DNS Server (MS) returns NXDOMAIN, original returns NOERROR

Question

My ISP has recently made a "small change" to their own DNS server configuration. As a possible coincidence, this is about the same time as I came across a local DNS problem (who knows, it could be unrelated and linked to a WinUpdate patch about the same time)

I seem to be receiving different results when querying my local (Win2003) DNS Server, and querying the ISP's DNS Server.

I can't work out what has changed (or what is mis-configured)

1 - mail.wilmot.me.uk has a CNAME to wilmot.me.uk.mail.aaisp.net.uk  
    (as per [ISP Support page](http://aa.nu/kb-broadband-email.html/))
1b - wilmot.me.uk.mail.aaisp.net.uk resolves to 81.187.30.14, 81.187.30.19

2 - mail2.wilmot.me.uk (quick workaround added earlier)
    CNAME to mail.aaisp.net.uk
    Resolves to 81.187.30.14, 81.187.30.19

---

The problem is:

Against the local server (10.0.0.2) ... (A Win2003 box)

• When I lookup mail.wilmot.me.uk , I get an NXDOMAIN.
• When I lookup mail2.wilmot.me.uk , I get the IP address(es) expected.

However, if I switch to the ISP's resolver (217.169.20.20)

• When I lookup mail.wilmot.me.uk , I get the IP address(es) expected.
• When I lookup mail2.wilmot.me.uk , I get the IP address(es) expected.

So, why is the local DNS server treating mail and mail2 differently, and yet the ISP's server is respondig as expected

---

Results (filtered below) .. Edited after original copy/paste errors

From 10.0.0.2

C:\>nslookup -debug mail.wilmot.me.uk. 10.0.0.2
-----------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer
        questions = 1,  answers = 1,  authority records = 1,  additional = 0

    QUESTIONS:
        mail.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail.wilmot.me.uk
        canonical name = wilmot.me.uk.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        ttl = 600 (10 mins)
        primary name server = auth.primary-dns.co.uk
        responsible mail addr = a.k.gg
        serial  = 2010021105
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 600 (10 mins)
------------
*** box2.data-utilities.co.uk can't find mail.wilmot.me.uk.: Non-existent domain

and: (mail2.wilmot.me.uk)

C:\>nslookup -debug mail2.wilmot.me.uk. 10.0.0.2
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        mail2.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail2.wilmot.me.uk
        canonical name = c.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  c.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 656 (10 mins 56 secs)
    ->  c.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 656 (10 mins 56 secs)
------------
Non-authoritative answer:
Name:    c.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

---

However, when going direct to the ISP's server, the results appear OK

C:\>nslookup -debug mail.wilmot.me.uk. 217.169.20.20
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 1,  additional = 0

    QUESTIONS:
        mail.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail.wilmot.me.uk
        canonical name = wilmot.me.uk.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  wilmot.me.uk.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 3600 (1 hour)
    ->  wilmot.me.uk.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        ttl = 3600 (1 hour)
        primary name server = auth.primary-dns.co.uk
        responsible mail addr = support.aaisp.net.uk
        serial  = 1266576116
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 600 (10 mins)
------------
Non-authoritative answer:
Name:    wilmot.me.uk.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail.wilmot.me.uk

and mail2.wilmot.me.uk also works.

C:\>nslookup -debug mail2.wilmot.me.uk. 217.169.20.20
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 2,  additional = 0

    QUESTIONS:
        mail2.wilmot.me.uk, type = A, class = IN
    ANSWERS:
    ->  mail2.wilmot.me.uk
        canonical name = C.mail.aaisp.net.uk
        ttl = 3600 (1 hour)
    ->  C.mail.aaisp.net.uk
        internet address = 81.187.30.19
        ttl = 614 (10 mins 14 secs)
    ->  C.mail.aaisp.net.uk
        internet address = 81.187.30.14
        ttl = 614 (10 mins 14 secs)
    AUTHORITY RECORDS:
    ->  mail.aaisp.net.uk
        nameserver = auth.primary-dns.co.uk
        ttl = 614 (10 mins 14 secs)
    ->  mail.aaisp.net.uk
        nameserver = auth.secondary-dns.co.uk
        ttl = 614 (10 mins 14 secs)
------------
Non-authoritative answer:
Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.19, 81.187.30.14
Aliases:  mail2.wilmot.me.uk

--

Very grateful to any insight into the differences.

