OT: dot org domain resolution

DAve dave.list at pixelhammer.com
Mon Oct 22 23:23:53 IST 2007


Hugo van der Kooij wrote:
> DAve wrote:
>> This is the fastest response ML I am on, so I will bug you guys ;^)
> 
>> Currently we have some dot org domains as clients who now have no A or
>> MX records cached locally so they cannot see their own websites, and are
>> having mail issues as well. After much checking, and testing, and server
>> log reviewing, we discovered this.
> 
>> Go to dnsstuff.org and run a ALL query on *any* dot org domain.
>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing
>> but NS records are returned. If the root server refers to
>> AFILIAS-NST.org you get all records. We see this reslt for our client's
>> domains as well openoffice.org, slashdot.org, freebsd.org.
> 
> What is the bad things here? Are the root servers not supposed to hand
> out only NS records for the next level? They should not be used as
> global resolvers.

I agree. My understanding has always been root-server -> tld-server ->
authoritative-server which returns the requested record.

Oddly some clients never query past ultradns after receiving the
authoritative server for their request. Though, those same clients are
doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems
to do that as well.

Possibly because the ultradns server returns no SOA record?

> 
> My guess is that you got a local DNS issue to resolv here.

As I said above, "clients who now have no A or MX records cached
locally". Our servers seem fine, only very clients have seen the issue.

> 
> So where do I find anything ORG. like? Let us just ask localy:
> 
> $ dig org. any
> ;; QUESTION SECTION:
> ;org.                           IN      ANY
> ;; ANSWER SECTION:
> org.                    83204   IN      NS      tld1.ultradns.net.
> org.                    83204   IN      NS      tld2.ultradns.net.
> org.                    83204   IN      NS      a0.org.afilias-nst.info.
> org.                    83204   IN      NS      b0.org.afilias-nst.org.
> org.                    83204   IN      NS      c0.org.afilias-nst.info.
> org.                    83204   IN      NS      d0.org.afilias-nst.org.
> 
> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask
> tld1.ultradns.net. for this:
> 
> $ dig vanderkooij.org. any @tld1.ultradns.net.
> ;; QUESTION SECTION:
> ;vanderkooij.org.               IN      ANY
> ;; ANSWER SECTION:
> vanderkooij.org.        86400   IN      NS      ns5.mydyndns.org.
> vanderkooij.org.        86400   IN      NS      ns4.mydyndns.org.
> vanderkooij.org.        86400   IN      NS      ns3.mydyndns.org.
> vanderkooij.org.        86400   IN      NS      ns2.mydyndns.org.
> vanderkooij.org.        86400   IN      NS      hvdkooij.xs4all.nl.
> 
> Sounds to me like the way DNS is supposed to work.

Yep, I thought so as well. And org queries also resolve properly from
all our name servers.

> 
>> I called ultradns and they didn't seem too concerned, but said they
>> would look into it.
> 
>> Am I crazy?
> 
> You might. But it does not nescessarily have any bearing on the question
> at hand ;-)

I can find nothing else in common between the clients with an issue except,
A) every client has org for a TLD
B) every client experiences the problem sporadicly
C) ultradns is the only server not returning a SOA record.

At this point I am unable to understand why they cannot get a MX record
and mail does not arrive at the mailscanner servers. Or why they cannot
get an A record and see their own website.

Baffling...

DAve
-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.


More information about the MailScanner mailing list