github/sowbug

DNS fun

Diagnosing DNS trouble is especially fun because of caching. If you keep doing dig sowbug.org over and over, all you’re usually doing is reading the cached value from your local DNS server, rather than confirming that the changes you’ve made at your registrar are taking effect. So I came up with the following method to try to trace exactly what was happening. It might be wrong, but it seems to make sense.

  1. dig sldfkjalfkajdfldsj.com: The hope in doing this was that I’d get an NXDOMAIN error from the highest possible authority (i.e., farthest from my local DNS). This returned the following:

    ;; AUTHORITY SECTION:

    com. 10800 IN SOA a.gtld-servers.net.
    nstld.verisign-grs.com. 1120164931 1800 900 604800 900

  2. dig @a.gtld-servers.net sowbug.org: In other words, ask a.gtld-servers.net what it thinks about sowbug.org:

    ;; AUTHORITY SECTION:

    . 172800 IN NS k.root-servers.net. . 172800 IN NS d.root-servers.net.

  3. dig @k.root-servers.net sowbug.org: Lather, rinse, repeat:

    ;; AUTHORITY SECTION:

    org. 172800 IN NS tld1.ultradns.net.

  4. dig @tld1.ultradns.net sowbug.org: Ah, now we’re getting somewhere:

    ;; AUTHORITY SECTION:

    sowbug.org. 86400 IN NS park4.secureserver.net. sowbug.org. 86400 IN NS park3.secureserver.net.

At this point I figured out that the root nameservers had the wrong nameservers listed for my domain. So I continued to fiddle with the registrar’s self-service web page, and eventually got it right.