1

I've being trying to change DNS records in a .DE domain (waverocker.de), but it's impossible! I have the same domain as .ORG and as .CH and no problem there, but with .DE version it's impossible.

Always gives back an "error while updating domain name: Nameserver error". I'm checking with https://zonemaster.net and the only red error that I get it's that my IP refers to multiple nameservers.

How can I change my DNS records in this .DE domain? Why it works fine with other domains but not with .DE?

Roberto Meijide
  • 13
  • 7

2 Answers2

2

Have a look at DeNIC's Nameserver Predelegation Check.

Short version: your DNS servers for waverocker.org don't actually allow querying waverocker.de.

towo
  • 1,887
  • 14
  • 12
  • I've just checked and I've got these errors: Warning 102 Provided glue records not applicable (NS) waverocker.de IN NS vps139700.ovh.net /37.187.218.240 Error 107 Insufficient diversity of nameserver's IP addresses (# expected, # found) 2 1 Warning 102 Provided glue records not applicable (NS) waverocker.de IN NS ns1.juanandjuan.com /37.187.218.240 – Roberto Meijide Mar 22 '18 at 14:52
1

You are trying to use a single server in two different NS records for the same domain, and using the same server twice is against IANA Technical requirements for authoritative name servers.

NS1.JUANANDJUAN.COM.    IN      A       37.187.218.240
VPS139700.OVH.NET.      IN      A       37.187.218.240

Minimum number of name servers

There must be at least two NS records listed in a delegation, and the hosts must not resolve to the same IP address.

Network diversity

The name servers must be in at least two topologically separate networks. A network is defined as an origin autonomous system in the BGP routing table. The requirement is assessed through inspection of views of the BGP routing table.

Your .org, .ch and .net has three nameservers, of which one has a different IP address:

Name Server: SDNS2.OVH.NET
Name Server: VPS139700.OVH.NET
Name Server: NS1.JUANANDJUAN.COM

sdns2.ovh.net.          IN      A       213.251.188.141

But, this server doesn't meet other requirement by not answering authoritatively (nor at all) for the queries: it simply isn't aware of waverocker.org / .net / .ch / .de at all.

Answer authoritatively

The name servers must answer authoritatively for the designated zone. Responses to queries to the name servers for the designated zone must have the “AA”-bit set.

This will be tested by querying for the SOA record of the designated zone with no “RD”-bit set.

There are two possible reasons for this to work with the other TLDs than .de:

  1. The tests for them were made before the sdns2.ovh.net stopped to work as a secondary.
  2. The .de might be more strict with the IANA requirements. The difference could be e.g. that it doesn't do a single test for each condition alone: there are two different IP addresses and two of the NS records are working because the single DNS server is answering authoritatively. However, the overall condition doesn't meet the requirements and there could be tests for that.

What to do?

  • Get a working secondary and test it answers authoritatively for all your domains.
  • Remove the duplicate record and only refer to 37.187.218.240 once.
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129