Technical Discussion
  >> Linux Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Jaowon
(fountain of knowledge) Thu 29-Sep-11 10:35:44
Print Post

DNS techy question


[link to this post]
 
Hi

Quick question for the DNS guru's. I'm trying to troubleshoot a problem for our website devs.

Our devs have created some DNS records as such

@.domain.com A 100.100.100.1
*.domain.com CNAME www.anotherwebsite.com
www.domain.com A 200.200.200.2

(names and IPS corrected to protect the innocent)

Now the problem, is that inconsistently the www entry sometimes resolves to the www.anotherwebsite.com

So my question is, does * mean "all" or does * mean "if no other entry exists" in DNS.

This is the cause of some heated discussions in the office, mainly because none of us are really finely tuned DNS experts, so this tends to degenerate into "this worked last time". So I would appreciate it if there's anyone well versed in DNS that could give us a correct answer.


Cheers
Standard User mixt
(experienced) Thu 29-Sep-11 10:47:01
Print Post

Re: DNS techy question


[re: Jaowon] [link to this post]
 
Try changing it to this:

[space characters] A 100.100.100.1
* CNAME www.anotherwebsite.com.
www A 200.200.200.2

Possibly first line:

@ A 100.100.100.1

depending on context.

In the first line, first case, ensure there is white space before the 'A' character.

Now on <aaisp.net>
Previous ISPs: Virgin Media (50Mb/Cable), Be* Un Limited, ZeN
Is Linux routing your internet connection?
Need to make BIND geo-aware?
Standard User Jaowon
(fountain of knowledge) Thu 29-Sep-11 10:54:53
Print Post

Re: DNS techy question


[re: mixt] [link to this post]
 
Sorry, I was reading from the control panel. It actually looks like this

(@).domain.com (A) (100.100.100.1)
(*).domain.com (CNAME) (www.anotherwebsite.com.)
(www).domain.com (A) (200.200.200.2)

Where anything surrounded by the ( ) is a text entry field, or in the case of the A / CNAME etc is a drop down box from which you can choose the record type. The .domain.com is just for show in the control panel I think.

Edited by Jaowon (Thu 29-Sep-11 10:59:29)


Register (or login) on our website and you will not see this ad.

Standard User mixt
(experienced) Thu 29-Sep-11 11:07:51
Print Post

Re: DNS techy question


[re: Jaowon] [link to this post]
 
Ahh right, I'm with you.

I think what you have now should work. The issue was probably not post-fixing the www.anotherwebsite.com with a '.' - making it www.anotherwebsite.com.

In BIND, if you miss the 'dot' off the end, it basically evaluates it to www.anotherwebsite.com.domain.com. (or domain.com. being what ever context the configuration is in at that point in the file). I think this the problem you are seeing (yes?).

The control panel you are using should take care of this, but obviously I don't know what company you are using or indeed if they are using BIND for their name servers. If the addition of the '.' doesn't fix your problems, then the problem lies elsewhere.

Now on <aaisp.net>
Previous ISPs: Virgin Media (50Mb/Cable), Be* Un Limited, ZeN
Is Linux routing your internet connection?
Need to make BIND geo-aware?

Edited by mixt (Thu 29-Sep-11 11:08:28)

Standard User Jaowon
(fountain of knowledge) Thu 29-Sep-11 11:45:38
Print Post

Re: DNS techy question


[re: mixt] [link to this post]
 
The . was there, I missed it off on the first post.

What does the @ record do?

It seems to be windows DNS servers that are having the intermittent issue resolving the domains. Linux boxes are working just fine.

I'm a windows man myself, so when I looked at the records they created, I said "can you have a wildcard entry along with other entries? does anyone know if the DNS RFCs recommend it?"
Standard User AEP
(knowledge is power) Thu 29-Sep-11 11:59:59
Print Post

Re: DNS techy question


[re: Jaowon] [link to this post]
 
You certainly can have a wildcard entry along with other entries. And it should work in the way that you intended. But DNS implementations (servers and clients) aren't perfect.

