Nameserver setup confusion

sametch · 2nd July 2008

I am a little confused regarding nameserver ordering.

When registering a domain name I understand two nameservers are required.

I have been registering the namerserver of my dedicated server as the first and the nameserver of the domain registration (which only parks the domain) as the second.

How do the nameserver allocations work? Is the first nameserver tried first and only if it doesn't respond does it go onto the second. Or are they both tried simultaneously and the first to respond wins.

The reason I ask is I recently leased a dedicated server and have set up two websites. One I can browse to the other I can't all I get is the domain registration parking page. I set the DNS settings in plesk the same for both. I later realised for the one that works I had misspelled the second nameserver for the domain to something that doesn't exist, yet this one shows the web page, the one I spelled correctly doesn't.

I am fairly new to administering a dedicated server (I am a programmer mainly) and the people I am hosting from give one line answers that are not easy to understand, so any help appreciated.

M8INTERNET · 2nd July 2008

As far as I am aware all the nameserver settings must be on the same Domain Name , example :
ns.nameserver.com
ns2.nameserver.com
ns3.nameserver.com

Obviously the more you have then if one of the servers is not available then the next should be used

In the event the nameservers on that Domain Name fail, then you need to reset the nameservers to a different Domain Name, example :
ns.domain-registrant.cm
ns2.domain-registrant.com

However, it can take up to 72 hours for new nameserver settings to propogate across the internet

JamieBeeston · 2nd July 2008

They are typically just taken at random from my experience, no nameservers have actual precedence.

If you have 2 nameservers listed, you should make sure they both work, however is a listed nameserver has NO record for the domain in question, the lookup WILL move on to another nameserver.

J

freethought · 2nd July 2008

From my experience, it completely depends on the software doing the DNS lookup. Some software picks one at random and sticks with it, some does it round robin and some just always uses the first server in the list (unless it isn't working).
If a record is returned, that that gets used but if the server returns NXDOMAIN, SERVFAIL or just plain doesn't do anything (timeout) then the next one is used.

freethought · 2nd July 2008

Quote:

Originally Posted by M8INTERNET

As far as I am aware all the nameserver settings must be on the same Domain Name , example :
ns.nameserver.com
ns2.nameserver.com
ns3.nameserver.com

Obviously the more you have then if one of the servers is not available then the next should be used

In the event the nameservers on that Domain Name fail, then you need to reset the nameservers to a different Domain Name, example :
ns.domain-registrant.cm
ns2.domain-registrant.com

However, it can take up to 72 hours for new nameserver settings to propogate across the internet

AFAIK there's no requirement for all nameservers to be on the same domain. I've used nameservers on separate domains and it's never caused me a problem.

sametch · 2nd July 2008

Quote:

Originally Posted by freethought

From my experience, it completely depends on the software doing the DNS lookup. Some software picks one at random and sticks with it, some does it round robin and some just always uses the first server in the list (unless it isn't working).
If a record is returned, that that gets used but if the server returns NXDOMAIN, SERVFAIL or just plain doesn't do anything (timeout) then the next one is used.

My conclusion from this is if I can't afford two servers to host my websites I am better off specifying one of the nameservers that doesn't exist, than a second one that does exist but doesn't host the site.

Is my conclusion bad?

Rebuke · 2nd July 2008

They don't have to be on the same domain at all, they *should* all be serving the same zone file, otherwise you will see strange behaviour as some clients will get one value, some clients will get another.

You *should* have at least two nameservers, on different networks, this ensures your domain is always resolvable. This is important as even if your mail server is down, as long as your domain still resolves most mail servers will queue mail for you for a while. If it can't do a DNS lookup, it will just bounce the mail assuming it's a non-existant domain...

For your situation, I think what you want is to either find a service where you pay for secondary DNS, or find someone to swap secondary with, i.e. you act as a secondary for them, they act as a secondary for you. Or do what (unfortunately) the majority of small hosts do, and put two IP addresses on your server and use those, i.e. make your one server pretend to be multiple. This is bad for the reasons above, however, by the sound of it at the moment your domains are at risk of certain users being unable to access them, as if they hit the domain registration nameserver, they'll get a parking page rather than the actual page, so it would at least be better than that!

othellotech · 4th July 2008

Quote:

Originally Posted by M8INTERNET

As far as I am aware all the nameserver settings must be on the same Domain Name

Not at all

Quote:

Originally Posted by M8INTERNET

Obviously the more you have then if one of the servers is not available then the next should be used

You have no control over which ones will get used or how often

Quote:

Originally Posted by M8INTERNET

However, it can take up to 72 hours for new nameserver settings to propogate across the internet

Propogation has been 30 minutes for some years now.

