Difficulty changing nameservers on domain registar's site

On Thu, Jul 02, 2009 at 09:15:03AM -0400, SashaB wrote:
> Hello all,
>
> This is a long post with a lot of info since I thought you should know as
> much as possible about these NS before (a) having to ask the obvious
> questions and (b) so you can offer suggestions.
>
> Here's the situation. I have set up the NS for our domains (on four servers)
> and nearly all resolving properly to the domains to which they point. (For
> those few that are not, I have figured out and corrected the issue; now
> we're waiting for the changes to propogate.)
>
> However, we I have a specific domain registered via a registrar in the EU
> for one of our mail/webmail servers and, each time I try to change the NS
> (domain 'owners' can modify their own DNS on the registrar's site similar to
> (but far simpler than) GoDaddy's "Total DNS"), I get the following errors:
>
> ns1.maildomain.eu  --->"The given nameservers return different SOA entries."
> ns2.maildomain.eu --->"Connection to server failed."
>
> Before providing your help, you should know the following:
>
> 1) The nameservers are shared by other NS, all of which have domain names
> associated for their specific purposes. (For example: ns1.foodomain.net,
> dns1.thisdomain.com, ns1.maildomain.eu, etc.). I've pointed all "ns1"
> domains to one IP address on each server and "ns2" are pointed to a
> different IP address on each server but share the same IP address on that
> server, etc.
> 2) The NS for this domain are on different servers in the same region and
> located in entirely different datacenters.
> 2) While there is a master record for the ccTLD itself on its resident
> server, I've also set up a separate master record for the NS1 so I can see
> updating serial numbers for just the NS. Because I also set up, as a
> supermaster, the hostname for the servers on which each of their NS has its
> master record, without creating each NS as a slave on the master server for
> that record, they each show on the other server as a slave and their serial
> numbers (and my logs, which I've set up to view by secure webserver) show
> they have been updating regularly.
> 3) Websites and other applications, some with the same NS IP (but different
> domain name), are resolving correctly.
> 3) All NS point to IP addresses, not CNAMEs or redirects. In fact, I tend to
> use IP addresses over hostnames because they resolve better if we make DNS
> changes to hostnames.
> 4) I 'played around' with the NS to learn how pdns works and determine how
> best to set them up, especially for security and convenience. In that
> process, I found it was just easier to point the NS for all of our domains
> to the same IPs on each server and use other IPs for other purposes (like
> pointing a domain's webservers to). So, I changed the IP addresses for the
> NS, deleted and recreated NS records, updated SOA records, etc. That may
> affect the SOA entries.
> 5) The NS have been live for at least 24 hours each.
> 6) The NS point to different IPs from the domain's other records, like the
> MX and webmail server, which have their own IP addresses. I've configured my
> virtual hosts in apache accordinly (except I did not create any for the NS.)
> 7) The SOA record of NS record on each server points to the appropriate IP
> address and is configured, "ns1.maildomain.eu
> hostmaster.masterrecordserver.com". Since each is on different servers, the
> "hostmaster" domain name is for that server, not the master server (ns1) of
> the domain itself.
> 8) I've given the registrar's IP address access to my server (via
> hosts/csf.allow and the firewall) and added its network address to the
> 'axfr' setting in pdns.conf. The pdns-recursor is not active on one server
> (configuration issues) but is on the other. On the server with pdns-recursor
> running, each master record has a corresponding "in-address.arpa" entry. I'm
> still working on that for the other server. Neither server, however, is
> experiencing resolution issues with the domains not associated with these in
> question.
>
> So, that all said, I have a few questions that might be a source of some
> issues:
>
> 1) I've taken the extra step of creating an "A" record for each NS in the
> domain's DNS settings on the registrar's site as well as updating the other
> records for the domain in the registrar's DNS as well, thinking that may
> help. Will that affect the SOA records?
> 2) Do the changes I've made to the master records, i.e., changing the IP
> address of the NS several times before deciding on a final configuration,
> cause such problems? (The NS for my websites, which have totally different
> NS, in part, so we don't have these issues with them, have been 'cast in
> stone' for several weeks and haven't changed so they're resolving
> correctly.)
> 3) My understanding is that mysql acts as recursor when pdns-recursor. How
> can I tell if the records in mysql are correct? (I've looked at the records
> via Webmin but they don't contain full record entries or have IP numbers
> associated, so I can't tell how accurate they are.)
> 4) How does pdns-recursor and rDNS configuration affect resolution? Could
> that be part of the issue?
>
> Finally, I've done searches online and found that others have this issue
> with EU-based registrars. Ostensibly, this is to prevent NS
> misconfiguration. But, I'm finding pdns is pretty good at that so I'm not
> understanding the problem. But, since I have three more domains with this
> registrar, I've got to so I can fix it. Please provide your
> solutions-oriented assistance in trying to ressolve this issue so we can use
> our own NS for our mail/webmail servers.
>
> If you've read this far, thank you and I look forward to your help.
>
> Sasha

