[84966] in North American Network Operators' Group
Re: Weird DNS issues for domains
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Bj=F8rn_Mork?=)
Thu Sep 29 15:20:16 2005
From: =?iso-8859-1?Q?Bj=F8rn_Mork?= <bjorn@mork.no>
To: Matthew Crocker <matthew@crocker.com>
Cc: "Robert E.Seastrom" <rs@seastrom.com>, nanog@nanog.org
Date: Thu, 29 Sep 2005 21:20:12 +0200
In-Reply-To: <A310E761-5459-440B-BA92-E160A45550AB@crocker.com> (Matthew
Crocker's message of "Thu, 29 Sep 2005 13:06:33 -0400")
Errors-To: owner-nanog@merit.edu
Matthew Crocker <matthew@crocker.com> writes:
>> I just tested it from a Verizon DSL host and it worked.
>>
>> You might want to consider reading RFC 2182 though, particularly the
>> part about geographically diverse nameservers.
>
> Yeah, yeah, that is overrated. If my site goes dark and my DNS goes=20=
=20
> down it doesn't really matter as the bandwidth and the web server=20=20
> will also be down. Having a live DNS server in another part of the=20=20
> country won't help if the access routers handling the traffic for the=20=
=20
> T1 to the school is also down.
>
> Geographically diverse name servers sounds great in theory but for=20=20
> this application it won't gain any redundancy.
I wonder what that application could be... Single server with two
addresses? Two servers behind a failing firewall? Well, if you don't
care then why should we?
There's definitely something seriously wrong with your configuration,
and it is related to the two colocated servers. I sometimes get the
result below. Works once, and then it fails because of answers from
the wrong address:
bjorn@canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth1.crocker.com
; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34405
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.mtrsd.k12.ma.us. IN A
;; ANSWER SECTION:
www.mtrsd.k12.ma.us. 604800 IN A 159.250.29.161
;; AUTHORITY SECTION:
mtrsd.k12.ma.us. 604800 IN NS dns-auth2.crocker.com.
mtrsd.k12.ma.us. 604800 IN NS dns-auth1.crocker.com.
;; ADDITIONAL SECTION:
dns-auth2.crocker.com. 600 IN A 204.97.12.57
dns-auth1.crocker.com. 600 IN A 204.97.12.58
;; Query time: 279 msec
;; SERVER: 204.97.12.58#53(dns-auth1.crocker.com)
;; WHEN: Thu Sep 29 21:11:17 2005
;; MSG SIZE rcvd: 144
bjorn@canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth2.crocker.com
; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth2.crocker.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44398
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.mtrsd.k12.ma.us. IN A
;; ANSWER SECTION:
www.mtrsd.k12.ma.us. 604800 IN A 159.250.29.161
;; AUTHORITY SECTION:
mtrsd.k12.ma.us. 604800 IN NS dns-auth2.crocker.com.
mtrsd.k12.ma.us. 604800 IN NS dns-auth1.crocker.com.
;; ADDITIONAL SECTION:
dns-auth2.crocker.com. 600 IN A 204.97.12.57
dns-auth1.crocker.com. 600 IN A 204.97.12.58
;; Query time: 255 msec
;; SERVER: 204.97.12.57#53(dns-auth2.crocker.com)
;; WHEN: Thu Sep 29 21:11:21 2005
;; MSG SIZE rcvd: 144
bjorn@canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; reply from unexpected source: 204.97.12.57#53, expected 204.97.12.58#53
;; reply from unexpected source: 204.97.12.57#53, expected 204.97.12.58#53
; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; global options: printcmd
;; connection timed out; no servers could be reached
After a while the session seems to time out and things will work
again. Once, before the same shit happens again.
Bj=F8rn
