>But Len, that's DIG. I actually don't care what it looks like to DIG.
You should, because dig is just making standard DNS queries like any other
resolver or DNS does. When your zone is broken for dig, your zone is
broken for everybody.
>What I
>care is if you get a valid lookup on the info. And at least one 'outside'
>DNS does indeed get valid info:
A DNS can answer correctly for a zone, and a DNS can answer correctly and
authoritatively for a zone. Even your internal DNS's were answering
correctly for the non-SOA records yesterday.
I went to check your SOA with NT nslookup and saw that it was ok, but now
dig also finds that that you have fixed your SOA since yesterday:
# dig @NS1.fravistat.com fravistat.com soa
; <<>> DiG 8.2 <<>> @NS1.fravistat.com fravistat.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;; fravistat.com, type = SOA, class = IN
;; ANSWER SECTION:
fravistat.com. 1H IN SOA ns1.fravistat.com.
support.fravistat.com. (
2000062518 ; serial
2H ; refresh
30M ; retry
1D ; expiry
1H ) ; minimum
... but you've lamed your delegation by listing GraniteCanyon in your zone
records but not in your domain registration records in the root servers. I
suppose you've heard that GraniteCanyon is a very unreliable service, many
complaints about it recently the ISC BIND users list. It's often down as a
DNS and down for admin chores. I tried to use it last year myself and just
gave up.
And you've still got some error in your fravistat zone since the answers
from your delegated ns's are not authoritative, BUT granitcanyon IS
answering authoritatively (because they've got the syntax right, and you
don't):
# dig @NS1.granitecanyon.com fravistat.com any
; <<>> DiG 8.2 <<>> @NS1.granitecanyon.com fravistat.com any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; fravistat.com, type = ANY, class = IN
;; ANSWER SECTION:
fravistat.com. 1H IN MX 10 mail.fravistat.com.
fravistat.com. 1H IN NS ns1.fravistat.com.
fravistat.com. 1H IN NS ns1.ttiweb.com.
fravistat.com. 1H IN NS ns1.granitecanyon.com.
fravistat.com. 1H IN NS ns2.granitecanyon.com.
fravistat.com. 1H IN A 216.144.135.194
fravistat.com. 1H IN SOA ns1.fravistat.com.
support.fravistat.com. (
2000062518 ; serial
2H ; refresh
30M ; retry
1D ; expiry
1H ) ; minimum
;; AUTHORITY SECTION:
fravistat.com. 1H IN NS ns1.fravistat.com.
fravistat.com. 1H IN NS ns1.ttiweb.com.
fravistat.com. 1H IN NS ns1.granitecanyon.com.
fravistat.com. 1H IN NS ns2.granitecanyon.com
If you can fix your zone syntax to get your ns's answering authoritatively,
then you won't need undependable GraniteCanyon. But you're right that your
DNS's are answering correctly for other zone records.
Len
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