Hi Sasha,

Thank you for the detailed description, but I think that the problem
is described correctly by the error message you received from your
domain registrar:

   your nameservers have different SOA records (paraphrasing)

All nameservers for a domain, by definition should have and serve
identical content. I think that once you fix this inconsistancy it
will all work.

Regards,
Ken

Hi,

Your problem is with SOA DNS-record:

The given nameservers return different SOA entries.

So either your SOA serial, data or TTL differs between servers. Or it just that other server doesn't respond to SOA request that is making the SOA check fail, even though the problem is not with SOA but in that the nameserver isn't responding (common GoDaddy error), blaims SOA missing or faulty when actually the problem is that the nameserver isn't responding.

I hope this clears things a bit.

Cheers,

Jani Karlsson


SashaB wrote:

Ken,

I'm not sure what you mean. For example, so we didn't have to enter different NS for 50 domains, I registered a domain name specifically for use with NS (that is their sole purpose) and I've set up NS for multiple website domain names that are identical--kinda like a webhosting company does? There are four NS on two different servers at two datacenters in different parts of a region (for which I haven't mirrored or set up round-robin yet, though I intend to do so--and research shows I can on pdns). Actually, two of the NS point to the same IP address as does the one in question and several other NS point to that IP, too. All server diffent content--blogs, websites, web interfaces for pdns, web guis for various applications, webmail servers--just fine.

This works, in part, because the actual content is served, in most cases, though not all, from an entirely different IP addresses from the NS IP addresses (and the virtual host settings on apache reflect that). Yet, we have no problem reaching any of that content, even where the NS IP address are shared with content-serving hostnames rather than dedicated only to doing NS resolution like other IP addresses. Again, domain resolution isn't only about the nameservers--it's about the hosts and host.conf files, as well as whatever backends we use, too. (There are some other factors, like resolvers, but you get my point.)

So, as I explained, my mail/webmail NS are on different IP addresses under its domain name from the content the webmail server and mail server 'serves'. All DNS records for the domain are contained on its master server, including both NS, which point back to those IP addresses. The secondary NS has it's own master record on the server where it's located and contains only its IP address, since pdns doesn't use "pointer" records, relying instead on it's native ability to resolve properly configured DNS.

Since I've created an "A" record for those IP addresses from which actual content is served in the DNS records on our registrar's site (and have properly configured the vhosts in apache), when we enter either our webmail server IP address or its hostname, my webmail server software admin page loads--just like it should.

When I load up the gui interface for our mailserver under either the hostname, which is something like "mailservertype.maildomain.eu", it loads perfectly. This stuff's fairly idiot proof because apache, mysql and pdns all let you know when you've misconfigured stuff by not working right--or at all.

Therefore, I don't know how your answer relates to my problem and it doesn't address the issue of the registrar not being able to reach the secondary NS, which is on an entirely different server and has a separate IP address. This doesn't appear, as you suggested when I posted my last question about how PDNS works differently from BIND and again in this post, as my lack of understanding DNS. I'm new to PDNS, not to DNS. I couldn't have set this system up if I didn't have DNS understanding and the registrar for my other domain names seems to have no problem adding our changed NS to their system, so, our NS configuration aren't the problem.

If anyone else has any suggestions--especially those in the EU where this seems to be an issue--at least when I bing(.com) it, I would greatly appreciate your help.

