DNS probs

David Tonhofer david.tonhofer at synapse.lu
Sun Mar 4 22:23:53 UTC 2001 

Maybe a partial answer (warning: non-DNS-guru):

1) Is it confusing for DNS to have SOA records on one machine
   (pierna.quetico.net) and primary/secondary nameservers 
   (dns[12].avalon.net) on different machines? Probably not..

2) Did you forget to correct dns[34].avalon.net & sleepy.giant.net?

dig @dns1.avalon.net avalon.net NS
avalon.net.             43200   IN      NS      dns4.avalon.net.
avalon.net.             43200   IN      NS      sleepy.giant.net.
avalon.net.             43200   IN      NS      dns1.avalon.net.
avalon.net.             43200   IN      NS      dns2.avalon.net.
avalon.net.             43200   IN      NS      dns3.avalon.net.

On selene.circadence.com:

AVALON.net.    80939   IN      NS      dns1.avalon.net.
AVALON.net.    80939   IN      NS      SLEEPY.GIANT.net.
AVALON.net.    80939   IN      NS      DNS2.AVALON.net.

Checking out these machines for the address of pierna:

dns1.avalon.net:
pierna.quetico.net.     43200   IN      A       198.76.15.10

dns2.avalon.net:
pierna.quetico.net.     43200   IN      A       198.76.15.10

sleepy.giant.net
pierna.quetico.net.     172421  IN      A       63.231.71.27
                       (~2days)

Sleepy giant would give a wrong authoritative answer. 
Guess it needs an update? dns[34].avalon.net are ok, though.

Best regards,

	-- David


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Jeremy Gardner
Sent: Sunday, March 04, 2001 8:59 PM
To: bind-users at isc.org
Subject: DNS probs




Hello,

I am running BIND 9.1.0 on Linux.  I control the forward 
mapping for several domains that I host.  My ISP (Solucian) 
controls the reverse mapping.  Any updates I make to DNS 
are then forwarded to a second ISP (Avalon), which provides 
primary and secondary DNS for these domains.

Last week I switched my ISP from local telco to Solucian.  
At the time, my DNS server (pierna.quetico.net) was listed 
as primary DNS for several of the domains, and Avalon was 
listed as seconary.  Since my IP address was going to change 
in the ISP switch, my goal was to make Avalon primary and 
secondary for these domains and thus the "outside world" 
would always have valid DNS servers for the domains.

Unfortunately, my ISP switch happened sooner than expected 
and I was unable to update my listed primary/secondary DNS 
servers with the registered companies.  This meant that the
primary DNS server for the domains was unavailable for a
couple of days.  I have since been able to make these changes, 
but it appears that several DNS servers out there aren't 
picking up the changes completely.

The domain is quetico.net.  My main server's hostname is 
pierna.quetico.net.  Its old IP address was 63.231.71.27.  
Its new IP address is 198.76.15.10.  It handles any
requests for quetico.net.

The primary and secondary DNS servers for the domain are
dns1.avalon.net (204.71.106.8) and dns2.avalon.net 
(204.71.106.2).

An example of a DNS server is selene.circadence.com.  When
I run dig against this server on pierna.quetico.net, I get 
the following output:

=====
; <<>> DiG 8.2 <<>> pierna.quetico.net @selene.circadence.com 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      pierna.quetico.net, type = A, class = IN

;; ANSWER SECTION:
pierna.quetico.net.     1d23h22m13s IN A  63.231.71.27

;; AUTHORITY SECTION:
quetico.net.            1d23h22m13s IN NS  DNS1.AVALON.net.
quetico.net.            1d23h22m13s IN NS  DNS2.AVALON.net.

