Re: Nameserver update

Hi,

out of interest why are you using nslookup, i though dig is the tool recommended these days...

On 6/28/07, Till Wimmer <g4-lisz@tonarchiv.ch> wrote:
> I) TTL of SOA is much to short!
> My SOA looks like this:
> origin = dns.substring.ch
> mail addr = noc.substring.ch
> serial = 2007060701
> refresh = 21600
> retry = 3600
> expire = 604800
> minimum = 86400

that is on purpose for the moment (trying to get rid of the mismatched glue records) The com server do have the wrong ip of our NS.

> II) For all the mailing related stuff you should make sure that your MX
> names are the same the IP resolves to and vice versa.
> Another problem is that mx.openforce.com resolves to 62.99.149.109 and
> is claiming to be openforce.com (HELO), but openforce.com resolves to
> 62.99.149.107.
> ||62.99.149.107 resolves to 62-99-149-107.ifo.net. A well configured MTA
> doesn't like this...
> You should configure your MTA to answer with mx.openforce.com in his
> greeting sequence.

hmm true didn't pay attention to the mx stuff as we're in the middle of migrating our office. that's a 30 second thing

> III) Then there is some contradiction in your NS' answers.
> ns10.openforce.com ist claiming there are 3 NS, but the other say there

that is what our dns registrar told me. Again, once the glue is (hopefully) updated at the parent servers that should be solved (or then I can at least update our slave nameservers to whatever the parent servers say) for the moment ns24 and ns34 are the nameservers that should be slaves for us (according to our providers info)

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

> IV) ns24.ifo.net is "Open DNS server". It can be queried for domains
> which it's not authoritative for:

not my fault :)

that is our registrar already told them about this but they don't want to change it.

> develop@schlunze:~$ nslookup - ns24.ifo.net
> > substring.ch
> Server: ns24.ifo.net
> Address: 217.29.159.135#53
>
> Non-authoritative answer:
> Name: substring.ch
> Address: 80.242.134.171

so that was you! :)

and i was wondering why we got queried for that domain :)

> V) "Mismatched glue":
> If this is not a caching /TTL issue, it's really a bad thing. The root
> server says, ns10.openforce.com is at 62.99.149.110, but your NS says,
> it's at 81.223.107.117.
> Your domains registrar should update the root record:

I told them to do so, but I guess we'll ditch them that is the second time with massive problems.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

> develop@schlunze:~$ nslookup - i.gtld-servers.net
> > set type=ns
> > openforce.com
> Server: i.gtld-servers.net
> Address: 192.43.172.30#53
>
> Non-authoritative answer:
> openforce.com nameserver = ns10.openforce.com.
> openforce.com nameserver = ns34.ifo.net.
>
> Authoritative answers can be found from:
> ns10.openforce.com internet address = 62.99.149.110

incorrect address the correct address is 81.223.107.117 as you have seen below - and that is the root of all my problems :/

I'm pretty confident they messed something up the dnsstuff report was fine before the update and i triple checked the the AXFRs to match. SOA TTL records are my fault now true but right now i'm dead in the water and if those NS updates won't propagate soon we'll lose connectivity as we need to move a couple of servers to the new office since the old uplink is being closed down in 2 weeks.

thanks for checking
martin

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org