Re: Weird DNS issues for domains

[Bjørn Mork <bjorn () mork no>]

Matthew Crocker <matthew () crocker com> writes:

> > I just tested it from a Verizon DSL host and it worked.
> >
> > You might want to consider reading RFC 2182 though, particularly the
> > part about geographically diverse nameservers.
>
> Yeah, yeah,  that is overrated.  If my site goes dark and my DNS goes  
> down it doesn't really matter as the bandwidth and the web server  
> will also be down.  Having a live DNS server in another part of the  
> country won't help if the access routers handling the traffic for the  
> T1 to the school is also down.
>
> Geographically diverse name servers sounds great in theory but for  
> this application it won't gain any redundancy.

I wonder what that application could be... Single server with two
addresses?  Two servers behind a failing firewall? Well, if you don't
care then why should we?

There's definitely something seriously wrong with your configuration,
and it is related to the two colocated servers.  I sometimes get the
result below.  Works once, and then it fails because of answers from
the wrong address:


bjorn@canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth1.crocker.com

; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34405
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.mtrsd.k12.ma.us.           IN      A

;; ANSWER SECTION:
www.mtrsd.k12.ma.us.    604800  IN      A       159.250.29.161

;; AUTHORITY SECTION:
mtrsd.k12.ma.us.        604800  IN      NS      dns-auth2.crocker.com.
mtrsd.k12.ma.us.        604800  IN      NS      dns-auth1.crocker.com.

;; ADDITIONAL SECTION:
dns-auth2.crocker.com.  600     IN      A       204.97.12.57
dns-auth1.crocker.com.  600     IN      A       204.97.12.58

;; Query time: 279 msec
;; SERVER: 204.97.12.58#53(dns-auth1.crocker.com)
;; WHEN: Thu Sep 29 21:11:17 2005
;; MSG SIZE  rcvd: 144

bjorn@canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth2.crocker.com

; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth2.crocker.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44398
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.mtrsd.k12.ma.us.           IN      A

;; ANSWER SECTION:
www.mtrsd.k12.ma.us.    604800  IN      A       159.250.29.161

;; AUTHORITY SECTION:
mtrsd.k12.ma.us.        604800  IN      NS      dns-auth2.crocker.com.
mtrsd.k12.ma.us.        604800  IN      NS      dns-auth1.crocker.com.

;; ADDITIONAL SECTION:
dns-auth2.crocker.com.  600     IN      A       204.97.12.57
dns-auth1.crocker.com.  600     IN      A       204.97.12.58

;; Query time: 255 msec
;; SERVER: 204.97.12.57#53(dns-auth2.crocker.com)
;; WHEN: Thu Sep 29 21:11:21 2005
;; MSG SIZE  rcvd: 144

bjorn@canardo:~$ dig www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; reply from unexpected source: 204.97.12.57#53, expected 204.97.12.58#53
;; reply from unexpected source: 204.97.12.57#53, expected 204.97.12.58#53

; <<>> DiG 9.2.4 <<>> www.mtrsd.k12.ma.us @dns-auth1.crocker.com
;; global options:  printcmd
;; connection timed out; no servers could be reached


After a while the session seems to time out and things will work
again.  Once, before the same shit happens again.


Bjørn