An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Saturday, September 12, 2009

Diagnosing Problems With Custom Domains: The Dig Tool, Run Against The Domain Authority Server

Sometimes when we work on a custom domain problem, we'll recommend specific DNS changes, and we'll make plans to deal with the unavoidable DNS latency issues.
Make the above changes, and wait for one full day, before continuing.
The above caveat will be highly advisable, because of gross latency required by the DNS host (1 day TTL is pretty nasty).

mydomain.com. 86400 IN A 74.53.137.215

As always, we'll be using a Dig utility to examine the DNS settings in question.

The DNS settings, as noted, may not be visible immediately. If the existing DNS address record for "mydomain.com" includes a TTL of 86,400 seconds (1 day), then we should wait for one day, before assuming that any changes that we are making will take effect.

Maybe we don't want to wait one full day, just to see if the blogger working on the problem (or worse, the DNS host support tech paid by the blogger for service) makes the right settings. Fortunately, we don't have to wait until TTL expires, and the updated "A" or "CNAME" records hit the local DNS server, if we do a little more work. The changes made at the DNS host will be present on the authoritative DNS server for "mydomain.com", instantly.

Note that these are details that aren't available on all DNS Utility services on the web. To my knowledge, only the Kloth.Net Dig server provides this much detail, in a GUI interface.

With Kloth, besides entering the domain name for "Domain:", select "ANY (any type)" for "Query:". This will give a slightly different log from Dig.

; <<>> DiG 9.3.2 <<>> @localhost nitecruzr.net ANY
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32900
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nitecruzr.net. IN ANY

;; ANSWER SECTION:
nitecruzr.net. 86400 IN SOA ns11.domaincontrol.com. dns.jomax.net. 2009050100 28800 7200 604800 86400
nitecruzr.net. 3600 IN A 216.239.38.21
nitecruzr.net. 3600 IN A 216.239.32.21
nitecruzr.net. 3600 IN A 216.239.36.21
nitecruzr.net. 3600 IN A 216.239.34.21

;; Query time: 103 msec
;; SERVER: 216.69.185.6#53(216.69.185.6)
;; WHEN: Sat Sep 12 23:43:19 2009
;; MSG SIZE rcvd: 386


What we need here is the "SOA" ("Start Of Authority") record, which identifies the authoritative DNS server for "nitecruzr.net".

nitecruzr.net. 86400 IN SOA ns11.domaincontrol.com. dns.jomax.net. 2009050100 28800 7200 604800 86400

The authoritative DNS server for "nitecruzr.net" is "ns11.domaincontrol.com".

Returning to the Kloth Dig form, we paste "ns11.domaincontrol.com" for "Server:", in place of the usual entry "localhost". When we run a Dig for "nitecruzr.net" against "ns11.domaincontrol.com", we see a slightly different Dig log.

; <<>> DiG 9.3.2 <<>> @ns11.domaincontrol.com nitecruzr.net ANY
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49580
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nitecruzr.net. IN ANY

;; ANSWER SECTION:
nitecruzr.net. 86400 IN SOA ns11.domaincontrol.com. dns.jomax.net. 2009050100 28800 7200 604800 86400
nitecruzr.net. 3600 IN NS ns11.domaincontrol.com.
nitecruzr.net. 3600 IN NS ns12.domaincontrol.com.
nitecruzr.net. 3600 IN NS ns54.domaincontrol.com.
nitecruzr.net. 3600 IN NS ns53.domaincontrol.com.
nitecruzr.net. 3600 IN MX 10 aspmx.l.google.com.
nitecruzr.net. 3600 IN MX 20 alt1.aspmx.l.google.com.
nitecruzr.net. 3600 IN MX 30 alt2.aspmx.l.google.com.
nitecruzr.net. 3600 IN MX 40 aspmx2.googlemail.com.
nitecruzr.net. 3600 IN MX 50 aspmx3.googlemail.com.
nitecruzr.net. 3600 IN A 216.239.38.21
nitecruzr.net. 3600 IN A 216.239.36.21
nitecruzr.net. 3600 IN A 216.239.34.21
nitecruzr.net. 3600 IN A 216.239.32.21

;; Query time: 103 msec
;; SERVER: 216.69.185.6#53(216.69.185.6)
;; WHEN: Sat Sep 12 23:52:32 2009
;; MSG SIZE rcvd: 386

There are all of the DNS records for "nitecruzr.net", from the authoritative server. If we had just made DNS address changes, we would see them displayed instantly, instead of having to wait for TTL to expire so our local server ("localhost") would refresh cache, and show us the updates.

>> Top

Dude, hit me with a comment!