We have a client we host a web for (blog.foobar.es). We do not manage foobar.es's DNS setup, we just told them to point blog.foobar.es to our web server's IP.
We have noticed that sometimes we cannot browse to blog.foobar.es, but we can browse to other sites on that server.
Troubleshooting a bit using host(1) yields something funny:
$ host blog.foobar.es 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
Host blog.foobar.es not found: 3(NXDOMAIN)
, being 8.8.8.8 one of Google's public DNS servers. However, sometimes the same server resolves the name correctly (!).
Another funny thing, is that our ISP's DNS servers sometimes say:
$ host blog.foobar.es 80.58.61.250
Using domain server:
Name: 80.58.61.250
Address: 80.58.61.250#53
Aliases:
blog.foobar.es has address x.x.x.x
Host blog.foobar.es not found: 3(NXDOMAIN)
Which I don't really understand. I've dug around using dig(1), and have noticed they've set up a SOA record for foobar.es:
$ dig foobar.es
; <<>> DiG 9.7.0-P1 <<>> foobar.es
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59824
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;foobar.es. IN A
;; AUTHORITY SECTION:
foobar.es. 86400 IN SOA dns1.provider.es. root.dns1.provider.es. 2011030301 86400 7200 2592000 172800
;; Query time: 78 msec
;; SERVER: 80.58.61.250#53(80.58.61.250)
;; WHEN: Thu Mar 3 16:16:19 2011
;; MSG SIZE rcvd: 78
... which I'm completely unfamiliar with.
Ideas?
We can't really do much as we do not control DNS, but we'd like to point our clients in the right direction...
The first entry in the SOA record should be one of the DNS servers hosting the zone (these are called the "authoritative servers", which are the devices actually serving the information; they may their own systems or they may be an ISP or registrar); in this case, it's
dns1.provider.es.
- does this match what's provided in the WHOIS entry for the domain?Another thing to check is
dig foobar.es -t NS
; this should point to the DNS servers that are hosting the zone as well. Preform the same lookups against those servers, and make sure they return the same information.In other words, the Nameservers in the WHOIS entry should point to the exact same place as the "NS" records, and the first name in the SOA record should be pointing to one of those servers as well.
Issues with these pointers could cause the type of transitive resolution issues that you are seeing.
Edit: There are a number of online tools available that you can point at a domain name and will run some or all of these checks automatically, warning you about anything that's inconsistent.