Solved

DNS question

Posted on 2006-11-21
4
236 Views
Last Modified: 2010-04-10
Maybe I'm over thinking this or missing something - but I need help.

We are in the process of trying to migrate our web presence to a shorter domain name. Essentially, our internal domain will remain alongerdomainname.com, while our website / email addresses will change to short.com. I've registered the new domain name and I'm having trouble getting the MX records to point to our internally hosted exchange server.

I tried to reference the way our current DNS records are setup, but I'm having trouble finding the correct people that I need to talk to get this changed. I've contacted the company that hosts our website, the registrars of our current domain name, and our ISP - but none of them are handling our external DNS. I'd like to reference our current DNS information to see how / where it's pointing.

My question: How can I find out who to contact? I've done a dnsreport and found the NS records at th parent servers are: dca-ans-01.inet.qwest.net and sv1-ans-01.inet.qwest.net.
0
Comment
Question by:WPI Help
4 Comments
 
LVL 9

Expert Comment

by:kfullarton
ID: 17989447
I don't know about dnsreport, but if you go to http://www.networksolutions.com/whois/index.jsp and enter your domain name, it will give you the contact info for the responsible parties.
0
 

Author Comment

by:WPI Help
ID: 17989481
Thanks. I went their before and looked up our site - it shows Network Solutions is the registrar - contacting their support, they couldn't help me find information about our DNS either.
0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 125 total points
ID: 17989595
GOALS: Find every name server that may be authoritative for your domain. Make sure that all are authoritative, and that WHOIS has a list of all of them (and no others).

BACKGROUND: Every domain name is required to have a primary nameserver (only one), and at least one secondary nameserver. This is to help ensure that all domains are reachable. For example, if you have 3 separate offices, and one of them suffers a disaster, that shouldn't prevent people from being able to reach the other two offices.

The WHOIS database lists all the authoritative nameservers (ones that get updated automatically when you make changes) for your domain. This list gets sent to the root server for your Top Level Domain (such as .com). Anyone in the world trying to reach your domain will get that list, and go to one of the nameservers to resolve a subdomain within your domain.

Step 2a: Find out what the root servers think your nameservers are

To do this, you will need to use a program that can generate DNS requests (such as NSLOOKUP on Windows or DIG). My favorite program for this is Sam Spade. Or, you can go to a web site that allows these requests, such as http://www.samspade.org/.

First, find the primary root server for your Top Level Domain (such as .com if you have the domain example.com). With NSLOOKUP, you can type "set type=NS" (to get the NS, or nameserver, records) and then enter your top level domain ("com" or "uk" or whatever). You will get a list of root nameservers. Type "server " followed by the first nameserver in the list (for example, "server a.root-servers.net"). Then, enter your domain name ("example.com"). Now, you will have a list of servers that the root servers think are authoritative for your domain.

With DIG, enter your top level domain ("com") as the domain to look up (or type "dig com@default.dnsserver" where "default.dnsserver" is your normal DNS server). Look at the "NS" entries in the results, and take the top one, and enter it as the nameserver to use. Then, as the domain to look up, enter your domain name (or, type "dig example.com@a.root-servers.net", where your domain goes before the "@" and the root server goes after the "@"). This should just return the name servers for your domain, but make sure just to look at entries with " NS " in them.

Problem? If there are any nameservers listed here that are NOT listed in WHOIS, or there are any nameservers listed in WHOIS that are NOT listed here, there is a problem. Contact the company that gave you your domain name for help.

Add these to your list of nameservers from WHOIS that you got in Step 1.

Step 2b: Find out what your name servers say your nameservers are

For this step, do exactly what you did in Step 2a, except this time use the first one of the name servers you have written down as the DNS server to use, and use your domain name as the domain to look up.

Using NSLOOKUP, type "server nameserver.example.com" (where nameserver.example.com is the first name server on the list you wrote down), then "set type=ns", and then enter your domain name. If there are any name servers listed here that are not on your list, add them to the list.

Or, using DIG, enter the first name server you wrote down as the name server to use, and then your domain name as the domain to look up. Or, from the command line, type "dig example.com@nameserver.example.com". If there are any name servers listed here that are not on your list, add them to the list (only look at entries with " NS " in them).

Problem? If any name server you check here returns a name server that was NOT listed in WHOIS, it is called a "missing nameserver", and is an error. If the name server listed is authoritative for your domain (see steps below), it MUST (RFC882 p.25) be added to the WHOIS listing. If it is NOT authoritative for your domain, it MUST be taken out of the nameserver it was listed in.

Problem? If any name server you check here does NOT return one of the name servers listed in WHOIS, there is a problem. If the name server listed in WHOIS IS authoritative for your domain (see steps below), it MUST be added to your nameservers. If it is NOT authoritative, it MUST be taken out of WHOIS (but you MUST have at least 2 nameservers listed in there). Repeat this step for EVERY name server on your list -- even ones you may have just added.

Step 2c: Test every name server

You need to make sure that every name server on your list is authoritative for your domain.

With DIG, use the first name server on your list as the domain server to use, and enter your domain name as the domain to look up (or, from the command line, type "dig example.com@nameserver.example.com"). You should see "Authoritative answer" (or something similar) if it is authoritative, or "Non-authoritative answer" if it is not.

Problem? If the name server is NOT authoritative for your domain, you have a "lame delegation." If this server is not authoritative, and it is listed as an NS record in your domain (step 2b), it MUST be taken out. If this server is not authoritative, and it is listed in WHOIS, it MUST be taken out (but, you MUST also have at least 2 name servers listed in WHOIS).

Step 2d: Sanity Checks

    * You MUST have ONLY ONE primary nameserver. You will check this later in the step for SOA (Start of Authority) records, where the primary server is listed.
    * You MUST have AT LEAST ONE secondary nameserver. That means that WHOIS, the root servers, and all your name servers MUST list at least two name servers that are authoritative for your domain. You may have more than one secondary nameserver (4 to 7 SHOULD be the maximum).
    * Your secondary nameserver(s) MUST get their information directly from your primary nameserver, and check it periodically (how often is based on the SOA record fields) for updates.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now