Vexing DNS problem.

Steven E. Protter · ‎08-07-2003

Click here.
http://www.dnsreport.com/tools/dnsreport.ch?domain=www.loweslaw.com

See the warnings and errors.

Yet the domain accepts mail.

Try the website:
http://www.loweslaw.com
It probably won't resolve or update.

Here is the current DNS zone record.

$TTL 86400
@ IN SOA @ dns1.investmenttool.com (
2003080710 ; serial
3600 ; refresh
3600 ; retry
604800 ; expire
86400 ; ttl
)

@ IN NS dns1.investmenttool.com.
@ IN NS dns2.investmenttool.com.
@ IN MX 10 mail.loweslaw.com. ; primary mail exchanger
@ IN MX 20 mail.investmenttool.com. ; primary mail exchanger

@ A 66.92.143.197
www A 66.92.143.197
news A 66.92.143.197
shell A 66.92.143.197
smtp A 66.92.143.197
dns1 A 66.92.143.194
dns2 A 66.92.143.195
mail A 66.92.143.197

localhost CNAME investmenttool.com.
ftp CNAME investmenttool.com.

Mail gets in and out fine.

So.

What should I do:

1) Go to sleep and let the dns changes work their way through the system.
2) change the DNS record.

There is a bunny in it for whomever first recommends changes that get do two things:
1) get rid of error while mail still gets accepted.
2) makes the web site resolve and load anywhere but my LAN.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Jerome Henry · ‎08-07-2003

Hi Steven,

I'm not a named guru, but I don't understand why you repeat @ after '@ IN SOA', I've always thought that @ shouldn't be repeated in that field.

Pingin the servers gives answers from dns2 only, I get to www.loweslaw.com with no problem, I can ping mail.loweslaw.com as mail.investmenttool.com, but I can't connect to them, and what replies is 66.92.143.195 (dns2).

Better sleep if this @ is not the issue...

J

You can lean only on what resists you...

Shannon Petry · ‎08-07-2003

Steven,

First, the secondary DNS server is down. I have no idea why, but hehe, you probably know this.

Second, can you queery correctly all data from DNS1 AND DNS2? Make sure that the named data was dumped correctly to the secondary server.

Next, if you tail -f /var/adm/syslog/syslog.log
and
kill -1 `ps -ef |grep named|grep -v grep | awk '{print $2}'`

do errors show up?

Regards,
Shannon

Microsoft. When do you want a virus today?

Brian Bergstrand · ‎08-07-2003

Hi Steven,

I was able to resolve www.loweslaw.com with nslookup (the website worked too), but doing a reverse lookup on 66.92.143.197 gave me dsl092-143-197.chi1.dsl.speakeasy.net.

It looks like you have a reverse lookup mismatch. Have you entered reverse lookup records for this host? Or maybe you want reverse lookup to come back as it does.

As for DNS propagation times, you always have to allow 24 hours, but after that things should be working.

HTH.

Steven E. Protter · ‎08-07-2003

Take out all the @ in the firt line?

If I take out the second and restart the name server, I get no answer.

I could use and would give points for dig data from various domains. Just paste it in.

Here are two syntaxes...

@ IN SOA @ dns1.investmenttool.com {

...

@ IN SOA @ dns1.investmenttool.com. {
...

Both appear to work locally.

Please run tests and post in data. I'm concerned greatly about this problem.

Going to take a short nap.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎08-07-2003

I turned dns2.investmenttool.com back on. I turned it off in hopes of figuring out what was going on.

As to reverse lookups. I'm migrating to a named based virtual hosts and have recently updated the reverse lookup zone for the actual physical servers.

I am freezing the project for a bit and seeing how things propogate.

Until Saturday night(I will take the Sabbath off) I'll give 4 points to anyone who will answer these three questions.

1) dig or nslookup loweslaw.com
2) dig or nslookup www.loweslaw.com
3) click http://www.loweslaw.com/ and see if loads, report yes, I see the silly content, no I don't
4) click http://loweslaw.com/ Answer, yes I saw it, not I didn't

This is a serious technical problem. I MUST know if I have this server set up correctly. I picked this site at random from my server.

