Problem with our nameservers NS records not listed

[Phil]

We are having a problem with DNS requests not being properly serviced by our
DNS server, but our secondary DNS server run by nuvox.net can handle them
properly.

When we use DNSReports to test our name servers at sandh.com, it returns the
following error:

ERROR: One or more of the nameservers listed at the parent servers are not
listed as NS records at your nameservers. The problem NS records are:
dns1.sandh.com.
dns3.sandh.com.

We are using Windows 2000 DNS Server and have the following entries in the
Zone file:

@ NS dns1.sandh.com.
@ NS extns1.nuvox.net.
extns1.nuvox.net. A 64.89.70.4
@ NS extns2.nuvox.net.
extns2.nuvox.net. A 64.89.74.4
@ NS dns3.sandh.com.

We tried manually editing the zone file and adding "A" records for
dns1.sandh.com and dns3.sandh.com, but Windows 2000 DNS server removes those
records when we reload and save the zone file. Even if we restart the DNS
server with the "A" records in the file, it does not solve the problem.

What do we need to do to get proper NS records for our nameservers?

 

[Herb Martin]

We are having a problem with DNS requests not being properly serviced by
our
DNS server, but our secondary DNS server run by nuvox.net can handle them
properly.

When we use DNSReports to test our name servers at sandh.com, it returns
the
following error:

ERROR: One or more of the nameservers listed at the parent servers are not
listed as NS records at your nameservers. The problem NS records are:
dns1.sandh.com.
dns3.sandh.com.

We are using Windows 2000 DNS Server and have the following entries in the
Zone file:

@ NS dns1.sandh.com.
@ NS extns1.nuvox.net.
@ NS extns2.nuvox.net.
@ NS dns3.sandh.com.

That is the same as the parent (com) lists:

sandh.com nameserver = dns1.sandh.com
sandh.com nameserver = dns3.sandh.com
sandh.com nameserver = extns1.nuvox.net
sandh.com nameserver = extns2.nuvox.net

Do you have the four A records to go with these?

We tried manually editing the zone file and adding "A" records for
dns1.sandh.com and dns3.sandh.com, but Windows 2000 DNS server removes
those
records when we reload and save the zone file. Even if we restart the DNS
server with the "A" records in the file, it does not solve the problem.

Are you by any chance checking the box (incorrectly)
to remove a record when it becomes stale? This check
box is for DYNAMIC records 99.999% of the time and
should be left clear/open.

What do we need to do to get proper NS records for our nameservers?

Add them manually and make sure the server saves
them and doesn't scavening them out due to incorrect
settings.

BUT when I test each one of the four DNS servers
they all return the same four NS records and each
has the A records so if you haven't done something to
fix it already it SEEMS to working just fine:

nslookup -q=ns sandh.com. extns1.sandh.com
nslookup -q=ns sandh.com. extns2.sandh.com
nslookup -q=ns sandh.com. dns1.sandh.com
nslookup -q=ns sandh.com. dns2.sandh.com

All return:

sandh.com nameserver = extns1.nuvox.net
sandh.com nameserver = extns2.nuvox.net
sandh.com nameserver = dns1.sandh.com
sandh.com nameserver = dns3.sandh.com

extns1.nuvox.net internet address = 64.89.70.4
extns2.nuvox.net internet address = 64.89.74.4
dns1.sandh.com internet address = 70.43.164.213
dns3.sandh.com internet address = 70.43.164.225

 

[Phil]

BUT when I test each one of the four DNS servers
they all return the same four NS records and each
has the A records so if you haven't done something to
fix it already it SEEMS to working just fine:

Thank you for your message. Although it may appear to be working properly,
the issues that are troubling are:

1. Our customers report that entries such as urp.sandh.com sometimes do not
work, but sometimes do work. We have an entry for urp, but we have not told
NuVox to add it to their DNS server. Other entries that are in both our DNS
zone file and also in NuVox zone file seem to always work. So we suspect
that some other name servers are going to NuVox despite the fact that we are
listed as the primary server, and we are running without problems.

2. The error message we're getting from DNSReports that we do not have NS
records for the nameservers specified by our parent nameserver. By the way,
who is our "parent" name server?

3. When we add 'A' records to the zone file and then load and save the zone
file using Windows DNS manager application, the 'A' records get removed.

 

[Herb Martin]

Thank you for your message. Although it may appear to be working properly,
the issues that are troubling are:

1. Our customers report that entries such as urp.sandh.com sometimes do
not
work, but sometimes do work. We have an entry for urp, but we have not
told
NuVox to add it to their DNS server.

Clients must use (Preferred and Alternate) DNS server (set)
that will ALWAYS return precisely the same (and correct)
answers.

If your customers use the external servers which do not
have those addresses then you must ensure that those
records appear there too.

If customers use other DNS servers which recurse to
find your DNS servers for your zone then you have NO
way to predict which of the four will be used.

BTW, if this is not a single Primary with Secondaries
(on update at the primary updates them all) then it is
likely setup incorrectly.

If you are trying to isolate an Internal DNS Server set
from the Internet then this is NOT the way to setup
that design (which is called Shadow DNS.)

Other entries that are in both our DNS
zone file and also in NuVox zone file seem to always work. So we suspect
that some other name servers are going to NuVox despite the fact that we
are
listed as the primary server, and we are running without problems.

Primary and Seconary have NO meaning for clients or
other DNS servers doing record lookups.

ALL of your DNS servers must return precisely the same
answers if they are all listed.

It very much sounds like you have attempted to setup
Shadow DNS (aka Split DNS) and done it incorrectly.

2. The error message we're getting from DNSReports that we do not have NS
records for the nameservers specified by our parent nameserver. By the
way,
who is our "parent" name server?

..Com servers (of course) The world finds (all of, any of)
your public name servers by recursing from Root ("."-dot)
to Com to sandh.com DNS servers.

These seem to be listed with .Com:

dns1.sandh.com internet address = 70.43.164.213
dns3.sandh.com internet address = 70.43.164.225
extns1.nuvox.net internet address = 64.89.70.4

3. When we add 'A' records to the zone file and then load and save the
zone
file using Windows DNS manager application, the 'A' records get removed.

Stop checking the expiration box and allowing the
records to be removed by the scavenger.

Records do not (in general) just disappear from zone
files unless something specific (or someone) deletes
them.

Are there other machines registering those same names?

 

[Phil]

If customers use other DNS servers which recurse to
find your DNS servers for your zone then you have NO
way to predict which of the four will be used.

That's news to me. I thought when we specified the DNS server order with
NetworkSolutions that specified the order in which DNS lookups for our sites
would be done.

 

[Herb Martin]

That's news to me. I thought when we specified the DNS server order with
NetworkSolutions that specified the order in which DNS lookups for our
sites
would be done.

In general no. Were that true then practically all
requests would go the #1 and that would eliminate
performance and fault tolerant advantages of multiple
DNS servers.

Clients and resolving DNS servers have no concept
of "primary" or "preferred" DNS server -- typically
the list is returned using Round Robin but multiple
DNS servers will usually be tried until one is found
that works (or using the fastest to respon.)

Why are you even sharing responsibilities for public
DNS with Network Solutions?

Generally your public DNS belongs TOTALLY at the
registrar unless you are one of the largest Internet
presences (including perhaps Universities). In those
rare cases it belongs totally with you (but remember
this is a poor idea for most companies.)