<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Sean,<br>
<br>
It did eventually sort itself out on Sunday with the big T's DNS
servers falling in to line, but the question does make me want to
answer it with another question that may help me prevent this
situation in the future. :)<br>
<br>
I did the TLD nameserver glue query and it returned a Host ID and
hostname but no IP. To be honest, I didn't think the .au TLDs
had/used glue records that I could alter. With .com, .net etc I've
always kept those up to date but I've never really heard anything
about .au glue or seen anywhere they can be maintained. The
nameservers for the .net domain that had problems are .com.au
hosts so I guess my next question is how do I fix the glue?<br>
<br>
Regards,<br>
<br>
Gary<br>
<div class="moz-signature">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<title>Untitled Document</title>
<br>
<br>
</div>
On 29/10/2012 10:01 AM, Sean K. Finn wrote:<br>
</div>
<blockquote
cite="mid:D2B93227AFAE51499A4F7E1BEDD4523A845D81F87C@msx01.office.ozservers.net.au"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<title>Untitled Document</title>
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Gary,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ll
pose some obvious question, do the nameservers have
appropriate glue records in the root, (or CC root) and are
the domain’s NS Records matching the nameservers they are
actually delegated to?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You
can check TLD nameserver glue here:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true"
href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Or,
if the nameservers are .au nameservers, here<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a
moz-do-not-send="true"
href="http://whois.ausregistry.com.au/whois/whois_local.jsp?">http://whois.ausregistry.com.au/whois/whois_local.jsp?</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">With
the query string being “HOST ns1.domain.com.au”<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Glue
(HOST RECORD) response example for “HOST NS1.net.au”<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Whois
response for <b>HOST ns1.net.au</b>:<o:p></o:p></span></p>
<table class="MsoNormalTable"
style="margin-left:5.25pt;background:white" border="0"
cellpadding="0">
<tbody>
<tr>
<td style="width:135.0pt;background:#EFEFEF;padding:3.75pt
3.75pt 3.75pt .75pt" valign="top" width="180">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Host
ID<o:p></o:p></span></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">H0041281-AR<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="width:135.0pt;background:#EFEFEF;padding:3.75pt
3.75pt 3.75pt .75pt" valign="top" width="180">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Host
Name<o:p></o:p></span></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">ns1.net.au<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="width:135.0pt;background:#EFEFEF;padding:3.75pt
3.75pt 3.75pt .75pt" valign="top" width="180">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">IP
Address<o:p></o:p></span></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">202.125.32.4<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Sometimes
when the glue isn’t correct, and when the NS records don’t
match where the domain name is delegated to, ‘strange’
things happen, where the domain works from some places, but
not others.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Sean.<o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>
[<a class="moz-txt-link-freetext" href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf
Of </b>CAS Netlink Support<br>
<b>Sent:</b> Sunday, October 28, 2012 12:41 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] Strange DNS issue<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Thanks
Heinz. I lowered the refresh time yesterday and I've just
seriously increased the serial. It has become a bit
curiouser though. Telstra's lon-resolver.telstra.net appears
to be returning the correct record when queried from a USA
server:<br>
<br>
# dig @203.50.2.71 xxxxx.net any<br>
<br>
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.5
<<>> @203.50.2.71 xxxxx.net any<br>
; (1 server found)<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
id: 19922<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2,
ADDITIONAL: 4<br>
<br>
However, when I query the same server from my client's
firewall which is connected to Bigpond ADSL, it fails:<br>
<br>
t# dig @203.50.2.71 xxxxx.net any<br>
<br>
; <<>> DiG 9.5.1-P2 <<>>
@203.50.2.71 xxxxx.net any<br>
; (1 server found)<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL,
id: 40361<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 0<br>
<br>
I've never seen this sort of weirdness before. DNS seemed so
much easier when Robert Elz was running the show :).<br>
<br>
Gary<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 28/10/2012 1:12 PM, Heinz N wrote:<o:p></o:p></p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Am I right in thinking it is probably
that the domain had a long expire time? The refresh was
set to 86400, but it seems like it is being ignored or it
doesn't figure in how long DNS servers will wait before
refreshing the domain. <o:p></o:p></p>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
A few years ago I hade a similar problem when redelegating
domains where telstra was the secondary. I had a too long
refresh time and it seemed that their DNS only updated
according to the longest number: refresh or retry (this is
just my opinion). Everyone else's DNSs queried my
authorative host and got the redelegations but the secondary
(telstra) didn't for quite some time. This problem was my
fault and now I have everything set at 1hr (except expire
which is set much longer). <br>
<br>
I resorted to adding new host A records into those domains
and doing a dig @nsX.telstra.XXXX on those host.domain in
order to force their DNS to re-query the zone records. This
didn't trigger a zone transfer unfortunately, but the new
hosts did then appear. I used them until the full zone
transfer finally happened. (This is a bit difficult if your
"www" A record is the one not updating). <br>
<br>
PS. Don't forget to update your Zone record serial number.
You might even try increasing it in order to try to trigger
a full refresh. <br>
<br>
Regards, <br>
Heinz N. <br>
<br>
_______________________________________________ <br>
AusNOG mailing list <br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>