DNS Propagation
João Alberto Kuchnier
joao.kuchnier at gmail.com
Thu Oct 14 19:04:20 UTC 2010
Yes! Found it! Thank you!
Now, if you could help me, these log info are from my master DNS:
Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving
'guide.opendns.com/A/IN': 200.198.101.4#53
200.198.101.3 -> Master
200.198.101.4 -> Slave
Slave is refusing connections?
There is this query problem too:
Oct 14 16:01:56 ns1 named[4602]: client 201.39.197.2#53: query (cache)
'2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied
Oct 14 16:01:59 ns1 named[4602]: client 201.39.197.2#53: query (cache)
'2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied
Some of my slave logs:
Oct 14 15:26:06 ns2 named[503]: error (unexpected RCODE REFUSED)
resolving 'km13718-05.keymachine.de/TXT/IN': 87.118.100.101#53
Oct 14 15:31:08 ns2 named[503]: error (unexpected RCODE SERVFAIL)
resolving '21.76.60.212.in-addr.arpa/PTR/IN': 212.60.66.245#53
Can you help me to fix this issues?
João K.
Em Qui, 2010-10-14 às 13:51 -0500, Lyle Giese escreveu:
> When you created these as name servers or used them for the first time
> at Network Solutions, you had to create name server records and
> register the IP address at that time. That's how glue records get
> inserted into the root servers.
>
> Otherwise the world could not find dataprom.com. If the world was not
> given the ip address of ns1 or ns2.dataprom.com via glue records, the
> world would not know how to find your name servers.
>
> At Network Solutions, you log into your account there, go to Manage
> Domains, then manage the dataprom.com domain. On the next page that
> comes up from Network Solutions, scroll down and under More Domain
> Options, click on Manage Name Servers. This is where you manage the
> glue records for your name servers.
>
> Lyle Giese
> LCR Computer Services, Inc.
>
> João Alberto Kuchnier wrote:
> > Lyle,
> >
> > Domain registrar like Network Solutions? My domain account is set to ns1
> > and ns2, no by IP address.
> >
> > João K.
> >
> > Em Qui, 2010-10-14 às 13:15 -0500, Lyle Giese escreveu:
> >
> > > You need to go to your domain registrar and change the ip address
> > > there for these name servers. That data is inserted as glue records
> > > to the root servers.
> > >
> > > Without the domain name and name servers involved I could not have
> > > helped you find this issue.
> > >
> > > I get my own messages back from the list, but you do need to reply to
> > > the list and I sometimes forget as this list server does not put the
> > > list in as the from address and my reader does not pick that up.
> > >
> > > Lyle Giese
> > > LCR Computer Services, Inc.
> > >
> > > João Alberto Kuchnier wrote:
> > >
> > > > Sorry about that. The domain is dataprom.com.
> > > >
> > > > ns1.dataprom.com -> 200.198.101.3
> > > > ns2.dataprom.com -> 200.198.101.4
> > > >
> > > > More log errors:
> > > >
> > > > Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving
> > > > '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53
> > > > Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving
> > > > '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53
> > > > Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving
> > > > 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN':
> > > > 200.198.101.4#53
> > > > Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving
> > > > 'ns1.virginmedia.net/A/IN': 200.198.101.4#53
> > > > Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving
> > > > 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN':
> > > > 200.198.101.4#53
> > > > Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query
> > > > (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied
> > > > Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving
> > > > 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53
> > > >
> > > > Looks like my slave DNS is refusing masters connection. Some querys are
> > > > pointing to my old reverse configuration
> > > > (8-15.101.198.200.in-addr.arpa). Now it is:
> > > > 0-15.101.198.200.in-addr.arpa
> > > >
> > > > I'm not receiving the discussion list e-mails. Is that normal?
> > > >
> > > > Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu:
> > > >
> > > >
> > > > > João Alberto Kuchnier wrote:
> > > > >
> > > > >
> > > > > > Hi Everyone!
> > > > > >
> > > > > > Recently I enabled a new IP range on my firewall. I used this bigger
> > > > > > range to organize my DNS records like mail, www, ns1, ns2, and others. I
> > > > > > did this last weekend.
> > > > > >
> > > > > > I find out that some DNS servers updated themselves with my new
> > > > > > registers. However, CheckDNS
> > > > > > (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my
> > > > > > old servers.
> > > > > >
> > > > > > I changed every record, every file of all my domains, serials, firewall
> > > > > > rules using the new IPs but I'm still having problems. Moreover, some
> > > > > > mail servers are rejecting messages from my main domain.
> > > > > >
> > > > > > Here are some logs:
> > > > > >
> > > > > > Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving
> > > > > > 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53
> > > > > > Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving
> > > > > > 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53
> > > > > > Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query
> > > > > > (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied
> > > > > > Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query
> > > > > > (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied --> this query
> > > > > > problem is pointing to my old reverse.
> > > > > >
> > > > > > Can someone help me?
> > > > > >
> > > > > > João K.
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > bind-users mailing list
> > > > > > bind-users at lists.isc.org
> > > > > > https://lists.isc.org/mailman/listinfo/bind-users
> > > > > >
> > > > > >
> > > > > Since you chose to hide the real domain names, there is not much we can
> > > > > do to help. Most of us here like to do a couple of queries so that we
> > > > > can view what your dns servers are serving up for data. It may not be
> > > > > what you expect, but we can not do that in this case.
> > > > >
> > > > > With that said, there always is some gap due to TTL's.
> > > > >
> > > > > When changing IP addresses, it's best practice to lower the TTL on all
> > > > > records effected by the change. If your normal TTL is set to 1 day, 2
> > > > > days before the change lower that to say 1 hour.
> > > > >
> > > > > When changing the zone files to the new ip addresses, put the TTL back
> > > > > to what it was.
> > > > >
> > > > > That still won't help you with a dns checking service that forces a
> > > > > longer TTL than you request. They are doing a disservice to you and the
> > > > > community if they are doing that without telling you about it.
> > > > >
> > > > > Lyle Giese
> > > > > LCR Computer Services,Inc.
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > _______________________________________________
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > >
> >
> >
> >
>
More information about the bind-users
mailing list