Solved

DNS entries messed up

Posted on 2004-08-19
10
610 Views
Last Modified: 2012-06-22
Hi, am running webserver and mail server on T1 line.  just had a new T1 line installed last weekend and the transition went smoothly.  I left everything the same on Register.com associated with my domain name except the IP address that the name was pointing to.

The hostname is with register.com and I have it pointing to my IP address for my web and mail server for our domain name.  Also, have the MX records pointing to the domain name of myserver.com and www.myserver.com.  

However, we started to have problems with AOL and them rejecting our email because of an incorrect Reverse DNS Lookup, or so the emails said.  ALso a few other companies were rejecting our mail because of the same problem.   THIS STARTED ONLY AFTER WE WERE ON OUR NEW T1, not the OLD ONE.  I called my ISP and they said that I needed to go the register.com and instead of having Register.com's DNS servers (dns41.register.com and (dns42.register.com) be authoritative for my domain name, I needed to change them to my ISP's DNS servers ( ns1.deltacom.net, and ns2.deltacom.net and ns6.deltacom.net).

So I did this and within 24 hours, anything associated with my domain name has quit working.  So as soon as I found this out, yesterday afternoon I changed my current DNS servers back to the ones from REGISTER.com.  It hasn't been 24 hours but it has been 15 hours and they still haven't reset, I guess that will take a little longer.

1)Does anyone know what the problem could be here?  Hopefully, this will resolve itself when the DNS servers across the net update and get the old DNS info back.

2)  Also, what is the REfresh time under SOA?  I changed this from 10800 seconds to 1000 seconds (the shortest that it would let me) to see if this would speed up the refresh time) (it didn't).

3)  Does it always take 24 hours or longer for the DNS servers across the NET to update? as I can't tell if my reset is working until they do.

4)  When I do a DNSstuff.com DNS lookup, I get
Searching for A record for designmca.com at g.root-servers.net:  Got referral to J.GTLD-SERVERS.NET. [took 198 ms]
Searching for A record for designmca.com at J.GTLD-SERVERS.NET.:  Got referral to ns1.deltacom.net. [took 200 ms]
Searching for A record for designmca.com at ns1.deltacom.net.:  Server failure! [took 300 ms].

Does this mean that the 3rd entry ns1.deltacom.net is down?  Could this also be related to my problem?  This is my ISP and they have been having trouble the last few days.  Or does this mean something else?

Thanks very much.




0
Comment
Question by:ebarrouk
10 Comments
 
LVL 15

Accepted Solution

by:
scampgb earned 500 total points
ID: 11840172
Hi ebarrouk,

I'm assuming that your domain is "designmca.com".
Take a look at www.checkdns.net and www.dnsreport.com - they show you very useful information.

Looking at it, your domain is well and truly broken I'm afraid.

According to www.internic.net, your name servers are NS2.DELTACOM.NET and NS1.DELTACOM.NET
Neither of these servers are acting authoritatively for your domain, so nothing on the Internet can really work out how to route anything.

ns1.deltacom.net isn't down, but it isn't responding correctly for your domain.

Waiting for DNS propogation isn't going to work here, as your Name Servers are broken.

So, the main question is, WHO is providing the DNS service for your domain?
Make sure that they've got your domain zone set up properly.  You can use the above utilities to test this.

That will then fix the problem.

REFRESH is how often name server caches will check to see if the data is valid.  You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

Hope that this helps, let me know if I can be of any further assistance.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11840176
Incidentally, AOL rejecting your emails are because the "PTR" DNS record for your mail server isn't set correctly.
This is quite likely if you've recently changed the IP address of your mail server, and you'll need to make sure that this is updated in your DNS zone files.

As I said above though, you need to make sure that your name servers are behaving properly first!


0
 

Author Comment

by:ebarrouk
ID: 11840387
Thanks alot for the reply.

