Failed Primary DNS Server?

ZBTSI · January 2, 2012, 4:20am

I just changed my DNS servers to those specified on the Comodo
DNS setup page:

Primary: 8.26.56.26
Alternate: 8.20.247.20

After doing so, I did an nslookup on both of the DNS server addresses.
Here’s what I got for the first one:

C:>nslookup 8.26.56.26
*** Can’t find server name for address 8.26.56.26: No information
Server: ns2.recursive.dns.com
Address: 8.20.247.20

*** No address (A) records available for 8.26.56.26

And here’s what I get when I do a lookup on www.google.com:

C:>nslookup www.google.com
*** Can’t find server name for address 8.26.56.26: No information
Server: ns2.recursive.dns.com
Address: 8.20.247.20

Isn’t this strange? Why isn’t it using the primary DNS server?

Regards.

Radaghast · January 2, 2012, 5:01am

I think the reason it appears to have problems, is because there appears to be an issue with the fqdn for the Comodo anycast servers. Look-ups work and you can switch to the server to perform queries:

C:\Windows\System32>nslookup www.google.com
Server:  UnKnown
Address:  8.26.56.26

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  173.194.67.99
          173.194.67.106
          173.194.67.147
          173.194.67.105
          173.194.67.104
          173.194.67.103
Aliases:  www.google.com

C:\Windows\System32>ping -a 8.26.56.26

Pinging 8.26.56.26 with 32 bytes of data:
Reply from 8.26.56.26: bytes=32 time=205ms TTL=52
Reply from 8.26.56.26: bytes=32 time=208ms TTL=52
Reply from 8.26.56.26: bytes=32 time=207ms TTL=52
Reply from 8.26.56.26: bytes=32 time=204ms TTL=52

Ping statistics for 8.26.56.26:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 204ms, Maximum = 208ms, Average = 206ms

ZBTSI · January 2, 2012, 5:11am

Hi Radaghast. Thanks for replying.

I waited a while, then tried again. This time, I’m getting different results, and
I’m starting to wonder if there isn’t server maintenance going on. I reran the
lookup on Google, and here are the results:

C:>nslookup www.google.com
*** Can’t find server name for address 8.26.56.26: No information
DNS request timed out.
timeout was 2 seconds.
*** Can’t find server name for address 8.20.247.20: Timed out
*** Default servers are not available
Server: UnKnown
Address: 8.26.56.26

Non-authoritative answer:
Name: www.google.com.wi.rr.com
Address: 92.242.144.50

I’ll try these again tomorrow, and will post back to the forum.

Regards.

ZBTSI · January 2, 2012, 5:05pm

I gave it another shot, and it still refuses to use 8.26.56.26 as the primary
DNS server.

C:>nslookup www.comodo.com
*** Can’t find server name for address 8.26.56.26: Non-existent domain
Server: ns2.recursive.dns.com
Address: 8.20.247.20

Non-authoritative answer:
Name: www.comodo.com.wi.rr.com
Address: 92.242.144.50

If I swap the preferred and alternate DNS server entries, then it uses
8.20.247.20 as the preferred with no error message. However, I
wouldn’t expect it to fall back to 8.26.56.26 reliably.

I have reverted back to my ISP’s DNS until I can get this issue
resolved.

Regards.

Edit: Some more lookups from my ISP’s DNS:

C:>nslookup 8.26.56.26
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

*** dns-cac-lb-01.rr.com can’t find 8.26.56.26: Non-existent domain

C:>nslookup 8.26.56.26
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

*** No address (A) records available for 8.26.56.26

Radaghast · January 3, 2012, 3:22am

As I mentioned in an earlier post, the fully qualified domain name for 8.26.56.26 doesn’t appear to exist, whic is why your seeing some of these error messages. However, a standard query does work, at least for me. have you tried running nslookup in interactive mode?

C:\Windows\System32>nslookup www.comodo.com
Server:  UnKnown
Address:  8.26.56.26

Non-authoritative answer:
Name:    www.comodo.com
Address:  91.199.212.176


C:\Windows\System32>nslookup
Default Server:  UnKnown
Address:  8.26.56.26

> server 8.26.56.26
Default Server:  [8.26.56.26]
Address:  8.26.56.26

> www.comodo.com
Server:  [8.26.56.26]
Address:  8.26.56.26

Non-authoritative answer:
Name:    www.comodo.com
Address:  91.199.212.176

> set denug
> set debug
> dns.com
Server:  [8.26.56.26]
Address:  8.26.56.26

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        dns.com, type = A, class = IN
    ANSWERS:
    ->  dns.com
        internet address = 50.19.17.188
        ttl = 3200 (53 mins 20 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 5,  additional = 0

