Check this out
1.) Do a direct query against ns1.loudcloud.com for wltx.com - Returns 66.54.32.202.
2.) Do a direct query against ns1.infi.net for wltx.com - Returns 66.54.32.202.
3.) Do a direct query against ns1.mindspring.net or ns2. or ns3 and the query will in general 9 out of 10 times timeout. We can also duplicate this behavior on Charter and Road Runner.
I can't even come up with a possible explanation... The zone files are the same????
That is odd. At first I thought that it was just a generic problem with their DNS servers, but they handle declude.com fine.
Note that they are reporting a SERVER FAILURE response, which technically should only happen if their DNS servers fail for some reason. However, there are cases where BIND will return the SERVER FAILURE if it gets that message from the remote DNS server -- which could in theory have caused the problem. They may have 10 DNS servers at each IP, 9 of which have a cached SERVER FAILURE response, and 1 does not. Unfortunately, this bit of information doesn't offer a solution.
> On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does it mean when an ISP has the name server set to > ns92.worldnic.com? Does this mean at one time when the domain was looked up it was not resolved from the root servers?
> AT&T Worldnet #1 NS=ns1.infi.net. [TTL=1d 9h 38m 50s] NS=ns2.infi.net. [TTL=1d 9h 38m 50s]
> AT&T Worldnet #2 NS=ns1.infi.net. [TTL=1d 4h 18m 50s] NS=ns2.infi.net. [TTL=1d 4h 18m 50s]
> AT&T Worldnet #1 NS=ns1.infi.net. [TTL=1d 2h 53m 53s] NS=ns2.infi.net. [TTL=1d 2h 53m 53s]
> AT&T Worldnet #2 NS=ns91.worldnic.com. [TTL=10h 45m 11s] NS=ns92.worldnic.com. [TTL=10h 45m 11s]
It means that one of AT&T's DNS servers thinks that ns91.worldnic.com and ns92.worldnic.com are your DNS servers. If their servers are working properly, it means that about 38 hours earlier (the 48 hour TTL for .com NS records minus the 10+ hours left on their TTL) they connected to the .com parent servers and were told that ns91.worldnic.com and ns92.worldnic.com are the NS records for wltx.com.
If you read Matt's response, I think he figured it out -- his explanation (corrupt information at the .com parent servers) sounds like it would fit what happened.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
