Why is my domain failing on some DNS servers?

Question

I'm having some problems with my domains on some DNS servers. For instance, opencraft.org gives a SERVFAIL message on a number of domain servers around the world. It resolves fine from Google's DNS:

dig www.opencraft.org @8.8.8.8

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> www.opencraft.org @8.8.8.8
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41236
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.opencraft.org.             IN      A

;; ANSWER SECTION:
www.opencraft.org.      86400   IN      A       76.74.253.37

;; Query time: 408 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 25 10:05:59 2011
;; MSG SIZE  rcvd: 51

But with Singtel's DNS (and a number of others around the world), it fails:

# dig www.opencraft.org @165.21.83.88

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> www.opencraft.org @165.21.83.88
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26216
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.opencraft.org.             IN      A

;; Query time: 219 msec
;; SERVER: 165.21.83.88#53(165.21.83.88)
;; WHEN: Mon Apr 25 10:05:15 2011
;; MSG SIZE  rcvd: 35

Why?

score 2 · Answer 1 · answered Apr 25 '11 at 00:52

2

Verify that your glue records are correct. Without going into a long tutorial, there are reasons why some DNS servers are able to resolve without resorting to the glue records, while others must do so.

answered Apr 25 '11 at 00:52

John Gardeniers

27,458
12
55
109

score 0 · Answer 2 · answered Apr 25 '11 at 01:15

I noticed you have two namservers listed for opencraft.org:

$ dig -t ns opencraft.org

; <<>> DiG 9.4.3-P3 <<>> -t ns opencraft.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1394
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;opencraft.org.         IN  NS

;; ANSWER SECTION:
opencraft.org.      86400   IN  NS  ns1.vivitec.com.au.
opencraft.org.      86400   IN  NS  ns2.vivitec.com.

;; ADDITIONAL SECTION:
ns2.vivitec.com.    1685    IN  A   76.74.253.37
ns1.vivitec.com.au. 1685    IN  A   111.223.232.30

;; Query time: 88 msec
;; SERVER: 68.87.76.182#53(68.87.76.182)
;; WHEN: Sun Apr 24 18:11:03 2011
;; MSG SIZE  rcvd: 124

When I query the first nameserver directly for www.opencraft.org, I get: 111.223.232.30, when I hit your second nameserver, I'm told to go to: 76.74.253.37. Looking at the records above, it seems you have made the www host resolve to the same IP address as the DNS server.

This tells me you are not running a master slave DNS configuration and looks like you are attempting some geo-IP based config.

If you've updated these entries recently, you'll need to wait for them to propagate to caching nameservers around the net.

Why is my domain failing on some DNS servers?

2 Answers2