On Wed, Feb 5, 2014 at 12:18 PM, S. Dale Morrey <[email protected]> wrote: So I'm having a very strange problem on one of my sites. A day or so ago we moved off cloudfront and onto someone else.
Now the site resolves for some people and not others (admitedly in different parts of the world). This would be somewhat expected behavior I guess, except for the fact that when I test it the site pulls up fine and snappy in the webbrowser but SSH can't connect. nslookup shows that there is no DNS entry dig shows the server and it's name servers. Here is a quick example to verify that dns is correctly setup (even if not yet propagated). I'll use my domain jshaver.net as an example. let's start by checking what the authoritative dns servers for the net. domain are (since I don't have them memorized): $ dig NS net In the answer section you see : ;; ANSWER SECTION: net. 84911 IN NS j.gtld-servers.net. net. 84911 IN NS f.gtld-servers.net. net. 84911 IN NS i.gtld-servers.net. net. 84911 IN NS l.gtld-servers.net. net. 84911 IN NS g.gtld-servers.net. net. 84911 IN NS a.gtld-servers.net. net. 84911 IN NS e.gtld-servers.net. net. 84911 IN NS c.gtld-servers.net. net. 84911 IN NS h.gtld-servers.net. net. 84911 IN NS b.gtld-servers.net. net. 84911 IN NS d.gtld-servers.net. net. 84911 IN NS m.gtld-servers.net. net. 84911 IN NS k.gtld-servers.net. Pick one and do: $ dig NS jshaver.net @d.gtld-servers.net. ... ;; AUTHORITY SECTION: jshaver.net. 172800 IN NS ns-us.1and1-dns.us. jshaver.net. 172800 IN NS ns-us.1and1-dns.de. jshaver.net. 172800 IN NS ns-us.1and1-dns.org. jshaver.net. 172800 IN NS ns-us.1and1-dns.com. ... Now you can query each of the name servers for the domain to see if it has the correct records: $ dig @ns-us.1and1-dns.com jshaver.net $ dig @ns-us.1and1-dns.org jshaver.net $ dig @ns-us.1and1-dns.de jshaver.net $ dig @ns-us.1and1-dns.us jshaver.net If you don't want to just check the A record results, then you can specify NS, MX or other records to query. If the records are set on all of your name servers, then it's just a matter of the records propagating to the DNS provider (usually their internet provider) of the person trying to resolve the domain. If you want to know what DNS server dig pulled the information from it shows at the bottom of the query result: ;; Query time: 3 msec ;; SERVER: 10.1.200.90#53(10.1.200.90) ;; WHEN: Wed Feb 5 13:37:33 2014 ;; MSG SIZE rcvd: 74 You can use the -x parameter with dig to do a reverse lookup on the ip address of the server, if you'd like. I don't know alot about nslookup, but I know that windows keeps it's own dns cache that you can flush with ipconfig /flushdns. Also: If you query a non authoritative DNS server you will see the countdown on the TTL: $ dig jshaver.net ;; ANSWER SECTION: jshaver.net. 85916 IN A 98.202.125.211 That DNS server is caching that record for another 85,916 seconds. If I check xmission's DNS server: $ dig @198.60.22.2 jshaver.net ;; ANSWER SECTION: jshaver.net. 86377 IN A 98.202.125.211 They will cache it for 86,377 more seconds. These are some of the ways I use dig when trying to trouble shoot if something is a DNS propagation issue or something else. -John /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
