Results 1 to 2 of 2
  1. #1

    DNS config help - acunett or isp tech is right?

    Hi
    I am having an issue with a server where we have 2 isps that can not resvolve our dns servers. Acunett says our servers are configured correctly, but the isp techs says it's not.

    After a 2 week long conversation with the isp trying to tell them that our config is right, I have decided to post the last conversation between them and acunett on my helpdesk. (Webhostnr 1 division USA = Acunett and ulf is the isp tech.

    I am very satisified with the acunett support team, but I just wanted some help here so we can get this resvolved.

    Conversation begins:

    Author
    Contents

    Kim


    Posted on 02 Dec 2006 04:16 PM

    --------------------------------------------------------------------------------
    Hi
    There is an ongoing issue where customer of the isp ice is not able to resvolve our dns servers.

    I am opening a channel here to Ulf which is a tech at the ice isp to get this issue resvolved.

    Please wait for Ulf to respond to this issue, and also please see my note in this ticket.

    Thank you

    Kim
    Webhostnr 1 division Norway


    Ulf


    Posted on 02 Dec 2006 05:05 PM

    --------------------------------------------------------------------------------
    Hi!

    There are some strange configurations in the zone for webhostnr1.com
    where sub zones seems to have been setup at the DNS server without
    delegating the correctly in the parent zone.

    Note that this was like it looked the last time i checked..

    i.e at .COM nameservers

    webhostnr1.com IN NS ns1.webhostnr1.com.
    IN NS ns2.webhostnr1.com.


    at WEBHOSTNR1.COM nameservers

    5 zone seems to have beens set up..?
    ( You probably only need one: webhostnr1.com )

    webhostnr1.com IN SOA...

    IN NS ns1.webhostnr1.com.
    IN NS ns2.webhostnr1.com.
    ns1 IN A 1.1.1.1
    ns2 IN A 2.2.2.2
    ns3 IN A 3.3.3.3
    ns4 IN A 4.4.4.4

    and then the following zones as well...

    ns1.webhostnr1.com. IN SOA...

    IN NS ns1.webhostnr1.com.
    IN NS ns2.webhostnr1.com.

    And the same for the following zones..
    ns2.webhostnr1.com. IN SOA...
    ns3.webhostnr1.com. IN SOA...
    ns4.webhostnr1.com. IN SOA...

    ----------------------

    I.e. i can do zonetransfers for each of the
    following zones from ns1/ns2

    webhostnr1.com
    ns1.webhostnr1.com
    ns2.webhostnr1.com
    ns3.webhostnr1.com
    ns4.webhostnr1.com

    I do not see any reason for the NS pointers to
    be set up as subdomains in parallell to the main
    domain webhostnr1.com at all here as well as
    being used as A pointers as well..

    And.. Even if we can fix our resolvers if we have a problem
    you still might have a problem with this configuration..

    This since there are a lot of nameservers out there that are
    running the same nameserver software..;-)



    Regards

    /Uffe

    Webhostnr 1 Division USA


    Posted on 02 Dec 2006 08:29 PM

    --------------------------------------------------------------------------------
    Hello,

    Please do check the dnsreport for the domain http://dnsreport.com/tools/dnsreport...webhostnr1.com. It gives almost a perfect result. The SOA is setup correctly and the nameservers are also configured correctly on the servers. We have configured the nameservers as follows.

    ns1.webhostnr1.com. 75.126.23.224
    ns2.webhostnr1.com. 75.126.23.225
    ns3.webhostnr1.com. 75.126.23.225
    ns4.webhostnr1.com. 75.126.23.226

    Some of the domain uses ns1,ns2 and others ns3 and ns4 so we have to configure all the four nameservers in the configuration file.

    Please do check it once again and if you are still unable to reach the domain please let me know the exact domainname which you are trying to access.

    Best Regards,
    Webhostnr 1 division USA


    Ulf


    Posted on 02 Dec 2006 08:45 PM

    --------------------------------------------------------------------------------

    Hi Steve!

    > Please do check the dnsreport for the domain http://dnsreport.com/tools/dnsreport...webhostnr1.com. It gives almost a perfect result. The SOA is setup correctly and the nameservers are also configured correctly on the servers. We have configured the nameservers as follows.

    I have a similar report at http://www.dnscheck.se

    > ns1.webhostnr1.com. 75.126.23.224
    > ns2.webhostnr1.com. 75.126.23.225
    > ns3.webhostnr1.com. 75.126.23.225
    > ns4.webhostnr1.com. 75.126.23.226

    Yep all right there..

