7

We temporarily moved some CNAME records in our DNS to point to a different server while undertaking maintenance work - we do this every six months or so - and we allow a decent amount of time to allow for propagation.

Everything seemed fine - users were being sent to the correct server, and when I used nslookup to test our primary and secondary DNS, the CNAME data was correct for all the domains we were redirecting. However, when using the service at whatsmydns.com, we were being told by each DNS the service polled that there was an "error: token mismatch" from all servers.

Now that the maintenance work has been completed, the CNAME records have been returned to their original values - nslookup and whatsmydns.com all return these expected values.

I've tried searching for "error: token mismatch" - but all I can find are product/service support forums where the response is simply "your website seem fine", and don't actually identify or discuss what a token mismatch is in terms of DNS resolution.

So - what is an "error: token mismatch" in this context?

HorusKol
  • 741
  • 5
  • 12
  • 31
  • What was "a decent amount of time"? I've had it take up to 48 hours before changes were fully implemented. – user987654321 Jan 14 '16 at 05:00
  • We waited about 12 hours - although, typically, all the servers on whatsmydns will be correct within a few minutes of a change. Also, by checking our access logs, I can see that all but one user has followed the change after only 3 hours. – HorusKol Jan 14 '16 at 05:05
  • also - even if the change hadn't fully propagated, I'd expect whatsmydns to report the old results and no "error: token mismatch" – HorusKol Jan 14 '16 at 05:05
  • Was "Error: token mismatch" the only response from whatsmydns? – user987654321 Jan 14 '16 at 05:14
  • yes - all the servers listed in the result page returned "error: token mismatch" – HorusKol Jan 14 '16 at 05:36
  • 2
    I think you'll have to ask whatsmydns to explain what they mean. "Token" is not a word normally used to describe anything in DNS, so it's hard to even guess what they may be talking about. – Calle Dybedahl Jan 14 '16 at 08:29
  • I believe that the websites chosen for whatsmydns are attached to nameservers with low TTL values, since they seem to update within an hour or so. I also believe that many nameservers throughout the world similarly ignore TTL values, but in the high direction. I wish that the TTL concept would be eliminated in favor of more active methods of keeping nameservers accurate without loading them down with changes that aren't actually queried. Just my opinions; I understand only what is in most DNS tutorials, which is most definitely not the whole story. – David Spector Oct 04 '19 at 21:48

3 Answers3

13

For whatsmydns.net the Token Mismatch error is related to a timeout of a token generated by the website that allows you to use their search/lookup system. Normally you can refresh the whatsmydns.net website to get a new token and perform searches. It appears they use this token to ensure a 3rd party does not use their system and that instead users go to their site directly.

Jason R.
  • 131
  • 1
  • 3
2

I had the same token mismatch from whatsmydns.net

Simply opened an incogneto window and tried again (or clear the browser cache).

The A records all returned the corresponding IP address correctly.

b...b
  • 21
  • 1
0

I just used the whatsmydns.net service and had the page open a few hours. After getting the same message as the OP and finding this problem discussed here and reading through everything on this page, I closed the tab, opened a new one, went to the site again and did the same search as I had done before and everything was fine. It seems that keeping the whatsmydns.net page open for a long time causes the 'error:token mismatch' message to appear. It seems that whatsmydns.net employ some sort of protocol that prevents pages being open a long time and forces you to start a new session/open a new tab and start again.