OT: dot org domain resolution

DAve dave.list at pixelhammer.com
Tue Oct 23 03:08:36 IST 2007 

Ken A wrote:
> DAve wrote:
>> Hugo van der Kooij wrote:
>>> DAve wrote:
>>>> This is the fastest response ML I am on, so I will bug you guys ;^)
>>>> Currently we have some dot org domains as clients who now have no A or
>>>> MX records cached locally so they cannot see their own websites, and
>>>> are
>>>> having mail issues as well. After much checking, and testing, and
>>>> server
>>>> log reviewing, we discovered this.
>>>> Go to dnsstuff.org and run a ALL query on *any* dot org domain.
>>>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing
>>>> but NS records are returned. If the root server refers to
>>>> AFILIAS-NST.org you get all records. We see this reslt for our client's
>>>> domains as well openoffice.org, slashdot.org, freebsd.org.
>>> What is the bad things here? Are the root servers not supposed to hand
>>> out only NS records for the next level? They should not be used as
>>> global resolvers.
>>
>> I agree. My understanding has always been root-server -> tld-server ->
>> authoritative-server which returns the requested record.
>>
>> Oddly some clients never query past ultradns after receiving the
>> authoritative server for their request. Though, those same clients are
>> doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems
>> to do that as well.
>>
>> Possibly because the ultradns server returns no SOA record?
>>
>>> My guess is that you got a local DNS issue to resolv here.
>>
>> As I said above, "clients who now have no A or MX records cached
>> locally". Our servers seem fine, only very clients have seen the issue.
>>
>>> So where do I find anything ORG. like? Let us just ask localy:
>>>
>>> $ dig org. any
>>> ;; QUESTION SECTION:
>>> ;org.                           IN      ANY
>>> ;; ANSWER SECTION:
>>> org.                    83204   IN      NS      tld1.ultradns.net.
>>> org.                    83204   IN      NS      tld2.ultradns.net.
>>> org.                    83204   IN      NS      a0.org.afilias-nst.info.
>>> org.                    83204   IN      NS      b0.org.afilias-nst.org.
>>> org.                    83204   IN      NS      c0.org.afilias-nst.info.
>>> org.                    83204   IN      NS      d0.org.afilias-nst.org.
>>>
>>> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask
>>> tld1.ultradns.net. for this:
>>>
>>> $ dig vanderkooij.org. any @tld1.ultradns.net.
>>> ;; QUESTION SECTION:
>>> ;vanderkooij.org.               IN      ANY
>>> ;; ANSWER SECTION:
>>> vanderkooij.org.        86400   IN      NS      ns5.mydyndns.org.
>>> vanderkooij.org.        86400   IN      NS      ns4.mydyndns.org.
>>> vanderkooij.org.        86400   IN      NS      ns3.mydyndns.org.
>>> vanderkooij.org.        86400   IN      NS      ns2.mydyndns.org.
>>> vanderkooij.org.        86400   IN      NS      hvdkooij.xs4all.nl.
>>>
>>> Sounds to me like the way DNS is supposed to work.
>>
>> Yep, I thought so as well. And org queries also resolve properly from
>> all our name servers.
>>
>>>> I called ultradns and they didn't seem too concerned, but said they
>>>> would look into it.
>>>> Am I crazy?
>>> You might. But it does not nescessarily have any bearing on the question
>>> at hand ;-)
>>
>> I can find nothing else in common between the clients with an issue
>> except,
>> A) every client has org for a TLD
>> B) every client experiences the problem sporadicly
>> C) ultradns is the only server not returning a SOA record.
>>
>> At this point I am unable to understand why they cannot get a MX record
>> and mail does not arrive at the mailscanner servers. Or why they cannot
>> get an A record and see their own website.
>>
>> Baffling...
>>
>> DAve
> 
> .org sometimes = grant funded, microsoft domain server or sexchange
> configured to host the 'domain' .. sometimes.. it seems clueless admins
> setup their own domain on their own network and so can't reach the real
> one.. just a thought, but I've seen it a few times.
> Ken
> 
> 

That is becoming my current theory, the client AD failing to properly
handle the ultradns response. The one difference I can point to is
ultradns is the only service not providing a SOA record.

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

More information about the MailScanner mailing list