Primary and Secondary NS, seconday down
Results 1 to 7 of 7

Thread: Primary and Secondary NS, seconday down

  1. #1
    in LAMP I trust
    Join Date
    Jun 2001
    Posts
    140

    Primary and Secondary NS, seconday down

    If a physical webserver with two DNS primary and secondary.
    If the secondary is unavailable but the primary is up:
    is it possible that from some geographical position the server won't be available at all?

    Or always anywhere if primary NS is up server can be considered up?

    I'm asking this coz lately my server provider rebooted the physical machine and the secondary Ns didn't go up... and a collegue of mine had troubles in connection to the webserver via FTP or HTTP...


    Many thanks

  2. #2
    Junior Member
    Join Date
    Dec 2012
    Posts
    1
    I was looking for an answer to something else and saw this, not sure what it has to do with PHP, but...

    Does this answer your question? Basically I don't think it matters as it should be cached , but maybe I don't understand your question.

    hopefully this helps - http://www.phphaven.com/article.php?...1-The-Internet

  3. #3
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,715
    It isn't *really* likely, but you can't rule it out. There are really too many variables involved to say for *absolute certain* what caused your colleague to have connection troubles. We'll assume for the sake of argument that the troubles were indeed DNS-related, but as you probably know there are lots of possibilities that don't involve DNS.

    There are lots of questions I wish I knew the answers to, and even then I'm not sure I can tell you *exactly* what caused the problem. Are both the primary and secondary NS configured properly? That is, do the zone files match in terms of serial number? Are both configured to be authoritative for the domain?

    What about location and IP connectivity at large? What if someone behind the Great Firewall of China attempts to access your site, but, for some reason their government has black-holed traffic to the netblock that houses your primary? Far-fetched? Maybe, and maybe not.

    You wouldn't think that any security configurations might interfere with connections, but what about outages? Let's say that your secondary is down, and a border router at an upstream provider between your primary's hosting service and the main exchange for the region where your primary's DC is located has a glitch. And let's say that the BGP machine that is routing stuff in that direction just checked a minute or so ago and thought everything was OK. Let's say that this all just happens to occur when the DNS server at your friend's ISP decides it wants to renew its cached records. It *shouldn't* cause a problem, but sometimes things just happen that create "the perfect storm".

    Hopefully the problem is resolved now?
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  4. #4
    in LAMP I trust
    Join Date
    Jun 2001
    Posts
    140
    What I know and I was kind of sure is:
    there are two DNS resolver in case one goes down the other will be available to resolve your names.
    As it happens under windows. You can specify 2 DNS in network settings. If one of those is down other makes the job.

    But after the situation above happened where this collegue located in a different geographical place (He said he was tryin from different connections even from mobile), but he wasn't not either so far from me (same country),
    wasn't able to see websites on the server at the same moment the secondary NS was down.... the doubt rise to my mind...since I don't have a so big netAdmin experience...

  5. #5
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    Quote Originally Posted by kante View Post
    If a physical webserver with two DNS primary and secondary.
    If the secondary is unavailable but the primary is up
    is it possible that from some geographical position the server won't be available at all?
    Wait a minute; since you seem to be talking about inbound connections to your webserver, I'm guessing you meant name servers here - not "DNS [servers]." The latter would be used by your webserver (or your desktop PC) when it needs to make an outbound connection.

    If nothing has changed recently (e.g. the name servers that are authoritative for your domain, your domain's A/CNAME records, etc.), then all of the root NSs should all know about your two NSs, thus they should be handing out both to any client that queries for your domain. Now, whether that client plays by the rules and actually tries both NSs in case one is failed is something you'd have to take up with the client - but for the sake of argument, you can probably assume this will happen.

    Quote Originally Posted by kante View Post
    Or always anywhere if primary NS is up server can be considered up?
    All of my above reply applies here. Also, I don't think there is such a thing as a "primary" or "secondary" name server. When you execute a query for a domain and the DNS server doesn't have a non-authoritative answer cached and isn't going to do a proxied lookup for you, then it's just going to get the list of NSs from a root server and spit them out at you. There are no priorities assigned to the entries, and I don't think it's in the RFC spec that order matters.

    Quote Originally Posted by kante View Post
    I'm asking this coz lately my server provider rebooted the physical machine and the secondary Ns didn't go up
    Shouldn't be an issue, since best practice dictates that you have multiple name servers with at least one being on an entirely different subnet than the other(s) (and different physical machines/locations, of course).

    Quote Originally Posted by kante View Post
    a collegue of mine had troubles in connection to the webserver via FTP or HTTP...
    You'd have to have your colleague define "troubles in connection" before we can even begin to guess whether DNS was at fault here. Otherwise, that description is about as helpful as saying that the problem occurred on a day of the week that ends in the letter "y". Did (s)he try pinging the hostname(s) to see if it/they were being resolved to IP addresses? If so, that pretty much eliminates DNS from being the culprit... unless, of course, the wrong IP was being returned (which might suggest that your name servers aren't replicating zone file changes amongst themselves).

    Quote Originally Posted by kante View Post
    What I know and I was kind of sure is:
    there are two DNS resolver in case one goes down the other will be available to resolve your names.
    Again, I'm getting confused about which end of the spectrum you're referencing here. "DNS resolvers" are things that would run on the client (for example, your desktop PC) that attempt to resolve a hostname into an IP address. A name server is the thing that would get queried in that process and would be responsible for processing the zone file for the domain of the requested hostname and figuring out what response should be given.

    Quote Originally Posted by kante View Post
    As it happens under windows. You can specify 2 DNS in network settings. If one of those is down other makes the job.
    You can specify anywhere from zero to (more than two - I'm not sure what the actual limit is).

    Quote Originally Posted by kante View Post
    But after the situation above happened where this collegue located in a different geographical place (He said he was tryin from different connections even from mobile), but he wasn't not either so far from me (same country),
    wasn't able to see websites on the server at the same moment the secondary NS was down
    Again, "wasn't able to see websites" is diagnostically useless in troubleshooting the root cause. For example, one possible scenario is that there were routing issues that were preventing his connection from reaching the webserver even though DNS was operating properly. In fact, the same could be true for the connection to the NSs as well (although this is probably unlikely, especially if the "best practice" I mentioned above was followed - that is, after all, the whole reason for it ).

  6. #6
    in LAMP I trust
    Join Date
    Jun 2001
    Posts
    140
    I admit I've confused DNS meaning NS.
    Thanks for your info.
    Did (s)he try pinging the hostname(s) to see if it/they were being resolved to IP addresses?
    After a first poor report from a junior developer. A net admin made his analysis from the location having those problems and then noticed me the secondary Ns was down (he used intodns.com service)

    After that my doubt raised. 'coz of the coincidence ns2 down and website unreacheble from different connections.

  7. #7
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    Quote Originally Posted by kante View Post
    After that my doubt raised. 'coz of the coincidence ns2 down and website unreacheble from different connections.
    If that's truly the root cause, then someone's goofed up the NS configuration(s) and defeated one of the main purposes (redundancy) of having multiple NSs.

    It should be rather straightforward to troubleshoot this issue using the 'nslookup' program. Use the "server" command to explicitly query both name servers from the problematic location, and compare the responses with those from a "known good" location. Even if NS1 is unreachable at Location B, you should still be able to query NS2 and get the exact same information given to a user at Location A when the latter user queries either NS1 or NS2.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •