[Webinar] Streamline your web hosting managementRegister Today


DNS entries messed up

Posted on 2004-08-19
Medium Priority
Last Modified: 2012-06-22
Hi, am running webserver and mail server on T1 line.  just had a new T1 line installed last weekend and the transition went smoothly.  I left everything the same on Register.com associated with my domain name except the IP address that the name was pointing to.

The hostname is with register.com and I have it pointing to my IP address for my web and mail server for our domain name.  Also, have the MX records pointing to the domain name of myserver.com and www.myserver.com.  

However, we started to have problems with AOL and them rejecting our email because of an incorrect Reverse DNS Lookup, or so the emails said.  ALso a few other companies were rejecting our mail because of the same problem.   THIS STARTED ONLY AFTER WE WERE ON OUR NEW T1, not the OLD ONE.  I called my ISP and they said that I needed to go the register.com and instead of having Register.com's DNS servers (dns41.register.com and (dns42.register.com) be authoritative for my domain name, I needed to change them to my ISP's DNS servers ( ns1.deltacom.net, and ns2.deltacom.net and ns6.deltacom.net).

So I did this and within 24 hours, anything associated with my domain name has quit working.  So as soon as I found this out, yesterday afternoon I changed my current DNS servers back to the ones from REGISTER.com.  It hasn't been 24 hours but it has been 15 hours and they still haven't reset, I guess that will take a little longer.

1)Does anyone know what the problem could be here?  Hopefully, this will resolve itself when the DNS servers across the net update and get the old DNS info back.

2)  Also, what is the REfresh time under SOA?  I changed this from 10800 seconds to 1000 seconds (the shortest that it would let me) to see if this would speed up the refresh time) (it didn't).

3)  Does it always take 24 hours or longer for the DNS servers across the NET to update? as I can't tell if my reset is working until they do.

4)  When I do a DNSstuff.com DNS lookup, I get
Searching for A record for designmca.com at g.root-servers.net:  Got referral to J.GTLD-SERVERS.NET. [took 198 ms]
Searching for A record for designmca.com at J.GTLD-SERVERS.NET.:  Got referral to ns1.deltacom.net. [took 200 ms]
Searching for A record for designmca.com at ns1.deltacom.net.:  Server failure! [took 300 ms].

Does this mean that the 3rd entry ns1.deltacom.net is down?  Could this also be related to my problem?  This is my ISP and they have been having trouble the last few days.  Or does this mean something else?

Thanks very much.

Question by:ebarrouk
LVL 15

Accepted Solution

scampgb earned 2000 total points
ID: 11840172
Hi ebarrouk,

I'm assuming that your domain is "designmca.com".
Take a look at www.checkdns.net and www.dnsreport.com - they show you very useful information.

Looking at it, your domain is well and truly broken I'm afraid.

According to www.internic.net, your name servers are NS2.DELTACOM.NET and NS1.DELTACOM.NET
Neither of these servers are acting authoritatively for your domain, so nothing on the Internet can really work out how to route anything.

ns1.deltacom.net isn't down, but it isn't responding correctly for your domain.

Waiting for DNS propogation isn't going to work here, as your Name Servers are broken.

So, the main question is, WHO is providing the DNS service for your domain?
Make sure that they've got your domain zone set up properly.  You can use the above utilities to test this.

That will then fix the problem.

REFRESH is how often name server caches will check to see if the data is valid.  You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

Hope that this helps, let me know if I can be of any further assistance.
LVL 15

Expert Comment

ID: 11840176
Incidentally, AOL rejecting your emails are because the "PTR" DNS record for your mail server isn't set correctly.
This is quite likely if you've recently changed the IP address of your mail server, and you'll need to make sure that this is updated in your DNS zone files.

As I said above though, you need to make sure that your name servers are behaving properly first!


Author Comment

ID: 11840387
Thanks alot for the reply.

Yesterday when I started to have the trouble, I change my name servers back to dns41.register.com and dns42.register.com.  I did this on the settings under my account at Register.com.  I got a confirmation email and replied to it and It said that it would take 24 hours to update.  

