Site Check
Wednesday, July 2nd, 2008 - 10:30am
Our network admin did some work to our dns server yesterday (with the help of MS tech support) and they enabled dynamic updates for our dns server. Basically, it screwed up our dns entries and our web site (added several same as parent records). We thought we had everything corrected but we've had a few reports of people not able to get to the site. I wanted to see if people could go to http://www.cornellcollege.edu and simply see if they could get to the site (simple that it shows up and is not an error message or an under construction message). If you can't get to the site, can you tell me who your isp is. If you can just post a works message. Thanks.
Getting killed, though? In a way that you don't like? Suck it up, Gertrude.
Works for me
Fletcher wrote:
A-OK on my end.
XBL: NSMike | Steam | PSN: NSMike | Wii Friend Code: 7763 1519 2475 2278 | GWJ Google Calendar
Works here, too.
"What do you think you're doing?"
"I'd say I was joining the winning team, but that'd imply there existed a time when I wasn't on team evil."
Looks fine.
LiquidMantis wrote:
I don't know who my ISP is. It's work and we actually route our network traffic through VA.
Fedaykin98 wrote:
wordsmythe wrote:
We did some checking and it looks like several isps still have our old dns servers. Hopefully we can figure out how to get them to update. Thanks for the checks.
Getting killed, though? In a way that you don't like? Suck it up, Gertrude.
Server not found.
Couldn't tell you who's server it's coming from, as my DNS is fed from corporate, who gets it from....
Our local DNS and ns1.cisco.com both report 144.62.8.10, is that correct?
Grenn wrote:
Server not found, I'm on a west coast US navy pipe.
Do you ever walk alone like a drifter in the dark?
All is A OK from the Oklahoma city Pipes.
*Legion* wrote:
I run my own DNS, and it's broken here. Badly.
Starting from the root, asking c3.nstld.com, an nslookup for type NS says:
Basically, your entries with your provider are badly bollixed. You're telling the world that all six of these servers are authoritative for you. At least two of them, ns51 and ns52, know nothing about cornellcollege.edu at all, and say NXDOMAIN. This is bad. This means that 1/3 of the time, queries will outright fail.
MNS01 and MNS02 are authoritative, but they say that only they are the nameservers for cornellcollege.edu; they don't know about dns1 and dns2 in cornellcollege.edu. They don't have A records for those servers either, meaning that any DNS servers trying to find dns1 and 2 via MNS01 and 02 will be stopped dead.
Only remote servers that try first on dns1 and dns2.cornellcollege.edu will work entirely correctly. Remote servers that try ns51 and ns52 will fail outright. Servers that try MNS01 and MNS02 may or may not fail, depending on how they do their resolution. Most should work, but some may not.
The fastest and easiest fix is to just remove all the domaincontrol servers from your WHOIS record at your provider. This will fix the problem for new lookups within five minutes, although there will still be disruptions from bad cached values for awhile, possibly as long as a week. (it depends on what you set your TTLs at.)
If you really do want all six servers (which isn't a terrible idea), then you need to get them all in sync with each other; they all need to know about the existence of all the other servers. You'd probably set one server as the master, and have all the others sync from that one. That will fix things faster, but it's a lot more complex, and will take more effort on your part.
In general, when you're going to make changes on your DNS, you first want to drop your timeouts to a very low value, and give it time for your old TTLs to all expire. That means that any changes you make will be reflected net-wide very quickly, since everyone will drop prior results from you almost immediately. If you make a mistake, it's a problem that resolves in a few minutes, instead of a week.
Thanks for the detailed description, Malor. I've passed it on to our network admin. I don't deal with DNS (don't even have the ability to change our DNS settings for our WHOIS provider anymore) so hopefully this will help the net admin.
Getting killed, though? In a way that you don't like? Suck it up, Gertrude.
Works for me, though it could use some SEO
I thought Cornell was in Ithaca. HA HA HA HA
"All that time you waste dating and having sex could be better spent scouring the web for new game developer press releases." - Quintin_Stone
Works through Charter cable internet in WI just fine here.
The measure of a man is how truly his actions reflect his own truth - not how well his actions fall into line with what makes others comfortable.
I just checked via nslookup and WHOIS, and sometime since I last posted, everything's been straightened out and is correct.
Hey, it's working for me now.
Fedaykin98 wrote:
wordsmythe wrote:
Works fine from my end.
Fear the flames...