cancel
Showing results for 
Search instead for 
Did you mean: 

Vexing DNS problem.

SOLVED
Go to solution
Steven E. Protter
Exalted Contributor

Vexing DNS problem.

Click here.
http://www.dnsreport.com/tools/dnsreport.ch?domain=www.loweslaw.com

See the warnings and errors.

Yet the domain accepts mail.

Try the website:
http://www.loweslaw.com
It probably won't resolve or update.

Here is the current DNS zone record.

$TTL 86400
@ IN SOA @ dns1.investmenttool.com (
2003080710 ; serial
3600 ; refresh
3600 ; retry
604800 ; expire
86400 ; ttl
)


@ IN NS dns1.investmenttool.com.
@ IN NS dns2.investmenttool.com.
@ IN MX 10 mail.loweslaw.com. ; primary mail exchanger
@ IN MX 20 mail.investmenttool.com. ; primary mail exchanger

@ A 66.92.143.197
www A 66.92.143.197
news A 66.92.143.197
shell A 66.92.143.197
smtp A 66.92.143.197
dns1 A 66.92.143.194
dns2 A 66.92.143.195
mail A 66.92.143.197

localhost CNAME investmenttool.com.
ftp CNAME investmenttool.com.

Mail gets in and out fine.

So.

What should I do:

1) Go to sleep and let the dns changes work their way through the system.
2) change the DNS record.

There is a bunny in it for whomever first recommends changes that get do two things:
1) get rid of error while mail still gets accepted.
2) makes the web site resolve and load anywhere but my LAN.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
14 REPLIES
Jerome Henry
Honored Contributor

Re: Vexing DNS problem.

Hi Steven,

I'm not a named guru, but I don't understand why you repeat @ after '@ IN SOA', I've always thought that @ shouldn't be repeated in that field.

Pingin the servers gives answers from dns2 only, I get to www.loweslaw.com with no problem, I can ping mail.loweslaw.com as mail.investmenttool.com, but I can't connect to them, and what replies is 66.92.143.195 (dns2).

Better sleep if this @ is not the issue...

J
You can lean only on what resists you...
Shannon Petry
Honored Contributor

Re: Vexing DNS problem.

Steven,

First, the secondary DNS server is down. I have no idea why, but hehe, you probably know this.

Second, can you queery correctly all data from DNS1 AND DNS2? Make sure that the named data was dumped correctly to the secondary server.

Next, if you tail -f /var/adm/syslog/syslog.log
and
kill -1 `ps -ef |grep named|grep -v grep | awk '{print $2}'`

do errors show up?

Regards,
Shannon
Microsoft. When do you want a virus today?
Brian Bergstrand
Honored Contributor

Re: Vexing DNS problem.

Hi Steven,

I was able to resolve www.loweslaw.com with nslookup (the website worked too), but doing a reverse lookup on 66.92.143.197 gave me dsl092-143-197.chi1.dsl.speakeasy.net.

It looks like you have a reverse lookup mismatch. Have you entered reverse lookup records for this host? Or maybe you want reverse lookup to come back as it does.

As for DNS propagation times, you always have to allow 24 hours, but after that things should be working.

HTH.
Steven E. Protter
Exalted Contributor

Re: Vexing DNS problem.

Take out all the @ in the firt line?

If I take out the second and restart the name server, I get no answer.

I could use and would give points for dig data from various domains. Just paste it in.

Here are two syntaxes...

@ IN SOA @ dns1.investmenttool.com {

...

@ IN SOA @ dns1.investmenttool.com. {
...

Both appear to work locally.

Please run tests and post in data. I'm concerned greatly about this problem.

Going to take a short nap.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Vexing DNS problem.

I turned dns2.investmenttool.com back on. I turned it off in hopes of figuring out what was going on.

As to reverse lookups. I'm migrating to a named based virtual hosts and have recently updated the reverse lookup zone for the actual physical servers.

I am freezing the project for a bit and seeing how things propogate.

Until Saturday night(I will take the Sabbath off) I'll give 4 points to anyone who will answer these three questions.

1) dig or nslookup loweslaw.com
2) dig or nslookup www.loweslaw.com
3) click http://www.loweslaw.com/ and see if loads, report yes, I see the silly content, no I don't
4) click http://loweslaw.com/ Answer, yes I saw it, not I didn't

This is a serious technical problem. I MUST know if I have this server set up correctly. I picked this site at random from my server.

Note: I did not design the pages, I helped.

Feel free to do www.ilcba.org and ilcba.org the records are the same.

The point of this setup is failover.

I want dns2 to be self contained and to point content to local directories if dns1 goes down. I think due to DNS latency this concept won't work. Please comment on that idea.

Is there a way to get two server redundancy without clustering.

It would be one heck of a cluster. dns1 is Red Hat Linux 7.3 dns2 is HP-UX box.

I am now taking a nap as I'm running in circles. Hope this made sense.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Shannon Petry
Honored Contributor

Re: Vexing DNS problem.

