1

Currently I have a domain and rent a dedicated server for it. It runs a windows port of BIND (installed by/maintained by Plesk) and provides DNS relevant to my domain

I'm looking to wind down that dedicated server and have purchased another one (from OVH, as it happens) onto which a lot of my services have moved, but I haven't installed any DNS daemon on the new server. Instead I've created a zone for my domain on OVH's DNS servers via their control panel

Their support tell me that the last step I need to execute to switch everything over is to nominate their DNS servers as responsible for my domain, on the config pages of the registrar

The reason I haven't done so so far is that I cannot get their DNS servers to answer any queries! If I do this on my OVH server (note: ns108 is the DNS server that they have allocated to my account):

c:\> nslookup
> server ns108.ovh.net
Default Server:  ns108.ovh.net
Addresses:  2001:41d0:1:1998::1
            213.251.128.152

> google.com
*** ns108.ovh.net can't find google.com: No response from server




> server 213.251.128.152
Default Server:  [213.251.128.152]
Address:  213.251.128.152

> google.com
*** [213.251.128.152] can't find google.com: Query refused

As noted their techs say "just switch it over, it'll all work fine", but it doesn't seem like much of a reassurance. If doesn't matter what domain I put into the query; the response is the same.

Is there a technical reason why their servers won't start responding until I nominate them as responsible for my domain, with the registrar? i.e. is what the techs telling me true, that I can switch and not worry? I don't really want to bring down every site we operate as a result of no-one being able to look up our main domain any more - that would be bad for business..

edit: Update:

I really struggled with inconsistent behaviour of nslookup here - the solutions below advised me to specify the OVH DNS server on the command line - I thought I HAD specified it (in the way I was using nslookup, by issuing a server dns108.ovh.net command after running nslookup) but it never worked out. I've since determined that it does work when specified in interactive mode, if I use the IPv4 IP of the server rather than its name. I can only assume it's because specifying by name in interactive mode causes the lookup of the server to return an IPv6 address (first) and I suspect this is the one being used, as my system isn't configured for IPv6

Working:

c:\> nslookup mail.mydomain.com dns108.ovh.net

c:\> nslookup mail.mydomain.com 213.251.188.152

c:\> nslookup
>server 213.251.188.152
>mail.mydomain.com

Not working:

c:\> nslookup
>server dns108.ovh.net
Default Server:  dns108.ovh.net
Addresses:  2001:41d0:1:4a98::1
            213.251.188.152
>mail.mydomain.com

c:\>ping 2001:41d0:1:1998::1
Pinging 2001:41d0:1:1998::1 with 32 bytes of data:
PING: transmit failed. General failure.

Thanks to all who helped me get to the bottom of this.. Apologies for the misdirection earlier, putting google.com into the example commands - i was using my actual domain, but also trying google and other common names for comparison. My understanding of DNS is now much improved!

Caius Jard
  • 165
  • 1
  • 1
  • 8
  • I would not expect them to resolve google for you. That said, if you have entered your records into their DNS server and they won't respond until you delegate to them, I would just use a real DNS provider, especially if this is for something business critical. Or perhaps add them as a third/fourth if you have already spent money, so they activate your records... I personally would not use a DNS provider that pulls that stunt. Route53 does this too. – Aaron Jun 08 '17 at 13:39
  • 1
    Why are you asking their DNS servers to answer queries for domains they're not authoritative for? I don't understand how you think that will tell you anything about your domain. The DNS servers that you're using are clearly non-recursive and only answer for domains that they're authoritative for. – joeqwerty Jun 08 '17 at 13:52
  • @aaron I added them as third, but it didn't change anything (and their tech obviously looked up what I'd done because they said "what you did there won't work".. but then their tech carried on with the line "there is nothing you can do to test this config ahead of time".. Yet bizarrely the answers here showed me that I could, because the DNS config on their servers is slightly different to the existing server (the mail server is migrating so the OVH server DNS config has the new mail server, the existing one has the old mail server. – Caius Jard Jun 08 '17 at 16:04
  • @joeqwerty Erm.. cos I'm a DNS noob (hence the dumb query here) and I couldn't get their servers to answer any query, not my domain, not google, nada. Now i'm forming an appreciation for what an authoritative vs recursive server, i see that their servers are authoritative and hence will probably only respond when I update godaddy (don't judge;not my shout) to nominate *ns108.ovh.net as authoritative for my domain.. – Caius Jard Jun 08 '17 at 16:07
  • 1
    @joeqwerty If he added his zones to their server, then they are authoritative for them. This does not require changes to root servers. I have put my zones in several DNS providers at once. If you are paying someone to host your zones, then that is what they should be doing, not looking to see if you have pointed the root servers to them yet. Perhaps I am not understanding what Caius is doing. – Aaron Jun 08 '17 at 17:18
  • He's trying to resolve google.com, not his own domain. The name servers are non-recursive and won't resolve names they're not authoritative for. They're not authoritative for google.com. – joeqwerty Jun 08 '17 at 17:31
  • @CaiusJard: I certainly meant no offense and hopefully none was taken. My point was that you should be querying those name servers for your own domain (which they host), not some other domain. Querying for some other domain, whether successful or not, tells you nothing about your domain. – joeqwerty Jun 08 '17 at 17:33
  • Ok, I thought he was trying to do both google.com and his own domains at the new provider. I mis-understood. google for sure won't work. – Aaron Jun 09 '17 at 18:56