    No problem with using ns1,ns2,ns3,ns4

    Only issue there is that you probably should have a secondary nameserver
    "outside" the webhostnr1.com domain and placed for example at a upstream
    ISP. This since if there is any problem with the LAN where 224,225,226
    hosts are your domain is gone.. Microsoft did the same a couple of years
    ago..;-) And they where gone for a day..

    But try this.. ( this is the funny config )

    dig @ns1.webhostnr1.com ns1.webhostnr1.com axfr

    It seems that there is a subdomain ns1.webhostnr1.com defined as well
    in the nameserver.. Unless this has been configured with a reason
    ( which i cannot figure out ) these extra zones probably should be removed..

    If you check the following you will see the same..

    dig @ns1.webhostnr1.com ns1.webhostnr1.com axfr
    dig @ns1.webhostnr1.com ns2.webhostnr1.com axfr
    dig @ns1.webhostnr1.com ns3.webhostnr1.com axfr
    dig @ns2.webhostnr1.com ns1.webhostnr1.com axfr
    dig @ns2.webhostnr1.com ns2.webhostnr1.com axfr
    dig @ns2.webhostnr1.com ns3.webhostnr1.com axfr

    I.e. there is a subdomain configured in the nameserver
    which is the same as the A record used for the NS pointer..

    These subdomains seems to have disapeared since my last
    search..

    dig @ns1.webhostnr1.com ns4.webhostnr1.com axfr
    dig @ns2.webhostnr1.com ns4.webhostnr1.com axfr

    Regards

    /Uffe

    >
    > Some of the domain uses ns1,ns2 and others ns3 and ns4 so we have to configure all the four nameservers in the configuration file.
    >
    > Please do check it once again and if you are still unable to reach the domain please let me know the exact domainname which you are trying to access.
    >
    > Best Regards,
    >
    > Webhostnr 1 division USA
    >
    >
    > Detaljer
    > ===================
    > Saksreferanse: LZD-193053
    > Avdeling: Webhostnr 1 Division USA
    > Prioritet: Normal
    > Status: P Vent (On Hold)
    >
    >
    >
    >





    Kim

    Posted on 02 Dec 2006 08:51 PM

    --------------------------------------------------------------------------------
    Hi Steve
    One of my staff members here at the Webhostnr 1 Norway office was in sweden on a hotell during a business trip and was also having the samme issue with the hotell isp that it was unable to resvolve. So there is at least one more isp than ice that is having the same issue.

    So I do think there must be some kind off a issue with the dns setup.


    Steve, do you have any idea on why those dns servers (The ice one, and the one on the hotell is Sweden) are unable to resvolve our dns servers only? I think, that we do have an strange issue here that needs to be taken a closer look at.


    Regards,
    Kim - staff member Webhostnr 1

    Author
    Contents

    Ulf


    Posted on 02 Dec 2006 09:20 PM

    --------------------------------------------------------------------------------
    Webhostnr 1 Avd USA wrote:
    > Hi Steve
    > One of my staff members here at the Webhostnr 1 Norway office was in sweden on a hotell during a business trip and was also having the samme issue with the hotell isp that it was unable to resvolve. So there is at least one more isp than ice that is having the same issue.
    >
    > So I do think there must be some kind off a issue with the dns setup.

    Steve..

    If you have a BIND nameserver..

    ( it seems to be BIND 9.2.4 running )

    Can you check if there are multiple zones with names
    ending with webhostnr1.com defined in named.conf

    There should only be one with the name webhostnr1.com.
    There should not be any zones named "ns1.webhostnr1.com" etc..

    If.. named.conf if autogenerated with some tool it might be
    that you need to find out why there are subdomains to
    webhostnr1.com defined..

    If you are unsure you might send the named.conf file to me and i will
    have a look..


    /Uffe



    >
    >
    > Steve, do you have any idea on why those dns servers (The ice one, and the one on the hotell is Sweden) are unable to resvolve our dns servers only? I think, that we do have an strange issue here that needs to be taken a closer look at.
    >
    > Regards,
    > Kim - staff member Webhostnr 1
    > -----------------------------------------------
    > Med vennlig hilsen
    > Kim Engebretsen
    > Webhostnr 1 Kundesupport
    > www.webhostnr1.com
    > [email protected]
    >
    > Detaljer
    > ===================
    > Saksreferanse: LZD-193053
    > Avdeling: Webhostnr 1 Division USA
    > Prioritet: Normal
    > Status: pen (Open)
    >
    >
    >
    >





    Webhostnr 1 Division USA


    Posted on 02 Dec 2006 09:50 PM

    --------------------------------------------------------------------------------
    Hello,

    >>It seems that there is a subdomain ns1.webhostnr1.com defined as well
    in the nameserver.. Unless this has been configured with a reason
    ( which i cannot figure out ) these extra zones probably should be removed..

