Er… oops?

Okay, kids, this is going to be a rather technical post. If you’re not into such things, go ahead and skip this one. :-)

Anyway… I’m probably jumping the gun on an announcement Sean MC probably wanted to make, but it’s kinda integral to this story. A week and a half ago, he asked me if I could host his and Jinny’s sites on my web server. I said sure, and once I got back from Las Vegas, we worked to get his and Jinny’s sites up and running on my main server. We got it all up and running, with one minor problem: the domain names refused to resolve. I had the entries set up correctly on both my DNS server and the MK Online DNS server (which was going to be the slave server), so I was reasonably confident that the problem was with Sean’s domain name registrar. It turned out that the problem WAS on my end… but in the process it not only revealed something I didn’t know about DNS, it exposed a rather glaring error on my part that had been around for over a year. :-/

Apparently, in order for a DNS server to be set up as an authoritative server for a domain, it needs to be “registered” with the registrar. In other words, the hostname and corresponding IP address need to be entered in. I had told Sean to set up his domains with the servers and as authoritative. I had thought that as long as it was a working domain name, it should work. It didn’t. wasn’t registered, so it didn’t work. What was frightening, though, was what was happening with According to Sean it was coming back as the IP address for MY DNS server. I did some checking, and came to a rather disturbing revelation.

As near as I can tell, when a hostname is “registered” through a registrar, it actually overrides whatever the DNS server for that domain says. Back when I bought the domain name, MK Online was actually known by the name MK5.ORG. I had originally registered for something else, and had registered to my DNS server’s IP address. A couple of months later, though, I transferred the domain ownership to CCShadow, as we had decided then that it would be in our best interests to switch the site’s name to something a little bit more universal. However, I had completely forgotten that was registered to my DNS server’s IP address… and even if I HAD remembered I wouldn’t have considered it important. So, for the past year and three quarters, every DNS server except the MK Online ones were resolving to MY DNS server instead of MK Online’s; seeing as was set as the main authoritative DNS server, everyone was thinking MY DNS server was authoritative for MK Online instead of MK Online’s server. Only the fact that we had secondary DNS servers configured kept us from learning about this screw-up MUCH sooner.

… on the other hand, this does explain why I kept getting so many “cache query denied” errors in my DNS server’s logs. DNS servers all throughout the net would keep hitting my DNS server thinking it was authoritative, but my DNS server wasn’t configured as such, so it kept denying the queries.

So, what have I done to fix this? First of all, I’ve since set my DNS server up as a slave DNS server for (it’ll accept queries for it, and get the domain information from the MK Online DNS server) in the meantime. Therefore, my DNS server will answer queries concerning (I’ve already seen a remarkable lack of cache query denied errors in the logs since doing so.) When CCShadow comes back from his trip, I’ll have him change the registration of to the correct server. As for Sean and Jinny… I’ve worked with Sean to get it reconfigured where the registered name for my DNS server and Sinc’s DNS server are authoritative, and three of the four domains are already up and running. The fourth one should be back up and running anytime now.

That’s one thing I’ll say about this experience… I can never say I know everything there is to know about a subject, because right when you least expect it something will jump up and bite you in the ass. :-)

One thought on “Er… oops?

Comments are closed.