No Site Access With My NS For Some

[Percipient]

So I have switched my heaviest (the only serious site) on my VPS over to use my own NS server on the VPS, since Jag will no longer add my domains to their NS. It's been a week now since I switched it over. I can access the site fine. Most of it's regular users can access the site fine.

However, a few people cannot access the site now, that had no problems before.
They can access the site from the I.P/~username method, leading me to believe it has something to do with the NS switch.

Anyone have an suggestion what I may be doing wrong?

I suppose I could open a ticket, but I thought maybe someone would have a suggestion so I could fix the problem myself, and perhaps learn something along the way.

[Gwaihir]

That's pretty blind guessing this way. Little else to answer than: "probably missing part of the instructions" . If you'd tell us what site this is about, some of us might have a look .

Pity BTW that running your own name servers is more or less mandatory for VPS. If you don't need them, it's not ideal. A nameserver failing creates a lingering problem (because the results are chached and not re-checked every time), so even a short outage can ocassionally keep a user from reaching your site for a day or two.

[the_ancient]

That's pretty blind guessing this way. Little else to answer than: "probably missing part of the instructions" . If you'd tell us what site this is about, some of us might have a look .

Pity BTW that running your own name servers is more or less mandatory for VPS. If you don't need them, it's not ideal. A nameserver failing creates a lingering problem (because the results are chached and not re-checked every time), so even a short outage can ocassionally keep a user from reaching your site for a day or two.

it is my understanding that the NS software is running on the VPS as well as other services? is that correct?

I don't know why they are doing it this way, NS should never be hosting on the same environment as the web site. and NS1 and NS2 should be in DIFFERENT data centers all together, but they should NEVER EVER be on the same box, NEVER. that defeats the purpose of having 2 name servers

[Ron]

If the VPS is down, the DNS is down. What good is having DNS up if the VPS is down?
If this was a high availability set up then you'd be right. This isn't, it's a $40 a month VPS.

That said, they can always pay for a VPS in Houston, and one in Atlanta and run DNS on each, and mirrors of the sites, too, and do load balancing and failover...

[wuurp]

Pity BTW that running your own name servers is more or less mandatory for VPS. If you don't need them, it's not ideal. A nameserver failing creates a lingering problem (because the results are chached and not re-checked every time), so even a short outage can ocassionally keep a user from reaching your site for a day or two.

Why is it mandatory? If Jag won't add it to their NS, there are free, or low cost alternatives.

it is my understanding that the NS software is running on the VPS as well as other services? is that correct?

I don't know why they are doing it this way, NS should never be hosting on the same environment as the web site. and NS1 and NS2 should be in DIFFERENT data centers all together, but they should NEVER EVER be on the same box, NEVER. that defeats the purpose of having 2 name servers

I agree that's the case with large sites, or NS that cover a lot of domains. But if someone can't reach my NS1, which means they can't reach my NS2, well, they probably can't reach my website either, so it wouldn't matter where my NSs were located.

[Gwaihir]

If the VPS is down, the DNS is down. What good is having DNS up if the VPS is down?

The results of DNS queries are cached. If I ask for your domain name while both your DNS servers are down, the domain doesn't seem to exist. That result is cached, not just by my own computer, but also by my ISP who's DNS servers made the request for me. As a result, I am unable to reach your site for as long as those caches last, even if your VPS was down only for that ill fated second my requests came in.

Those caches usually last a couple of hours, sometimes even days (depends on your ISP). Circumventing them is not something an ordinary user will (even know how to) do to try to reach your site. As the cache is in the ISP's DNS server, access for many other users from that same ISP is blocked as well during this time frame.

[Ron]

If I ask for your domain name while both your DNS servers are down, the domain doesn't seem to exist.

That's just silly. They got the DNS address from the root server, the domain obviously exists, just DNS is unavailable.

That result is cached, not just by my own computer, but also by my ISP who's DNS servers made the request for me.

Are you making an assumptions or can you show me that in the RFC? I know successful DNS fetches are (or can be) cached, but unsuccessful?

My first guess would be that the domain would just be kept as unknown and not flagged somehow as down-not-to-be-retried, but I could be wrong. It may even be legal to cache it for the same cache expiration length, but it wouldn't be a very good design.

Sooo, how come when a DNS machine goes down (as JAGs often does) or a packet is dropped, or a line goes offline and my browser reports that DNS is unavailable for my site that the next time I try it resolves properly?