    QUESTIONS:
        dns.com, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  dns.com
        ttl = 21600 (6 hours)
        primary name server = ns1.dns.com
        responsible mail addr = admin.dns.com
        serial  = 2011122810
        refresh = 21600 (6 hours)
        retry   = 1200 (20 mins)
        expire  = 1209600 (14 days)
        default TTL = 1800 (30 mins)
    ->  dns.com
        nameserver = ns3.dns.com
        ttl = 21600 (6 hours)
    ->  dns.com
        nameserver = ns4.dns.com
        ttl = 21600 (6 hours)
    ->  dns.com
        nameserver = ns1.dns.com
        ttl = 21600 (6 hours)
    ->  dns.com
        nameserver = ns2.dns.com
        ttl = 21600 (6 hours)

------------
Name:    dns.com
Address:  50.19.17.188

> 8.26.56.26
Server:  [8.26.56.26]
Address:  8.26.56.26

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        26.56.26.8.in-addr.arpa, type = PTR, class = IN

------------
*** [8.26.56.26] can't find 8.26.56.26: Non-existent domain
>

The rcode = NXDOMAIN is a bit of a giveaway.

With OpenDNS

C:\Windows\System32>nslookup
Default Server:  resolver1.opendns.com
Address:  208.67.222.222

> set debug
> 208.67.222.222
Server:  resolver1.opendns.com
Address:  208.67.222.222

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        222.222.67.208.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  222.222.67.208.in-addr.arpa
        name = resolver1.opendns.com
        ttl = 602725 (6 days 23 hours 25 mins 25 secs)

------------
Name:    resolver1.opendns.com
Address:  208.67.222.222

>

last I heard the service was still in beta?

ZBTSI · January 3, 2012, 6:41am

I’m not that lucky.

have you tried running nslookup in interactive mode?

I haven’t prior to this evening, but it seems to produce results:

> www.comodo.com.
Server:  [8.26.56.26]
Address:  8.26.56.26

------------
SendRequest(), len 32
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.comodo.com, type = A, class = IN

------------
------------
Got answer (143 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 4,  additional = 0

    QUESTIONS:
        www.comodo.com, type = A, class = IN
    ANSWERS:
    ->  www.comodo.com
        type = A, class = IN, dlen = 4
        internet address = 91.199.212.176
        ttl = 536 (8 mins 56 secs)
    AUTHORITY RECORDS:
    ->  comodo.com
        type = NS, class = IN, dlen = 19
        nameserver = ns0.comododns.net
        ttl = 751 (12 mins 31 secs)
    ->  comodo.com
        type = NS, class = IN, dlen = 16
        nameserver = ns1.comododns.com
        ttl = 751 (12 mins 31 secs)
    ->  comodo.com
        type = NS, class = IN, dlen = 6
        nameserver = ns0.comododns.com
        ttl = 751 (12 mins 31 secs)
    ->  comodo.com
        type = NS, class = IN, dlen = 6
        nameserver = ns1.comododns.net
        ttl = 751 (12 mins 31 secs)

------------
Non-authoritative answer:
Name:    www.comodo.com
Address:  91.199.212.176

However, I don’t get entirely repeatable results when I try to lookup 8.26.56.26:

On the first try:

> 8.26.56.26
Server:  [8.26.56.26]
Address:  8.26.56.26

------------
SendRequest(), len 41
    HEADER:
        opcode = QUERY, id = 9, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        26.56.26.8.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (41 bytes):
    HEADER:
        opcode = QUERY, id = 9, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        26.56.26.8.in-addr.arpa, type = PTR, class = IN

------------
*** No address (A) records available for 8.26.56.26

On the next try:

> 8.26.56.26
Server:  [8.26.56.26]
Address:  8.26.56.26

------------
SendRequest(), len 41
    HEADER:
        opcode = QUERY, id = 10, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        26.56.26.8.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (41 bytes):
    HEADER:
        opcode = QUERY, id = 10, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        26.56.26.8.in-addr.arpa, type = PTR, class = IN

------------
*** [8.26.56.26] can't find 8.26.56.26: Non-existent domain

It’s all interesting output, and it’s clear that the server certainly does
work. However, I’m not sure how all of this speaks to the issue I’m
experiencing. In this case, it would be nice to have a background app
that monitors DNS usage, so I could see if Windows is really kicking it
out entirely, or just during nslookups. If it just doesn’t want to use
8.26.56.26 as a primary, then I might just as well swap it out with
something that does work.

Or, better yet, someone could just give the darned thing a name. :-\

Regards.

ZBTSI · January 3, 2012, 7:02am

I think I’ll give them a try.

Thanks!

