#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Posts
    7
    Rep Power
    0

    servers not connecting through certain isps


    I am assuming that this is a dns problem. It has had me stumped for over a month now and I am not sure why it started or how to fix it. I have 5 web servers that are running 24/7 and one of the servers can be seen by everyone on the internet. However the other four cannot be visited by those that are on a differnt isp than the one that I use.
    Example:
    http://www.aaa.aaaa.aaa can be seen by everyone
    http://other.aaa.aaa.aaa cannot be seen by others
    http://next.aaa.aaa.aaa cannot be seen either
    and the other two are like this also. My isp says that his settings are correct and that the problem is somewhere else.
    Can anyone give me any ideas.
    BTW: All machines can be pinged by url or by ip address.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    You need to provide us your REAL domains so we can see the problems. This is always true for DNS problems.

    You said you have 5 web servers, do you really mean 5 vhosts?

    >> My isp says that his settings are correct

    40% of DNS out there are somewhat misconfigured, even at ISP/web host level. You tell us all 5 domain names and we will verify that for you.
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Posts
    7
    Rep Power
    0
    The servers are:
    www.bigfork.k12.mt.us
    vals.bigfork.k12.mt.us
    suse.bigfork.k12.mt.us
    red.bigfork.k12.mt.us

    I have taken two down since I have been working on this problem. They were older servers and I replaced them with one.
    The www.bigfork.k12.mt.us will deliver web pages, but the others cannot be seen by everyone.
    I can see them at home and at work, but some students cannot see them at home.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    You have quite alot of misconfiguration, plus the ns1.cyberport.net and ns2.cyberport.net are lame servers, which don't give authoritative answer for bigfork.k12.mt.us.

    1) Your SOA is currently set to:
    Code:
    $TTL	600
    bigfork.k12.mt.us.	IN	SOA	bigfork.k12.mt.us.	vals.bigfork.k12.mt.us.	(
    				2002012201; Serial
    				1H	; Refresh
    				900	; Retry
    				600	; Expire
    				600 ); Minimum
    should be changed to:
    Code:
    $TTL	86400
    bigfork.k12.mt.us.	IN	SOA	www.bigfork.k12.mt.us.	vals.bigfork.k12.mt.us.	(
    				2002012722; Serial (my current YYYYMMDDHH)
    				6H	; Refresh
    				1H	; Retry
    				10D	; Expire
    				1D ); Minimum
    Set to the following for now and change it to the one as shown above:
    Code:
    $TTL	3600			
    bigfork.k12.mt.us.	IN	SOA	www.bigfork.k12.mt.us.	vals.bigfork.k12.mt.us.	(
    				2002012722; Serial (my current YYYYMMDDHH)
    				1800	; Refresh (use 1800sec temporarily and change it to 6H when everything is working)
    				900	; Retry
    				7D	; Expire
    				3600 ); Minimum
    2) NS record is currently set to:
    Code:
    bigfork.k12.mt.us.			IN	NS	www.bigfork.k12.mt.us.
    It should be changed to:
    Code:
    bigfork.k12.mt.us.	IN	NS	www.bigfork.k12.mt.us.
    bigfork.k12.mt.us.	IN	NS	ns1.cyberport.net.
    bigfork.k12.mt.us.	IN	NS	ns2.cyberport.net.
    3) Current A record + CNAME: (my possible guess)
    Code:
    router.bigfork.k12.mt.us.	IN	A	63.162.249.241
    firewall.bigfork.k12.mt.us.	IN	A	63.162.249.242
    www.bigfork.k12.mt.us.		IN	A	63.162.249.243
    bigfork.k12.mt.us.		IN	A	63.162.249.243
    vals.bigfork.k12.mt.us.		IN	A	63.162.249.244
    panacea.bigfork.k12.mt.us.	IN	A	63.162.249.245
    linux.bigfork.k12.mt.us.	IN	A	63.162.249.246
    suse.bigfork.k12.mt.us.		IN	A	63.162.249.247
    vals2.bigfork.k12.mt.us.	IN	CNAME	vals.bigfork.k12.mt.us
    You MUST remove your CNAME. Using CNAME is very bad. Use multiple A record instead at all time.

    4) Your current MX record:
    Code:
    bigfork.k12.mt.us.			IN	MX	10	vals.bigfork.k12.mt.us.
    bigfork.k12.mt.us.			IN	MX	20	vals2.bigfork.k12.mt.us.
    Remove vals2.bigfork.k12.mt.us. It's a RFC violation for using CNAME as your MX. RFC recommends your MX to have a proper reverse DNS, which your vals.bigfork.k12.mt.us is alone perfect.

    Keep in mind, SMTP relies on DNS very heavily, if you misconfigured your MX, mails could be bounced/deferral easily. You also shouldn't set another A record of:
    Code:
    mail.bigfork.k12.mt.us.	IN	A	63.162.249.244
    Because reverse DNS doesn't match, which is very bad for MX.

    Keep in mind, if you host someone domain, say mycustomer.com, his MX MUST be set to vals.bigfork.k12.mt.us, you CAN'T create an A record for mail.mycustomer.com and point it to 63.162.249.244. Most DNS administrators still making such stupid mistakes.

    You also need to create some well-known alias for your email address like: abuse@bigfork.k12.mt.us (RFC recommend this).


    5) Your PTR records should be alright so long as all records above are fixed.
    Last edited by freebsd; January 28th, 2002 at 10:01 AM.

IMN logo majestic logo threadwatch logo seochat tools logo