2 Answers2

4

You simply don't (yet) understand the difference between authoritative and recursive DNS servers. Therefore, your testing is based on wrong assumptions. Corrected testing at the end of my answer.

In your OVH server, you use cdns.ovh.net as your recursive DNS server. It resolves ANY domain for you, when querying from your OVH server. That's usually preconfigured during installation, so you don't need to change anything. Also, cdns.ovh.net has nothing to do with your domain.

Instead, see OVH's New DNS servers guide:

Attention! : Since February 2007, OVH has implemented a series of new shared DNS servers. To check on which one your DNS domain is hosted, you must go to the OVH Manager, click on the field "Domain & DNS", "DNS Zone" option, and watch the 2 fields of the type NS (like dnsXX.ovh.net and nsXX.ovh.net); so, for a newly created domain, here are the recommended configurations.

The site lists nameservers for different type of services (shared hosting, webhosting, dedicated server), but despite you have a dedicated server, you seem to have chosen to use their DNS servers instead, so what's said on that page doesn't directly apply to you.

You should go with what the OVH Manager and OVH support says. However, based on the pattern on that page I could guess that this server has a pair, and you should always specify at least two nameservers at the registar:

  • Primary DNS: dns108.ovh.net IP : 213.251.188.152
  • Secondary DNS: ns108.ovh.net IP : 213.251.128.152

First test that both these name servers answers authoritatively for your domain. You can do this from your own local computer, as this has nothing to do with your OVH server and serves the whole world, anyway. Here, the example.com represents your domain:

nslookup example.com dns108.ovh.net
nslookup example.com ns108.ovh.net

The servers are ready to be nominated if both tests passes both these conditions:

  1. Both servers answers for your domain and gives expected IP address.

  2. The answers are authoritative i.e. in nslookup there's no line Non-authoritative answer. Here, the b.iana-servers.net is authoritative for example.com but the cdns.ovh.net isn't:

    $ nslookup example.com b.iana-servers.net
Server:         b.iana-servers.net
Address:        2001:500:8d::53#53

Name:   example.com
Address: 93.184.216.34

$ nslookup example.com cdns.ovh.net
Server:         cdns.ovh.net
Address:        2001:41d0:3:163::1#53

Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34

Hint: if OVH says the DNS for your domain is working, there's no reason to believe the tests wouldn't pass. They know what they are doing. But this is what you can do if you are still really suspicious.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • See, that's what I thought i was doing with my nslookup when i first issued the command `server ns108.ovh.net` before i tried looking up my/any domain.. It looks like there is some subtle difference between doing `nslookup mydomain.com ns108.ovh.net` and doing `nslookupserver ns108.ovh.netmydomain.com`.. Because your way does use the OVH server and it does respond. My way doesn't work; interested to know what the difference is.. But, thanks! you've taught me something there – Caius Jard Jun 08 '17 at 15:58
3

I’d imagine that their name server has been configured to not respond to recursive queries and that the name server should only answer requests for domain names that it is authoritative for. The second response replies with Query refused as would be expected for a non-recursive name server.

I see that you have created a zone for your domain on their DNS servers via their control panel. You should try using nslookup with their name server (as you’ve shown) to query your own domain name – not google.com.

nslookup yourdomain.com ns108.ovh.net

If that works, you can then go to your registrar’s interface to set their name servers as the authoritative name servers for your domain.

Anthony Geoghegan
  • 2,875
  • 1
  • 24
  • 34