Weird DNS issues for domains
Bjørn Mork
bjorn at mork.no
Thu Sep 29 19:20:12 UTC 2005
Matthew Crocker <matthew at crocker.com> writes:
>> I just tested it from a Verizon DSL host and it worked.
>>
>> You might want to consider reading RFC 2182 though, particularly the
>> part about geographically diverse nameservers.
>
> Yeah, yeah, that is overrated. If my site goes dark and my DNS goes
> down it doesn't really matter as the bandwidth and the web server
> will also be down. Having a live DNS server in another part of the
> country won't help if the access routers handling the traffic for the
> T1 to the school is also down.
>
> Geographically diverse name servers sounds great in theory but for
> this application it won't gain any redundancy.
I wonder what that application could be... Single server with two
addresses? Two servers behind a failing firewall? Well, if you don't
care then why should we?
There's definitely something seriously wrong with your configuration,
and it is related to the two colocated servers. I sometimes get the
result below. Works once, and then it fails because of answers from
the wrong address:
bjorn at canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth1.crocker.com
; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34405
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.mtrsd.k12.ma.us. IN A
;; ANSWER SECTION:
www.mtrsd.k12.ma.us. 604800 IN A 159.250.29.161
;; AUTHORITY SECTION:
mtrsd.k12.ma.us. 604800 IN NS dns-auth2.crocker.com.
mtrsd.k12.ma.us. 604800 IN NS dns-auth1.crocker.com.
;; ADDITIONAL SECTION:
dns-auth2.crocker.com. 600 IN A 204.97.12.57
dns-auth1.crocker.com. 600 IN A 204.97.12.58
;; Query time: 279 msec
;; SERVER: 204.97.12.58#53(dns-auth1.crocker.com)
;; WHEN: Thu Sep 29 21:11:17 2005
;; MSG SIZE rcvd: 144
bjorn at canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth2.crocker.com
; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth2.crocker.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44398
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.mtrsd.k12.ma.us. IN A
;; ANSWER SECTION:
www.mtrsd.k12.ma.us. 604800 IN A 159.250.29.161
;; AUTHORITY SECTION:
mtrsd.k12.ma.us. 604800 IN NS dns-auth2.crocker.com.
mtrsd.k12.ma.us. 604800 IN NS dns-auth1.crocker.com.
;; ADDITIONAL SECTION:
dns-auth2.crocker.com. 600 IN A 204.97.12.57
dns-auth1.crocker.com. 600 IN A 204.97.12.58
;; Query time: 255 msec
;; SERVER: 204.97.12.57#53(dns-auth2.crocker.com)
;; WHEN: Thu Sep 29 21:11:21 2005
;; MSG SIZE rcvd: 144
bjorn at canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; reply from unexpected source: 204.97.12.57#53, expected 204.97.12.58#53
;; reply from unexpected source: 204.97.12.57#53, expected 204.97.12.58#53
; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; global options: printcmd
;; connection timed out; no servers could be reached
After a while the session seems to time out and things will work
again. Once, before the same shit happens again.
Bjørn
More information about the NANOG
mailing list