Yesterday when I started to have the trouble, I change my name servers back to dns41.register.com and dns42.register.com.  I did this on the settings under my account at Register.com.  I got a confirmation email and replied to it and It said that it would take 24 hours to update.  

Do you think this will make the register.com DNS servers answer authoritatively for my domain name?  This is how I had it set until 2 days ago when I changed them to the deltacom DNS servers.

Thanks alot for you patience, I am still learning about this stuff.

ebarrouk
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11840487
This could explain quite a bit.  It takes a while for propogation of who the DNS servers are to take effect on the WHOIS and root name servers.
Unfortunately all you can do here is wait, given that you've had confirmation from them that the change is going through.

I suggest that you use the utilities I mentioned to monitor these and check what's going on.

As for the register.com DNS servers acting authoritatively - it depends on how they're set up.  There's a possibility that your zone files will have been deleted from their servers when you updated the records to point elsewhere.
I suggest that you contac the tech support people at register.com and ask them to confirm that they have valid zone files set up for you.

Ask them to email you a dump of these zone files, and then you can check them for accuracy.
If you wanted to post them here, along with the IPs of your servers, I'd be happy to sanity check them for you.

Don't worry about not understanding it too well, I'm happy to help.  DNS takes a bit of getting used to, and you need to consider what you're doing before you do it.  Otherwise you end up in these situations :-)

I've been in enough "ISPs have screwed up my DNS" situations to want to help anyone get out of it!
0
 
LVL 2

Expert Comment

by:marcin79
ID: 11841051
For me it looks like your ISP doesn't have a rev-dns entry in his dns servers. You shold ask your ISP to either enter a correct rev-dns information or force him to move this (rev-dns) information to your servers. Thats why it works on old line (correct entries in rev-dns servers of your previous ISP) and does not work on your new line (new ip, new isp which does know anything about your domain configuration). It's difficult to check it at the mement becouse i can't find any A or MX entry for this domain.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:ebarrouk
ID: 11841129
Thanks again.

I guess I will just wait.  As far as I can tell, from my account at register.com, the DNS servers from register.com are not authoritative for my domain name.  It has been about 24 hours now, but they say it can take up to 72 hours.  I will continue to check with the tools that you recommended and will keep you posted.

Thanks again.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11842378
OK - best of luck! :-)
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 11843742
> However, we started to have problems with AOL and them rejecting our email because of an incorrect Reverse DNS
> Lookup, or so the emails said.  ALso a few other companies were rejecting our mail because of the same problem.  

Checking that the result from a reverse DNS lookup is "correct" is actually pretty difficult.  The times that I've seen this sort of reverse-DNS check fail, it has been because there was NO reverse-DNS result *at all*.  So it should have been sufficient to request that your new ISP provide reverse-DNS resolutions for the address(es) issued to you(*); if the problem persisted, you MIGHT need them to provide specific responses.

* - Delegating reverse-DNS on other than octet boundaries is a terrible pain.  There's nothing that requires that the reverse-DNS info for your address block(s) come from the same server, or provider, as the normal DNS lookup for your domain(s) -- although you'd probably put them on the same servers if you were managing them locally instead of getting ISPs to do it for you.

Shortening the SOA timeout can help speed propagation of a DNS change, but (a) only to caches that have updated since the time was shortened (if you want a cahnge to propagate quickly, you need to make the timeout change at least 24 hours ahead), and (b) leaving it short means that a whole bunch of clients who COULD have cached the info are going to be constantly refreshing, driving up load on the DNS server (not much of an issue if it's your own, but an ISP might object to doing this to one of theirs...).

0
 

Author Comment

by:ebarrouk
ID: 11861684
thanks guys, got this all straightened out.

I reset the DNS servers to be the default ones for register.com.

After about 48 hours, these changes were propegated through to all the other DNS servers.

Then everything started working again.

Thanks for the help.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11863241
Hi.  Thanks for the "A".  Glad I could help.

Morals of the story:
Be careful with DNS
If it ain't broke, don't fix it :-)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now