On Tue, Sep 20, 2011 at 5:13 PM, Jeremy Chadwick <outages@jdc.parodius.com> wrote:
I cannot confirm this. On Windows machines all I am seeing is that lookups for xyz.com using an authoritative nameserver of ns50.domaincontrol.com is -- correctly -- rejected:
PS>nslookup xyz.com ns50.domaincontrol.com *** Can't find server name for address 208.109.255.25: Query refused Server: UnKnown Address: 208.109.255.25
*** UnKnown can't find xyz.com: Query refused
I see the same behaviour with ns49.domaincontrol.com, ns48, etc...
The rejection message here is correct because xyz.com is not a domain GoDaddy's nameservers are authoritative for (root servers as well as WHOIS both confirm this; query a.gtld-servers.net for NS records for xyz.com), and *are not* recursive nameservers.
I also see the exact same behaviour with dig on a FreeBSD host. Note: "status: REFUSED".
$ dig @ns49.domaincontrol.com ns xyz.com
; <<>> DiG 9.6.-ESV-R5 <<>> @ns49.domaincontrol.com ns xyz.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25213 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;xyz.com. IN NS
;; Query time: 75 msec ;; SERVER: 216.69.185.25#53(216.69.185.25) ;; WHEN: Tue Sep 20 14:10:03 2011 ;; MSG SIZE rcvd: 25
Also, according to WHOIS domaincontrol.com is "Wild West Domains". Is this a company GoDaddy purchased? I have not bothered to check web pages (do not particularly care). If not, what's the relation?
-- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB |
On Tue, Sep 20, 2011 at 04:49:47PM -0400, Michael Moeller wrote:
We are receiving various reports from our customers (large institutions) indicating that they cannot access our public facing hosts via their FQDNs. We use GoDaddy for DNS.
Initial troubleshooting shows that queries to ns50.domaincontrol.com and ns49.domaincontrol.com fail from Windows based caching name servers, however succeed on UNIX/Linux hosts.
Verification at our site using dig and nslookup confirms the above.
On a windows host the following is returned for all valid and invalid domain names: *** ns50.domaincontrol.com can't find xyz.com: No response from server
Can anyone confirm what we are seeing?
Thanks and regards, Mike _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Any thoughts on the 'no response from server' error message vs a 'query refused' error message? .Mike