Hi Martin, actually you could just follow the advices on dnsstuff.com to resolve the at least red issues...
Let's start with the most simple one: I) TTL of SOA is much to short! My SOA looks like this: origin = dns.substring.ch mail addr = noc.substring.ch serial = 2007060701 refresh = 21600 retry = 3600 expire = 604800 minimum = 86400 II) For all the mailing related stuff you should make sure that your MX names are the same the IP resolves to and vice versa. Another problem is that mx.openforce.com resolves to 62.99.149.109 and is claiming to be openforce.com (HELO), but openforce.com resolves to 62.99.149.107. ||62.99.149.107 resolves to 62-99-149-107.ifo.net. A well configured MTA doesn't like this... You should configure your MTA to answer with mx.openforce.com in his greeting sequence. III) Then there is some contradiction in your NS' answers. ns10.openforce.com ist claiming there are 3 NS, but the other say there are only two: [EMAIL PROTECTED]:~$ nslookup - ns10.openforce.com > set type=NS > openforce.com Server: ns10.openforce.com Address: 81.223.107.117#53 openforce.com nameserver = ns34.ifo.net. openforce.com nameserver = ns24.ifo.net. openforce.com nameserver = ns10.openforce.com. > exit [EMAIL PROTECTED]:~$ nslookup - ns34.ifo.net > set type=ns > openforce.com Server: ns34.ifo.net Address: 217.29.159.131#53 openforce.com nameserver = ns10.openforce.com. openforce.com nameserver = ns24.ifo.net. > exit [EMAIL PROTECTED]:~$ nslookup - ns24.ifo.net > set type=ns > openforce.com Server: ns24.ifo.net Address: 217.29.159.135#53 openforce.com nameserver = ns10.openforce.com. openforce.com nameserver = ns24.ifo.net. > IV) ns24.ifo.net is "Open DNS server". It can be queried for domains which it's not authoritative for: [EMAIL PROTECTED]:~$ nslookup - ns24.ifo.net > substring.ch Server: ns24.ifo.net Address: 217.29.159.135#53 Non-authoritative answer: Name: substring.ch Address: 80.242.134.171 V) "Mismatched glue": If this is not a caching /TTL issue, it's really a bad thing. The root server says, ns10.openforce.com is at 62.99.149.110, but your NS says, it's at 81.223.107.117. Your domains registrar should update the root record: [EMAIL PROTECTED]:~$ nslookup - i.gtld-servers.net > set type=ns > openforce.com Server: i.gtld-servers.net Address: 192.43.172.30#53 Non-authoritative answer: openforce.com nameserver = ns10.openforce.com. openforce.com nameserver = ns34.ifo.net. Authoritative answers can be found from: ns10.openforce.com internet address = 62.99.149.110 ns34.ifo.net internet address = 217.29.159.131 > exit [EMAIL PROTECTED]:~$ nslookup ns10.openforce.com Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: ns10.openforce.com Address: 81.223.107.117 Bye, Till Martin Marcher wrote: > Note to self: get rid of gmail and it's inability to handle mailing > lists.... > >> Hi Martin, >> >> actually this is not a debian related question... > > i do know but here is where the experts live :) > > however, i'd post to the appropriate list but i don't know where i > should go, since it's not directly related to any software nor to any > OS. > > details below, long story short: Is it normal that when I change the > IP of my nameserver the parent nameservers aren't updated immediately > (after my zone expires)? > >> If you post your zone file and tell us what version, ip etc. your server >> is using, we could help you a little bit more... > > using powerdns with ldap backend here and all is set up fine to my > knowledge, i'll put out the dig responses. > > So here's the story, we had or nameserver at (using bind syntax, > typing here so forgive me typos but be assured that it _was_ fine) > > @ IN NS ns10.openforce.com. > ns10 IN A 62.99.149.110 > > i told our provider the IP will change and now it _should_ point to > the a record below like this > > @ IN NS ns10.openforce.com. > ns10 IN A 81.223.107.117 > > so all that changes is the IP, the hostname is still the same (could > that be the problem?) > > com servers still report that > > ns10.openforce.com. 172800 IN A 62.99.149.110 ;; > actual dig output from com. servers > > but they should report > > ns10.openforce.com. 3600 IN A 81.223.107.117 ;; > actual dig output from my nameserver > > the update was on 2007-06-27 0900h GMT+1 so the question is: Can I > relax, sit back and wait until the com. nameservers catch up with the > changes or did something go horribly wrong? > > dig info is below: > > My old nameserver (bind9 actually, split views, querying the public > view of course, fine apart from that I set ns10 to point to the ip of > the new nameserver, and i reflect the serial number from the new > nameserver): > ~ $ dig @62.99.149.110 openforce.com SOA > openforce.com. 1800 IN SOA ns10.openforce.com. > noc.openforce.com. 1182932271 1800 900 3600 900 > openforce.com. 1800 IN NS ns10.openforce.com. > openforce.com. 1800 IN NS ns34.ifo.net. > ns10.openforce.com. 1800 IN A 81.223.107.117 > ;; Received 132 bytes from 62.99.149.110#53(62.99.149.110) in 21 ms > > My new nameserver (added the ns34 since debugging our provider showed > that regardless of what they tell me ns24 and ns34 reflect the same > information, ns34 will probably be removed, but the parent servers say > ns34 is repsonsible but I never had it in my zone up to the point > where I told them that the my nameservers IP changed): > ~ $ dig @81.223.107.117 openforce.com SOA > openforce.com. 3600 IN SOA ns10.openforce.com. > noc.openforce.com. 1182950545 1800 900 3600 900 > ;; Received 89 bytes from 81.223.107.117#53(81.223.107.117) in 66 ms > > ~ $ dig @81.223.107.117 openforce.com NS > openforce.com. 3600 IN NS ns24.ifo.net. > openforce.com. 3600 IN NS ns10.openforce.com. > openforce.com. 3600 IN NS ns34.ifo.net. > ns10.openforce.com. 3600 IN A 81.223.107.117 > ;; Received 111 bytes from 81.223.107.117#53(81.223.107.117) in 27 ms > > My DNS Providers nameserver: > ~ $ dig @ns24.ifo.net openforce.com SOA > openforce.com. 3600 IN SOA ns10.openforce.com. > noc.openforce.com. 1182932271 1800 900 3600 900 > openforce.com. 3600 IN NS ns10.openforce.com. > openforce.com. 3600 IN NS ns24.ifo.net. > ns10.openforce.com. 3600 IN A 81.223.107.117 > ns24.ifo.net. 7200 IN A 217.29.159.135 > ;; Received 148 bytes from 217.29.159.135#53(217.29.159.135) in 58 ms > > ~ $ dig @ns34.ifo.net openforce.com SOA > openforce.com. 3600 IN SOA ns10.openforce.com. > noc.openforce.com. 1182932271 1800 900 3600 900 > openforce.com. 3600 IN NS ns10.openforce.com. > openforce.com. 3600 IN NS ns24.ifo.net. > ns10.openforce.com. 3600 IN A 81.223.107.117 > ns24.ifo.net. 7200 IN A 217.29.159.135 > ;; Received 148 bytes from 217.29.159.131#53(217.29.159.131) in 37 ms > > The com Nameservers say this: > providing only the first output here since all report the same > ~ $ for i in $(dig com NS|egrep '^com\.'|awk '{print $5}');do dig @$i > openforce.com NS;done > openforce.com. 172800 IN NS ns10.openforce.com. > openforce.com. 172800 IN NS ns34.ifo.net. > ns10.openforce.com. 172800 IN A 62.99.149.110 > ns34.ifo.net. 172800 IN A 217.29.159.131 > ;; Received 108 bytes from 192.52.178.30#53(192.52.178.30) in 53 ms > > thanks > martin > > On 6/27/07, Till Wimmer <[EMAIL PROTECTED]> wrote: >> Hi Martin, >> >> actually this is not a debian related question... >> >> If you post your zone file and tell us what version, ip etc. your server >> is using, we could help you a little bit more... >> >> bye >> Till >> >> Martin Marcher wrote: >> > hello, >> > >> > i needed to update our nameserver, now maintaining my own nameserver >> > is fine but I don't know what procedure to follow if i need to point >> > our ns a new IP. Having blindly trusted our dns provider to tell me >> > about eventualities i just told them to update the ip address for the >> > nameserver and tell me about possible problems. what can i say he told >> > me everything is fine and now dnsreport.com tells me about mismatched >> > glue for our nameservers >> > >> > http://www.dnsstuff.com/tools/dnsreport.ch?%26domain%3Dopenforce.com >> > >> > Do I just have to wait for the parent servers until propagation is >> > finished or did something go horribly wrong? >> > >> > thanks >> > martin >> > >> > >> >> > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]