-1

I have an inexplicable issue with DNS for a domain and a subdomain. I first noticed that doing an A record lookup on the subdomain is returning different results than what is in the DNS config. Then I looked further and have found that the DNS for sub.domain.com is resolving from a completely different set of nameservers than domain.com.

For example, when I do a DNS lookup using mxtoolbox, it is clearly displaying that the sub.domain.com is reporting from different nameservers. As far as I knew, that should be impossible since you can only set the nameservers for the top level domain.

I have already tried breaking my local cache with no results. I've also tried clearing the OpenDNS cache but it continues to resolve to the old, incorrect records. The TTL for the record is 2 hours.

andrewvnice
  • 157
  • 1
  • 1
  • 6
  • 1
    If you can share the name others can check. Without it, you're asking people just to throw around guesses. –  Dec 08 '14 at 18:39
  • Yes. Provide the domain name in question so that we can actually attempt to provide an answer. Otherwise it's like asking `"My car doesn't work. What's wrong with it?"`. – joeqwerty Dec 08 '14 at 19:08
  • I've added the domains. – andrewvnice Dec 08 '14 at 20:20
  • @andrewvnice Redacting doesn't help a whole lot, the information remains in the edit history for those who want it. Even if you were to delete your comment it would be obvious that my answer got that information from *somewhere*... – Andrew B Dec 08 '14 at 22:19

1 Answers1

3

You have NS records for ap defined in your internet facing kuverapartners.com. zone. You are delegating authority away from your nameservers and this is normal behavior.

$ dig +norecurse @ns1.milodigital.net ap.kuverapartners.com

; <<>> DiG 9.8.2 <<>> +norecurse @ns1.milodigital.net ap.kuverapartners.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34676
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;ap.kuverapartners.com.         IN      A

;; AUTHORITY SECTION:
ap.kuverapartners.com.  3600    IN      NS      ns1.cloudworks.com.
ap.kuverapartners.com.  3600    IN      NS      ns2.cloudworks.com.
ap.kuverapartners.com.  3600    IN      NS      ns3.cloudworks.com.

;; Query time: 19 msec
;; SERVER: 208.94.148.2#53(208.94.148.2)
;; WHEN: Mon Dec  8 16:13:23 2014
;; MSG SIZE  rcvd: 104

When a NS record is beneath the apex (top) of your zone is encountered, this is called a zone cut. All records defined on your server behind the cut are effectively "masked", with the exception of glue records. Your nameserver cannot serve responses for those records because it does not consider itself authoritative for them. Only the other server can provide the answers at that point.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • Let's try to avoid an edit war here guys. A mod approved the original edit, so this is going to get circular very quickly. I said my piece in the main comments and I'm happy to leave it at that. :) – Andrew B Dec 08 '14 at 22:34