Secondary DNS servers

Quick questions about secondary dns servers. I have 3 dns servers I am running located here:

My master DNS server is located at:
ns1.aphexnetworks.com

And the two secondary or slave DNS servers at:
ns2.aphexnetworks.com and ns3.aphexnetworks.com

The problem is that whenever the primary DNS server goes offline, for example just now i had it down for about 5 minutes, the entire aphexnetworks.com domain stops resolving. Shouldn't the secondary DNS servers pickup the slack, i thought that's what they were there for. Thanks!

Only ns1 is answering my queries. Queries to ns2 and ns3 are timing out from my end. Is the DNS service running on these two boxes?

yeah, cause he gave dns crawler links to his 2 secondary servers and they both return responses. But AXFR requests use TCP. It's your UDP port 53 that needs to be opened.

Since I have posted the first message the domain aphexnetworks.com is STILL not resolving. UDP is open on ns1 and the server is up and running so that one should work at least. Though your saying for ns2 and ns3 that I should open up UDP? I thought only TCP was needed, my bad.

yeah, open UDP and tell us if there's any more problems.

Well SilentRage, I have UDP open on ns1.aphexnetworks.com, still waiting on our ISP to open the UDP on ns2 and ns3. Even though those two aren't open yet, as of right now, the name should still resolve because ns1 has it open. At least it was working that way. Then I moved the server that ns1 is hosted on to a different part of my server room and now the domain is dead. I have no idea why it isn't working anymore now, everything is the same. So frustrating

ns1 is crapping out cause it is returning non-authoritative results:

dig @24.106.162.250 aphexnetworks.com

Now as for why it is returning non-authoritative... My best guess is that you configured that zone as a slave, and it hasn't been able to reach the master for a long time and the zone contents has expired (in your case after 1 week).

This machine is configured to be the master dns in every capacity that I KNOW of. I have attached the configuration files that are running on this machine. The odd part is that it was working, I then shutdown the machine, unplugged it, moved it, started it back up and bam, now it doesn't work. Hopefully these configuration files will lend some insight into the whole situation.

Reboot all your networking hardware on your end. Moving machines around that are on switches tends to cause them to become unreachable because the routers are still looking in the old location (network plug).

By the way, rage is right you must have UDP port 53 open on the other nameservers or they'll never be used, and they will become "sleath" nameservers, which could also be causing your current problem.

Regards,
Alan

I just asked your server what version it is, and it timed out. What server are you using? If BIND, what version is it?

I'm using BIND9.2.3 and the ICS Bind service is up and running. I will go ahead and reboot all of my networking equipment like alangrah suggested as well. Also my ISP has informed me that UDP is also now open on ns2.aphexnetworks.com and ns3.aphexnetworks.com as well.

I'm not confident that rebooting network equipment will have anything to do with whether BIND returns authoritative for your zone. I've done a bunch of research as to why a master zone would return non-authoritative. So far the only thing I found was a guess by another DNS guru (Verisign's Mr. DNS) that there were syntax errors in the zone file which BIND marked as non-authoritative records - or marked the entire zone as non-authoritative. However, I've plugged your exact zone contents into a test zone I setup on the Zone Manager on my account, and it returns authoritative fine.

So now I want to see the results of this command at the commandline:

WINDOWS 2000
C:\WINNT\SYSTEM32\dns\bin>named.exe -g

LINUX/UNIX
named -u named -g

The results of the named.exe -g are as follows

Apr 30 12:12:06.120 starting BIND 9.2.3 -g
Apr 30 12:12:06.120 using 1 CPU
Apr 30 12:12:06.150 loading configuration from 'C:\WINNT\system32\dns\etc\named.
conf'
Apr 30 12:12:06.170 set maximum stack size to 0: not implemented
Apr 30 12:12:06.170 set maximum data size to 0: not implemented
Apr 30 12:12:06.170 set maximum core size to 0: not implemented
Apr 30 12:12:06.170 set maximum open files to 0: not implemented
Apr 30 12:12:06.180 listening on IPv4 interface Loopback Interface 1, 127.0.0.1#
53
Apr 30 12:12:06.190 listening on IPv4 interface TCP/IP Interface 2, 192.168.1.12
#53
Apr 30 12:12:06.290 command channel listening on 127.0.0.1#953
Apr 30 12:12:06.360 ignoring config file logging statement due to -g option
Apr 30 12:12:06.380 zone 24.106.162.in-addr.arpa/IN: loaded serial 2004041700
Apr 30 12:12:06.390 zone aphexnetworks.com/IN: loaded serial 2004042501
Apr 30 12:12:06.410 zone theyoungz.com/IN: loaded serial 2004042590
Apr 30 12:12:06.430 zone digitalyoung.net/IN: loaded serial 2004042522
Apr 30 12:12:06.440 running

Did you shut down BIND first before doing that or something? If you did, that's ok, I just expected to see some fails when it tries to listen on ports already listened on.

No bind was up and running. So im guessing since you thought bind was not running that I have some issue with the ICS BIND server then?