[wellylug] Weird DNS issue with Xtra DNS
Mark Foster
blakjak at blakjak.net
Sun May 14 17:35:15 NZST 2006
On Sun, 14 May 2006, Cliff Pratt wrote:
> Mark Foster wrote:
>>
>> Note that Ihug as far as I know reject external DNS queries anyway, as a
>> Paradise customer you shouldnt be using NS outside of Clear/Paradise as a
>> client anyway...
>>
> Mmm, if they do that, that would be remarkably anti-social of them. That
> would mean that you would not be able to resolve www.ihug.co.nz for example.
Let me clarify the 'often' situation here. I would say 'usual' but its not
really the usual yet.
We all know that SMTP has an ACL applied to it where a mail server will
accept mail for either:
a) Any destination, where the source is recognised by the server as being
'local'
b) Any _Local_ Destination where the source is anywhere.
This prevents SMTP relay.
DNS servers are slowly moving in this direction. This helps to reduce the
number of 'third parties' using DNS servers - can reduce their load and so
on. The DNS implementation of this, therefore, would be:
1) Accept DNS queries from 'local' users and answer regardless of the
query,
2) Accept DNS queries from 'all' users and answer only for 'local'
domains aka those hosted on the NS in question.
So what I meant to say was that Ihug's NS (the last time I tried, anyway)
would reject DNS queries from non-Ihug users for domains that were not
actually delegated to their NS. i.e. Locally hosted domains would work
fine.
When a non Ihug customer asks for www.ihug.co.nz their NS query actually
gets referred to the Ihug NS anyway.
>
> Now this is interesting! alien.xtra.co.nz does not resolve external stuff but
> terminator does! I'm not a customer of Xtra. It looks like alien was found
> but wouldn't do lookups for me.
>
This is probably load related and not a configuration issue on the server
itself, as from my Xtra connection I also see DNS failures talking to
alien.
Xtra are, as I understand it, bringing additional DNS servers into play to
try to share the load. (Alien and Terminator are grossly overworked.)
Ideally they'll make their client-facing DNS servers different to their
Registry-facing DNS servers...
So uhm, if you're an Xtra customer and having DNS problems, ring them and
moan - they need to know.
If you're using an external ISP and having trouble accessing Xtra-hosted
resources, send a complaint to soa at xtra.co.nz ...
Mark.
More information about the wellylug
mailing list