[wellylug] Weird DNS issue with Xtra DNS

Mark Foster blakjak at blakjak.net
Sun May 14 17:35:15 NZST 2006



On Sun, 14 May 2006, Cliff Pratt wrote:

> Mark Foster wrote:
>> 
>> Note that Ihug as far as I know reject external DNS queries anyway, as a 
>> Paradise customer you shouldnt be using NS outside of Clear/Paradise as a 
>> client anyway...
>> 
> Mmm, if they do that, that would be remarkably anti-social of them. That 
> would mean that you would not be able to resolve www.ihug.co.nz for example.

Let me clarify the 'often' situation here. I would say 'usual' but its not 
really the usual yet.

We all know that SMTP has an ACL applied to it where a mail server will 
accept mail for either:

a) Any destination, where the source is recognised by the server as being 
'local'

b) Any _Local_ Destination where the source is anywhere.

This prevents SMTP relay.


DNS servers are slowly moving in this direction.  This helps to reduce the 
number of 'third parties' using DNS servers - can reduce their load and so 
on.  The DNS implementation of this, therefore, would be:

1) Accept DNS queries from 'local' users and answer regardless of the 
query,

2) Accept DNS queries from 'all' users and answer only for 'local' 
domains aka those hosted on the NS in question.

So what I meant to say was that Ihug's NS (the last time I tried, anyway) 
would reject DNS queries from non-Ihug users for domains that were not 
actually delegated to their NS.  i.e. Locally hosted domains would work 
fine.

When a non Ihug customer asks for www.ihug.co.nz their NS query actually 
gets referred to the Ihug NS anyway.

>
> Now this is interesting! alien.xtra.co.nz does not resolve external stuff but 
> terminator does! I'm not a customer of Xtra. It looks like alien was found 
> but wouldn't do lookups for me.
>

This is probably load related and not a configuration issue on the server 
itself, as from my Xtra connection I also see DNS failures talking to 
alien.

Xtra are, as I understand it, bringing additional DNS servers into play to 
try to share the load. (Alien and Terminator are grossly overworked.)
Ideally they'll make their client-facing DNS servers different to their 
Registry-facing DNS servers...

So uhm, if you're an Xtra customer and having DNS problems, ring them and 
moan - they need to know.

If you're using an external ISP and having trouble accessing Xtra-hosted 
resources, send a complaint to soa at xtra.co.nz ...

Mark.




More information about the wellylug mailing list