Search Again: Re: Re: domain name doesn''t resolve - working better b From: Global Homes Webmaster Date: Wednesday, March 22, 2000 Time: 11:49:00 pm On 03/22/00 at 16:58, JWBaumann@aol.com wrote: > Thanks for all the help. Domain hartinger.org is resolving, but slowly, and > some questions remain. Please copy responses directly to me since I > subscribed to the digest. Status/comments/questions interspersed below. > > >>There is some disagreement among the name servers for hartinger.org. > >>According to the Network Solutions Whois database: > >> Domain servers in listed order: > >> NS1.LINKEDRESOURCES.COM 209.240.86.8 > >> NS1.GOLDENGATE.NET 209.240.77.77 > > Yes, this is as I want it. The above is from the Whois database. Whois has no bearing on the workings of the domain name system (DNS). It's purpose is for carbon-based units (you and me) to be able to find out who is responsible for a given domain. However, it will show the same name server info as the root servers, since it comes from the same source (the registrar -- in this case Network Solutions). > >>>From a.root-servers.net: > >> ;; ANSWER SECTION: > >> hartinger.org. 2D IN NS NS1.GOLDENGATE.NET. > >> hartinger.org. 2D IN NS NS1.LINKEDRESOURCES.COM. > > Now why would they have them in reverse order? And how exactly do you > generate this info (ie. what software/URL)? What does "2D IN NS" mean? The order does not matter. As far as name servers and resolvers are concerned, the listed servers are peers and should have the same data. Most resolvers will use data from whichever server answers first. QDNS, I believe, will always use the fastest server from its first query on a given domain, adjusted with subsequent periodic checks (Chris Buxton can elaborate if he wishes). '2D' is the TTL (time to live) of the record. TTL is the maximum amount of time a non-authoritative name server is allowed to cache the record. In this case it's 2 days. 'IN' is the record's class -- IN is 'internet' (which is currently the only really valid class). 'NS' is the record's type -- NS is a 'name server' record. > >> ;; AUTHORITY SECTION: > >> hartinger.org. 2D IN NS NS1.GOLDENGATE.NET. > >> hartinger.org. 2D IN NS NS1.LINKEDRESOURCES.COM. > >> > >> ;; ADDITIONAL SECTION: > >> NS1.GOLDENGATE.NET. 2D IN A 209.240.77.77 > >> NS1.LINKEDRESOURCES.COM. 2D IN A 209.240.86.8 > > Ditto. > > >>>From ns1.goldengate.net: > > Who I hadn't yet contacted, since ns1.goldengate.net would only be used if > ns1.linkedresources.com was down and I wanted to verify the primary > nameserver (as specified with NetSol) was responding correctly. That's not really the way DNS works -- see above. All name servers listed for a domain by the root servers are assumed to be authoritative for the domain and any one of them may be queried for data on the domain. It is very important for them all to have accurate authoritative data. Otherwise, you have what's called a 'lame delegation' -- the very situation you've found yourself in with hartinger.org. > >> ;; ANSWER SECTION: > >> hartinger.org. 21h22m24s IN NS FOREGO.PCLINK.COM. > >> hartinger.org. 21h22m24s IN NS KELSO.PCLINK.COM. > > No surprise. These were the name servers we dropped. > > But wouldn't ns1.goldengate.net have needed to get this info from a > name server higher up the chain, perhaps ultimately from NetSol, or is > it just pulling the info from cache? NetSol's info (Whois lookup) has > been correct for 3 or 4 days now. The above info was indeed from ns1.goldengate.net's cache. As noted above, what's in the Whois info doesn't matter -- it's what's in the root servers that matters (they do have the same information in this case). > Shouldn't ns1.goldengate.net have ultimately been given 209.240.86.8 > as the IP address of the name server which could give the > authoritative DNS info for hartinger.org? Given by whom? There is no 'automatic' mechanism by which name servers are notified by the root servers or NSI or anyone else when they've had a new domain delegated to them. The registrant of the new domain (in this case you) must contact the administrator of each listed name server and have them set up their server to handle the domain. > Is there a root name server which is very delayed in its DNS updates? Possibly, but probably not the cause of your current trouble. > >> ;; AUTHORITY SECTION: > >> hartinger.org. 21h22m24s IN NS FOREGO.PCLINK.COM. > >> hartinger.org. 21h22m24s IN NS KELSO.PCLINK.COM. > > Does this mean that ns1.goldengate.net is being told that FOREGO and KELSO > are still the authoritative name servers for hartinger.org? Again, dated > info. From cache? It is cached and expiring (probably expired by now). > Grasshopper understands better, upset at slowness of time. What's a > standard TTL? There's not really such a thing as a 'standard' TTL. It varies depending on the nature of the data. If you have data that changes often, you'll want relatively short TTLs so that old data won't be hanging around in other servers' caches after it's no longer good. If your DNS info is relatively stable and unchanging, you'll want longer TTL's -- typically several days. If you've got a domain that is about to undergo a major change, you might want to temporarily shorten the TTLs so that the new data will be propagated to other name servers as quickly as possible. > >>That obviously ain't right. Neither of the pclink.com servers knows > >>anything about hartinger.org. > > They still should have had the correct