servers not connecting through certain isps

Dev Shed Forums Sponsor:

January 24th, 2002, 03:55 PM

suprtiger

Junior Member

Join Date: Jan 2002

Posts: 7

Time spent in forums: < 1 sec
Reputation Power: 0

servers not connecting through certain isps

I am assuming that this is a dns problem. It has had me stumped for over a month now and I am not sure why it started or how to fix it. I have 5 web servers that are running 24/7 and one of the servers can be seen by everyone on the internet. However the other four cannot be visited by those that are on a differnt isp than the one that I use.
Example:
http://www.aaa.aaaa.aaa can be seen by everyone
http://other.aaa.aaa.aaa cannot be seen by others
http://next.aaa.aaa.aaa cannot be seen either
and the other two are like this also. My isp says that his settings are correct and that the problem is somewhere else.
Can anyone give me any ideas.
BTW: All machines can be pinged by url or by ip address.

January 24th, 2002, 11:12 PM

freebsd

Contributing User

Join Date: Jan 2001

Posts: 5

Time spent in forums: < 1 sec
Reputation Power: 0

You need to provide us your REAL domains so we can see the problems. This is always true for DNS problems.

You said you have 5 web servers, do you really mean 5 vhosts?

>> My isp says that his settings are correct

40% of DNS out there are somewhat misconfigured, even at ISP/web host level. You tell us all 5 domain names and we will verify that for you.

January 27th, 2002, 07:13 PM

suprtiger

Junior Member

Join Date: Jan 2002

Posts: 7

Time spent in forums: < 1 sec
Reputation Power: 0

The servers are:
www.bigfork.k12.mt.us
vals.bigfork.k12.mt.us
suse.bigfork.k12.mt.us
red.bigfork.k12.mt.us

I have taken two down since I have been working on this problem. They were older servers and I replaced them with one.
The www.bigfork.k12.mt.us will deliver web pages, but the others cannot be seen by everyone.
I can see them at home and at work, but some students cannot see them at home.

January 28th, 2002, 12:44 AM

freebsd

Contributing User

Join Date: Jan 2001

Posts: 5

Time spent in forums: < 1 sec
Reputation Power: 0

You have quite alot of misconfiguration, plus the ns1.cyberport.net and ns2.cyberport.net are lame servers, which don't give authoritative answer for bigfork.k12.mt.us.

1) Your SOA is currently set to:

Code:

$TTL	600
bigfork.k12.mt.us.	IN	SOA	bigfork.k12.mt.us.	vals.bigfork.k12.mt.us.	(
				2002012201; Serial
				1H	; Refresh
				900	; Retry
				600	; Expire
				600 ); Minimum

should be changed to:

Code:

$TTL	86400
bigfork.k12.mt.us.	IN	SOA	www.bigfork.k12.mt.us.	vals.bigfork.k12.mt.us.	(
				2002012722; Serial (my current YYYYMMDDHH)
				6H	; Refresh
				1H	; Retry
				10D	; Expire
				1D ); Minimum

Set to the following for now and change it to the one as shown above:

Code:

$TTL	3600			
bigfork.k12.mt.us.	IN	SOA	www.bigfork.k12.mt.us.	vals.bigfork.k12.mt.us.	(
				2002012722; Serial (my current YYYYMMDDHH)
				1800	; Refresh (use 1800sec temporarily and change it to 6H when everything is working)
				900	; Retry
				7D	; Expire
				3600 ); Minimum

2) NS record is currently set to:

Code:

bigfork.k12.mt.us.			IN	NS	www.bigfork.k12.mt.us.

It should be changed to:

Code:

bigfork.k12.mt.us.	IN	NS	www.bigfork.k12.mt.us.
bigfork.k12.mt.us.	IN	NS	ns1.cyberport.net.
bigfork.k12.mt.us.	IN	NS	ns2.cyberport.net.

3) Current A record + CNAME: (my possible guess)

Code:

router.bigfork.k12.mt.us.	IN	A	63.162.249.241
firewall.bigfork.k12.mt.us.	IN	A	63.162.249.242
www.bigfork.k12.mt.us.		IN	A	63.162.249.243
bigfork.k12.mt.us.		IN	A	63.162.249.243
vals.bigfork.k12.mt.us.		IN	A	63.162.249.244
panacea.bigfork.k12.mt.us.	IN	A	63.162.249.245
linux.bigfork.k12.mt.us.	IN	A	63.162.249.246
suse.bigfork.k12.mt.us.		IN	A	63.162.249.247
vals2.bigfork.k12.mt.us.	IN	CNAME	vals.bigfork.k12.mt.us

You MUST remove your CNAME. Using CNAME is very bad. Use multiple A record instead at all time.

4) Your current MX record:

Code:

bigfork.k12.mt.us.			IN	MX	10	vals.bigfork.k12.mt.us.
bigfork.k12.mt.us.			IN	MX	20	vals2.bigfork.k12.mt.us.

Remove vals2.bigfork.k12.mt.us. It's a RFC violation for using CNAME as your MX. RFC recommends your MX to have a proper reverse DNS, which your vals.bigfork.k12.mt.us is alone perfect.

Keep in mind, SMTP relies on DNS very heavily, if you misconfigured your MX, mails could be bounced/deferral easily. You also shouldn't set another A record of:

Code:

mail.bigfork.k12.mt.us.	IN	A	63.162.249.244

Because reverse DNS doesn't match, which is very bad for MX.

Keep in mind, if you host someone domain, say mycustomer.com, his MX MUST be set to vals.bigfork.k12.mt.us, you CAN'T create an A record for mail.mycustomer.com and point it to 63.162.249.244. Most DNS administrators still making such stupid mistakes.

You also need to create some well-known alias for your email address like: abuse@bigfork.k12.mt.us (RFC recommend this).

5) Your PTR records should be alright so long as all records above are fixed.

Last edited by freebsd : January 28th, 2002 at 10:01 AM.

servers not connecting through certain isps

Developer Shed Advertisers and Affiliates