req: found 'cshl.org' as 'cshl.org' BUT still times out

[Simon Waters]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dermot Paikkos wrote:
> Hi Bind-users,

> I could not connect 'www.cshl.org' and found that users in
different
> zones could. When I turned on debugging I noticed that
cshl.org was
> found yet `dig` always reported "connection timed out" It this
> because cshl.org's name server - phage.cshl.org - is down?

Hi Dermot,

Okay the zone file for cshl.org lists only phage, so if phage is
down bad things will happen, although phage also appears to be
the web server(?) (for cshl.org if not www.cshl.org) and mail
server so when it is down bad things may happen anyway.

Thus the zone only has one name server as far as BIND 9 and some
other name servers are concerned.

Adding an NS record for the zone pointing to Adna would mean it
is more robust when phage is unavailable, other than not knowing
it is a nameserver adna seems correctly configured.

Maybe you tried when phage was down but other people had cached
data?

The only other obvious potential source of trouble is that www
is directed via a chain of CNAME's to 143.48.220.12, when an A
record would do it in simpler fashion. Modern resolvers should
handle this fine, but it seems an unnecessary complication,
unless there is some hidden magic going on in the background.

 Simon
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+UhW6GFXfHI9FVgYRAp0lAJ94KVSEfok95fDL7oB2BDQmRtblngCfbxg0
RdsquChgT0bcporxY+/NcEE=
=CSqP
-----END PGP SIGNATURE-----