Sasha

On Thu, Jul 2, 2009 at 9:40 AM, Kenneth Marshall <ktm@... <mailto:ktm@...>> wrote:

   On Thu, Jul 02, 2009 at 09:15:03AM -0400, SashaB wrote:
    > Hello all,
    >
    > This is a long post with a lot of info since I thought you should
   know as
    > much as possible about these NS before (a) having to ask the obvious
    > questions and (b) so you can offer suggestions.
    >
    > Here's the situation. I have set up the NS for our domains (on
   four servers)
    > and nearly all resolving properly to the domains to which they
   point. (For
    > those few that are not, I have figured out and corrected the
   issue; now
    > we're waiting for the changes to propogate.)
    >
    > However, we I have a specific domain registered via a registrar
   in the EU
    > for one of our mail/webmail servers and, each time I try to
   change the NS
    > (domain 'owners' can modify their own DNS on the registrar's site
   similar to
    > (but far simpler than) GoDaddy's "Total DNS"), I get the
   following errors:
    >
    > ns1.maildomain.eu  --->"The given nameservers return different
   SOA entries."
    > ns2.maildomain.eu --->"Connection to server failed."
    >
    > Before providing your help, you should know the following:
    >
    > 1) The nameservers are shared by other NS, all of which have
   domain names
    > associated for their specific purposes. (For example:

   ns1.foodomain.net <http://ns1.foodomain.net>,
    > dns1.thisdomain.com <http://dns1.thisdomain.com>,

   ns1.maildomain.eu, etc.). I've pointed all "ns1"
    > domains to one IP address on each server and "ns2" are pointed to a
    > different IP address on each server but share the same IP address
   on that
    > server, etc.
    > 2) The NS for this domain are on different servers in the same
   region and
    > located in entirely different datacenters.
    > 2) While there is a master record for the ccTLD itself on its
   resident
    > server, I've also set up a separate master record for the NS1 so
   I can see
    > updating serial numbers for just the NS. Because I also set up, as a
    > supermaster, the hostname for the servers on which each of their
   NS has its
    > master record, without creating each NS as a slave on the master
   server for
    > that record, they each show on the other server as a slave and
   their serial
    > numbers (and my logs, which I've set up to view by secure
   webserver) show
    > they have been updating regularly.
    > 3) Websites and other applications, some with the same NS IP (but
   different
    > domain name), are resolving correctly.
    > 3) All NS point to IP addresses, not CNAMEs or redirects. In
   fact, I tend to
    > use IP addresses over hostnames because they resolve better if we
   make DNS
    > changes to hostnames.
    > 4) I 'played around' with the NS to learn how pdns works and
   determine how
    > best to set them up, especially for security and convenience. In that
    > process, I found it was just easier to point the NS for all of
   our domains
    > to the same IPs on each server and use other IPs for other
   purposes (like
    > pointing a domain's webservers to). So, I changed the IP
   addresses for the
    > NS, deleted and recreated NS records, updated SOA records, etc.
   That may
    > affect the SOA entries.
    > 5) The NS have been live for at least 24 hours each.
    > 6) The NS point to different IPs from the domain's other records,
   like the
    > MX and webmail server, which have their own IP addresses. I've
   configured my
    > virtual hosts in apache accordinly (except I did not create any
   for the NS.)
    > 7) The SOA record of NS record on each server points to the
   appropriate IP
    > address and is configured, "ns1.maildomain.eu
    > hostmaster.masterrecordserver.com

   <http://hostmaster.masterrecordserver.com>". Since each is on

   different servers, the
    > "hostmaster" domain name is for that server, not the master
   server (ns1) of
    > the domain itself.
    > 8) I've given the registrar's IP address access to my server (via
    > hosts/csf.allow and the firewall) and added its network address
   to the
    > 'axfr' setting in pdns.conf. The pdns-recursor is not active on
   one server
    > (configuration issues) but is on the other. On the server with
   pdns-recursor
    > running, each master record has a corresponding "in-address.arpa"
   entry. I'm
    > still working on that for the other server. Neither server,
   however, is
    > experiencing resolution issues with the domains not associated
   with these in
    > question.
    >
    > So, that all said, I have a few questions that might be a source
   of some
    > issues:
    >
    > 1) I've taken the extra step of creating an "A" record for each
   NS in the
    > domain's DNS settings on the registrar's site as well as updating
   the other
    > records for the domain in the registrar's DNS as well, thinking
   that may
    > help. Will that affect the SOA records?
    > 2) Do the changes I've made to the master records, i.e., changing
   the IP
    > address of the NS several times before deciding on a final
   configuration,
    > cause such problems? (The NS for my websites, which have totally
   different
    > NS, in part, so we don't have these issues with them, have been
   'cast in
    > stone' for several weeks and haven't changed so they're resolving
    > correctly.)
    > 3) My understanding is that mysql acts as recursor when
   pdns-recursor. How
    > can I tell if the records in mysql are correct? (I've looked at
   the records
    > via Webmin but they don't contain full record entries or have IP
   numbers
    > associated, so I can't tell how accurate they are.)
    > 4) How does pdns-recursor and rDNS configuration affect
   resolution? Could
    > that be part of the issue?
    >
    > Finally, I've done searches online and found that others have
   this issue
    > with EU-based registrars. Ostensibly, this is to prevent NS
    > misconfiguration. But, I'm finding pdns is pretty good at that so
   I'm not
    > understanding the problem. But, since I have three more domains
   with this
    > registrar, I've got to so I can fix it. Please provide your
    > solutions-oriented assistance in trying to ressolve this issue so
   we can use
    > our own NS for our mail/webmail servers.
    >
    > If you've read this far, thank you and I look forward to your help.
    >
    > Sasha

