Parent nameservers not updating

Posted by / 03-Sep-2019 18:17

The simplest way of explaining DNS in one line is to map domain name to IP address. MX records (for mail servers) should contain hostnames NOT IPs.

I am not sure how many would know that when somebody types a domain name in IE/firefox, the browser forwards the DNS request asking for ip address from the resolver of ISP (ISP Provider) and the resolver contacts the root servers and then systematically retrieves the IP address within a matter of few milliseconds. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the NS records nameserver.

Running the dns server 'open' is a big security risk since it answers recursive queries both from inside and outside your network.

It means anyone can query your server for IP address and your dns server will answer them.

To illustrate this, when I ask parent servers about your domain for NS records at root level I get Since ns.and ns3.is hidden both are a 'stealth nameservers'.

Although there is nothing wrong in it, it is advisable not to have any stealth nameservers both at root level and in your dns server.

If for example, there was some webserver behind those IPs, some browsers would now be accessing your old webserver (on the old IP) and some would request data from your new webserver (on the new IP). So we'd have had to wait 1 hour in our last example after reducing the TTL to 30 because the old TTL was 1 hour. Or you can now even further reduce the TTL to 5 seconds.

Before I proceed with this article, the following are the MOST IMPORTANT points you should remember as otherwise you wouldnt understand bit. An A Record must ALWAYS contain IP address (map host to IP) Whenever you specify A record it must contain IP address on the Right side. A nameserver which gives non-authoritative answer is usually called 'LAME'. An example of lame delegation is ns1.is configured to have zone information about domain but ns2.was not configured properly and does not have any information about the domain.

If it is lame delegation you won't get the authoritative answer.

CAUTION: You should not use CNAME (alias) along with NS records and it often confuses most resolvers causing loops and often leads to 'lame' delegation. Stealth Nameservers (or hidden nameservers) are mismatched/conflicting nameservers which exist at root level against of nameservers in the domain.

Thus you should keep your old nameservers online for at least 48 hours after making the changes to your NS records.

For A records, MX records, PTR records and the like there is a nice way to update a record while still not having inconsistent data.

parent nameservers not updating-22parent nameservers not updating-88parent nameservers not updating-30

If you leave the TTL at 5 seconds, your DNS servers could get overwhelmed by lookup requests.

One thought on “parent nameservers not updating”