Caching of the old DNS results and/or nameserver details is ISP, software ad machine dependant and is often as long as a week

It's probably not a good idea to give someone "advice" about a subject you clearly know nothing about ...

PeteK · 4th July 2008

Quote:

Originally Posted by othellotech

Propogation has been 30 minutes for some years now.

Lol, that is of course unless you are one of the poor un-washed who is forced to use DNS servers provided by the Pip/Tisc/Nil/F2s and brothers crowd who update about as often as the firmware in your personal CD player ;-) I suppose at least they are honouring 7 days thse days rather than err, well yeah, when we reboot one...

M8INTERNET · 4th July 2008

I've checked again with 123-REG and enom, and they both advise that nameserver settings should be in place within 30 minutes, but the propogation can take up to 48 hours
Hence, why I still only quote up to 72 hours

I updated some in the US last week and it was at least into the second day before they were finally in use in the UK, even though the records had been updated
Personally, I blame the BT cache

freethought · 4th July 2008

The 30 mins is how long it takes for your registrar to submit the update to the registry and for them to update their nameservers. Some registrars are better than others. 123-reg for example tend to be quite good but 1and1 are spectacularly pants.
Once that's done you've got to wait for caches to time out and this depends on what your TTL is set to and whether any of the ISP's cache servers are paying the blindest bit of attention to it.
24-48 hours is a good bet with 72 if you want to be on the safe side. 1-2 weeks if NTL are involved.

simplicity · 25th August 2008

Quote:

Originally Posted by JamieBeeston

If you have 2 nameservers listed, you should make sure they both work, however is a listed nameserver has NO record for the domain in question, the lookup WILL move on to another nameserver.

Unfortunately that wasn't my experience recently when I inadvertently deleted some zone files from one of my 4 nameservers (NS). Despite having correct zone files on the other 3 NS, requests to the server with the deleted records got "non-existant domain" responses, with no attempt to check one of the other 3 as I would have expected.

So in summary: if one of your NS is down, then requests will failover to the other. But if one of your NS has a missing/incorrect zone record, it won't (or at least it won't necessarily).

Also I agree with those who've commented that you don't need to have all your NS on the same domain. In fact it strikes me as better not to: if there's a problem resolving that domain name for any reason, then having your zones on a server with a different domain will save you.

PeteK · 28th August 2008

Quote:

Originally Posted by simplicity

Unfortunately that wasn't my experience recently when I inadvertently deleted some zone files from one of my 4 nameservers (NS). Despite having correct zone files on the other 3 NS, requests to the server with the deleted records got "non-existant domain" responses, with no attempt to check one of the other 3 as I would have expected.

So in summary: if one of your NS is down, then requests will failover to the other. But if one of your NS has a missing/incorrect zone record, it won't (or at least it won't necessarily).

Also I agree with those who've commented that you don't need to have all your NS on the same domain. In fact it strikes me as better not to: if there's a problem resolving that domain name for any reason, then having your zones on a server with a different domain will save you.

But that is not the fault of the name servers is it? If you had suspended the zones on the incorrect ones then the requests would have failed and the lookup gone elsewhere. In your case the NS's responded but with carp... Garbage in, garbage out...

simplicity · 29th August 2008

Quote:

Originally Posted by PeteK

But that is not the fault of the name servers is it? If you had suspended the zones on the incorrect ones then the requests would have failed and the lookup gone elsewhere. In your case the NS's responded but with carp... Garbage in, garbage out...

The fault was mine, definitely. But I was just pointing out that if you make such a mistake, you shouldn't expect your other NS to cover you.

JamieBeeston · 29th August 2008

Thats not what they're designed to do.

I'm assuming you deleted the zone, but not the bind entry for that domain, as such it replied that it should be able to answer, but it couldn't.. which means the lookup was successful in that it found an authoritative nameserver.

You can protect against failed NS and Failed networks, it's much harder to protect against humans!