Help!! What's wrong with my NS

[Barry Margolin]

In article <9htbl0$mli at pub3.rc.vix.com>,
Bluefoot <fwa at bluefoot-project.freeserve.co.uk> wrote:
>
>Barry Margolin <barmar at genuity.net> wrote in message
>news:9hsucr$k6u at pub3.rc.vix.com...
>> In article <9hst4o$jr8 at pub3.rc.vix.com>,
>> Bluefoot <fwa at bluefoot-project.freeserve.co.uk> wrote:
>> >All that said, I suspect that I got to the root of the problem earlier on
>> >today - the SOA records on the NS for the offending domain actually had
>the
>> >wrong Authoritative nameserver details (not my doing!!!). You can't go
>much
>> >further wrong than that, can you?
>>
>> If you're referring to the MNAME field in the SOA record, I don't see how
>> this could be the root cause.  The only thing that uses this is dynamic
>> updating, to know which server to send the changes to.  It's not used at
>> all in normal query processing.
>
>In the SOA Header:

Please don't say "SOA" if you mean "NS".  SOA refers to a particular record
type, and NS is a different record type, so it's very confusing if you
misuse the terms this way.

>ais-hosting.net. IN NS wrong.nameserver.com.
>ais-hosting.net. IN NS ns2.ais-hosting.net. - which never responds !
>
>I corrected this very late last night, and things seem to be back to normal
>again this afternoon... I'm really not sure whether this has anything to do
>with it or not - but I'm struggling to find any other errors in the DNS
>(apart from the dead ns2, which will be rectified shortly).

If you were giving out only incorrect NS records, that would certainly
explain the problem.

>It's odd that this problem should only effect certain ISPs, and that the
>domain resolves before the error occurs. I'm sure it must be related to how

The first time a server needs to look something up in your domain, it will
ask a GTLD server, and it will give out the delegation NS records that
point to ns1.ais-hosting.net and ns2.ais-hosting.net.  When it asks
ns1.ais-hosting.net, it will get back a response that contains the
requested record and *also* the NS records that you had configured in your
zone.  These NS records will be put in the cache, in place of the ones that
came from the GTLD server (the assumption is that the domain administrator
has the most up-to-date list of nameservers, while the delegation records
are likely to be out of date).  Future queries will then use the NS records
that you gave out; if none of them point to proper servers, those queries
will fail until these NS records expire from the cache.

>the ISP's are cacheing / delivering the request.

The ways that nameservers deal with inconsistencies between the delegation
NS records (which come from the GTLD servers) and the NS records that are
provided by the authoritative servers in the Authority section seems to
depend on the version of BIND (or some other nameserver software) in use.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.