umm... eh? my DNS is whacko...

Need help? Ask here.

Moderator: Moderators

Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

umm... eh? my DNS is whacko...

Post by Cobi »

umm, an A record != NS record
http://dnsstuff.com/tools/traversal.ch? ... org&type=A
and, your servers are the only ones that report a cname still for other domains
http://dnsstuff.com/tools/traversal.ch? ... org&type=A
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Our DNS servers only do what they're told to by the master; we don't fix up any of the zone records that are transferred in. EveryDNS is using tinydns, which will handle some things differently than BIND9 will (which is what we use). That said, the nameservers are returning valid data for my domains and a handful of other secondary domains I randomly checked. You might try removing the wildcard records. I suspect that tinydns is just feeding back the IP address when it encounters a wildcard-based entry, whereas BIND creates a lookup chain.

Since you do not have "test.winbots.org" defined by any means other than a wildcard, BIND will do something like this to find the IP address:

test.winbots.org matches wildcard CNAME cobi.winbots.org.
cobi.winbots.org is defined as an A record for 24.136.175.7

test.winbots.org => cobi.winbots.org => 24.136.175.7

Nothing is actually wrong. The script you pointed me to either doesn't have explicit handling for wildcard entries, or doesn't take the CNAME chain far enough.
Technical Support support@rollernet.us
Roller Network LLC
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

actually everydns isnt the master, they are both slave'd to a stealth master...
but i got rid of the cnames in the master and replaced them with A's almost a week ago... I'm just confused as to why it hasnt been updated on rollernet yet...
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Does your master send a NOTIFY? The RollerNet DNS doesn't do periodic reloads, it waits for the master to send a NOTIFY before it will do an AXFR/IXFR to update the zone. EveryDNS queries for changes every hour since tinydns doesn't have a native NOTIFY mechanisim.
Technical Support support@rollernet.us
Roller Network LLC
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

no it doesnt send notify, it is a tinydns server.

Anyway I could cron a script to send notify to your server?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Yes, you can. There's some stuff on tinydns.org towards the bottom of the page, too.
Technical Support support@rollernet.us
Roller Network LLC
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

ok I think I found a notify script, I just need to wait and see if rollernet gets the zone now :P

P.S. for those interested, the script is here: http://tinydns.org/dnsnotify
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

no zone update as of yet :(
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Zone updates are instant when we get a NOTIFY from the master. Here's what our logs say:

Code: Select all

Apr 17 14:02:39 isidore named[1809]: received notify for zone 'winbots.org'
Apr 17 14:02:39 isidore named[1809]: zone winbots.org/IN: refresh: unexpected rcode (REFUSED) from master 24.136.174.165#53
Technical Support support@rollernet.us
Roller Network LLC
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

hmm... from three places on the internet, when i try i always get this:

Code: Select all

<Snip>
;; Received 54 answers (54 records). 
;; FROM: <snip> to SERVER: 24.136.174.165 
;; WHEN: Sun Apr 17 19:16:58 2005
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

I'm not quite sure what that means.
Technical Support support@rollernet.us
Roller Network LLC
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

from one of the servers type this:
dig @ns1.winbots.za.net winbots.org AXFR
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

dig returns the proper information on both of the nameservers, but BIND is errors out when trying to load the zone with the same error message as above. I tried disabling IXFR in BIND, too, but that didn't work either. At this point I'm not sure what's going on; other domains are transferring normally when we get a notify, so it's not a server wide problem. All I can think of is that BIND doesn't like the response it's getting.

Here's the result of the attempt in tcpdump:

Code: Select all

00:19:36.577949 IP (tos 0x0, ttl  39, id 0, offset 0, flags [DF], length: 57) 24.136.174.165.53 > 67.118.43.92.40361: [udp sum ok]  59777 Refused- q: SOA? winbots.org. 0/0/0 (29)
        0x0000:  4500 0039 0000 4000 2711 1db5 1888 aea5  E..9..@.'.......
        0x0010:  4376 2b5c 0035 9da9 0025 fd9e e981 8005  Cv+\.5...%......
        0x0020:  0001 0000 0000 0000 0777 696e 626f 7473  .........winbots
        0x0030:  036f 7267 0000 0600 01                   .org.....
Technical Support support@rollernet.us
Roller Network LLC
Cobi
Posts: 12
Joined: Sat Apr 16, 2005 9:41 pm

Post by Cobi »

does that tcp dump look like the tcp dumps of other zone transfers?
EDIT: http://www.fefe.de/djbdns/#bind9axfr
djbdns-FAQ wrote: BIND 9 won't accept AXFRs from djbdns!
Greg Hewgill posted a patch to djbdns-1.04 to the mailing list. I heard the BIND people fixed this in recent BIND 9 versions (it was, of course, a BIND bug).
do you want me to patch my djbdns or do you want to patch bind 9?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Thanks for the info. It is probably better for the long run that I fix the problem with BIND rather than force everyone else to work around it, but I need to do a little more research before upgrading. I apologize for the inconvenience and hopefully this will be resolved soon.
Technical Support support@rollernet.us
Roller Network LLC
Post Reply