DNS IP resolution?

  • Alright, this one's even got me:

    I'm here at work, and I developed a PHP application some months ago that we host on a local server here, to be accessed from the internet (quantumcalibration.com). Router's got all of the port forwarding and firewall rules that we need, and it's worked great for almost 6 months. We took apart our server rack to replace a bunch of crap in the IT department, and now, we have a problem -- you can't resolve the IP address for our webserver through an external DNS.

    nmapping the IP shows 53 as filtered, but doing an nslookup directly to the IP works, as does pointing directly to either the internal or external IP as a DNS server in Windows. However, trying to resolve the IP through our IPs DNS server doesn't work (server not found under Firefox and nslookup times out), even though it was working fine before we took down our server rack.

    Seems to be a problem with the DNS record propagating across the internet, but it doesn't make sense why it wouldn't work.



  • Er.. that should say "through our ISPs DNS server" on the second-to-last line.

    Stupid edit restrictions.

  • I'm not 100% sure offhand, but I know that DNS records can take weeks to propagate. How long have you waited?

  • Like I said... everything worked fine for almost 6 months, and it's only not working now that we took down our server rack for a few days. It's been almost two weeks since we brought the rack back up, though.

  • Well, your domain looks okay in the com. zone...

     $ dig NS quantumcalibration.com

    quantumcalibration.com. 172800  IN      NS      ns2.nem-dns.zapto.org.
    quantumcalibration.com. 172800  IN      NS      ns1.nem-dns.zapto.org.

    $ dig A ns1.nem-dns.zapto.org

    ns1.nem-dns.zapto.org.  60      IN      A

    $ dig A ns2.nem-dns.zapto.org

    ns2.nem-dns.zapto.org.  60      IN      A

    However, isn't answering DNS queries (and or ICMP ping, or anything else - nmap comes up empty).  Are you sure these are the correct DNS servers for your domain?  If not, talk to your registrar and get them to change the NS records to the correct servers.  You might want to consider using two physically-separate DNS servers, though -- the reason you have two or more NS records for your domain is to provide redundancy in case one of them fails, which you're not getting since both NS records point to the same IP.

    If that is the right IP for your DNS server, and if it points to a NAT gateway rather than the real DNS server, make sure that both 53/TCP and 53/UDP are forwarded to the real DNS server.  The vast majority of DNS queries use UDP for speed, and it's easy to forget to set up both rules.

  •  Yup, you need to open up UDP port 53
    $ dig @ quantumcalibration.com A +tcp

    ; <<>> DiG 9.2.4 <<>> @ quantumcalibration.com A +tcp
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44909
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;quantumcalibration.com. IN A

    quantumcalibration.com. 3600 IN A

    ;; Query time: 150 msec
    ;; SERVER:
    ;; WHEN: Sat Jan 20 13:16:38 2007
    ;; MSG SIZE rcvd: 56

Log in to reply

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.