can't ping & nslookup my server

[wm20472]

I have 2 domains and they are:
www.provisionhk.com & www.jr-art.hk

I am using DirectAdmin Name Servers, but in Mar. 2010:

ISP A can ping & nslookup they
ISP B can't ping & nslookup they, use IE show DNS Server Error (Feb. 2010 is can ping & nslookup)


any solution? pls help

 

[SeLLeRoNe]

i can ping and see both site but intodns.com give me this

FOR jr-art.hk
ERROR: Some of your DNS servers do not have A records at all. I could not find any A records for the following DNS servers:
NS1.PROVISIONHK.COM
NS2.PROVISIONHK.COM

You must have A records for all of your nameservers.

FOR provisionhk.com
Seems to be all correct

I dont understand why, maybe someone else should give you more information, but on first domain dont resolv nameservers (i cant from my computer neither) and on second work correctly with same nameservers.

 

[tillo]

You are missing both "ns1" and "ns2" A records within the "provisionhk.com" zone. This will fix both domains.
(the only reason some can resolve both domains, some can only one of them and some can't resolve both is because they are using different clients, operating systems and nameservers).

I spend my day trying to help with this common error, so this time I'll explain a little bit:

$ dig +trace +additional provisionhk.com
[...]
provisionhk.com.	172800	IN	NS	ns1.provisionhk.com.
provisionhk.com.	172800	IN	NS	ns2.provisionhk.com.
ns1.provisionhk.com.	172800	IN	A	220.232.203.106
ns2.provisionhk.com.	172800	IN	A	220.232.203.106
;; Received 101 bytes from 192.12.94.30#53(E.GTLD-SERVERS.NET) in 58 ms

;; connection timed out; no servers could be reached
$ dig +trace +additional jr-art.hk
[...]
jr-art.hk.		28800	IN	NS	NS2.PROVISIONHK.COM.
jr-art.hk.		28800	IN	NS	NS1.PROVISIONHK.COM.
;; Received 78 bytes from 210.201.138.58#53(B.DNS.TW) in 328 ms

;; connection timed out; no servers could be reached

As you can see, dig (the best DNS testing client ever) is correctly giving an error for both domains. You may say "I understand why it doesn't work for the second domain, but why the first? It already knows both IP addresses!". Well, because the RFC says that:

- the NS record must point to an host
- this host must be resolvable by the client

Now, in the second case, that's simple: the domain is different for the zone and the nameservers, so you just need the two A records within the nameservers domain zone. In this case they are missing, so it won't work. As I said, it's simple.

In the first case, there is an important detail: the domain is the same as the nameservers one. This means that you need glue records. Those are the two A replies you see and it's what happens when you "register" your nameserver at the registrar. If they weren't there, the client couldn't continue because it must ask about ns1.provisionhk.com at ns1.provisionhk.com... and that's impossible.

Now, some clients (and forwarders) store the glue records for later, so that they don't need to query for "ns1" and "ns2" anymore... but RFC clients (and forwarders) do, because THEY MUST BE RESOLVED INDEPENDENTLY (remember the second point above?). They will ask for the A records... and receive nothing... thus they can't continue.

All clear?

 

[SeLLeRoNe]

mmmh tillo i was thinkin the same BUT.. why intodns can resolve nameserver from second website and not from first? as i saw nameserver are the same for both domains no?

 

[tillo]

The simplest idea I've in mind: they cache records, and erroneously cached the glue records when you tested the first domain.

dnssy.com gives the right answer instead: http://www.dnssy.com/report.php?q=jr-art.hk

The following nameservers do not have A records:

ns2.provisionhk.com
ns1.provisionhk.com

You should have A records for all nameservers.

Fail

 

[wm20472]

ns1.provisionhk.com & ns2.provisionhk.com host in same server (220.232.203.106), to auto manage by DA

 

[SeLLeRoNe]

but seems there are no A record like ns1 A IP and ns2 A IP for that domain... you have to add them

 

[wm20472]

My DNS host by DirectAdmin, how to set A records for all nameservers?

PIC: "DNS Administration" in jr-art.hk
http://farm3.static.flickr.com/2767/4426409637_1633d7b5b0_o.jpg


PIC: Administrator Settings
http://farm3.static.flickr.com/2726/4427172660_5968dec591_o.jpg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dnssy.com gives the right answer instead: http://www.dnssy.com/report.php?q=jr-art.hk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following nameservers do not have A records:

ns2.provisionhk.com
ns1.provisionhk.com

You should have A records for all nameservers.

Fail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[SeLLeRoNe]

na, you dont need to add an A record for all domain

you have to go to dns setup of domain provisionhk.com

and add

ns1 A IP
ns2 A IP

just those two records ns1 and ns2 with the IP you wanna use has namservers (example your server ip)

 

[wm20472]

I have add NS record to provisionhk.com in "DNS administration"

ns1 A 220.232.203.106
ns2 A 220.232.203.106

pic: http://farm5.static.flickr.com/4017/4426466507_4661e84f60_o.jpg

Correct or not?

 

[tillo]

Yes, that's perfect. Both domains are now RFC compliant and resolve correctly.
It's still wrong within dnssy.com... I guess they do caching too after all, that's sad.

 

[wm20472]

tillo & SeLLeRoNe,

Thanks you for your help

 

[SeLLeRoNe]

Your welcome

Just a suggest, use mulptiple server as nameserver, like dunno when you can you should add a second box with a different box with directadmin and enable multi-server option in directadmin so you will have

ns1 A IP FIRST SERVEER
ns2 A IP SECOND SERVER

so, that should be a nice solution, better one with 3/4 nameserver server