Mail to RR users is getting refused due to PTR issues. I contacted
RR and explained that yea, one of our 2 DNS servers for the
IN-ADDR.ARPA is down, but the other is fine. They said that
I should either get the DNS server back up (Which of course
is already being worked on, was the minute it went down)
or delete it from ARIN IN-ADDR.ARPA records.
Isn't the whole point of multiple DNS servers that if one is down
the other can still answer queries? Or am I missing something
here???
Depends exactly what your "down" server is doing. If it's totally not
answering, the resolver at RR should silently fall back and try the other one.
It gets more interesting if your "down" server is still answering queries,
particlylarly if it's giving out "I never heard of it" answers with the
authoritative bit set because it's blown out a zone. In that case, the RR
resolver is within its rights to assume that your NS knows what it's talking
about and believing it.
How much is power as a percent of data centre operating expense? What sort of a range do you see?
We are building a high capacity cable to Iceland, which has already become a major aluminum smelting centre due to its cheap geothermal and hydro power, and we’ve already received inquiries for connectivity to Iceland for data centre opportunities.
I assume that expense and ability to scale the power network are the key concerns of the IT community. And for governments, carbon emissions should
matter.
Roderick S. Beck
Director of EMEA Sales
Hibernia Atlantic
1, Passage du Chantier, 75012 Paris http://www.hiberniaatlantic.com
Wireless: 1-212-444-8829.
Landline: 33-1-4346-3209
AOL Messenger: GlobalBandwidth rod.beck@hiberniaatlantic.com rodbeck@erols.com
``Unthinking respect for authority is the greatest enemy of truth.’’ Albert Einstein.
Down is there isn't power to it until it gets repaired. So its not
answering period. A "nslookup" shows "timed-out". A "dig" shows
"connection timed out; no servers could be reached" (When querying ONLY
against the down server).
So how do I go back to RR, who told me to take it out of my
NS records, that DNS is supposed to be silently falling back and trying
again?
[snip 58 (!) lines of sig, quoted unrelated thread, and legalese]
Nobody likes a netiquette pedant. Nevertheless:
1) please don't top post (consider your forum, at least)
2) please trim your sig (and original quoted message(s))
3) please don't hijack threads - it is confusing and difficult to follow
4) please avoid 10+ lines of totally inane unenforceable legalese
appended to the end of every reply (bonus irony points for having 6:1
ratio of sigs+legalese+quotes:new content).
thanks, from all of us who read mail on small screens (occasionally
over slow wireless connections).
Down is there isn't power to it until it gets repaired. So its not
answering period. A "nslookup" shows "timed-out". A "dig" shows
"connection timed out; no servers could be reached" (When querying ONLY
against the down server).
So how do I go back to RR, who told me to take it out of my
NS records, that DNS is supposed to be silently falling back and trying
again?
The fact that they're rejecting on a 5xx error based on no DNS PTR is a
bit harsh. While I'm all for requiring all hosts to have valid PTR
records, there are times when transient or problem servers can cause a
DNS lookup failure or miss, etc. If anything they should be returning a
4xx to have the remote host"try again later".
Tuc at T-B-O-H.NET wrote:
> Down is there isn't power to it until it gets repaired. So its not
> answering period. A "nslookup" shows "timed-out". A "dig" shows
> "connection timed out; no servers could be reached" (When querying ONLY
> against the down server).
>
> So how do I go back to RR, who told me to take it out of my
> NS records, that DNS is supposed to be silently falling back and trying
> again?
The fact that they're rejecting on a 5xx error based on no DNS PTR is a
bit harsh. While I'm all for requiring all hosts to have valid PTR
records, there are times when transient or problem servers can cause a
DNS lookup failure or miss, etc. If anything they should be returning a
4xx to have the remote host"try again later".
