My dns works when I do a “dig @mynameserver hostname” but not when I do a “dig hostname”

Question

My nameserver isn't working properly, and I can't figure out why.

When I do a 'whois cfconsulting.ca', it shows the correct nameservers, with ns1.signupsystems.com being the primary. If you do a "dig @ns1.signupsystems.com cfconsulting.ca" you get the right IP.

But if you just do an 'nslookup cfconsulting.ca' it fails.

I'm baffled.

+1 for providing the real domain names - these kinds of questions are impossible to answer without them — Mark Henderson, Jul 24 '10 at 22:12

score 8 · Accepted Answer · answered Jul 24 '10 at 22:06

8

ns1.signupsystems.com and ns2.signupsystems.com are CNAMEs to signupsystems.com. It is in principle forbidden to have NS records pointing to CNAMEs. (And don't forget the point of having two separate nameservers ;)

dig in +trace mode succeeds, because it does a complete resolve of the NS contents on its own. I suspect BIND9 is not able (or not willing) to follow a CNAME inside a NS, and hence some server in your local resolving chain is unable to locate your NSes.

Try removing the CNAMEs for the nameservers and add proper A records.

answered Jul 24 '10 at 22:06

b0fh

3,313
1
20
32

I don't actually have CNAME entries for my nameservers, so I'm trying to determine if they are being implicitly specified or something. – Colin Fox Jul 25 '10 at 00:55
1

good spot - yes, you're right. An NS record must point to a real hostname, not an alias. – Alnitak Jul 25 '10 at 08:08
1

Yes, this was the problem - CNAME records for NS1 & NS2. My business partner had changed name registrars and I didn't realize this, and I was working with the old one. The new one had CNAME records for NS1 & NS2. I changed these to A records instead, and now my nameservers are working properly. Thanks again! – Colin Fox Jul 25 '10 at 17:47

score 1 · Answer 2 · answered Jul 25 '10 at 15:34

I could be missing something, but it appears to work just fine for me. I am able to pull both nameservers when digging for them off of the host name, and both are CNAMEs of signupsystems.com. One thing I did notice though, is that the whois name servers doesn't match the authoritative name servers. The whois gives the correct IP for ns1, but it lists 69.31.163.69 for ns2, which seems incorrect because both name servers resolve the same IP (the first one). If you try to do the lookup of your domain and it uses 69.31.163.69 as the name server, you won't get a response because that server appears to be down (at least not responding to DNS queries). I don't know what would use a whois record to find name servers, but I'd imagine this is where you're having problems.

Yes, I had a mismatch of IPs for ns2. This has been addressed now. — Colin Fox, Jul 25 '10 at 17:48

score 0 · Answer 3 · answered Jul 24 '10 at 19:31

0

Your primary DNS server has an incorrect lookup cached. You'll have wait until the TTL has passed.

answered Jul 24 '10 at 19:31

Tuinslak

1,435
7
30
54

This has been working incorrectly for months now, so I don't think it's the TTL. – Colin Fox Jul 24 '10 at 20:23

My dns works when I do a “dig @mynameserver hostname” but not when I do a “dig hostname”

3 Answers3