As the problems are intermittent, I do wonder whether the lookups are always being done on the same DNS server. Is there any question of their being another server that has the wildcard record but not the www one? Also, are you doing lookups on the fully qualified name or just www?
Standard User pmb00cs
(eat-sleep-adslguide) Thu 29-Sep-11 12:01:26
Print Post

Re: DNS techy question


[re: Jaowon] [link to this post]
 
In reply to a post by Jaowon:
It seems to be windows DNS servers that are having the intermittent issue resolving the domains. Linux boxes are working just fine.
Have you tried swapping the order of the catch-all entry and the www entry? Strictly it shouldn't matter, but if the windows servers are attempting to get the details via a zone transfer (rather than a lookup) and reading it wrong, it might explain the issues you're having.

happily chugging along on plusnet and Virginmedia (yes I am greedy)
My web server
Standard User Jaowon
(fountain of knowledge) Thu 29-Sep-11 12:21:27
Print Post

Re: DNS techy question


[re: pmb00cs] [link to this post]
 
You actually just gave me an idea when you mentioned Zone transfers. Which got me looking in the right place thanks for that.

We've got about 2000 websites set up in this way. The ones having the issues were the ones that had internal DNS entries created on windows boxes.

So at the external DNS you see the entries as per the above post. But at the local sites a few had created local DNS entries like

fileserver.domain.com A 192.168.0.1

These are the sites where if they are requesting the "www.domain.com", sometimes the wildcard is being returned and they are being diverted to the other server.

It seems if a windows server contains a local entry for an external domain, and a record asked for does not exist locally, it returns the external wildcard. The intermittency is caused by client machines at local sites having multiple DNS servers in their settings, i.e. local / ISP1 / ISP2


I'm guessing Linux looks at the authoratitive DNS server for a requested site, if the local fails before returning the wildcard. Hence none of the linux sites or macs sites had the issue.

Cheers all.

Edited by Jaowon (Thu 29-Sep-11 12:22:48)

Standard User pmb00cs
(eat-sleep-adslguide) Thu 29-Sep-11 12:33:25
Print Post

Re: DNS techy question


[re: Jaowon] [link to this post]
 
Ah yes Windows and it's none-standard implementations, and workarounds to make it behave. Well you could either put the www entry into your windows DNS servers, or you could alter them so they do not expect to be authoritative for the domain in question (which would probably require you to alter several things internal to your network).

Also it's bad practice to use internal and external name servers together for a client machine, unless the internal DNS system is externally available, as the external servers will not know internal entries. Certainly you should use the internal servers as the primary server if you do use both internal and external servers.

happily chugging along on plusnet and Virginmedia (yes I am greedy)
My web server
Standard User Jaowon
(fountain of knowledge) Thu 29-Sep-11 12:50:26
Print Post

Re: DNS techy question


[re: pmb00cs] [link to this post]
 
The www was a simplification, there's about 10 entries such as checkout. login. testing. etc. Asking the customers to put all entries in was considered, but rejected just in case we ever rename one, or add one. We'd have to let all our customers know of the change just in case, which would then result in any fault being attributed to the notification, in the customers eyes and all hell breaking out, because we helpfully let them know we were making a change smile

I've had a fiddle round and found that if when creating the local entry you untick the "Store in Active Directory" box that's there. Then things work perfectly. I've created some screenshots and sent it to the CS support team to knock up into something in plain english to send out to the customers having the issue.

On the one hand I'm glad I've fixed what's been an ongoing problem for the devs and the support dept (I'm neither, I look after the internal AD / Exchange / Navision), but on the other hand, frustrated that in effect I'm fixing network setup faults for our clients, most of whom have been quite vocal that the issue is our faulty websites, and consumed quite a lot of CS time and loud shouty arguments.

Anyhow the devs have mentioned the word beer several times so I'm expecting some to come my way soon.
  Print Thread

Jump to