-1

Suddenly 3 of my domains stopped working and browser complained that ERR_NAME_NOT_RESOLVED.

I started debugging on Windows, to find out where the problem might be. I used nslookup and set debug and changed the server to 8.8.8.8 (Google's Public DNS service).

I see a very strange behavior:

  1. 8.8.8.8 returns NXDOMAIN => non-existent domain
  2. Browser again shows the site (I use chrome)
  3. One of these 3 domains shows this URL => earchguide.level3.com/search/ when I write it like http://domain/ in chrome.
  4. Again browser shows ERR_NAME_NOT_RESOLVED
  5. Once in every X tries of nslookup domain 8.8.8.8 resolves the IP

This behavior makes me worried, and I'm not a DNS professional. I know about it, but I need help to find out:

  1. Whether I'm under attack or not
  2. Where the problem might be and how to fix it

Any help is appreciated, and I don't know what more information do you need. Please guide and I'll provide.

Saeed Neamati
  • 451
  • 2
  • 8
  • 18
  • 3
    DNS questions are usually easier to diagnose if you include the domain names you are having issue with – pete Feb 24 '16 at 14:20
  • 3
    I really don't understand how you could expect us to help you without you providing the domain name in question. – joeqwerty Feb 24 '16 at 15:02
  • I agree with the above comments, but it's worth noting that a response of `NXDOMAIN` indicates that your nameservers were 1) reachable, and 2) said that the record did not exist. Beyond that we cannot comment until you provide more information. – Andrew B Feb 24 '16 at 19:08
  • I wanted to provide the domain, but I thought it will make the question too localized. Thus I just phrased it in a general way. And at last I could find out the problem. – Saeed Neamati Feb 25 '16 at 10:54
  • 1
    @SaeedNeamati If you've identified the answer, please either answer your own question and accept it or delete the question. Both of these will prevent it from showing up in unanswered question searches. – Andrew B Feb 25 '16 at 15:14

2 Answers2

1

Limit the DNS query to type A only. On Windows this is done via set type=A command. Then using set debug you can see the questions asked and answered for resolving the name.

Use a free list of DNS services. Just Google for free public DNS services and pick one result. A sample is:

http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

Then trace your domain via many public DNS services. This way you can see in more depth what might be broken.

If nothing is broken on your side, start sending support requests to your registrar, your name server provider, and your ISP. We found out that our registrar had a problem and nothing was wrong on our side.

Saeed Neamati
  • 451
  • 2
  • 8
  • 18
1

I would suggest having a close look at the data on the authoritative end to try to determine if that's where the problem is or if the problem is with the resolver server.

If, for instance, the authoritative servers serve different data or the delegation itself is inconsistent (possibly including servers that are not supposed to be authoritative anymore) it would be expected for answers to change seemingly at random depending on which server provided the answer.


As a quick couple of first things to check, I would suggest:

dig +trace +add example.com NS to get a quick overview of the chain of delegations (worth paying special attention to delegation NS and glue A/AAAA records vs the authoritative records).

dig +nssearch example.com to get a quick overview of which version is served by which server.

Håkan Lindqvist
  • 35,011
  • 5
  • 69
  • 94