I know that I COULD just stick with the workaround, but would rather know the CAUSE of the problem, rather than just how to "make it go away"

Thanks

Answer 1

Your nameservers for wilmot.me.uk are listed at Nominet as being primary-dns.co.uk and secondary-dns.co.uk:

> set type=NS
> wilmot.me.uk
Server:  hi-dc1.hadleygroup.co.uk
Address:  10.1.0.16

Non-authoritative answer:
wilmot.me.uk    nameserver = primary-dns.co.uk
wilmot.me.uk    nameserver = secondary-dns.co.uk

A search of those servers for mail.wilmot.me.uk yields NXDOMAIN:

> server primary-dns.co.uk
Default Server:  primary-dns.co.uk
Address:  81.187.30.41

> set type=A
> mail.wilmot.me.uk
Server:  primary-dns.co.uk
Address:  81.187.30.41

*** primary-dns.co.uk can't find mail.wilmot.me.uk: Non-existent domain

> server secondary-dns.co.uk
Default Server:  secondary-dns.co.uk
Address:  81.187.81.32

> set type=A
> mail.wilmot.me.uk
Server:  secondary-dns.co.uk
Address:  81.187.81.32

*** secondary-dns.co.uk can't find mail.wilmot.me.uk: Non-existent domain

But they can find mail2.wilmot.me.uk:

> server primary-dns.co.uk
Default Server:  primary-dns.co.uk
Address:  81.187.30.41

> set type=A
> mail2.wilmot.me.uk
Server:  primary-dns.co.uk
Address:  81.187.30.41

Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

> server secondary-dns.co.uk
Default Server:  secondary-dns.co.uk
Address:  81.187.81.32

> set type=A
> mail2.wilmot.me.uk
Server:  secondary-dns.co.uk
Address:  81.187.81.32

Name:    C.mail.aaisp.net.uk
Addresses:  81.187.30.14, 81.187.30.19
Aliases:  mail2.wilmot.me.uk

It looks as if during their "update" they've wiped out one of your records. It's possible that the resolver you're using (217...) has got your record cached from before it was removed.

Answer 2

There seem to be some kind of an oddity in your nslookup -d2 mail2.wilmot.me.uk. 10.0.0.2, because it says the question is : mail.wilmot.me.uk, type = A, class = IN. So, I'll base my answer as if you asked for mail and not mail2.

The first one, says NOERROR, it also says : response, want recursion, recursion avail, which means you asked for something, with recursion, and there is recursion, so, it's giving you the CNAME and the A record the CNAME points to, which it may not have known, but it's doing recursion.

The second says NXDOMAIN, it also says : response, auth. answer, which means you asked something, but it's not doing any recursion. You asked for a A record, (see the QUESTION section) it only knows that the answer is a CNAME, but it does not have the A record of that particular CNAME, what the NXDOMAIN means is "I don't have a A answer for you" because it's what you asked for, it does give you the CNAME though, so that you can finish the recursion.

Answer 3

Having been spending more time digging into this, I've found more results (which I've posted below in case it is helpful to someone else looking on this site)

---

I had been using 217.169.20.20 for queries
This would seem to be the ISP's internally-visible resolvers (intended for broadband customers)

However, if I look up the domain "wilmot.me.uk.", the nameservers are actually

  primary-dns.co.uk       internet address = 81.187.30.41  
  secondary-dns.co.uk     internet address = 81.187.81.32

---

I'm in the middle of sorting out the issue with the ISP's tech-support, but it looks as though the "Win2003 Server" is likely to be a complete red herring, and that this is a (hopefully) simpler issue between the ISP's internal and external resolvers.

Answer 4

Final answer seems to be related to the details of the CNAME itself

mail.wilmot.me.ux resolves to wilmot.me.uk.mail.aaisp.net.uk., but this isn't currently returning NS records.

C:\BIND>dig wilmot.me.uk.mail.aaisp.net.uk. +nocomments

; <<>> DiG 9.5.0-P2 <<>> wilmot.me.uk.mail.aaisp.net.uk. +nocomments
;; global options:  printcmd
;wilmot.me.uk.mail.aaisp.net.uk.        IN      A
wilmot.me.uk.mail.aaisp.net.uk. 1176 IN A       81.187.30.14
wilmot.me.uk.mail.aaisp.net.uk. 1176 IN A       81.187.30.19
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Feb 19 15:48:49 2010
;; MSG SIZE  rcvd: 80

Anyway, there's enough to point me in the right direction.