domain problem because of failing secondary ns at granitecanyon

Pete Ehlke pde at ehlke.net
Fri May 17 10:57:46 UTC 2002


On Fri, May 17, 2002 at 09:01:32AM +0200, Louis-David Mitterrand wrote:
> 
> I recently setup the premier-esp.com domain for a customer and added the
> public dns servers as addtional secondary ns. Here is the whois entry:
> 
>    Domain servers in listed order:
> 
>    SARGON.LNCSA.COM             195.115.80.13
>    URUK.LNCSA.COM               195.115.80.12
>    NS1.GRANITECANYON.COM        205.166.226.38
>    NS2.GRANITECANYON.COM        65.102.83.43
> 
All this means is that NSI processed your update. whois records, as you
are about to discover, are only coincidentally related to what is listed
in the DNS.

> Then I configured the domain at through Granitecanyon's web form and all
> seemed OK.
> 
> Fast forward 10 days and now the domain is utterly broken and no machine
> where I have a shell account seems to resolve it at all:
> 
> 	plessis:~% mx premier-esp.com
> 	premier-esp.com does not exist (Authoritative answer)
> 
> The domain is properly configured on the primary (sargon) and first two
> secondaries (uruk and ns1), only the third secondary gives trouble or
> can't be contacted.

This isn't quite true. ns1.granitecanyon.com does not seem to be current
with sargon and uruk.

> All other domains I maintain on my two main bind servers (sargon and
> uruk) work perfectly (eg: premier-lnc.com, premier.fr). As an addtional
> safety I thought it would be a good idea to use Granitecanyon as backup
> but it seems to mess up things pretty badly.
> 
Agreed that Granitecanyon seem to mess things up pretty badly. Not a
week goes by in this group without someone posting because of
granitecanyon problems. I can't fathom why anyone uses their name
service- it seems to be terribly fragile and prone to breakage. But
that's not the cause of your trouble.

> Did I miss something in my configuration?
> 
Not as far as I can see.

> Is it a bad idea in general to use Granitecanyon?
> 
Seems to be, yes.

> Can a single failing secondary (ns2.granitecanyon.com) bring down an
> entire domain?
> 
Only if that secondary was the only functioning name server for the
domain.

> Could it be that Netsol has not properly updated the root servers? How
> can I check that?
> 
This is what happened. NSI seem to have been having problems over the
last month, and have been randomly dropping valid domains from the
com/net/org zones. You can check for this condition by asking the zone's
parent servers for the zone's NS records. (a-m).gtld-servers.net are the
com servers, so you would do:

$ dig @a.gtld-servers.net premier-esp.com ns

You'll notice that the com servers do not know about premier-esp.com.
THis is what I meant earlier when I said that whois records are only
related to the DNS by coincidence. NSI have dropped your zone, and since
their whois server indicates that you are paid up, you'll need to call
them (email to NSI for anything that is not a routine, automated task
seems to get eaten by grues) and get them to fix your zone. Then
transfer it to a registrar that doesn't do this sort of thing. There are
lots of them out there ;)

-Pete



More information about the bind-users mailing list