-1

Over the last month my website https://www.storehouseno9.com has sporadically not been found by various users trying to get to my site. I've only experienced this issue once or twice, but it's a consistent issue for many of my users, and I cant seem to figure out what's causing it.

The domain is managed by Network Solutions, and the site is hosted with Shopify. I've followed their setup instructions meticulously, spoken to both companies support teams, but still haven't received an answer on how to fix the issue. Shopify mentioned that it could possibly be that "My root needs a correct A Record", but I believe my A Record and CNAME Records are correct.

If someone could shed some light on this I would be incredibly grateful.

Thanks,

Preston

Preston
  • 3
  • 1
  • There are multiple DNS servers involved in the resolution. Some with CNAME, some with A, with a non working A, with a working A... found those failing IPs: 141.8.225.31 141.8.225.68 and this working: 23.227.38.64 . resolution can come from storehouseno9.com's DNS servers or myshopify.com's DNS servers. This inconsistency is a bit of a mess. It appears to be at storehouseno9.com servers which when queried return a CNAME *and* an extra wrong A for shops.myshopify.com . Probably a migration done but cleanup forgotten – A.B Mar 24 '18 at 18:56
  • A.B, I really appreciate your input. I've made some changes based on the suggestions here so hopefully I'll get this mess sorted out. Thanks! – Preston Mar 24 '18 at 19:14
  • Use online troubleshooting tool, and see that you have many errors in your DNS configuration, some related to DNSSEC: http://dnsviz.net/d/storehouseno9.com/WranJw/dnssec/ You will seriously need to improve your setup. – Patrick Mevzek Mar 24 '18 at 19:31

1 Answers1

2

I see intermittent DNS failures when trying to resolve your domain name. So let's start at the beginning. I see in your whois record:

Name Server: NS49.WORLDNIC.COM
Name Server: NS50.WORLDNIC.COM
Name Server: DNS1.REGISTER.COM
Name Server: DNS2.REGISTER.COM

This is probably the root cause of the problem. You seem to have registered nameservers from two different companies, and each of them is returning different data:

$ host www.storehouseno9.com ns49.worldnic.com
Using domain server:
Name: ns49.worldnic.com
Address: 207.204.40.125#53
Aliases: 

www.storehouseno9.com is an alias for shops.myshopify.com.
shops.myshopify.com has address 141.8.225.31

$ host www.storehouseno9.com ns50.worldnic.com
Using domain server:
Name: ns50.worldnic.com
Address: 207.204.21.125#53
Aliases: 

www.storehouseno9.com is an alias for shops.myshopify.com.
shops.myshopify.com has address 141.8.225.31

$ host www.storehouseno9.com dns1.register.com
Using domain server:
Name: dns1.register.com
Address: 216.21.234.71#53
Aliases: 

www.storehouseno9.com has address 141.8.225.68

$ host www.storehouseno9.com dns2.register.com
Using domain server:
Name: dns2.register.com
Address: 216.21.226.71#53
Aliases: 

www.storehouseno9.com has address 141.8.225.68

The first two look OK for a Shopify site; the last two are definitely wrong as they return an A record direct instead of the CNAME shops.shopify.com. In my tests I also saw several other IP addresses returned. A survey of those addresses on TCP port 443 indicated that not all of them had a web server running on port 443.

You need to figure out which DNS provider you want to use, and have only that provider's DNS servers listed in your whois record. You make this change at your domain registrar:

Registrar: NETWORK SOLUTIONS, LLC.

Being a Network Solutions customer, I would guess you want to delete the two register.com nameservers.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • 1
    A DNS resolver doesn't query the whois records. It will query servers starting from the root and working its way down. For this domain the results are however the same as can be seen from the output of this command `dig +norecurse aaaa www.storehouseno9.com @2001:503:d2d::30`. The IP here I picked randomly among the glue records from the root. Pointing glue records to two different providers is only bad if you aren't keeping the zone in sync between the two providers. And those records being out of sync is indeed the most likely root cause for the problem. – kasperd Mar 24 '18 at 19:11
  • @kasperd RIght, the glue records are wrong. But the whois record is usually the most obvious place to find such problems. – Michael Hampton Mar 24 '18 at 19:12
  • Michael, thank you so much for your assistance with this situation. This was incredibly helpful! I've made the changes you suggested. Hopefully once everything's propagated it'll straighten out. Either way, thank you for taking time out of your day to assist me with this. – Preston Mar 24 '18 at 19:12
  • @MichaelHampton By doing the same queries with `dig` that a recursor would have done I get to see what the recursor would see. I find that about as obvious as it can get. And it can reveal other problems which you don't see in the whois records - including glue records at other layers of the hierarchy. – kasperd Mar 24 '18 at 19:20
  • @kasperd, I really appreciate your input as well, mate. Thanks for the assistance. – Preston Mar 24 '18 at 19:25
  • 1
    whois records are not the good information to start DNS troubleshooting, you should only use what is published (at parent zone first, and then at authoritative nameservers of the zone). – Patrick Mevzek Mar 24 '18 at 19:32
  • 1
    You have online troubleshooting tools that do everything for you: https://dnsviz.net and https://zonemaster.net/ they are good tools for public use. – Patrick Mevzek Mar 24 '18 at 19:33