Thursday, January 20, 2011

DNS Server (MS) returns NXDOMAIN, original returns NOERROR

Hi all.

My ISP has recently made a "small change" to their own DNS server configuration. As a possible coincidence, this is about the same time as I came across a local DNS problem (who knows, it could be unrelated and linked to a WinUpdate patch about the same time)

I seem to be receiving different results when querying my local (Win2003) DNS Server, and querying the ISP's DNS Server.

I can't work out what has changed (or what is mis-configured)

1 - mail.wilmot.me.uk has a CNAME to wilmot.me.uk.mail.aaisp.net.uk  
    (as per [ISP Support page](http://aa.nu/kb-broadband-email.html/))
1b - wilmot.me.uk.mail.aaisp.net.uk resolves to 81.187.30.14, 81.187.30.19

2 - mail2.wilmot.me.uk (quick workaround added earlier)
    CNAME to mail.aaisp.net.uk
    Resolves to 81.187.30.14, 81.187.30.19

The problem is:

Against the local server (10.0.0.2) ... (A Win2003 box)

  • When I lookup mail.wilmot.me.uk , I get an NXDOMAIN.
  • When I lookup mail2.wilmot.me.uk , I get the IP address(es) expected.

However, if I switch to the ISP's resolver (217.169.20.20)

  • When I lookup mail.wilmot.me.uk , I get the IP address(es) expected.
  • When I lookup mail2.wilmot.me.uk , I get the IP address(es) expected.

So, why is the local DNS server treating mail and mail2 differently, and yet the ISP's server is respondig as expected


Results (filtered below) .. Edited after original copy/paste errors

From 10.0.0.2

C:\>nslookup -debug mail.wilmot.me.uk. 10.0.0.2
-----------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer
        questions = 1,  answers = 1,  authority records = 1,  additional = 0

    QUESTIONS:
        mail.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail.wilmot.me.uk
        canonical name = wilmot.me.uk.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        ttl = 600 (10 mins)
        primary name server = auth.primary-dns.co.uk
        responsible mail addr = a.k.gg
        serial  = 2010021105
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 600 (10 mins)
------------
*** box2.data-utilities.co.uk can't find mail.wilmot.me.uk.: Non-existent domain

and: (mail2.wilmot.me.uk)

C:\>nslookup -debug mail2.wilmot.me.uk. 10.0.0.2
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        mail2.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail2.wilmot.me.uk
        canonical name = c.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  c.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 656 (10 mins 56 secs)
    ->  c.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 656 (10 mins 56 secs)
------------
Non-authoritative answer:
Name:    c.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

However, when going direct to the ISP's server, the results appear OK

C:\>nslookup -debug mail.wilmot.me.uk. 217.169.20.20
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 1,  additional = 0

    QUESTIONS:
        mail.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail.wilmot.me.uk
        canonical name = wilmot.me.uk.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  wilmot.me.uk.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 3600 (1 hour)
    ->  wilmot.me.uk.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        ttl = 3600 (1 hour)
        primary name server = auth.primary-dns.co.uk
        responsible mail addr = support.aaisp.net.uk
        serial  = 1266576116
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 600 (10 mins)
------------
Non-authoritative answer:
Name:    wilmot.me.uk.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail.wilmot.me.uk

and mail2.wilmot.me.uk also works.

C:\>nslookup -debug mail2.wilmot.me.uk. 217.169.20.20
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 2,  additional = 0

    QUESTIONS:
        mail2.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail2.wilmot.me.uk
        canonical name = C.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  C.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 614 (10 mins 14 secs)
    ->  C.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 614 (10 mins 14 secs)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        nameserver = auth.primary-dns.co.uk
        ttl = 614 (10 mins 14 secs)
    ->  mail.aaisp.net.uk
        nameserver = auth.secondary-dns.co.uk
        ttl = 614 (10 mins 14 secs)
------------
Non-authoritative answer:
Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.19, 81.187.30.14
Aliases:  mail2.wilmot.me.uk

--

Very grateful to any insight into the differences.

I know that I COULD just stick with the workaround, but would rather know the CAUSE of the problem, rather than just how to "make it go away"

Thanks

  • There seem to be some kind of an oddity in your nslookup -d2 mail2.wilmot.me.uk. 10.0.0.2, because it says the question is : mail.wilmot.me.uk, type = A, class = IN. So, I'll base my answer as if you asked for mail and not mail2.

    The first one, says NOERROR, it also says : response, want recursion, recursion avail, which means you asked for something, with recursion, and there is recursion, so, it's giving you the CNAME and the A record the CNAME points to, which it may not have known, but it's doing recursion.