info (although I've now told > pclink.com to remove the DNS entries for hartinger.org). But that doesn't help the situation where ns1.goldengate.net had cached the old data. Again, if you want ns1.goldengate.net to be authoritative for your domain, it must get the correct zone data from you. > >>Also, ns1.goldengate.net does not have any A records for > >>either ns1.linkedresources.com. or hartinger.org. > > Yes. Not an oversite, more a "let's see what works." I had assumed (badly?) > that only the IP address of the name server would ever be necessary. > Apparently not. In order for ns1.goldengate.net to act as a secondary server for your domain, it only needs the IP address of your primary server and the name of the domain that it's doing secondary service for. It will use the IP address to connect to your server and transfer the zone data. > But it appears my ISP now has an entry for ns1.linkedresources.com (at > 209.240.86.8), *and* I'm moving DNS for linkedresources.com to > 209.240.86.8 as well (forms sent to NetSol). This is a little different from giving ns1.goldengate.net an IP address to do a zone transfer from. The linkedresources.com domain is a different zone from hartinger.org. An A (IP address) record for ns1.linkedresources.com is necessary so that when ns1.linkedresources.com is given as a name server for hartinger.org, hartinger.org. 2D IN NS NS1.LINKEDRESOURCES.COM. you can also point to it with an A record. IOW, the NS record by itself doesn't do much good if you can't resolve ns1.linkedresources.com to an IP address that you can connect to. > >>The lack of an A record for ns1.linkedresources.com. is undoubtedly > >>part of your problem. It means that no one outside of your network > >>can find your name server, which appears to be the only server that > >>has any information on the hartinger.org. zone. > > In other words, name servers MUST have an A record, not just a whois > entry, unless they are providing DNS for their own domain (ie. > ns1.domain.com is the authoritative name server for domain.com)? Now you're getting it. Again, though, whois is not a part of DNS. It's the root servers that are at the top of the tree. > >The reason ns1.goldengate.net should have an A record for > >ns1.linkedresources.com is because it is one of the authoritative > >name servers for linkedresources.com. > > Yes, the other authoritative name server being ns2.goldengate.net > > >However, the root servers have an A record for > >ns1.linkedresources.com, so it should be locatable some of the time, > >depending on whether a given resolver has already cached information > >for linkedresources.com. > > And how do I arrange this? Isn't this automatically updated from NetSol's > Whois database? Or is it just a slow process? No, it is not automatically updated from NSI. You have to contact the administrators of each name server listed for a domain and arrange for them to configure their servers to handle the domain. > >>It appears that ns1.goldengate.net does not actually have any > >>authoritative data for the hartinger.org. zone (either as a primary > >>or secondary name server). That's supported by the fact that > >>ns1.goldengate.net doesn't have a SOA record for hartinger.org. > >>Since ns1.goldengate.net is listed by the root servers as a name > >>server for the zone, it is important for it to actually have a zone > >>file for it. I'd think that your first order of business should be > >>to make sure that the admin of ns1.goldengate.net knows that he's > >>supposed to be doing secondary name service for hartinger.org. and > >>can get a zone transfer for it. > > Which brings us back to "why isn't ns1.linkedresources.com the first name > server listed?" Again, the order doesn't matter. It's somewhat unfortunate that NSI's domain registration forms use the terms 'primary' and 'secondary' when asking for the name servers. Those terms are used differently in the context of how DNS works. When a resolver looks up a DNS record, it views all of the name servers listed by the root servers as being equal, and it expects them all to all have the same data. The difference between 'primary' and 'secondary' name servers is only in how they _get_ the data. A 'primary' (also called a 'master') server gets the data for a zone from a local file (i.e., a file created by the server's administrator). A 'secondary' (also called a 'slave') server gets its data from a primary server through a 'zone transfer.' If you list two servers with NSI, they might be a primary and a secondary. However, they could just as easily both be primaries. They could also both be secondaries and get their data from a primary server that's not listed with NSI. NSI doesn't really know which servers are primaries and which are secondaries. The bottom line is that all name servers listed for a domain should have authoritative data for the domain. Christopher Bort

Messages In This Thread: Re: Re: domain name doesn''t resolve - working better b by JWBaumann@aol.com on Mar 22, 2000 at 9:58:00 pm Re: Re: domain name doesn''t resolve - working better b by Global Homes Webmaster on Mar 22, 2000 at 11:49:00 pm Re: Re: domain name doesn''t resolve - working better b by Men & Mice Support on Mar 22, 2000 at 11:55:00 pm Re: Re: domain name doesn''t resolve - working better b by Global Homes Webmaster on Mar 23, 2000 at 12:24:00 am Re: Re: domain name doesn''t resolve - working better b by Men & Mice Support on Mar 23, 2000 at 2:55:00 am