When Domain Resolution just Stops one Day.
dougb at dougbarton.us
Mon Jul 30 20:30:38 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 30 Jul 2007, Martin McCormick wrote:
> Imagine a domain called thisdomain.org.
It's virtually impossible to diagnose this kind of stuff without being able
to query the DNS to get clues. http://www.bind-users.info/FAQ.html#RealNames
> It is registered
> and looks up properly in whois. Thisdomain.org has subdomains
> such as remotesite.thisdomain.org where they have a DNS that
> sends us a slave zone we keep on the thisdomain.org DNS.
What do you mean by "on the dns" here? Do you mean that you slave the
child zone to all authoritative servers for the parent?
> If you lookup somebody.remotesite.thisdomain.org on our
> master DNS, resolution is no problem. If you lookup the same
> address on a slave DNS on your network that slaves the
> thisdomain.org zone but not the remotesite.thisdomain.org zone,
> it may still work fine for literally years. Then, one day, the
> phone rings out of the blue and clients using that slave DNS
> suddenly can not resolve remotesite.thisdomain.org. If you start
> slaving that zone also on the slave DNS, everything is okay
So the obvious question here is, "what changed?" Assuming that you have
proper delegation records, and that the records in the parent and child zone
match, my guess would be that there is some kind of new firewall (or new
entry in an existing firewall) that is preventing your resolvers from
querying the name servers for the child zone directly.
> We also had this happen on one other occasion to a
> different subdomain of ours. It had worked on our remote
> campuses for a couple of years and then just quit one day.
Did you ever find the cause of that problem?
> In all cases, I fixed it by bringing the slave zone from
> the subdomain to the slave DNS's that had stopped resolving.
That's a good practice in any case, but it doesn't tell you why it stopped
If you're never wrong, you're not trying hard enough.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the bind-users