Ping don't resolve www.domain.gob.sv but it does resolve domain.gob.sv on server

Question

I've been with this WEIRD problem on my server. I've been setup a DNS server (BIND) for two domains, but somehow in one of them do not resolve with www. I tried with CNAME an A record with no luck. (The same configuration is in the other domain)

$TTL 4h
$ORIGIN transparenciaactiva.gob.sv.
@           IN  SOA     ns1.domain.com.    root.transparenciaactiva.gob.sv. (
                2014030301    ; serial
                4h      ; refresh (4 hours)
                1h      ; retry (4 hours)
                2w      ; expire (2 weeks)
                1h      ; minimum (1 hour)
                )

            IN  NS      ns1.domain.com.
            IN  NS      ns2.domain.com.

            IN  A       178.63.84.xxx
www    IN  CNAME   @

Ping gives me this error:

ping: unknown host

host -a www.transparenciaactiva.gob.sv

Trying "www.transparenciaactiva.gob.sv"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22245
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.transparenciaactiva.gob.sv.    IN  ANY

;; ANSWER SECTION:
www.transparenciaactiva.gob.sv. 242098 IN CNAME 178.63.84.xxx.transparenciaactiva.gob.sv.

In some places the ping works in other places the domain with "www" points to 127.0.0.1 but without points to te server, also the domain with "www" it doesn't works at all in the server itself.

Any ideas on this issue?

Thanks in advance.

Cannot find the reference but if I remember correctly a CNAME cannot point to a @ record. You should set "www IN CNAME transparenciaactiva.gob.sv." — JFL, Sep 07 '15 at 12:16
@JFL If you look at the zone file, he already has an A record for apex and the CNAME is only for www. — ceejayoz, Sep 07 '15 at 12:17
@JFL I've tried it too, but the same result. I found this is the "proper and beautiful" way to do it, not sure. — AndreX, Sep 07 '15 at 15:59
If `www.domain.com` is a CNAME for `domain.com`, that means they have the same records. So if `ns1.domain.com` is a nameserver for `domain.com`, it must also be one for `www.domain.com`. But if you must setup a zone for `www.domain.com` if it's a CNAME for `domain.com`, what good does the CNAME do you? You could set up a zone without a CNAME. So if you need the CNAME, it's insufficient, and if you don't need it, why have it? Your configuration doesn't make any sense. — David Schwartz, Sep 07 '15 at 19:53

score 3 · Answer 1 · answered Sep 07 '15 at 12:07

You may be a victim of DNS caching. I see your DNS just fine. Here's the host output on my PC.

$ host transparenciaactiva.gob.sv
transparenciaactiva.gob.sv has address 178.63.84.140
transparenciaactiva.gob.sv mail is handled by 1 aspmx.l.google.com.
transparenciaactiva.gob.sv mail is handled by 5 alt1.aspmx.l.google.com.
transparenciaactiva.gob.sv mail is handled by 5 alt2.aspmx.l.google.com.
transparenciaactiva.gob.sv mail is handled by 10 aspmx2.googlemail.com.
transparenciaactiva.gob.sv mail is handled by 10 aspmx3.googlemail.com.
$ host  www.transparenciaactiva.gob.sv
www.transparenciaactiva.gob.sv has address 178.63.84.140

I suggest that when debugging DNS, use an external service (Google yields several results). This helps checking that cache is not an issue. Also, TTL can make things hard to debug changes, so a little patience may be important.

Yes, in some ISPs doesn't show the page. I've asked to do ping to the domain and this is the result: (http://i.imgur.com/I4aNnE7.png) Now, I understand when this is a DNS "propagation" problem, and it solves using Google DNS, but, my question here is why the server cannot ping to www. domain but it does to the other, I have another server in the same datacenter and it works both, I don't get it at all, BTW, the domain is hosted in the server itself to. — AndreX, Sep 07 '15 at 15:53

Håkan Lindqvist · Accepted Answer · 2015-09-07T18:31:12.030

The delegation says:

transparenciaactiva.gob.sv. 43200 IN    NS      transparenciaactiva.gob.sv.
transparenciaactiva.gob.sv. 43200 IN    NS      glen.ns.cloudflare.com.
transparenciaactiva.gob.sv. 43200 IN    NS      michelle.ns.cloudflare.com.
transparenciaactiva.gob.sv. 43200 IN    A       178.63.84.140

If you query glen.ns.cloudflare.com. or michelle.ns.cloudflare.com. they respond with:

transparenciaactiva.gob.sv. 86400 IN    NS      michelle.ns.cloudflare.com.
transparenciaactiva.gob.sv. 86400 IN    NS      glen.ns.cloudflare.com.

However, if you query 178.63.84.140 (based on glue for delegation NS record pointing to transparenciaactiva.gob.sv) you get this:

transparenciaactiva.gob.sv. 14400 IN    NS      ns1.gobabierto.com.
transparenciaactiva.gob.sv. 14400 IN    NS      ns2.gobabierto.com.

You will have to decide which name servers you are actually going to be using and then ensure that the delegation NS records (and glue if appropriate) and the authoritative records actually match, otherwise you will get inconsistent results.
Right now there appears to be a mix of three different sets of nameservers (likely hosting zones with different data) in play.

Thank you for your answer, I really don't get it, because it is true that the domain it is pointing to name servers ns1.gobabierto.com and ns2.gobabierto.com and gobabierto.com is handled by cloudflare, before it was handled by GoDaddy, I moved it just for error trial, what is the real problem on this? Please, check gobiernoabierto.gob.sv which is in the same configuration and it is working "normally". — AndreX, Sep 07 '15 at 23:51
@AndreX Did you check the delegation (through your registrar)? That, as I pointed out, points to a different set of nameservers compared to what you say is true. — Håkan Lindqvist, Sep 08 '15 at 07:06

Ping don't resolve www.domain.gob.sv but it does resolve domain.gob.sv on server

2 Answers2