    The second says NXDOMAIN, it also says : response, auth. answer, which means you asked something, but it's not doing any recursion. You asked for a A record, (see the QUESTION section) it only knows that the answer is a CNAME, but it does not have the A record of that particular CNAME, what the NXDOMAIN means is "I don't have a A answer for you" because it's what you asked for, it does give you the CNAME though, so that you can finish the recursion.

    mat : After rereading it, it may, or may not be that a clear answer, I'll try to rephrase parts of it if you don't get what I mean :-)
    Steven_W : Thanks for reply - I can see what you're getting at (and also re-reading my original post can see that my question is not that clear.. Just about to edit the question to include (and tidy up) a bit more detail.
    From mat
  • Having been spending more time digging into this, I've found more results (which I've posted below in case it is helpful to someone else looking on this site)


    I had been using 217.169.20.20 for queries
    This would seem to be the ISP's internally-visible resolvers (intended for broadband customers)

    However, if I look up the domain "wilmot.me.uk.", the nameservers are actually

      primary-dns.co.uk       internet address = 81.187.30.41  
      secondary-dns.co.uk     internet address = 81.187.81.32
    

    I'm in the middle of sorting out the issue with the ISP's tech-support, but it looks as though the "Win2003 Server" is likely to be a complete red herring, and that this is a (hopefully) simpler issue between the ISP's internal and external resolvers.

    From Steven_W
  • Your nameservers for wilmot.me.uk are listed at Nominet as being primary-dns.co.uk and secondary-dns.co.uk:

    > set type=NS
    > wilmot.me.uk
    Server:  hi-dc1.hadleygroup.co.uk
    Address:  10.1.0.16
    
    Non-authoritative answer:
    wilmot.me.uk    nameserver = primary-dns.co.uk
    wilmot.me.uk    nameserver = secondary-dns.co.uk
    

    A search of those servers for mail.wilmot.me.uk yields NXDOMAIN:

    > server primary-dns.co.uk
    Default Server:  primary-dns.co.uk
    Address:  81.187.30.41
    
    > set type=A
    > mail.wilmot.me.uk
    Server:  primary-dns.co.uk
    Address:  81.187.30.41
    
    *** primary-dns.co.uk can't find mail.wilmot.me.uk: Non-existent domain
    
    > server secondary-dns.co.uk
    Default Server:  secondary-dns.co.uk
    Address:  81.187.81.32
    
    > set type=A
    > mail.wilmot.me.uk
    Server:  secondary-dns.co.uk
    Address:  81.187.81.32
    
    *** secondary-dns.co.uk can't find mail.wilmot.me.uk: Non-existent domain
    

    But they can find mail2.wilmot.me.uk:

    > server primary-dns.co.uk
    Default Server:  primary-dns.co.uk
    Address:  81.187.30.41
    
    > set type=A
    > mail2.wilmot.me.uk
    Server:  primary-dns.co.uk
    Address:  81.187.30.41
    
    Name:    C.mail.aaisp.net.uk
    Addresses:  81.187.30.14, 81.187.30.19
    Aliases:  mail2.wilmot.me.uk
    
    > server secondary-dns.co.uk
    Default Server:  secondary-dns.co.uk
    Address:  81.187.81.32
    
    > set type=A
    > mail2.wilmot.me.uk
    Server:  secondary-dns.co.uk
    Address:  81.187.81.32
    
    Name:    C.mail.aaisp.net.uk
    Addresses:  81.187.30.14, 81.187.30.19
    Aliases:  mail2.wilmot.me.uk
    

    It looks as if during their "update" they've wiped out one of your records. It's possible that the resolver you're using (217...) has got your record cached from before it was removed.

    Steven_W : Thank you - That seems to match my own thoughts and results, but it also helps to confirm that I'm not doing something stupid... Am waiting for the ISP to respond now.
  • Final answer seems to be related to the details of the CNAME itself

    mail.wilmot.me.ux resolves to wilmot.me.uk.mail.aaisp.net.uk., but this isn't currently returning NS records.

    C:\BIND>dig wilmot.me.uk.mail.aaisp.net.uk. +nocomments
    
    ; <<>> DiG 9.5.0-P2 <<>> wilmot.me.uk.mail.aaisp.net.uk. +nocomments
    ;; global options:  printcmd
    ;wilmot.me.uk.mail.aaisp.net.uk.        IN      A
    wilmot.me.uk.mail.aaisp.net.uk. 1176 IN A       81.187.30.14
    wilmot.me.uk.mail.aaisp.net.uk. 1176 IN A       81.187.30.19
    ;; Query time: 0 msec
    ;; SERVER: 10.0.0.2#53(10.0.0.2)
    ;; WHEN: Fri Feb 19 15:48:49 2010
    ;; MSG SIZE  rcvd: 80
    

    Anyway, there's enough to point me in the right direction.

    From Steven_W

0 comments:

Post a Comment