    The subdomain ns1.webhostnr1.com should be defined in the configuration file as if it not specified it will produce some error in the dns report and configuring an A record for the nameservers is need to avoid those error.

    When the Isp is not able to resolve the host there should be some problem with there setting or cached results as globally it is working fine. If you come across any such issues in future please provide us the result of the command so that we could verify whether the resolver provide by the ISP is working fine.

    nslookup webhostnr1.com

    Best Regards,
    Steve
    Webhostnr 1 division USA
    [email protected]



    Ulf


    Posted on 02 Dec 2006 10:25 PM

    --------------------------------------------------------------------------------
    Webhostnr 1 Avd USA wrote:
    > Hello,
    >
    >>> It seems that there is a subdomain ns1.webhostnr1.com defined as well
    > in the nameserver.. Unless this has been configured with a reason
    > ( which i cannot figure out ) these extra zones probably should be removed..
    >
    > The subdomain ns1.webhostnr1.com should be defined in the configuration file as if it not specified it will produce some error in the dns report and configuring an A record for the nameservers is need to avoid those error.

    There is no reason for defining a subdomain there.. Trust me..

    You seems to have a fairly standard domain and i do no see any reason
    for setting up a subdomain with the same name as a A-record used for the
    NS pointers for the main domain.. Please note here the difference
    between a subdomain and a host in the domain.

    I'm not sure if you understand my point here..

    A standard domain will look something like this..

    ---------------------------------------------
    example.com. IN SOA example.com. ........( soa parameters )
    IN NS ns1.example.com.
    IN NS ns2.example.com.


    www IN A 1.1.1.1
    pop3 IN A 1.1.1.2
    ns1 IN A 1.1.1.1
    ns2 IN A 1.1.1.2
    --------------------------------------------

    Ok.. so far everything is OK.

    adding some hosts for extra A-records used for other domains..

    ns3 IN A 1.1.1.3
    ns4 IN A 1.1.1.4

    Ok.. Everything is still OK..

    And.. you do not need anything else in order to have a working domain.


    But.. For some reason the nameserver has also been configured with some
    extra subdomains that is not delegated in the parent example.com.

    I.e.

    ns1.example.com. IN SOA .....
    IN NS ns1.example.com.
    IN NS ns2.example.com.

    www IN A 1.1.1.1
    pop3 IN A 1.1.1.2
    ns1 IN A 1.1.1.1
    ns2 IN A 1.1.1.2

    But...
    For in order to have this subdomain configured you also need to delegate
    them in the parent domain.. Here is the config then...

    ------------------------------------
    example.com. IN SOA example.com. ........( soa parameters )
    IN NS ns1.example.com.
    IN NS ns2.example.com.

    www IN A 1.1.1.1
    pop3 IN A 1.1.1.2
    ns1 IN A 1.1.1.1
    ns2 IN A 1.1.1.2
    ns3 IN A 1.1.1.3
    ns4 IN A 1.1.1.4
    ns1 IN NS ns1.example.com.
    ns1 IN NS ns2.example.com.
    ns2 IN NS ns1.example.com.
    ns2 IN NS ns2.example.com.

    Otherwise you break the delegation of the subdomains ns1.example.com and
    ns2.example.com.

    > When the Isp is not able to resolve the host there should be some problem with there setting or cached results as globally it is working fine. If you come across any such issues in future please provide us the result of the command so that we could verify whether the resolver provide by the ISP is working fine.

    Ok.. If you do not want to fix your broken (or spooky) config i cannot
    help you more than pointing out whats seems to be wrong..

    In this case.. we might be able to fix our resolvers to do the right
    thing.. But you have thousands of nameservers out there that might fail
    due to your config since we have 2 that fails...

    And then you run into problems with the next ISP and then the next ISP..
    and so on..;-)

    Regards

    /Uffe


    >
    > nslookup webhostnr1.com
    >
    > Best Regards,
    > Steve
    > Webhostnr 1 division USA
    > [email protected]
    >
    > Detaljer
    > ===================
    > Saksreferanse: LZD-193053
    > Avdeling: Webhostnr 1 Division USA
    > Prioritet: Normal
    > Status: Lukket (Closed)
    >
    >
    >
    >
      0 Not allowed!

  2. #2
    Join Date
    Jul 2002
    Location
    Tasmania, Australia
    Posts
    34,798
    OP has indicated this is resolved, so closed by request.
    If you dont like the road youre walking on, start paving a new one.
      0 Not allowed!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •