Well, this has gone on for a week now and no one has any idea why. We recently took control of all our Domain Names from EasyDNS so we can run them in-house on our new Cobalt as we setup our new hosting department. I setup the NameServers with our Registrar and setup all the DNS info on the Cobalt. We currently have NS1 and NS2, IPs of .122 and .123. .122 was our old webserver address (now the cobalt) so all our website's address didn't change when we went from Easydns to our cobalt, and the .123 IP is currently our old Email server that we can't take offline yet because some customers are still using it. We can't turn it off until we get the websites to come up off the main server. This is the problem, for some reason, none of the websites show up and if I ping the domain name, it replies from our email server (.123, aka, NS2). So somehow, all of the requests get passed directly to the secondary name server either because the cobalt isn't replying or for some reason, the root servers are propigating the wrong IP. Even telling the email server to forward requests to the cobalt fails.

What's odd is that the office network has no problem finding the cobalt (aka NS1) and bringing up the websites, and after initially setting everything up and waiting 24 hours, it all worked fine, then started changing every evening, and now doesn't work at all. I didnt make any changes after initial setup. I even took the cobalt off-line and setup our old win2k webserver with the right DNS info and it still wont propagate or reply to domain requests from outside the office network. This has now put a kink in our timeschedule and no one seems to have an answer. The only thing I can think of is because we are currently on a business DSL, our providers nameservers are causing a problem, but inquries to them say its our problem. Did I miss a setting somewhere? Anyone else has this problem?

Thanks
Jason Siebert

It is extremely difficult (read: impossible) to do any more than make wild guesses about problems such as this (why does one box resolve these names correctly and the other one doesn't) without knowing some of the specifics, such as domain names and IP addresses involved. Which IPs are the old ones and what they should be is a good place to start, along with the domains you think you have bound to those IPs....

There isnt a whole lot that I am leaving out, and not much I can be specific about without giving out too much.. For the sake of argument, our old webserver address is xxx.xxx.xxx.122, and email was xxx.xxx.xxx.123. We used EasyDNS to manage the domain names, all of which were hosted on the webserver. All that we changed was make .122 NS1 and .123 NS2, and put all the DNS information that was on Easydns on NS1 and have it all basicly pointing to itself since thats where the sites are. 123 is just the email server currently, it hasnt been replaced yet. Everything was set up correctly because after we first set it all up, it worked fine. Then a day or two later they started working intermitently, then just not at all anymore. Now whenever you try to go to one of our domains, it just goes straight to the email server, which of course, doesnt have any sites on it.

Pinging www.domain.com gets not reply, but pinging domain.com get a reply from .123. As you can see, none of the IP addresses really changed, if any, it was the MX record since the cobalt will be doing the mail now. But the actual website address didnt at all on any site. None of it makes any sense, it acts like the NS1 server never existed. I dont know how specifc you need me to get since there really isnt much more to explain. Record wise, there is just the SOA and A records as well as a PTR, thats it. We're all lost.

Originally posted by sieb
There isnt a whole lot that I am leaving out, and not much I can be specific about without giving out too much..

Oh, well, when you put it that way.....

For the sake of argument, our old webserver address is xxx.xxx.xxx.122, and email was xxx.xxx.xxx.123. We used EasyDNS to manage the domain names, all of which were hosted on the webserver. All that we changed was make .122 NS1 and .123 NS2,

I assume that you put that NS1 and NS2 in front of one of the existing domain names on the webserver (NS1.olddomain.com and NS2.olddomain.com) or registered another domain, and created nameservers based on that domain using NS1.newdomain.com and NS2.newdomain.com. In either case, you registered the two nameserver domains in the central registry with the IP addresses xxx.xxx.xxx.122 and xxx.xxx.xxx.123

and put all the DNS information that was on Easydns on NS1 and have it all basicly pointing to itself since thats where the sites are.

Did you also make arrangements to mirror the DNS information on NS2 by setting it up as a secondary nameserver, and you have DNS software running and functional on both NS1 and NS2

123 is just the email server currently, it hasnt been replaced yet. Everything was set up correctly because after we first set it all up, it worked fine.

You're sure it worked fine for everybody on the internet, or just from where you tested from? and how many locations did you test from?

Then a day or two later they started working intermitently, then just not at all anymore.

That is symptomatic of incorrectly configured nameservers or DNS information, where it works when you happen to query a functional nameserver with the correct information, or cached (correct) info, is used, but as the cached info expires, it gets replaced with incorrect information or points to nameservers that are non-functional for one reason or another.

Now whenever you try to go to one of our domains, it just goes straight to the email server, which of course, doesnt have any sites on it.

See above.

Pinging www.domain.com gets not reply, but pinging domain.com get a reply from .123. As you can see, none of the IP addresses really changed, if any, it was the MX record since the cobalt will be doing the mail now. But the actual website address didnt at all on any site. None of it makes any sense, it acts like the NS1 server never existed.

Pinging from where? inside the office network, from outside the office network? Can you ping NS1.nameserver.com and NS2.nameserver.com? Get any response at all on port 53 on either machine? Do you get authoritative answers to DNS requests from either nameserver from inside the office network? How about from outside the office network?

I dont know how specifc you need me to get since there really isnt much more to explain. Record wise, there is just the SOA and A records as well as a PTR, thats it. We're all lost.

If you get authoritative (and correct) information in response to DNS queries from inside the office network, which you imply you do when you state that the machines within the office network can "see" all of the websites correctly, but you don't get that same information in response to queries from outside the network, do you have any firewalls in place? port-forwarding? routable ip addresses? which nameservers are the office machines configured to query? Lots of questions that can be answered still. :)

I assume that you put that NS1 and NS2 in front of one of the existing domain names on the webserver (NS1.olddomain.com and NS2.olddomain.com) or registered another domain,

That is correct.

Did you also make arrangements to mirror the DNS information on NS2 by setting it up as a secondary nameserver, and you have DNS software running and functional on both NS1 and NS2

As stated above, NS2 uses the .123 address, which is our old email server currently. I cant switch it until the NS1 server is working correctly. So I dont want to setup NS2 if we cant even get NS1 to work right alone. Somehow quries just get passed right to where NS2 is supposed to be. I know we need two, but if we setup NS2 we may never know if NS1 is ever working right. Then, chances are, quries to NS1 wont work and then quries to NS2 could never work and we would never get anywhere.

You're sure it worked fine for everybody on the internet, or just from where you tested from? and how many locations did you test from?

Test were done from within the office, then from my house, from another house, and from another business I work at.

That is symptomatic of incorrectly configured nameservers or DNS information, where it works when you happen to query a functional nameserver with the correct information, or cached (correct) info, is used, but as the cached info expires, it gets replaced with incorrect information or points to nameservers that are non-functional for one reason or another.

Ok, obviously a setting is wrong somewhere, but the way I have the dns setup for the sites is that they all point to .122 (this has never changed), to itself basicly. The only record that points to anywhere else is the MX record that goes to .123 (temporarily), so whenever you type in the domain.com, it goes to the email server. Typing in www.domain.com goes unresolved. Pings to domain.com also reply from .123. These pings are from anywhere outside our office network (i.e. home). I dont know what bad info could get passed on though, I didnt make any changes to the original config, which worked, until after it stopped working.

Can you ping NS1.nameserver.com and NS2.nameserver.com? Get any response at all on port 53 on either machine? Do you get authoritative answers to DNS requests from either nameserver from inside the office network? How about from outside the office network?

Nothing works outside the office network.

do you have any firewalls in place? port-forwarding? routable ip addresses? which nameservers are the office machines configured to query? Lots of questions that can be answered still.

No firewalls are up yet except for the one infront of the office network. But our DHCP server inside the office is set to tell the computers to first qury the DHCP server (its a development hosting server, so to be able to get to the sites on it constantly, its the first dns entry), then the Development server (DHCP server) passes quries on to the hosting server .122 (which is why they always work inside the office), anything after that gets passed on to the the DSL providers DNS servers. Any questions that help fix this I am willing to answer. :(

I'm going to have to agree with elsmore1 that until you post specific info about what domains you're referring to, you are not going to get a resolution on here.

Oops, a quick follow up. If I'm reading your post correctly, you've got NS1 and NS2 listed as authoritative for the domains, but you've only got the domain information on NS1? Theres your problem. I'd advise doing some reading on how DNS works.

What specific information does everyone have to have?

I only have one nameserver running at the moment because it wont even respond, all quries get passed to ns2. I dont want to setup ns2 until I can figure out why ns1 isn't answering. Otherwise, like I said earlier, I will set it up only to find that NS1 never answers any quries and the problem will never get fixed, or I will setup NS2 and have the same problems and then nothing will work. Im trying to findout why NS1 isn't doing its job.

NS2 uses the .123 address, which is our old email server currently. I cant switch it until the NS1 server is working correctly. So I dont want to setup NS2 if we cant even get NS1 to work right alone.

You should be able to set up DNS on the same machine as mail, but that is irrelevant here... Only having one of the two nameservers up shouldn't cause any problems

Nothing works outside the office network.

Obviously, if you cannot reach your nameservers from outside the office network, they aren't going to be able to answer queries. As to why they can't be reached... I could list dozens of reasons that were possible causes, but... they would just be guesses.

No firewalls are up yet except for the one infront of the office network.

One firewall is all it would take to block access...


passes quries on to the hosting server .122 (which is why they always work inside the office)

this narrows it down some, if in fact the internal hosts are successfully querying ns1. Maybe it just looks like they are... I dunno. Can't guess from here.

My suggestion would be to hire a consultant that you can trust with your confidential information. It is extremely hard (read: impossible) to do more than make wild guesses....

Unless I'm reading his post incorrectly, his NS2 is also his old email server (which is still online). It just doesn't have his domain's information because he hasn't set it up. But people looking up information on his domain are going to contact it anyway and get NOTHING, because it's authoritative. Like I said, learn how DNS works first. Just because you have NS1 listed first doesn't mean that it's the only DNS server that gets queried until it goes offline.

Originally posted by billyjoe
Unless I'm reading his post incorrectly, his NS2 is also his old email server (which is still online). It just doesn't have his domain's information because he hasn't set it up. But people looking up information on his domain are going to contact it anyway and get NOTHING, because it's authoritative. Like I said, learn how DNS works first. Just because you have NS1 listed first doesn't mean that it's the only DNS server that gets queried until it goes offline.

You are correct that his ns2 will get queries which it won't answer until it is set up correctly, but.... on failure to get a resonse from one of the listed nameservers, the query should be directed to one or more of the other listed servers (which is the purpose of having several nameservers, so that if you can't get one to answer you, the other one(s) will). the worst that should happen is a possible delay in getting an answer, but even that would be measured in time periods too small to notice usually.

Ahh, yeah that is true, unless he's got DNS services running on NS2 without a zone file for his domain. Then NS2 will send back a response saying it has no information. In any case, you're right that this isn't going to get resolved on here. It could be way too many things, and without knowing what super secret domain(s) we're even talking about it's impossible to do any sort of testing, so I'm done reading until more information appears.