[NCLUG] Carputer / Megasquirt

Bob Proulx bob at proulx.com
Thu Oct 14 14:44:11 MDT 2010 

Neil Neely wrote:
> It looks like they have removed their own A records that defined what
> ns1.msefi.com resolves to.

Agreed.  Missing ns2 as well.

> I've never seen this particular combination before, but it is definitely
> wrong.

Definitely wrong.  If you had a spare domain handy then you could try
removing the NS records and seeing if the problem it created was
similar.  Might be an interesting learning experiment.  But at this
point would it matter?  We know they have something to fix.  We can't
fix it for them.  All we can do is nag them until they do something
about it.

Farside Comic:
  The picture shows a bunch of guys in lab coats are looking out a
  picture window at a bunch of goofy looking people who are looking in
  and making faces.  One of the scientists is saying, "Yes, they're
  all fools gentlemen...  But the question remains; what kind of fools
  are they?"

> As for why some places can resolve it and some can't - my assumption lacking
> better data is DNS caching.  DNS records often cache for a long time, and it
> is generally thought of as a best practice to set the TTL on an NS record
> very long so it will cache as long as possible.  Though it is also possible
> that comcasts DNS resolvers are just behaving differently (preserving the
> glue and not trusting the authoritative answer).

Or maybe the way different resolvers handle the error is what causes
the difference in behavior.  Most of the net is running BIND
nameservers.  But there are other families of nameservers.  Perhaps
one of the others falls back to using the NS values obtained from the
top level root servers?

I am guessing that if we had a complete list of sites "working" and
not working that the nameservers and resolver libraries they were
using were from different software families.  Since this is definitely
an error case it isn't one that is mainstream and gets a lot of
exercise.  But possibly one of the other nameserver types works around
the problem and returns a result anyway?

> FRII just uses BIND, so is pretty vanilla as far as that part of the
> configuration goes.

Same here.  And also BIND on every site that I have checked that can't
resolve the names.  But that isn't a ding against BIND.  It is an
error and shouldn't be expected to work.  Actually I think it is good
to have those types of problems shown in a big banner so that they get
fixed!

Bob

More information about the NCLUG mailing list