Robert,
Sorry, they aren't giving a hard fail. Its a soft fail, so we'll
retry. But after 5 days of retrying, my servers will give up. (And, in
the mean time, the mail isn't getting through, so my users are without mail
{We store/forward for them} I don't know if the down (hard) server will be
back that soon (Its been 2 days as is). But the whole POINT of DNS is I have
a 2nd one listed, and they don't seem to care. They are telling me that they
want my "primary" one back up and running.
In article <200708170226.l7H2QZSw019129@himinbjorg.tucs-beachin-obx-house.com> you write:
Tuc at T-B-O-H.NET wrote:
> Down is there isn't power to it until it gets repaired. So its not
> answering period. A "nslookup" shows "timed-out". A "dig" shows
> "connection timed out; no servers could be reached" (When querying ONLY
> against the down server).
>
> So how do I go back to RR, who told me to take it out of my
> NS records, that DNS is supposed to be silently falling back and trying
> again?
The fact that they're rejecting on a 5xx error based on no DNS PTR is a
bit harsh. While I'm all for requiring all hosts to have valid PTR
records, there are times when transient or problem servers can cause a
DNS lookup failure or miss, etc. If anything they should be returning a
4xx to have the remote host"try again later".
Robert,
Sorry, they aren't giving a hard fail. Its a soft fail, so we'll
retry. But after 5 days of retrying, my servers will give up. (And, in
the mean time, the mail isn't getting through, so my users are without mail
{We store/forward for them} I don't know if the down (hard) server will be
back that soon (Its been 2 days as is). But the whole POINT of DNS is I have
a 2nd one listed, and they don't seem to care. They are telling me that they
want my "primary" one back up and running.
Tuc/TBOH
I know this is strange for nanog but if you actually stated the
IP addresses of the mail servers we could look to see if there
is a problem other than what you think the problem is.
Tell them that your primary is up and running and it's only the secondary
that's down, and see what they say. If they disagree, ask how they know
that the server that's down is the primary...
In article <200708170226.l7H2QZSw019129@himinbjorg.tucs-beachin-obx-house.com> you write:
>
>>
>> Tuc at T-B-O-H.NET wrote:
>> > Down is there isn't power to it until it gets repaired. So its not
>> > answering period. A "nslookup" shows "timed-out". A "dig" shows
>> > "connection timed out; no servers could be reached" (When querying ONLY
>> > against the down server).
>> >
>> > So how do I go back to RR, who told me to take it out of my
>> > NS records, that DNS is supposed to be silently falling back and trying
>> > again?
>>
>>
>> The fact that they're rejecting on a 5xx error based on no DNS PTR is a
>> bit harsh. While I'm all for requiring all hosts to have valid PTR
>> records, there are times when transient or problem servers can cause a
>> DNS lookup failure or miss, etc. If anything they should be returning a
>> 4xx to have the remote host"try again later".
>>
>Robert,
>
> Sorry, they aren't giving a hard fail. Its a soft fail, so we'll
>retry. But after 5 days of retrying, my servers will give up. (And, in
>the mean time, the mail isn't getting through, so my users are without mail
>{We store/forward for them} I don't know if the down (hard) server will be
>back that soon (Its been 2 days as is). But the whole POINT of DNS is I have
>a 2nd one listed, and they don't seem to care. They are telling me that they
>want my "primary" one back up and running.
>
> Tuc/TBOH
I know this is strange for nanog but if you actually stated the
IP addresses of the mail servers we could look to see if there
is a problem other than what you think the problem is.
You havn't stated it here or on bind-users
Mark
Hi,
Just a note to let everyone know its all working again. I was
escalated to someone else in RR and intelligent things came out of their
mouth and its not an issue anymore.
The initial responder at RR needs a clue, and the bind-users said
I was doing something "moderately bad" at the same time. I'm working out
a tactic to resolve my bent-clue issue. I hope to have that fixed in a
week or so. RR is now accepting my mail despite my "bent clue" and one
DNS server being down.