DNS IP resolution?



  • Alright, this one's even got me:

    I'm here at work, and I developed a PHP application some months ago that we host on a local server here, to be accessed from the internet (quantumcalibration.com). Router's got all of the port forwarding and firewall rules that we need, and it's worked great for almost 6 months. We took apart our server rack to replace a bunch of crap in the IT department, and now, we have a problem -- you can't resolve the IP address for our webserver through an external DNS.

    nmapping the IP shows 53 as filtered, but doing an nslookup directly to the IP works, as does pointing directly to either the internal or external IP as a DNS server in Windows. However, trying to resolve the IP through our IPs DNS server doesn't work (server not found under Firefox and nslookup times out), even though it was working fine before we took down our server rack.

    Seems to be a problem with the DNS record propagating across the internet, but it doesn't make sense why it wouldn't work.

     

     



  • Er.. that should say "through our ISPs DNS server" on the second-to-last line.

    Stupid edit restrictions.



  • I'm not 100% sure offhand, but I know that DNS records can take weeks to propagate. How long have you waited?



  • Like I said... everything worked fine for almost 6 months, and it's only not working now that we took down our server rack for a few days. It's been almost two weeks since we brought the rack back up, though.



  • Well, your domain looks okay in the com. zone...

     $ dig NS quantumcalibration.com

    ;; ANSWER SECTION:
    quantumcalibration.com. 172800  IN      NS      ns2.nem-dns.zapto.org.
    quantumcalibration.com. 172800  IN      NS      ns1.nem-dns.zapto.org.

    $ dig A ns1.nem-dns.zapto.org

    ;; ANSWER SECTION:
    ns1.nem-dns.zapto.org.  60      IN      A       67.21.86.137

    $ dig A ns2.nem-dns.zapto.org

    ;; ANSWER SECTION:
    ns2.nem-dns.zapto.org.  60      IN      A       67.21.86.137

    However, 67.21.86.137 isn't answering DNS queries (and or ICMP ping, or anything else - nmap comes up empty).  Are you sure these are the correct DNS servers for your domain?  If not, talk to your registrar and get them to change the NS records to the correct servers.  You might want to consider using two physically-separate DNS servers, though -- the reason you have two or more NS records for your domain is to provide redundancy in case one of them fails, which you're not getting since both NS records point to the same IP.

    If that is the right IP for your DNS server, and if it points to a NAT gateway rather than the real DNS server, make sure that both 53/TCP and 53/UDP are forwarded to the real DNS server.  The vast majority of DNS queries use UDP for speed, and it's easy to forget to set up both rules.



  •  Yup, you need to open up UDP port 53
    $ dig @67.21.82.135 quantumcalibration.com A +tcp
    

    ; <<>> DiG 9.2.4 <<>> @67.21.82.135 quantumcalibration.com A +tcp
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44909
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;quantumcalibration.com. IN A

    ;; ANSWER SECTION:
    quantumcalibration.com. 3600 IN A 67.21.82.135

    ;; Query time: 150 msec
    ;; SERVER: 67.21.82.135#53(67.21.82.135)
    ;; WHEN: Sat Jan 20 13:16:38 2007
    ;; MSG SIZE rcvd: 56


Log in to reply