Do you think this will make the register.com DNS servers answer authoritatively for my domain name?  This is how I had it set until 2 days ago when I changed them to the deltacom DNS servers.

Thanks alot for you patience, I am still learning about this stuff.

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

LVL 15

Expert Comment

ID: 11840487
This could explain quite a bit.  It takes a while for propogation of who the DNS servers are to take effect on the WHOIS and root name servers.
Unfortunately all you can do here is wait, given that you've had confirmation from them that the change is going through.

I suggest that you use the utilities I mentioned to monitor these and check what's going on.

As for the register.com DNS servers acting authoritatively - it depends on how they're set up.  There's a possibility that your zone files will have been deleted from their servers when you updated the records to point elsewhere.
I suggest that you contac the tech support people at register.com and ask them to confirm that they have valid zone files set up for you.

Ask them to email you a dump of these zone files, and then you can check them for accuracy.
If you wanted to post them here, along with the IPs of your servers, I'd be happy to sanity check them for you.

Don't worry about not understanding it too well, I'm happy to help.  DNS takes a bit of getting used to, and you need to consider what you're doing before you do it.  Otherwise you end up in these situations :-)

I've been in enough "ISPs have screwed up my DNS" situations to want to help anyone get out of it!

Expert Comment

ID: 11841051
For me it looks like your ISP doesn't have a rev-dns entry in his dns servers. You shold ask your ISP to either enter a correct rev-dns information or force him to move this (rev-dns) information to your servers. Thats why it works on old line (correct entries in rev-dns servers of your previous ISP) and does not work on your new line (new ip, new isp which does know anything about your domain configuration). It's difficult to check it at the mement becouse i can't find any A or MX entry for this domain.

Author Comment

ID: 11841129
Thanks again.

I guess I will just wait.  As far as I can tell, from my account at register.com, the DNS servers from register.com are not authoritative for my domain name.  It has been about 24 hours now, but they say it can take up to 72 hours.  I will continue to check with the tools that you recommended and will keep you posted.

Thanks again.
LVL 15

Expert Comment

ID: 11842378
OK - best of luck! :-)
LVL 11

Expert Comment

ID: 11843742
> However, we started to have problems with AOL and them rejecting our email because of an incorrect Reverse DNS
> Lookup, or so the emails said.  ALso a few other companies were rejecting our mail because of the same problem.  

Checking that the result from a reverse DNS lookup is "correct" is actually pretty difficult.  The times that I've seen this sort of reverse-DNS check fail, it has been because there was NO reverse-DNS result *at all*.  So it should have been sufficient to request that your new ISP provide reverse-DNS resolutions for the address(es) issued to you(*); if the problem persisted, you MIGHT need them to provide specific responses.

* - Delegating reverse-DNS on other than octet boundaries is a terrible pain.  There's nothing that requires that the reverse-DNS info for your address block(s) come from the same server, or provider, as the normal DNS lookup for your domain(s) -- although you'd probably put them on the same servers if you were managing them locally instead of getting ISPs to do it for you.

Shortening the SOA timeout can help speed propagation of a DNS change, but (a) only to caches that have updated since the time was shortened (if you want a cahnge to propagate quickly, you need to make the timeout change at least 24 hours ahead), and (b) leaving it short means that a whole bunch of clients who COULD have cached the info are going to be constantly refreshing, driving up load on the DNS server (not much of an issue if it's your own, but an ISP might object to doing this to one of theirs...).


Author Comment

ID: 11861684
thanks guys, got this all straightened out.

I reset the DNS servers to be the default ones for register.com.

After about 48 hours, these changes were propegated through to all the other DNS servers.

Then everything started working again.

Thanks for the help.
LVL 15

Expert Comment

ID: 11863241
Hi.  Thanks for the "A".  Glad I could help.

Morals of the story:
Be careful with DNS
If it ain't broke, don't fix it :-)

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question