DNS fun

Diagnosing DNS trouble is especially fun because of caching. If you keep doing dig sowbug.org over and over, all you're usually doing is reading the cached value from your local DNS server, rather than confirming that the changes you've made at your registrar are taking effect. So I came up with the following method to try to trace exactly what was happening. It might be wrong, but it seems to make sense.

  1. dig sldfkjalfkajdfldsj.com: The hope in doing this was that I'd get an NXDOMAIN error from the highest possible authority (i.e., farthest from my local DNS). This returned the following:
    ;; AUTHORITY SECTION:
com.      10800   IN  SOA     a.gtld-servers.net. \
nstld.verisign-grs.com. 1120164931 1800 900 604800 900
  2. dig @a.gtld-servers.net sowbug.org: In other words, ask a.gtld-servers.net what it thinks about sowbug.org:
    ;; AUTHORITY SECTION:
.         172800  IN      NS      k.root-servers.net.
.         172800  IN      NS      d.root-servers.net.
  3. dig @k.root-servers.net sowbug.org: Lather, rinse, repeat:
    ;; AUTHORITY SECTION:
org.      172800  IN      NS      tld1.ultradns.net.
  4. dig @tld1.ultradns.net sowbug.org: Ah, now we're getting somewhere:
    ;; AUTHORITY SECTION:
sowbug.org.   86400   IN  NS  park4.secureserver.net.
sowbug.org.   86400   IN  NS  park3.secureserver.net.

At this point I figured out that the root nameservers had the wrong nameservers listed for my domain. So I continued to fiddle with the registrar's self-service web page, and eventually got it right.

Categories

geek
By Mike Tsao on June 30, 2005 2:05 PM |

Search

About this Entry

This page contains a single entry by Mike Tsao published on June 30, 2005 2:05 PM.

Server configuration was the previous entry in this blog.

Hammock is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.2-en