Domain unresolved in Singapore

Chris Buxton cbuxton at menandmice.com
Tue Feb 19 23:44:07 UTC 2008 

This is something I get asked from time to time: How big a deal is it  
that the servers have one set of names in the delegation, and another  
set of names in the authoritative NS records? I mean, assuming the  
names all resolve to the same set of addresses, as is the case here?

$ dig +short ns1.guentner.co.id ns1.guentner-asiapacific.com  
ns2.guentner.co.id ns2.guentner-asiapacific.com
222.124.211.227
222.124.211.227
222.124.211.228
222.124.211.228

Now granted, using the .id names in the delegation means there's no  
glue with the delegation, so this adds 3 extra queries to the  
resolution, but we're still talking about roughly the same amount of  
work for the resolver as www.yahoo.com.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Feb 19, 2008, at 2:29 PM, Mark Andrews wrote:

>
>>
>> On Tue, 2008-02-19 at 09:43 +0100, Stephane Bortzmeyer wrote:
>>> On Tue, Feb 19, 2008 at 03:30:48PM +0700,
>>> Kadek Hendra Lesmana <ikadek at gmail.com> wrote
>>> a message of 10 lines which said:
>>>
>>>> Why this address is unresolved in Singapore but it's okay in  
>>>> Germany?
>>>> I checked with DNS Report from DNS-Stuff and no error, only some
>>>> warning.
>>>
>>> Bad tools, use another tool.
>>>
>>> Zonecheck (http://www.zonecheck.fr/) clearly indicates the problem:
>>> only two name servers and probably in the same room, which means  
>>> that
>>> any network glitch will prevent name resolution. Use more diverse  
>>> name ser
>> vers.
>>
>> The fact that these servers are on the same subnet or in the same AS
>> does not necessarily mean they're in the same room. There are  
>> plenty of
>> ways to build fault tolerance into the underlying network that render
>> this kind of warning meaningless.
>>
>> Maybe they are in the same room, and there was a problem with one or
>> both at the time the OP was testing. They certainly are up now.
>>
>> Is the problem ongoing? What does a dig +trace guentner- 
>> asiapacific.com
>> from Singapore look like?
>
> 	It would help to fix the broken delegation.  Nothing will be
> 	reliable until that is fixed.
>
> guentner-asiapacific.com. 172800 IN     NS      ns1.guentner.co.id.
> guentner-asiapacific.com. 172800 IN     NS      ns2.guentner.co.id.
> ;; Received 97 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 446  
> ms
>
> slox.guentner-asiapacific.com. 300 IN   A       222.124.211.242
> guentner-asiapacific.com. 300   IN      NS      ns2.guentner- 
> asiapacific.com.
> guentner-asiapacific.com. 300   IN      NS      ns1.guentner- 
> asiapacific.com.
> ;; Received 131 bytes from 222.124.211.227#53(ns1.guentner.co.id) in  
> 496 ms
>
> 	
>>> w> IP addresses are likely to be all on the same subnet
>>> | Adv: ZoneCheck
>>> |   To avoid loosing all connectivity with the authoritative DNS  
>>> in case
>>> | of network outage it is advised to host the DNS on different  
>>> networks.
>>> |
>>> | Ref: IETF RFC2182 (Abstract)
>>> |   The Domain Name System requires that multiple servers exist  
>>> for every
>>> | delegated domain (zone). This document discusses the selection of
>>> | secondary servers for DNS zones. Both the physical and topological
>>> | location of each server are material considerations when selecting
>>> | secondary servers. The number of servers appropriate for a zone  
>>> is also
>>> | discussed, and some general secondary server maintenance issues
>>> | considered.
>>> `----- -- -- - -  -
>>> :   All the servers are likely to be on the subnet  
>>> 222.124.211.224/28,
>>> : try moving some of them to another subnet.
>>> `..... .. .. . .  .
>>> => generic
>>>
>>> w> Nameservers are all part of the same AS
>>> | Adv: ZoneCheck
>>> |   To avoid loosing all connectivity with the authoritative DNS  
>>> in case
>>> | of a routing problem inside your Autonomous System, it is  
>>> advised to
>>> | host the DNS on different AS.
>>> `----- -- -- - -  -
>>> :   All the nameservers are part of the same Autonomous System (AS  
>>> number
>>> : 17974), try to have some of them hosted on another AS.
>>> `..... .. .. . .  .
>>> => generic
>>>
>> -- 
>> Jeff Reasoner
>> HCCA
>> 513 728-7902 voice
>>
>>
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>
>

More information about the bind-users mailing list