Note: I did not design the pages, I helped.

Feel free to do www.ilcba.org and ilcba.org the records are the same.

The point of this setup is failover.

I want dns2 to be self contained and to point content to local directories if dns1 goes down. I think due to DNS latency this concept won't work. Please comment on that idea.

Is there a way to get two server redundancy without clustering.

It would be one heck of a cluster. dns1 is Red Hat Linux 7.3 dns2 is HP-UX box.

I am now taking a nap as I'm running in circles. Hope this made sense.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Shannon Petry · ‎08-07-2003

Steven,

dig loweslaw.com returns:

; <<>> DiG 9.1.0 <<>> loweslaw.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19147
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;loweslaw.com. IN A

;; ANSWER SECTION:
loweslaw.com. 86400 IN A 66.92.143.197

;; AUTHORITY SECTION:
loweslaw.com. 86400 IN NS dns2.investmenttool.com.
loweslaw.com. 86400 IN NS dns1.investmenttool.com.

;; ADDITIONAL SECTION:
dns1.investmenttool.com. 86400 IN A 66.92.143.194
dns2.investmenttool.com. 86400 IN A 66.92.143.195

;; Query time: 91 msec
;; SERVER: 64.118.139.51#53(64.118.139.51)
;; WHEN: Thu Aug 7 14:54:33 2003
;; MSG SIZE rcvd: 131

dig www.lowslaw.com

; <<>> DiG 9.1.0 <<>> www.loweslaw.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1614
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.loweslaw.com. IN A

;; ANSWER SECTION:
www.loweslaw.com. 86400 IN A 66.92.143.197

;; AUTHORITY SECTION:
loweslaw.com. 86400 IN NS dns1.investmenttool.com.
loweslaw.com. 86400 IN NS dns2.investmenttool.com.

;; ADDITIONAL SECTION:
dns1.investmenttool.com. 86400 IN A 66.92.143.194
dns2.investmenttool.com. 86400 IN A 66.92.143.195

;; Query time: 43 msec
;; SERVER: 64.118.139.51#53(64.118.139.51)
;; WHEN: Thu Aug 7 14:56:08 2003
;; MSG SIZE rcvd: 135

http://loweslaw.com does load a page

http://www.loweslaw.com does not load info

For this: "Feel free to do www.ilcba.org and ilcba.org the records are the same."

dig ilcba.org hangs, but does return 66.92.143.199 for the address. This appears to be a hang up in DNS.

Again, when you kill -1 sendmail to re-read configuration, does it give you any errors? I have had many instances where the local resolver works, but DNS is hozed and does not load properly.

Regards,
Shannon

Microsoft. When do you want a virus today?

Mark Greene_1 · ‎08-07-2003

You can force DNS to load the secondary zones by running the following on each secondary server:

named-xfer -z [domain] -f /[host/file/on/primary/server] -s [serial#] -d -t [primary server name/IP]

Where:

domain is the domain as described in the SOA record of the primary host file (e.g. hp.com)

host file on primary server is the fully qualified path and file name of your host table

serial# is the *incremented* serial number from the SOA record in the host table on the primary server. If this number is not greater than the serial number in the host tables on the secondary server, the zone won't load.

HTH
mark

the future will be a lot like now, only later

Steven E. Protter · ‎08-07-2003

http://loweslaw.com does load a page

http://www.loweslaw.com does not load info

this is exactly what happened earlier in the week after a set of DNS changes.

I supppose if I'm getting good answers to DNS inquiries I should stop worrying because the web server will soon come. Either everything will stop working or everything will start to work.

I'll sit tight and keep testing.

I could use a few geographnically different dns testing sites.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎08-07-2003

Please send me the output of the attached script.

Along with physical location.

enhacements welcome, paid for in points.

It runs dig, pretty safe little script.

testdns > /tmp/file.text

post up the file

Or use mailx (mail on linux) to hit my email address.

sprotter@investmenttool.com

If you email me the results, just post here to collect points.

I'd love to see an enhaced version of this that safely tested the web sites too. I'd pay for that with a rabbit.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Vexing DNS problem.

Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.

Re: Vexing DNS problem.