Primary and Secondary NS, seconday down

kante

If a physical webserver with two DNS primary and secondary.
If the secondary is unavailable but the primary is up:
is it possible that from some geographical position the server won't be available at all?

Or always anywhere if primary NS is up server can be considered up?

I'm asking this coz lately my server provider rebooted the physical machine and the secondary Ns didn't go up... and a collegue of mine had troubles in connection to the webserver via FTP or HTTP...

Many thanks

heeroeyuy

I was looking for an answer to something else and saw this, not sure what it has to do with PHP, but...

Does this answer your question? Basically I don't think it matters as it should be cached , but maybe I don't understand your question.

hopefully this helps - http://www.phphaven.com/article.php?id=23&phrase=Learn-PHP-Lesson-1-Tutorial-How-to-get-started-with-PHP-Part-1-The-Internet

dalecosp

It isn't really likely, but you can't rule it out. There are really too many variables involved to say for absolute certain what caused your colleague to have connection troubles. We'll assume for the sake of argument that the troubles were indeed DNS-related, but as you probably know there are lots of possibilities that don't involve DNS.

There are lots of questions I wish I knew the answers to, and even then I'm not sure I can tell you exactly what caused the problem. Are both the primary and secondary NS configured properly? That is, do the zone files match in terms of serial number? Are both configured to be authoritative for the domain?

What about location and IP connectivity at large? What if someone behind the Great Firewall of China attempts to access your site, but, for some reason their government has black-holed traffic to the netblock that houses your primary? Far-fetched? Maybe, and maybe not.

You wouldn't think that any security configurations might interfere with connections, but what about outages? Let's say that your secondary is down, and a border router at an upstream provider between your primary's hosting service and the main exchange for the region where your primary's DC is located has a glitch. And let's say that the BGP machine that is routing stuff in that direction just checked a minute or so ago and thought everything was OK. Let's say that this all just happens to occur when the DNS server at your friend's ISP decides it wants to renew its cached records. It shouldn't cause a problem, but sometimes things just happen that create "the perfect storm".

Hopefully the problem is resolved now?

kante

What I know and I was kind of sure is:
there are two DNS resolver in case one goes down the other will be available to resolve your names.
As it happens under windows. You can specify 2 DNS in network settings. If one of those is down other makes the job.

But after the situation above happened where this collegue located in a different geographical place (He said he was tryin from different connections even from mobile), but he wasn't not either so far from me (same country),
wasn't able to see websites on the server at the same moment the secondary NS was down.... the doubt rise to my mind...since I don't have a so big netAdmin experience...

bradgrafelman

kante;11019883 wrote:
If a physical webserver with two DNS primary and secondary.
If the secondary is unavailable but the primary is up
is it possible that from some geographical position the server won't be available at all?

Wait a minute; since you seem to be talking about inbound connections to your webserver, I'm guessing you meant name servers here - not "DNS [servers]." The latter would be used by your webserver (or your desktop PC) when it needs to make an outbound connection.

If nothing has changed recently (e.g. the name servers that are authoritative for your domain, your domain's A/CNAME records, etc.), then all of the root NSs should all know about your two NSs, thus they should be handing out both to any client that queries for your domain. Now, whether that client plays by the rules and actually tries both NSs in case one is failed is something you'd have to take up with the client - but for the sake of argument, you can probably assume this will happen.

kante;11019883 wrote:
Or always anywhere if primary NS is up server can be considered up?

All of my above reply applies here. Also, I don't think there is such a thing as a "primary" or "secondary" name server. When you execute a query for a domain and the DNS server doesn't have a non-authoritative answer cached and isn't going to do a proxied lookup for you, then it's just going to get the list of NSs from a root server and spit them out at you. There are no priorities assigned to the entries, and I don't think it's in the RFC spec that order matters.

kante;11019883 wrote:
I'm asking this coz lately my server provider rebooted the physical machine and the secondary Ns didn't go up

Shouldn't be an issue, since best practice dictates that you have multiple name servers with at least one being on an entirely different subnet than the other(s) (and different physical machines/locations, of course).

kante;11019883 wrote:
a collegue of mine had troubles in connection to the webserver via FTP or HTTP...

You'd have to have your colleague define "troubles in connection" before we can even begin to guess whether DNS was at fault here. Otherwise, that description is about as helpful as saying that the problem occurred on a day of the week that ends in the letter "y". Did (s)he try pinging the hostname(s) to see if it/they were being resolved to IP addresses? If so, that pretty much eliminates DNS from being the culprit... unless, of course, the wrong IP was being returned (which might suggest that your name servers aren't replicating zone file changes amongst themselves).

kante;11020157 wrote:
What I know and I was kind of sure is:
there are two DNS resolver in case one goes down the other will be available to resolve your names.

Again, I'm getting confused about which end of the spectrum you're referencing here. "DNS resolvers" are things that would run on the client (for example, your desktop PC) that attempt to resolve a hostname into an IP address. A name server is the thing that would get queried in that process and would be responsible for processing the zone file for the domain of the requested hostname and figuring out what response should be given.

kante;11020157 wrote:
As it happens under windows. You can specify 2 DNS in network settings. If one of those is down other makes the job.

You can specify anywhere from zero to (more than two - I'm not sure what the actual limit is).

kante;11020157 wrote:
But after the situation above happened where this collegue located in a different geographical place (He said he was tryin from different connections even from mobile), but he wasn't not either so far from me (same country),
wasn't able to see websites on the server at the same moment the secondary NS was down

Again, "wasn't able to see websites" is diagnostically useless in troubleshooting the root cause. For example, one possible scenario is that there were routing issues that were preventing his connection from reaching the webserver even though DNS was operating properly. In fact, the same could be true for the connection to the NSs as well (although this is probably unlikely, especially if the "best practice" I mentioned above was followed - that is, after all, the whole reason for it 🙂).

kante

I admit I've confused DNS meaning NS.
Thanks for your info.

Did (s)he try pinging the hostname(s) to see if it/they were being resolved to IP addresses?

After a first poor report from a junior developer. A net admin made his analysis from the location having those problems and then noticed me the secondary Ns was down (he used intodns.com service)

After that my doubt raised. 'coz of the coincidence ns2 down and website unreacheble from different connections.

bradgrafelman

kante;11020175 wrote:
After that my doubt raised. 'coz of the coincidence ns2 down and website unreacheble from different connections.

If that's truly the root cause, then someone's goofed up the NS configuration(s) and defeated one of the main purposes (redundancy) of having multiple NSs.

It should be rather straightforward to troubleshoot this issue using the 'nslookup' program. Use the "server" command to explicitly query both name servers from the problematic location, and compare the responses with those from a "known good" location. Even if NS1 is unreachable at Location B, you should still be able to query NS2 and get the exact same information given to a user at Location A when the latter user queries either NS1 or NS2.