domain name doesn''t resolve - working better b

Re: Re: domain name doesn''t resolve - working better b

From:

Date:

Time:

Some very good beginner questions here. Let me try to clarify.

At 4:58 PM -0500 3/22/00, JWBaumann@aol.com wrote:
>Thanks for all the help. Domain hartinger.org is resolving, but slowly, and
>some questions remain. Please copy responses directly to me since I
>subscribed to the digest. Status/comments/questions interspersed below.
>
>In a message dated 3/22/00 1:53:16 PM, Men & Mice Support wrote:
>>---------------------------------------------------------------------->
>>Very thorough and good answer. I just want to add a few details.
>>
>>At 4:17 PM -0800 3/21/00, Global Homes Webmaster wrote:
>>>On 03/21/00 at 17:50, JWBaumann@aol.com wrote:
><snip>
>>>> A client's domain (hartinger.org) now appears to have correct
>>>> information in the Network Solutions database, with the primary name
>>>> server of ns1.linkedresources.com / IP addr of 209.240.86.8. QuickDNS
>>>> Pro is running nicely on an iMac at that IP address. If I specify
>>>> 209.240.86.8 in my TCP/IP control panel and attempt to resolve the
>>>> domain name, it resolves correctly.
>>>>
>>>> However, if I specify an unrelated name server in the TCP/IP control
>panel,
>>>> "hartinger.org" does not resolve. In other words, NetSol points to a
>working
>>>> QuickDNS Pro server, yet the domain name will not resolve. The message
>>>> returned with Anarchie is "No data available for reading (OTNoDataErr)".
>>>
>>>There is some disagreement among the name servers for hartinger.org.
>>>According to the Network Solutions Whois database:
>>> Domain servers in listed order:
>>> NS1.LINKEDRESOURCES.COM 209.240.86.8
>>> NS1.GOLDENGATE.NET 209.240.77.77
>
>Yes, this is as I want it.
>
>>>>From a.root-servers.net:
>>> ;; ANSWER SECTION:
>>> hartinger.org. 2D IN NS NS1.GOLDENGATE.NET.
>>> hartinger.org. 2D IN NS NS1.LINKEDRESOURCES.COM.
>
>Now why would they have them in reverse order? And how exactly do you
>generate this info (ie. what software/URL)? What does "2D IN NS" mean?

The order of these records is not important; it does not imply any sort of priority.

That's three different things:

o 2D: TTL (time to live) is set to 2 days, or 172800 seconds. This is standard for records on the root servers, and can't be changed by you.

o IN: specifies that these records contain Internet data, as opposed to hesiod or chaos. (Yes, those really are the other two possibilities for that field.) IN is the default, and is in fact the only record class currently supported by QuickDNS.

o NS: record type. In this case, this stands for Name Server. So these are name server records, which specify what servers are authoritative for this domain.

>>> ;; AUTHORITY SECTION:
>>> hartinger.org. 2D IN NS NS1.GOLDENGATE.NET.
>>> hartinger.org. 2D IN NS NS1.LINKEDRESOURCES.COM.
>>>
>>> ;; ADDITIONAL SECTION:
>>> NS1.GOLDENGATE.NET. 2D IN A 209.240.77.77
>>> NS1.LINKEDRESOURCES.COM. 2D IN A 209.240.86.8
>
>Ditto.

Same answers, too.

>>>>From ns1.goldengate.net:
>
>Who I hadn't yet contacted, since ns1.goldengate.net would only be used if
>ns1.linkedresources.com was down, and I wanted to verify the primary
>nameserver (as specified with NetSol) was responding correctly.

Not true at all. All listed servers are contacted for every query. Whichever server responds quickest is the one whose answer is used.

>>> ;; ANSWER SECTION:
>>> hartinger.org. 21h22m24s IN NS FOREGO.PCLINK.COM.
>>> hartinger.org. 21h22m24s IN NS KELSO.PCLINK.COM.
>
>No surprise. These were the name servers we dropped.
>
>But wouldn't ns1.goldengate.net have needed to get this info from a name
>server higher up the chain, perhaps ultimately from NetSol, or is it just
>pulling the info from cache?

Cache. Notice the TTL's, which show 21 hours, 22 minutes, and 24 seconds, or 76944 seconds. Subsequent queries would show that number counting down, until the records were purged from cache. (That's what the Time To Live is all about.)

> NetSol's info (Whois lookup) has been correct
>for 3 or 4 days now. Shouldn't ns1.goldengate.net have ultimately been given
>209.240.86.8 as the IP address of the name server which could give the
>authoritative DNS info for hartinger.org? Is there a root name server which is
> very delayed in its DNS updates?

The primary root server is a.root-servers.net. When the whois database doesn't agree with this server, it generally means that the whois database has been recently updated (< 12 hours), and that the a root server will catch up after that. Until that time, the a root server is what is used, so the whois database's information is effectively wrong.

