NS Zone Entries - NSLOOKUP intermittent failures

Aviad P.

8/4/24, 6:58 AM

I am not a DNS expert, but I know just enough to break things :)

This is the entire list of entries in my DNS zone:

NOTE: names have been mangled wherever necessary, but the general gist is preserved.

Record name	Type	Value	TTL
example.com	MX	1 ASPMX.L.GOOGLE.COM	3600
		5 ALT1.ASPMX.L.GOOGLE.COM
		5 ALT2.ASPMX.L.GOOGLE.COM
		10 ALT3.ASPMX.L.GOOGLE.COM
		10 ALT4.ASPMX.L.GOOGLE.COM
		15 ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOP.MX-VERIFICATION.GOOGLE.COM
example.com	NS	ns-1234.awsdns-12.co.uk	86400
		ns-12.awsdns-23.com
		ns-4567.awsdns-34.org
		ns-345.awsdns-45.net
example.com	SOA	ns-1234.awsdns-12.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400	900
chat.example.com	A	12.123.123.1	300
www.example.com	NS	ns2.wixdns.net	86400
		ns3.widdns.net

I don't fully understand this (I guessed my way here) - the result I am getting is an intermittent failure when resolving chat.example.com, e.g:

$ nslookup -type=soa chat.example.com
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find chat.example.com: NXDOMAIN

$ nslookup -type=soa chat.example.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
*** Can't find chat.example.com: No answer

Authoritative answers can be found from:
example.com
        origin = ns-1234.awsdns-12.co.uk
        mail addr = awsdns-hostmaster.amazon.com
        serial = 1
        refresh = 7200
        retry = 900
        expire = 1209600
        minimum = 86400

Another bit of info, the www.example.com is hosted on WIX so they are responsible for resolving that address, again not sure I did that part right either, but the site is generally accessible.

What am I doing wrong?

0 + 8

domain-name-system

dns-zone

Esa Jokinen

8/4/24, 7:53 AM

Everything in DNS is public so there's no need to obfuscate anything.

Esa Jokinen

8/4/24, 8:03 AM

The domain `aviad.md` does not exist in the parent `.md` zone.

Aviad P.

8/4/24, 8:52 AM

I don't want to reveal my actual domain name, but it is indeed registered in the parent country's dns

Esa Jokinen

8/4/24, 10:30 AM

DNS related issues are hard to debug without knowing the actual domain name. But a good start would be using `dig` instead of `nslookup` and making the queries against the authoritative name servers using `@<ip>`.

Aviad P.

8/4/24, 11:13 AM

I think the problem is not the DNS entries, but rather the fact that my EC2 was not accessing the public zone... That in conjunction with TTL's not being observed... I'll update in the next few days if this proves to be correct.

Greg Askew

8/4/24, 12:39 PM

`don't fully understand this (I guessed my way here)`. No need to guess. Run a packet capture during the test to get more information, such as the server it is communicating with, and a bunch of other wonderful things.

joeqwerty

8/4/24, 1:43 PM

**I don't want to reveal my actual domain name** - Then you shouldn't have registered it and you should take your question somewhere else. We can't guess as to what might be wrong without the domain name. We're not magicians.

Aviad P.

8/4/24, 1:59 PM

Yeah, well, you know, that's just like, your opinion, man. @joeqwerty

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: NS Zone Entries - NSLOOKUP intermittent failures

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.