   Hi Sasha,

   Thank you for the detailed description, but I think that the problem
   is described correctly by the error message you received from your
   domain registrar:

      your nameservers have different SOA records (paraphrasing)

   All nameservers for a domain, by definition should have and serve
   identical content. I think that once you fix this inconsistancy it
   will all work.

   Regards,
   Ken

------------------------------------------------------------------------

_______________________________________________
Pdns-users mailing list
Pdns-users@...
http://mailman.powerdns.com/mailman/listinfo/pdns-users

On Thu, Jul 02, 2009 at 06:15:44PM +0300, Jani Karlsson wrote:
> Hi,
>
> Your problem is with SOA DNS-record:
> The given nameservers return different SOA entries.
>
> So either your SOA serial, data or TTL differs between servers. Or it
> just that other server doesn't respond to SOA request that is making the
> SOA check fail, even though the problem is not with SOA but in that the
> nameserver isn't responding (common GoDaddy error), blaims SOA missing
> or faulty when actually the problem is that the nameserver isn't responding.
>
> I hope this clears things a bit.
>

Hi SashaB,

If you want to lookup the SOA-record of a domain, you could use the 'dig'
command:

dig @nameserver domain.tld SOA

But if those are not the same, maybe the domain-zone is not a copy of the
zone on the other nameserver, which is asking for trouble if it's not just
a version difference.