>>> ;; AUTHORITY SECTION:
>>> hartinger.org. 21h22m24s IN NS FOREGO.PCLINK.COM.
>>> hartinger.org. 21h22m24s IN NS KELSO.PCLINK.COM.
>
>Does this mean that ns1.goldengate.net is being told that FOREGO and KELSO
>are still the authoritative name servers for hartinger.org? Again, dated
>info. From cache?

Correct. Dated info, taken from cache. It takes a couple of days after the root servers change their records for those changes to take effect, because the root servers have their TTL's set to 2 days.

>>> ;; ADDITIONAL SECTION:
>>> FOREGO.PCLINK.COM. 1d21h44m12s IN A 204.72.134.11
>>> KELSO.PCLINK.COM. 1d21h44m12s IN A 204.72.134.10
>>
>>Note that this answer is marked as non-authoritative
>
>How do you tell that's it's non-authoritative? What's the code?

I'm using DNS Expert's DNS Query tool to find (or in this case, verify) this information; it has a nice little summary at the top of each result, including an indicator of authority or non-authority.

So when I sent the same query as Mr. Bort, I saw the same answer, but with lower numbers. I also saw that the answer was marked as non-authoritative.

Mr. Bort used dig, probably on a Unix host, to find this information. It's very similar to DNS Expert's DNS Query tool (and predates our tool by a very long time), except we've formatted the results much more nicely. :)

>>(and that the TTL is decrementing).
>
>TTL = Time To Live? How can you tell it's decrementing? Because a time is
>given? And again, what software is providing this info for you?

Because (a) 1 day + 1 hour + 44 minutes + 12 seconds is not a time anyone would manually enter into a TTL, and (b) because, when I sent the query again, the number was lower.

>>Thus, this answer is in this server's cache, and will expire eventually
>(about 14 hours
>>from now, as of the time of this writing).
>
>Grasshopper understands better, upset at slowness of time. What's a standard T
>TL?

A standard TTL is anywhere from 8 hours to 2 days. I've seen lower and higher, though when I see a TTL higher than 2 days, I tend to cringe.

>>>That obviously ain't right. Neither of the pclink.com servers knows anything
>>>about hartinger.org.
>
>They still should have had the correct info (although I've now told
>pclink.com to remove the DNS entries for hartinger.org).

They'd already removed the data.

>>Also, ns1.goldengate.net does not have any A records for
>>>either ns1.linkedresources.com. or hartinger.org.
>
>Yes. Not an oversite, more a "let's see what works." I had assumed (badly?)
>that only the IP address of the name server would ever be necessary.
>Apparently not. But it appears my ISP now has an entry for
>ns1.linkedresources.com (at 209.240.86.8), *and* I'm moving DNS for
>linkedresources.com to 209.240.86.8 as well (forms sent to NetSol).
>
>>The lack of an A record for
>>>ns1.linkedresources.com. is undoubtedly part of your problem. It means that
>no
>>>one outside of your network can find your name server, which appears to be
>the
>>>only server that has any information on the hartinger.org. zone.
>
>In other words, name servers MUST have an A record, not just a whois entry, un
>less they are providing DNS for their own domain (ie. ns1.domain.com is the
>authoritative name server for domain.com)?

Even in that case, the domain file for domain.com had better have an A record for ns1.domain.com. Remember that "ns1" isn't a standard, just a tradition. As far as the DNS servers are concerned, it's just an arbitrary name.

>>The reason ns1.goldengate.net should have an A record for
>>ns1.linkedresources.com is because it is one of the authoritative
>>name servers for linkedresources.com.
>
>Yes, the other authoritative name server being ns2.goldengate.net
>
>>However, the root servers have an A record for
>>ns1.linkedresources.com, so it should be locatable some of the time,
>>depending on whether a given resolver has already cached information
>>for linkedresources.com.
>
>And how do I arrange this? Isn't this automatically updated from NetSol's
>Whois database? Or is it just a slow process?

My point was that a server that had already cached information for linkedresources.com mightn't query the root servers, and thus might not be able to find your server. Any resolver starting from a blank slate will have no trouble finding your server, the first time.

>>>It appears that ns1.goldengate.net does not actually have any authoritative
>>>data for the hartinger.org. zone (either as a primary or secondary name
>>>server). That's supported by the fact that ns1.goldengate.net doesn't have a
>>>SOA record for hartinger.org. Since ns1.goldengate.net is listed by the root
>>>servers as a name server for the zone, it is important for it to actually
>have
>>>a zone file for it. I'd think that your first order of business should be to
>>>make sure that the admin of ns1.goldengate.net knows that he's supposed to
>be
>>>doing secondary name service for hartinger.org. and can get a zone transfer
>>>for it.
>
>Which brings us back to "why isn't ns1.linkedresources.com the first name
>server listed?"

Again, the order of these records is irrelevant.
____________________________________________________________________
Chris Buxton cbuxton@menandmice.com
Men & Mice http://www.menandmice.com
Makers of: QuickDNS Pro

Sales:
888/4-DPOINT

Support:
858/452-3696