[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Nameserver update



Hi,

out of interest why are you using nslookup, i though dig is the tool
recommended these days...

On 6/28/07, Till Wimmer <g4-lisz@tonarchiv.ch> wrote:
I) TTL of SOA is much to short!
My SOA looks like this:
        origin = dns.substring.ch
        mail addr = noc.substring.ch
        serial = 2007060701
        refresh = 21600
        retry = 3600
        expire = 604800
        minimum = 86400

that is on purpose for the moment (trying to get rid of the mismatched
glue records) The com server do have the wrong ip of our NS.

II) For all the mailing related stuff you should make sure that your MX
names are the same the IP resolves to and vice versa.
Another problem is that  mx.openforce.com resolves to 62.99.149.109 and
is claiming to be openforce.com (HELO), but openforce.com resolves to
62.99.149.107.
||62.99.149.107 resolves to 62-99-149-107.ifo.net. A well configured MTA
doesn't like this...
You should configure your MTA to answer with mx.openforce.com in his
greeting sequence.

hmm true didn't pay attention to the mx stuff as we're in the middle
of migrating our office. that's a 30 second thing

III) Then there is some contradiction in your NS' answers.
ns10.openforce.com ist claiming there are 3 NS, but the other say there

that is what our dns registrar told me. Again, once the glue is
(hopefully) updated at the parent servers that should be solved (or
then I can at least update our slave nameservers to whatever the
parent servers say) for the moment ns24 and ns34 are the nameservers
that should be slaves for us (according to our providers info)

IV) ns24.ifo.net is "Open DNS server". It can be queried for domains
which it's not authoritative for:

not my fault :)

that is our registrar already told them about this but they don't want
to change it.

develop@schlunze:~$ nslookup - ns24.ifo.net
> substring.ch
Server:         ns24.ifo.net
Address:        217.29.159.135#53

Non-authoritative answer:
Name:   substring.ch
Address: 80.242.134.171

so that was you! :)

and i was wondering why we got queried for that domain :)

V) "Mismatched glue":
If this is not a caching /TTL issue, it's really a bad thing. The root
server says, ns10.openforce.com is at 62.99.149.110, but your NS says,
it's at 81.223.107.117.
Your domains registrar should update the root record:

I told them to do so, but I guess we'll ditch them that is the second
time with massive problems.

develop@schlunze:~$ nslookup - i.gtld-servers.net
> set type=ns
> openforce.com
Server:         i.gtld-servers.net
Address:        192.43.172.30#53

Non-authoritative answer:
openforce.com   nameserver = ns10.openforce.com.
openforce.com   nameserver = ns34.ifo.net.

Authoritative answers can be found from:
ns10.openforce.com      internet address = 62.99.149.110

incorrect address the correct address is 81.223.107.117 as you have
seen below - and that is the root of all my problems :/

I'm pretty confident they messed something up the dnsstuff report was
fine before the update and i triple checked the the AXFRs to match.
SOA TTL records are my fault now true but right now i'm dead in the
water and if those NS updates won't propagate soon we'll lose
connectivity as we need to move a couple of servers to the new office
since the old uplink is being closed down in 2 weeks.

thanks for checking
martin



Reply to: