Thursday, October 30, 2014

domain name system - Nameserver working for all TLDs except .org




I've recently set up a private name server (ns1.mediamechanic.net / ns2.mediamechanic.net), and it appears to be working for everything except our .org domains (see obapps.org).



As far as I can tell, the failure is happening before the request ever makes its way to our server, so presumably something is wrong on the side of our registrar (eNom).



When I do a trace on a working TLD (.com, .net) I get this:



===================================================
Sending request to "e,gtld-servers.net" (192.12.94.30)
===================================================

Received referral response - DNS servers for "iclaimpreview.com":
-> ns1.mediamechanic.net (216.114.240.114)
-> ns2.mediamechanic.net (208.115.254.250)
===================================================
Sending request to "ns1.mediamechanic.net" (216.144.240.114)
===================================================
Received authoritative (AA) response:
-> Answer: A-record for iclaimpreview.com = 216.114.240.114
-> Authority: NS-record for iclaimpreview.com = ns2.dallas-idc.com
-> Authority: NS-record for iclaimpreview.com = ns2.dallas-idc.com

===================================================


A .org yields this:



===================================================
Attempting to resolve DNS server name "ns1.mediamechanic.net" (details not logged)
===================================================
Failed to resolve DNS server name - error: No such host is known
===================================================

Attempting to resolve DNS server name "ns2.mediamechanic.net" (details not logged)
===================================================
Failed to resolve DNS server name - error: No such host is known
===================================================
Failed to resolve - no more DNS servers left to try
===================================================


It seems that for the .org, it’s unable even to find the name server, which doesn’t make a ton of sense, so I’m at a loss.


Answer




The error messages in the question actually say it all, the problem is simply that the names ns{1,2}.mediamechanic.net referenced in your NS records do not resolve at this point in time.



For .com/.net it "kind of works" despite there being an obvious problem because many resolvers just use the received glue without looking up the authoritative records. Both these TLDs are on the same set of nameservers so glue is provided in both these cases.



In the case of .org that TLD is on an entirely different set of nameservers so there is no glue there. The resolver will then try to look these names up and that is currently impossible.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...