Steven,

dig loweslaw.com returns:

; <<>> DiG 9.1.0 <<>> loweslaw.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19147
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;loweslaw.com. IN A

;; ANSWER SECTION:
loweslaw.com. 86400 IN A 66.92.143.197

;; AUTHORITY SECTION:
loweslaw.com. 86400 IN NS dns2.investmenttool.com.
loweslaw.com. 86400 IN NS dns1.investmenttool.com.

;; ADDITIONAL SECTION:
dns1.investmenttool.com. 86400 IN A 66.92.143.194
dns2.investmenttool.com. 86400 IN A 66.92.143.195

;; Query time: 91 msec
;; SERVER: 64.118.139.51#53(64.118.139.51)
;; WHEN: Thu Aug 7 14:54:33 2003
;; MSG SIZE rcvd: 131

dig www.lowslaw.com

; <<>> DiG 9.1.0 <<>> www.loweslaw.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1614
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.loweslaw.com. IN A

;; ANSWER SECTION:
www.loweslaw.com. 86400 IN A 66.92.143.197

;; AUTHORITY SECTION:
loweslaw.com. 86400 IN NS dns1.investmenttool.com.
loweslaw.com. 86400 IN NS dns2.investmenttool.com.

;; ADDITIONAL SECTION:
dns1.investmenttool.com. 86400 IN A 66.92.143.194
dns2.investmenttool.com. 86400 IN A 66.92.143.195

;; Query time: 43 msec
;; SERVER: 64.118.139.51#53(64.118.139.51)
;; WHEN: Thu Aug 7 14:56:08 2003
;; MSG SIZE rcvd: 135

http://loweslaw.com does load a page

http://www.loweslaw.com does not load info


For this: "Feel free to do www.ilcba.org and ilcba.org the records are the same."

dig ilcba.org hangs, but does return 66.92.143.199 for the address. This appears to be a hang up in DNS.

Again, when you kill -1 sendmail to re-read configuration, does it give you any errors? I have had many instances where the local resolver works, but DNS is hozed and does not load properly.

Regards,
Shannon
Microsoft. When do you want a virus today?
Mark Greene_1
Honored Contributor

Re: Vexing DNS problem.

You can force DNS to load the secondary zones by running the following on each secondary server:

named-xfer -z [domain] -f /[host/file/on/primary/server] -s [serial#] -d -t [primary server name/IP]

Where:

domain is the domain as described in the SOA record of the primary host file (e.g. hp.com)

host file on primary server is the fully qualified path and file name of your host table

serial# is the *incremented* serial number from the SOA record in the host table on the primary server. If this number is not greater than the serial number in the host tables on the secondary server, the zone won't load.

HTH
mark
the future will be a lot like now, only later
Steven E. Protter
Exalted Contributor

Re: Vexing DNS problem.


http://loweslaw.com does load a page

http://www.loweslaw.com does not load info

this is exactly what happened earlier in the week after a set of DNS changes.

I supppose if I'm getting good answers to DNS inquiries I should stop worrying because the web server will soon come. Either everything will stop working or everything will start to work.

I'll sit tight and keep testing.

I could use a few geographnically different dns testing sites.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Vexing DNS problem.

Please send me the output of the attached script.

Along with physical location.

enhacements welcome, paid for in points.

It runs dig, pretty safe little script.

testdns > /tmp/file.text

post up the file

Or use mailx (mail on linux) to hit my email address.

sprotter@investmenttool.com

If you email me the results, just post here to collect points.

I'd love to see an enhaced version of this that safely tested the web sites too. I'd pay for that with a rabbit.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jerome Henry
Honored Contributor
Solution

Re: Vexing DNS problem.

Hello !

Here is my dig list attached. I'm located in France, main DNS is France Telecom Valence. I confirm I can reach both loweslaw.com and www.loweslaw.com sites from my browser.

J
You can lean only on what resists you...
Jerome Henry
Honored Contributor

Re: Vexing DNS problem.

BTW,

Here is a dig on both mail.loweslaw.com and mail.investment.com.

.com and .com. may work locally as named is adding '.' if missing on your query. But I'm not sure it would work from outside.

hth

J
You can lean only on what resists you...
Jerome Henry
Honored Contributor

Re: Vexing DNS problem.

BTW,

Here is a dig on both mail.loweslaw.com and mail.investment.com.

.com and .com. may work locally as named is adding '.' if missing on your query. But I'm not sure it would work from outside.

hth

J
You can lean only on what resists you...
W.C. Epperson
Trusted Contributor

Re: Vexing DNS problem.

Sep,

Here's your dig script output. I'm on a DS3 in Richmond, VA, USA, drops onto MAE EAST via a Sprint POP.
"I have great faith in fools; self-confidence, my friends call it." --Poe
W.C. Epperson
Trusted Contributor

Re: Vexing DNS problem.

Sep,

Not sure what you mean by "safely tested the web sites", but here's output from a handrolled GET / HTTP/1.0 on each one. HTH.
"I have great faith in fools; self-confidence, my friends call it." --Poe