I administer a web and mail server whose IP was changed some weeks ago. Since then I've had intermittent problems, affecting only some of my users. They get timeout errors when attempting to follow certain links on my web pages.
The server is cohosted at my ISP. The DNS is handled by my domain registrar, Dreamhost. (Previously I ran my own BIND server.) All of the following looks OK to me: $ dig @ns1.dreamhost.com -t any pinko.net ; <<>> DiG 9.4.2-P1 <<>> @ns1.dreamhost.com -t any pinko.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10719 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;pinko.net. IN ANY ;; ANSWER SECTION: pinko.net. 14400 IN A 208.79.2.3 pinko.net. 14400 IN NS ns2.dreamhost.com. pinko.net. 14400 IN NS ns1.dreamhost.com. pinko.net. 14400 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com. 2008082600 20690 1800 1814400 14400 pinko.net. 14400 IN MX 10 debs.pinko.net. pinko.net. 14400 IN NS ns3.dreamhost.com. ;; ADDITIONAL SECTION: ns2.dreamhost.com. 14400 IN A 208.96.10.221 ns3.dreamhost.com. 14400 IN A 66.33.216.216 debs.pinko.net. 14400 IN A 208.79.2.3 ns1.dreamhost.com. 14400 IN A 66.33.206.206 ;; Query time: 65 msec ;; SERVER: 66.33.206.206#53(66.33.206.206) ;; WHEN: Tue Aug 26 19:10:19 2008 ;; MSG SIZE rcvd: 259 Now let's query the TLD name servers for debs.pinko.net. Note that the A record returned for debs.pinko.net is different; that is the old IP address. $ dig @a.gtld-servers.net debs.pinko.net ; <<>> DiG 9.4.2-P1 <<>> @a.gtld-servers.net debs.pinko.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26253 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;debs.pinko.net. IN A ;; ANSWER SECTION: debs.pinko.net. 172800 IN A 204.96.181.68 ;; AUTHORITY SECTION: pinko.net. 172800 IN NS ns1.dreamhost.com. pinko.net. 172800 IN NS ns2.dreamhost.com. pinko.net. 172800 IN NS ns3.dreamhost.com. ;; ADDITIONAL SECTION: ns1.dreamhost.com. 172800 IN A 66.33.206.206 ns2.dreamhost.com. 172800 IN A 208.96.10.221 ns3.dreamhost.com. 172800 IN A 66.33.216.216 ;; Query time: 74 msec ;; SERVER: 192.5.6.30#53(192.5.6.30) ;; WHEN: Tue Aug 26 19:13:02 2008 ;; MSG SIZE rcvd: 163 Albitz & Liu, DNS and BIND, says this indicates a delegation problem, if I understand them correctly. So does this: $ dig @a.gtld-servers.net -t ns pinko.net ; <<>> DiG 9.4.2-P1 <<>> @a.gtld-servers.net -t ns pinko.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32942 ;; flags: qr rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;pinko.net. IN NS ;; ANSWER SECTION: pinko.net. 172800 IN NS ns1.dreamhost.com. pinko.net. 172800 IN NS ns2.dreamhost.com. pinko.net. 172800 IN NS ns3.dreamhost.com. ;; ADDITIONAL SECTION: ns1.dreamhost.com. 172800 IN A 66.33.206.206 ns2.dreamhost.com. 172800 IN A 208.96.10.221 ns3.dreamhost.com. 172800 IN A 66.33.216.216 ;; Query time: 79 msec ;; SERVER: 192.5.6.30#53(192.5.6.30) ;; WHEN: Tue Aug 26 19:17:04 2008 ;; MSG SIZE rcvd: 142 I understand the parent shouldn't be handing out NS records in the answer section, rather, they should appear in the authority section. Verisign says "talk to Dreamhost." Dreamhost says "our servers are functioning properly." If this is indeed bad delegation, what's the right way to solve the problem? Or is my diagnosis wrong?