> Cheers,
>
> Jani Karlsson
>
>
> SashaB wrote:
> >Ken,
> >
> >I'm not sure what you mean. For example, so we didn't have to enter
> >different NS for 50 domains, I registered a domain name specifically for
> >use with NS (that is their sole purpose) and I've set up NS for multiple
> >website domain names that are identical--kinda like a webhosting company
> >does? There are four NS on two different servers at two datacenters in
> >different parts of a region (for which I haven't mirrored or set up
> >round-robin yet, though I intend to do so--and research shows I can on
> >pdns). Actually, two of the NS point to the same IP address as does the
> >one in question and several other NS point to that IP, too. All server
> >diffent content--blogs, websites, web interfaces for pdns, web guis for
> >various applications, webmail servers--just fine.
> >
> >This works, in part, because the actual content is served, in most
> >cases, though not all, from an entirely different IP addresses from the
> >NS IP addresses (and the virtual host settings on apache reflect that).
> >Yet, we have no problem reaching any of that content, even where the NS
> >IP address are shared with content-serving hostnames rather than
> >dedicated only to doing NS resolution like other IP addresses. Again,
> >domain resolution isn't only about the nameservers--it's about the hosts
> >and host.conf files, as well as whatever backends we use, too. (There
> >are some other factors, like resolvers, but you get my point.)
> >
> >So, as I explained, my mail/webmail NS are on different IP addresses
> >under its domain name from the content the webmail server and mail
> >server 'serves'. All DNS records for the domain are contained on its
> >master server, including both NS, which point back to those IP
> >addresses. The secondary NS has it's own master record on the server
> >where it's located and contains only its IP address, since pdns doesn't
> >use "pointer" records, relying instead on it's native ability to resolve
> >properly configured DNS.
> >
> >Since I've created an "A" record for those IP addresses from which
> >actual content is served in the DNS records on our registrar's site (and
> >have properly configured the vhosts in apache), when we enter either our
> >webmail server IP address or its hostname, my webmail server software
> >admin page loads--just like it should.
> >
> >When I load up the gui interface for our mailserver under either the
> >hostname, which is something like "mailservertype.maildomain.eu", it
> >loads perfectly. This stuff's fairly idiot proof because apache, mysql
> >and pdns all let you know when you've misconfigured stuff by not working
> >right--or at all.
> >
> >Therefore, I don't know how your answer relates to my problem and it
> >doesn't address the issue of the registrar not being able to reach the
> >secondary NS, which is on an entirely different server and has a
> >separate IP address. This doesn't appear, as you suggested when I posted
> >my last question about how PDNS works differently from BIND and again in
> >this post, as my lack of understanding DNS. I'm new to PDNS, not to DNS.
> >I couldn't have set this system up if I didn't have DNS understanding
> >and the registrar for my other domain names seems to have no problem
> >adding our changed NS to their system, so, our NS configuration aren't
> >the problem.
> >
> >If anyone else has any suggestions--especially those in the EU where
> >this seems to be an issue--at least when I bing(.com) it, I would
> >greatly appreciate your help.
> >
> >Sasha
> >
> >On Thu, Jul 2, 2009 at 9:40 AM, Kenneth Marshall <ktm@...
> ><mailto:ktm@...>> wrote:
> >
> >    On Thu, Jul 02, 2009 at 09:15:03AM -0400, SashaB wrote:
> >     > Hello all,
> >     >
> >     > This is a long post with a lot of info since I thought you should
> >    know as
> >     > much as possible about these NS before (a) having to ask the obvious
> >     > questions and (b) so you can offer suggestions.
> >     >
> >     > Here's the situation. I have set up the NS for our domains (on
> >    four servers)
> >     > and nearly all resolving properly to the domains to which they
> >    point. (For
> >     > those few that are not, I have figured out and corrected the
> >    issue; now
> >     > we're waiting for the changes to propogate.)
> >     >
> >     > However, we I have a specific domain registered via a registrar
> >    in the EU
> >     > for one of our mail/webmail servers and, each time I try to
> >    change the NS
> >     > (domain 'owners' can modify their own DNS on the registrar's site
> >    similar to
> >     > (but far simpler than) GoDaddy's "Total DNS"), I get the
> >    following errors:
> >     >
> >     > ns1.maildomain.eu  --->"The given nameservers return different
> >    SOA entries."
> >     > ns2.maildomain.eu --->"Connection to server failed."
> >     >
> >     > Before providing your help, you should know the following:
> >     >
> >     > 1) The nameservers are shared by other NS, all of which have
> >    domain names
> >     > associated for their specific purposes. (For example:
> >    ns1.foodomain.net <http://ns1.foodomain.net>,
> >     > dns1.thisdomain.com <http://dns1.thisdomain.com>,
> >    ns1.maildomain.eu, etc.). I've pointed all "ns1"
> >     > domains to one IP address on each server and "ns2" are pointed to a
> >     > different IP address on each server but share the same IP address
> >    on that
> >     > server, etc.
> >     > 2) The NS for this domain are on different servers in the same
> >    region and
> >     > located in entirely different datacenters.
> >     > 2) While there is a master record for the ccTLD itself on its
> >    resident
> >     > server, I've also set up a separate master record for the NS1 so
> >    I can see
> >     > updating serial numbers for just the NS. Because I also set up, as a
> >     > supermaster, the hostname for the servers on which each of their
> >    NS has its
> >     > master record, without creating each NS as a slave on the master
> >    server for
> >     > that record, they each show on the other server as a slave and
> >    their serial
> >     > numbers (and my logs, which I've set up to view by secure
> >    webserver) show