Radaghast · January 3, 2012, 7:14am

Interestingly, these servers do appear to have names:

; <<>> DiG 9.3.2 <<>> ns1.recursive.dns.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1593
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.recursive.dns.com.         IN      A

;; ANSWER SECTION:
ns1.recursive.dns.com.  3600    IN      A       8.26.56.26

;; Query time: 440 msec
;; SERVER: 8.26.56.26#53(8.26.56.26)
;; WHEN: Tue Jan 03 17:19:06 2012
;; MSG SIZE  rcvd: 55


; <<>> DiG 9.3.2 <<>> ns2.recursive.dns.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1972
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns2.recursive.dns.com.         IN      A

;; ANSWER SECTION:
ns2.recursive.dns.com.  3600    IN      A       8.20.247.20

;; Query time: 410 msec
;; SERVER: 8.26.56.26#53(8.26.56.26)
;; WHEN: Tue Jan 03 17:19:37 2012
;; MSG SIZE  rcvd: 55


; <<>> DiG 9.3.2 <<>> ns3.recursive.dns.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1860
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns3.recursive.dns.com.         IN      A

;; ANSWER SECTION:
ns3.recursive.dns.com.  0       IN      A       92.242.144.50

;; Query time: 490 msec
;; SERVER: 8.26.56.26#53(8.26.56.26)
;; WHEN: Tue Jan 03 17:19:46 2012
;; MSG SIZE  rcvd: 55

The interesting IP address is the one for ns3 which appears to be barefruit. I assume has something to do with the landing page advertising for mistyped domains. At a guess, It seems the ns* designators then map to the localised servers:

Edit: I’m actually getting a different server each time now, so, right now, I have no idea how these names relate to the ns* names.

gcb[at]casper:~> dig [at]8.26.56.26 id.server txt chaos

; <<>> DiG 9.8.1-P1 <<>> [at]8.26.56.26 id.server txt chaos
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48337
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.                     CH      TXT

;; ANSWER SECTION:
id.server.              0       CH      TXT     "h6eddnrecur10"

;; Query time: 204 msec
;; SERVER: 8.26.56.26#53(8.26.56.26)
;; WHEN: Tue Jan  3 18:09:46 2012
;; MSG SIZE  rcvd: 53

I’ve only found 10 - 12 now - of these but there are 14 locations, but 8 of those ate in the US.

dnsbrian · January 4, 2012, 9:13pm

Thank you for posting some debug with this issue… it was an oversight on my part and have provisioned the needed PTR record for the 8.26.56.26 IP. You should now be all set with this … please confirm.

Radaghast · January 4, 2012, 10:17pm

Looks better

}; <<>> DiG 9.3.2 <<>> -x 8.26.56.26
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1108
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;26.56.26.8.in-addr.arpa.       IN      PTR

;; ANSWER SECTION:
26.56.26.8.in-addr.arpa. 86400  IN      PTR     ns1.recursive.dns.com.

;; Query time: 421 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jan 05 09:08:36 2012
;; MSG SIZE  rcvd: 76

Any way we can match the names of the individual servers with location, assuming that’s what I’m looking at with “h6eddnrecur*”?

OpenDNS offer a facility where if one uses, for example, nslookup with:

nslookup -type=txt which.opendns.com

It reports which of their servers the requests are being routed to?

dnsbrian · January 4, 2012, 11:49pm

Good News!

we have this in our testing env, it will be live soon.

Radaghast · January 5, 2012, 12:05am

I shall look forward to that :-TU

ZBTSI · January 5, 2012, 1:25am

Yes! The primary DNS works fine now.

Using nslookup in standard mode, looking up www.google.com:


C:\>nslookup www.google.com.
Server:  ns1.recursive.dns.com
Address:  8.26.56.26

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  209.85.229.104, 209.85.229.147, 209.85.229.105, 209.85.229.99
          209.85.229.103
Aliases:  www.google.com

And in interactive mode, looking up 8.26.56.26 with debug output:


> 8.26.56.26
Server:  ns1.recursive.dns.com
Address:  8.26.56.26

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        26.56.26.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  26.56.26.8.in-addr.arpa
        name = ns1.recursive.dns.com
        ttl = 86349 (23 hours 59 mins 9 secs)

------------
Name:    ns1.recursive.dns.com
Address:  8.26.56.26

Thanks for the follow up!

Regards.

ZBTSI · January 5, 2012, 6:46am

Windows (at least XP) trips out when it doesn’t find a domain, but
we already know that.

I encountered the following event this evening:


C:\>nslookup www.comodo.com.
*** Can't find server name for address 198.153.192.40: Non-existent domain
*** Can't find server name for address 198.153.194.40: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  198.153.192.40

Non-authoritative answer:
Name:    www.comodo.com
Address:  91.199.212.176

It seems that when both servers fail, it starts over with the primary,
labels it “UnKnown”, then tries to do the lookup anyway.

Regards.

Edit: The servers in the above situation were for Norton’s DNS service.

dnsbrian · January 5, 2012, 7:40pm

Appreciate the update… thank you!