OT: dot org domain resolution

[Ken A]

DAve wrote:
> Hugo van der Kooij wrote:
>> DAve wrote:
>>> This is the fastest response ML I am on, so I will bug you guys ;^)
>>> Currently we have some dot org domains as clients who now have no A or
>>> MX records cached locally so they cannot see their own websites, and are
>>> having mail issues as well. After much checking, and testing, and server
>>> log reviewing, we discovered this.
>>> Go to dnsstuff.org and run a ALL query on *any* dot org domain.
>>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing
>>> but NS records are returned. If the root server refers to
>>> AFILIAS-NST.org you get all records. We see this reslt for our client's
>>> domains as well openoffice.org, slashdot.org, freebsd.org.
>> What is the bad things here? Are the root servers not supposed to hand
>> out only NS records for the next level? They should not be used as
>> global resolvers.
> 
> I agree. My understanding has always been root-server -> tld-server ->
> authoritative-server which returns the requested record.
> 
> Oddly some clients never query past ultradns after receiving the
> authoritative server for their request. Though, those same clients are
> doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems
> to do that as well.
> 
> Possibly because the ultradns server returns no SOA record?
> 
>> My guess is that you got a local DNS issue to resolv here.
> 
> As I said above, "clients who now have no A or MX records cached
> locally". Our servers seem fine, only very clients have seen the issue.
> 
>> So where do I find anything ORG. like? Let us just ask localy:
>>
>> $ dig org. any
>> ;; QUESTION SECTION:
>> ;org.                           IN      ANY
>> ;; ANSWER SECTION:
>> org.                    83204   IN      NS      tld1.ultradns.net.
>> org.                    83204   IN      NS      tld2.ultradns.net.
>> org.                    83204   IN      NS      a0.org.afilias-nst.info.
>> org.                    83204   IN      NS      b0.org.afilias-nst.org.
>> org.                    83204   IN      NS      c0.org.afilias-nst.info.
>> org.                    83204   IN      NS      d0.org.afilias-nst.org.
>>
>> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask
>> tld1.ultradns.net. for this:
>>
>> $ dig vanderkooij.org. any @tld1.ultradns.net.
>> ;; QUESTION SECTION:
>> ;vanderkooij.org.               IN      ANY
>> ;; ANSWER SECTION:
>> vanderkooij.org.        86400   IN      NS      ns5.mydyndns.org.
>> vanderkooij.org.        86400   IN      NS      ns4.mydyndns.org.
>> vanderkooij.org.        86400   IN      NS      ns3.mydyndns.org.
>> vanderkooij.org.        86400   IN      NS      ns2.mydyndns.org.
>> vanderkooij.org.        86400   IN      NS      hvdkooij.xs4all.nl.
>>
>> Sounds to me like the way DNS is supposed to work.
> 
> Yep, I thought so as well. And org queries also resolve properly from
> all our name servers.
> 
>>> I called ultradns and they didn't seem too concerned, but said they
>>> would look into it.
>>> Am I crazy?
>> You might. But it does not nescessarily have any bearing on the question
>> at hand ;-)
> 
> I can find nothing else in common between the clients with an issue except,
> A) every client has org for a TLD
> B) every client experiences the problem sporadicly
> C) ultradns is the only server not returning a SOA record.
> 
> At this point I am unable to understand why they cannot get a MX record
> and mail does not arrive at the mailscanner servers. Or why they cannot
> get an A record and see their own website.
> 
> Baffling...
> 
> DAve

.org sometimes = grant funded, microsoft domain server or sexchange 
configured to host the 'domain' .. sometimes.. it seems clueless admins 
setup their own domain on their own network and so can't reach the real 
one.. just a thought, but I've seen it a few times.
Ken


-- 
Ken Anderson
Pacific.Net