;; ADDITIONAL SECTION:
DNS1.AVALON.net.        1d1h3m53s IN A  204.71.106.8
DNS2.AVALON.net.        1d1h3m53s IN A  204.71.106.2

;; Total query time: 92 msec
;; FROM: pierna to SERVER: selene.circadence.com  206.246.40.50
;; WHEN: Sun Mar  4 12:50:23 2001
;; MSG SIZE  sent: 36  rcvd: 140
=====

I'm not an authority on dig, but my understanding is this means
that my record will be cached for 1d, 23h, 22m, 13s.  It seems
to have a time-out value (TTL) of 2d.  I just watched it count 
down to 0 (zero) this morning, and it never got the new IP 
address.

When I run dig against the same server for quetico.net, 
everything looks good:

=====
; <<>> DiG 8.2 <<>> quetico.net @selene.circadence.com 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      quetico.net, type = A, class = IN

;; ANSWER SECTION:
quetico.net.            10h49m36s IN A  198.76.15.10

;; AUTHORITY SECTION:
quetico.net.            1d23h7m28s IN NS  DNS1.AVALON.NET.
quetico.net.            1d23h7m28s IN NS  DNS2.AVALON.NET.

;; ADDITIONAL SECTION:
DNS1.AVALON.NET.        1d49m8s IN A    204.71.106.8
DNS2.AVALON.NET.        1d49m8s IN A    204.71.106.2

;; Total query time: 94 msec
;; FROM: pierna to SERVER: selene.circadence.com  206.246.40.50
;; WHEN: Sun Mar  4 13:05:10 2001
;; MSG SIZE  sent: 29  rcvd: 125
=====

My intention was to configure the time-out value (TTL) for my 
domain to be 12h.  Here is my local zone file:

=====
$TTL 12h
@       IN SOA  pierna.quetico.net. jeremy.quetico.net. (
                2001030100      ; Serial
                3h              ; Refresh 3 hours
                1h              ; Retry 1 hour
                1w              ; Expire 1 week (168 hours)
                12h )           ; minimum 12 hours

                IN      A       198.76.15.10

                IN      NS      dns1.avalon.net.
                IN      NS      dns2.avalon.net.

                IN      MX      10      pierna.quetico.net.
                IN      MX      20      argo.quetico.net.
      
localhost       IN      A       127.0.0.1

argo            IN      A       204.71.106.169
www             IN      CNAME   pierna.quetico.net.
pierna          IN      A       198.76.15.10
darky           IN      A       198.76.15.11
shade           IN      A       198.76.15.12
=====

When I run dig against the primary DNS server (dns1.avalon.net), 
I get the following output:

=====
; <<>> DiG 8.2 <<>> pierna.quetico.net @dns1.avalon.net 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      pierna.quetico.net, type = A, class = IN

;; ANSWER SECTION:
pierna.quetico.net.     12H IN A        198.76.15.10

;; AUTHORITY SECTION:
quetico.net.            12H IN NS       dns1.avalon.net.
quetico.net.            12H IN NS       dns2.avalon.net.

;; ADDITIONAL SECTION:
dns1.avalon.net.        12H IN A        204.71.106.8
dns2.avalon.net.        12H IN A        204.71.106.2

;; Total query time: 124 msec
;; FROM: pierna to SERVER: dns1.avalon.net  204.71.106.8
;; WHEN: Sun Mar  4 13:03:20 2001
;; MSG SIZE  sent: 36  rcvd: 129
=====

Am I doing something wrong?  I thought that once I updated 
master records so that dns1 and dns2 were primary, any
DNS server out there would be able to talk to them and
get the updated IP address for pierna.quetico.net.

Is it because pierna.quetico.net was a registered DNS server?
I updated its IP address with the registrar (netwizards.net).

Is it because pierna was the primary DNS server, and then 
became unavailable with the IP address change?  And thus DNS
servers out there keep trying the old IP address?

Any idea why are the DNS servers getting the correct DNS 
information for quetico.net, but not pierna.quetico.net?

It looks like my old ISP (telco company) is still providing
reverse mapping for my old IP address, if that matters.

Thanks for any help!
Jeremy

More information about the bind-users mailing list