DNS problems

zWaR · 03-01-2007, 09:20 AM

Hi!

I'm administrating a DNS domain and i'm having some problems. I own a domain, let's call it zwar.com. On the server i wish the domain would point to, i set up a DNS server, with A record, which binds zwar.com to the IP address:

Code:

zwar.com. IN SOA ns1.zwar.com. zwar.zwar.com (
          ;here are serial and other nessesery options )
zwar.com. IN NS ns1.zwar.com.
ns1.zwar.com. IN A <IP_address>
www.zwar.com IN CNAME ns1.zwar.com.

At the company, which registered my domain i changed the DNS servers to ns1.zwar.com. Now the thing is, that ns1.zwar.com perfectly works, but zwar.com does not and i don't know why. If i try to run nslookup from ns1.zwar.com:

Code:

nslookup - ns1.zwar.com
> www.zwar.com

i get correct answer. The same if i try to use dig from ns1.zwar.com:

Code:

dig @ns1.zwar.com www.zwar.com

I don't understand why is it not working in global scope (running just nslookup www.zwar.org returns no results). Correct me please if i am wrong, but i believe that's the logic behind dns queries:
when i issue a DNS query the default DNS server gives me the address of the DNS server which is bound to the domain (the information about it is stored on DNS servers of the registration company), where my query is run once again and the server responds with the correct IP.
Illustrating it with an example: when i issue a dns query for www.zwar.com (e.g. nslookup www.zwar.com) the default dns server looks up it's tables and sees the domain zwar.com is registered by the company xy and redirects the query to their dns server, there the server redirects the query to the correct dns server, which is bound to the domain (in my case, this is the server i configured) and the last one tells which IP is bound to the domain name www.zwar.com and issues the respond.

Please help if you can, the thing is really urgent, since the domain should be working for couple of days now, but i was still not able to set it up.

bathory · 03-01-2007, 09:32 AM

You miss the ns1 A record:

Code:

ns1 IN A <IP_address>

zWaR · 03-01-2007, 09:43 AM

thank you for the notification. I made a mistake in the post before. I edited it and corrected the posted dns config.

JimBass · 03-01-2007, 09:57 AM

The delegation of zwar.com does not lead to your server from the looks of a trace -

Code:

jim@jimsworktop:~$ dig +trace zwar.com

; <<>> DiG 9.3.4 <<>> +trace zwar.com
;; global options:  printcmd
.                       143531  IN      NS      J.ROOT-SERVERS.NET.
.                       143531  IN      NS      K.ROOT-SERVERS.NET.
.                       143531  IN      NS      L.ROOT-SERVERS.NET.
.                       143531  IN      NS      M.ROOT-SERVERS.NET.
.                       143531  IN      NS      A.ROOT-SERVERS.NET.
.                       143531  IN      NS      B.ROOT-SERVERS.NET.
.                       143531  IN      NS      C.ROOT-SERVERS.NET.
.                       143531  IN      NS      D.ROOT-SERVERS.NET.
.                       143531  IN      NS      E.ROOT-SERVERS.NET.
.                       143531  IN      NS      F.ROOT-SERVERS.NET.
.                       143531  IN      NS      G.ROOT-SERVERS.NET.
.                       143531  IN      NS      H.ROOT-SERVERS.NET.
.                       143531  IN      NS      I.ROOT-SERVERS.NET.
;; Received 436 bytes from 207.69.188.186#53(207.69.188.186) in 79 ms

com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
;; Received 498 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 78 ms

zwar.com.               172800  IN      NS      ns1.15x.net.
zwar.com.               172800  IN      NS      ns2.15x.net.
;; Received 101 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 82 ms

zwar.com.               300     IN      A       216.187.118.221
zwar.com.               3600    IN      NS      ns2.15x.net.
zwar.com.               3600    IN      NS      ns1.15x.net.
;; Received 117 bytes from 66.199.187.170#53(ns1.15x.net) in 99 ms

So instead of reaching your nameserver which should have the same address as your A record, 216.187.118.221 it gets an authoritative answer at ns1 and ns2.15x.net.

Also, from the looks of this test, your machine at the A record doesn't even answer.

Code:

jim@jimsworktop:~$ dig zwar.com @216.187.118.221

; <<>> DiG 9.3.4 <<>> zwar.com @216.187.118.221
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

I would guess that you have DNS on a box that doesn't have port 53 open to the world. Also, since the nameservers at 15x.net are listed as authoritative, you don't have the nameservers pointed to yourself at the registrar where you created the domain.

One other thing, nslookup is about the most useless DNS troubleshooting tool ever. Please use dig, you'll get much better answers.

Peace,
JimBass

zWaR · 03-01-2007, 10:04 AM

zwar.com was just an example. I don't know if the company i am working for would be happy if their info was exposed on a forum, so i posted just an nonexistenble domain as an example.

muha · 03-01-2007, 10:24 AM

I'm new at this but:

Code:

www.zwar.com IN CNAME ns1.zwar.com.

Misses a dot.

Also why not use:

Code:

www IN CNAME ns1

JimBass · 03-01-2007, 10:37 AM

Well, we can't troubleshoot examples. Check the BIND mailing lists. If you want DNS help many people are glad to provide it, but we can't test things out in a theoretical way. There is no risk to the DNS by posting the domain name. I can't speak for the website itself, as I have no idea how it is set up, but long story short, without the real domain to test, you're on your own to find the problem.

DNS isn't an attack vector, so I see no problem in posting the true domain name.

Peace,
JimBass

flashingcurser · 03-01-2007, 11:18 AM

As has been stated before: Have you pointed your registrar towards your dns? You can host your own nameserver but normally you have to let your registrar know what the address of your server is. If you haven't done this, check their webpage or call them. I always call network solutions, their web page is confusing. Godaddy is pretty easy to figure out from the webpage, mileage may vary. Also when you do update your registrar, it can take some time to propagate through various caches. Most registrars say 24-48 hours, though I have never seen it take that long...

dan

zWaR · 03-02-2007, 10:24 AM

Yuhu!! I've solved it. The catch was, i didn't configure two DNS servers on the registrar, just one (primary server). Thank you for your time and help!!