[AusNOG] Strange DNS issue

CAS Netlink Support support at cbl.com.au
Mon Oct 29 10:38:27 EST 2012 

Hi Sean,

It did eventually sort itself out on Sunday with the big T's DNS servers 
falling in to line, but the question does make me want to answer it with 
another question that may help me prevent this situation in the future. :)

I did the TLD nameserver glue query and it returned a Host ID and 
hostname but no IP. To be honest, I didn't think the .au TLDs had/used 
glue records that I could alter. With .com, .net etc I've always kept 
those up to date but I've never really heard anything about .au glue or 
seen anywhere they can be maintained. The nameservers for the .net 
domain that had problems are .com.au hosts so I guess my next question 
is how do I fix the glue?

Regards,

Gary
Untitled Document

On 29/10/2012 10:01 AM, Sean K. Finn wrote:
> Untitled Document
>
> Gary,
>
> I'll pose some obvious question, do the nameservers have appropriate 
> glue records in the root, (or CC root) and are the domain's NS Records 
> matching the nameservers they are actually delegated to?
>
> You can check TLD nameserver glue here:
>
> http://www.internic.net/whois.html
>
> Or, if the nameservers are .au nameservers, here
>
> http://whois.ausregistry.com.au/whois/whois_local.jsp?
>
> With the query string being "HOST ns1.domain.com.au"
>
> Glue (HOST RECORD) response example for  "HOST NS1.net.au"
>
> Whois response for *HOST ns1.net.au*:
>
> Host ID
>
> 	
>
> H0041281-AR
>
> Host Name
>
> 	
>
> ns1.net.au
>
> IP Address
>
> 	
>
> 202.125.32.4
>
> Sometimes when the glue isn't correct, and when the NS records don't 
> match where the domain name is delegated to, 'strange' things happen, 
> where the domain works from some places, but not others.
>
> Sean.
>
> *From:*ausnog-bounces at lists.ausnog.net 
> [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *CAS Netlink 
> Support
> *Sent:* Sunday, October 28, 2012 12:41 PM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Strange DNS issue
>
> Thanks Heinz. I lowered the refresh time yesterday and I've just 
> seriously increased the serial. It has become a bit curiouser though. 
> Telstra's lon-resolver.telstra.net appears to be returning the correct 
> record when queried from a USA server:
>
> # dig @203.50.2.71 xxxxx.net any
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.5 <<>> @203.50.2.71 
> xxxxx.net any
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19922
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4
>
> However, when I query the same server from my client's firewall which 
> is connected to Bigpond ADSL, it fails:
>
> t# dig @203.50.2.71 xxxxx.net any
>
> ; <<>> DiG 9.5.1-P2 <<>> @203.50.2.71 xxxxx.net any
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 40361
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> I've never seen this sort of weirdness before. DNS seemed so much 
> easier when Robert Elz was running the show :).
>
> Gary
>
>
> On 28/10/2012 1:12 PM, Heinz N wrote:
>
>         Am I right in thinking it is probably that the domain had a
>         long expire time? The refresh was set to 86400, but it seems
>         like it is being ignored or it doesn't figure in how long DNS
>         servers will wait before refreshing the domain.
>
>
>     A few years ago I hade a similar problem when redelegating domains
>     where telstra was the secondary. I had a too long refresh time and
>     it seemed that their DNS only updated according to the longest
>     number: refresh or retry (this is just my opinion). Everyone
>     else's DNSs queried my authorative host and got the redelegations
>     but the secondary (telstra) didn't for quite some time. This
>     problem was my fault and now I have everything set at 1hr (except
>     expire which is set much longer).
>
>     I resorted to adding new host A records into those domains and
>     doing a dig @nsX.telstra.XXXX on those host.domain in order to
>     force their DNS to re-query the zone records. This didn't trigger
>     a zone transfer unfortunately, but the new hosts did then appear.
>     I used them until the full zone transfer finally happened. (This
>     is a bit difficult if your "www" A record is the one not updating).
>
>     PS. Don't forget to update your Zone record serial number. You
>     might even try increasing it in order to try to trigger a full
>     refresh.
>
>     Regards,
>     Heinz N.
>
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121029/ca88bc9f/attachment.html>

More information about the AusNOG mailing list