      NS      K.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      L.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      M.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      I.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      E.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      D.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      A.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      H.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      C.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      G.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      F.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      B.ROOT-SERVERS.NET.
> ..                       457356  IN      NS      J.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 207.172.3.8#53(207.172.3.8) in 26 ms
>
> org.                    172800  IN      NS      A.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      G.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      H.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      C.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      I.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      B.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      D.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      L.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      F.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      J.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      K.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      E.GTLD-SERVERS.NET.
> org.                    172800  IN      NS      M.GTLD-SERVERS.NET.
> ;; Received 462 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 128 ms
>
> mors.org.               172800  IN      NS      dns1.onlineaccesscards.com.
> mors.org.               172800  IN      NS      dns2.onlineaccesscards.com.
> ;; Received 121 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 81 ms
>
> dig: Couldn't find server 'dns1.onlineaccesscards.com': Name or service not
> known
>
> What exactly is that last line indicating?
>
> Now, look at this output:
>
> [trixee at maleah trixee]$ dig @dns1.onlineaccesscards.com
> dns1.onlineaccesscards.com
> dig: Couldn't find server 'dns1.onlineaccesscards.com': Name or service not
> known
>
> [trixee at maleah trixee]$ dig dns1.onlineaccesscards.com
>
> ; <<>> DiG 9.2.1 <<>> dns1.onlineaccesscards.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59170
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;dns1.onlineaccesscards.com.    IN      A
>
> ;; AUTHORITY SECTION:
> onlineaccesscards.com.  2121    IN      SOA     dns1.onlineaccesscards.com.
> .. 75 3600 600 86400 3600
>
> ;; Query time: 48 msec
> ;; SERVER: 207.172.3.8#53(207.172.3.8)
> ;; WHEN: Tue Nov 19 19:53:09 2002
> ;; MSG SIZE  rcvd: 79

More information about the bind-users mailing list