> >     > they have been updating regularly.
> >     > 3) Websites and other applications, some with the same NS IP (but
> >    different
> >     > domain name), are resolving correctly.
> >     > 3) All NS point to IP addresses, not CNAMEs or redirects. In
> >    fact, I tend to
> >     > use IP addresses over hostnames because they resolve better if we
> >    make DNS
> >     > changes to hostnames.
> >     > 4) I 'played around' with the NS to learn how pdns works and
> >    determine how
> >     > best to set them up, especially for security and convenience. In
> >     that
> >     > process, I found it was just easier to point the NS for all of
> >    our domains
> >     > to the same IPs on each server and use other IPs for other
> >    purposes (like
> >     > pointing a domain's webservers to). So, I changed the IP
> >    addresses for the
> >     > NS, deleted and recreated NS records, updated SOA records, etc.
> >    That may
> >     > affect the SOA entries.
> >     > 5) The NS have been live for at least 24 hours each.
> >     > 6) The NS point to different IPs from the domain's other records,
> >    like the
> >     > MX and webmail server, which have their own IP addresses. I've
> >    configured my
> >     > virtual hosts in apache accordinly (except I did not create any
> >    for the NS.)
> >     > 7) The SOA record of NS record on each server points to the
> >    appropriate IP
> >     > address and is configured, "ns1.maildomain.eu
> >     > hostmaster.masterrecordserver.com
> >    <http://hostmaster.masterrecordserver.com>". Since each is on
> >    different servers, the
> >     > "hostmaster" domain name is for that server, not the master
> >    server (ns1) of
> >     > the domain itself.
> >     > 8) I've given the registrar's IP address access to my server (via
> >     > hosts/csf.allow and the firewall) and added its network address
> >    to the
> >     > 'axfr' setting in pdns.conf. The pdns-recursor is not active on
> >    one server
> >     > (configuration issues) but is on the other. On the server with
> >    pdns-recursor
> >     > running, each master record has a corresponding "in-address.arpa"
> >    entry. I'm
> >     > still working on that for the other server. Neither server,
> >    however, is
> >     > experiencing resolution issues with the domains not associated
> >    with these in
> >     > question.
> >     >
> >     > So, that all said, I have a few questions that might be a source
> >    of some
> >     > issues:
> >     >
> >     > 1) I've taken the extra step of creating an "A" record for each
> >    NS in the
> >     > domain's DNS settings on the registrar's site as well as updating
> >    the other
> >     > records for the domain in the registrar's DNS as well, thinking
> >    that may
> >     > help. Will that affect the SOA records?
> >     > 2) Do the changes I've made to the master records, i.e., changing
> >    the IP
> >     > address of the NS several times before deciding on a final
> >    configuration,
> >     > cause such problems? (The NS for my websites, which have totally
> >    different
> >     > NS, in part, so we don't have these issues with them, have been
> >    'cast in
> >     > stone' for several weeks and haven't changed so they're resolving
> >     > correctly.)
> >     > 3) My understanding is that mysql acts as recursor when
> >    pdns-recursor. How
> >     > can I tell if the records in mysql are correct? (I've looked at
> >    the records
> >     > via Webmin but they don't contain full record entries or have IP
> >    numbers
> >     > associated, so I can't tell how accurate they are.)
> >     > 4) How does pdns-recursor and rDNS configuration affect
> >    resolution? Could
> >     > that be part of the issue?
> >     >
> >     > Finally, I've done searches online and found that others have
> >    this issue
> >     > with EU-based registrars. Ostensibly, this is to prevent NS
> >     > misconfiguration. But, I'm finding pdns is pretty good at that so
> >    I'm not
> >     > understanding the problem. But, since I have three more domains
> >    with this
> >     > registrar, I've got to so I can fix it. Please provide your
> >     > solutions-oriented assistance in trying to ressolve this issue so
> >    we can use
> >     > our own NS for our mail/webmail servers.
> >     >
> >     > If you've read this far, thank you and I look forward to your help.
> >     >
> >     > Sasha
> >
> >    Hi Sasha,
> >
> >    Thank you for the detailed description, but I think that the problem
> >    is described correctly by the error message you received from your
> >    domain registrar:
> >
> >       your nameservers have different SOA records (paraphrasing)
> >
> >    All nameservers for a domain, by definition should have and serve
> >    identical content. I think that once you fix this inconsistancy it
> >    will all work.
> >
> >    Regards,
> >    Ken
> >
> >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Pdns-users mailing list
> >Pdns-users@...
> >http://mailman.powerdns.com/mailman/listinfo/pdns-users
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@...
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>

_____________________________________
New things are always on the horizon.

_______________________________________________
Pdns-users mailing list
Pdns-users@...
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Hi,

I think that this is a good possibility. We have seen connection
problems when trying to talk to a multi-homed DNS server. If you
are not very careful, you get a three-way traffic pattern which
results in a failed TCP conversation.

Regards,
Ken

On Thu, Jul 02, 2009 at 06:15:44PM +0300, Jani Karlsson wrote:

> Hi,
>
> Your problem is with SOA DNS-record:
> The given nameservers return different SOA entries.
>
> So either your SOA serial, data or TTL differs between servers. Or it just
> that other server doesn't respond to SOA request that is making the SOA
> check fail, even though the problem is not with SOA but in that the
> nameserver isn't responding (common GoDaddy error), blaims SOA missing or
> faulty when actually the problem is that the nameserver isn't responding.
>
> I hope this clears things a bit.
>
> Cheers,
>
> Jani Karlsson
>
>