[AusNOG] Strange DNS issue

CAS Netlink Support support at cbl.com.au
Sun Oct 28 13:41:25 EST 2012 

Thanks Heinz. I lowered the refresh time yesterday and I've just 
seriously increased the serial. It has become a bit curiouser though. 
Telstra's lon-resolver.telstra.net appears to be returning the correct 
record when queried from a USA server:

# dig @203.50.2.71 xxxxx.net any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.5 <<>> @203.50.2.71 
xxxxx.net any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19922
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4

However, when I query the same server from my client's firewall which is 
connected to Bigpond ADSL, it fails:

t# dig @203.50.2.71 xxxxx.net any

; <<>> DiG 9.5.1-P2 <<>> @203.50.2.71 xxxxx.net any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 40361
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

I've never seen this sort of weirdness before. DNS seemed so much easier 
when Robert Elz was running the show :).

Gary



Untitled Document On 28/10/2012 1:12 PM, Heinz N wrote:
>> Am I right in thinking it is probably that the domain had a long 
>> expire time? The refresh was set to 86400, but it seems like it is 
>> being ignored or it doesn't figure in how long DNS servers will wait 
>> before refreshing the domain.
>
> A few years ago I hade a similar problem when redelegating domains 
> where telstra was the secondary. I had a too long refresh time and it 
> seemed that their DNS only updated according to the longest number: 
> refresh or retry (this is just my opinion). Everyone else's DNSs 
> queried my authorative host and got the redelegations but the 
> secondary (telstra) didn't for quite some time. This problem was my 
> fault and now I have everything set at 1hr (except expire which is set 
> much longer).
>
> I resorted to adding new host A records into those domains and doing a 
> dig @nsX.telstra.XXXX on those host.domain in order to force their DNS 
> to re-query the zone records. This didn't trigger a zone transfer 
> unfortunately, but the new hosts did then appear. I used them until 
> the full zone transfer finally happened. (This is a bit difficult if 
> your "www" A record is the one not updating).
>
> PS. Don't forget to update your Zone record serial number. You might 
> even try increasing it in order to try to trigger a full refresh.
>
> Regards,
> Heinz N.
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121028/40a522b7/attachment.html>

More information about the AusNOG mailing list