DNS trace tools

[Stephane Bortzmeyer]

On Fri, Jul 08, 2005 at 02:50:05AM -0700,
 AY Xu <ay_xu at yahoo.com> wrote 
 a message of 26 lines which said:

> ;; connection timed out; no servers could be reached

The domain carrier.utc.com has three name servers, but all of them
seem to be on the same switch. So, there is only a redundancy for
machine failures, and not at all for network failures. Their fault,
not yours.

> My question is: Is there any tools we can use to trace what's could be
> the problem. 

dig +trace would be sufficient.

Otherwise, Zonecheck (http://www.zonecheck.fr/) flags the problem:

w> IP addresses are likely to be all on the same subnet
 | Adv: ZoneCheck
 |   To avoid loosing all connectivity with the authoritative DNS in case
 | of network outage it is advised to host the DNS on different networks.
 | 
 | Ref: IETF RFC2182 (Abstract)
 |   The Domain Name System requires that multiple servers exist for every
 | delegated domain (zone). This document discusses the selection of
 | secondary servers for DNS zones. Both the physical and topological
 | location of each server are material considerations when selecting
 | secondary servers. The number of servers appropriate for a zone is also
 | discussed, and some general secondary server maintenance issues
 | considered.
 `----- -- -- - -  -
 :   All the servers are likely to be on the subnet 4.2.49.0/28, try
 : moving some of them to another subnet.
 `..... .. .. . .  .
=> generic

w> Nameservers are all part of the same AS
 | Adv: ZoneCheck
 |   To avoid loosing all connectivity with the authoritative DNS in case
 | of a routing problem inside your Autonomous System, it is advised to
 | host the DNS on different AS.
 `----- -- -- - -  -
 :   All the nameservers are part of the same Autonomous System (AS number
 : 3356), try to have some of them hosted on another AS.
 `..... .. .. . .  .
=> generic