[the_ancient]

That's just silly. They got the DNS address from the root server, the domain obviously exists, just DNS is unavailable.Are you making an assumptions or can you show me that in the RFC? I know successful DNS fetches are (or can be) cached, but unsuccessful?

My first guess would be that the domain would just be kept as unknown and not flagged somehow as down-not-to-be-retried, but I could be wrong. It may even be legal to cache it for the same cache expiration length, but it wouldn't be a very good design.

Sooo, how come when a DNS machine goes down (as JAGs often does) or a packet is dropped, or a line goes offline and my browser reports that DNS is unavailable for my site that the next time I try it resolves properly?

Different ISP;s do things differently to lower bandwidth costs. Designing a system for "best case" is stupid, you have to design your network based on what could happen, not what should happen

[the_ancient]

If the VPS is down, the DNS is down. What good is having DNS up if the VPS is down?
If this was a high availability set up then you'd be right. This isn't, it's a $40 a month VPS.

That said, they can always pay for a VPS in Houston, and one in Atlanta and run DNS on each, and mirrors of the sites, too, and do load balancing and failover...

You must have Zero Internet Network Experience, I thought you did, but first level training classes tell you never to locate 2 name servers on the same box with the Ideal location being in totally different NOC's This is Networking 101 stuff, I am surprised your even attempting to argue

[wuurp]

You must have Zero Internet Network Experience, I thought you did, but first level training classes tell you never to locate 2 name servers on the same box with the Ideal location being in totally different NOC's This is Networking 101 stuff, I am surprised your even attempting to argue

Well, there's the classroom, and then there is the real world of today.

And like Ron said, my experience is that failed lookups never last much longer than how long the NS is down. RFCs do talk about caching failed lookups, but I have read that in practice, the TTL is very short, or not done at all.

[the_ancient]

Well, there's the classroom, and then there is the real world of today.

And like Ron said, my experience is that failed lookups never last much longer than how long the NS is down. RFCs do talk about caching failed lookups, but I have read that in practice, the TTL is very short, or not done at all.

that is all fine and good, but still has no bearing on my posts.

Tell me, what is the Purpose of having 2 Nameservers?















So if one is down the other can be queried.

Now tell me how having 2 Name servers ON THE SAME DAMN BOX, allows for this to happen

[Gwaihir]

Are you making an assumptions or can you show me that in the RFC? I know successful DNS fetches are (or can be) cached, but unsuccessful?

My first guess would be that the domain would just be kept as unknown and not flagged somehow as down-not-to-be-retried, but I could be wrong. It may even be legal to cache it for the same cache expiration length, but it wouldn't be a very good design.

I haven't studied the RFCs but I can tell from first hand experience that my previous ISP sure cached failures too. (Haven't tested with my current one.) Like the_ancient, I'm surprised you argue this, as what certainly is in the RFC is that you're supposed to provide redundancy through multiple independent name servers. You can have several (at least four for most tlds, sometimes even more) and it's up to you to have at least one up and running at any given point in time.

So, why wouldn't they cache failures too? It makes sense resource wise: if I keep asking for the same not (currently) existing domain, I'm hammering the resources (including the root servers) just as much as when I'm asking for an existing one.

Sooo, how come when a DNS machine goes down (as JAGs often does) or a packet is dropped, or a line goes offline and my browser reports that DNS is unavailable for my site that the next time I try it resolves properly?

If you're sure it reports DNS unavailable, not your site unavailable, then ask your ISP . How they handle that situation seems to be their discretion.

[Ron]

I am not arguing the RFC. I am not arguing the validity of distributing the network and removing SPOFs. This is a $40 a month VPS, this is not even a single dedicated machine, never mind a high availability situation. If the machine is down, the DNS is down. When they come up, they come up, and in practice everyone sees the site just fine. If this weren't the case, I'd be the FIRST one screaming about it (and all of the times that JAG's NS go offline).

There are two nameservers because most registrars REQUIRE 2 nameservers. That's all. I'm sure JAG would be very happy to give only 1 extra IP address to VPS customers, that's all they need.

For this situation, for this customer, running a nameserver on his own VPS is absolutely fine. If he wants a more robust solution, he can arrange for another VPS in JAG's geographically distinct datacenter.

Sheeesh guys, c'mon.

[Gwaihir]

I am not arguing the validity of distributing the network and removing SPOFs. This is a $40 a month VPS, this is not even a single dedicated machine, never mind a high availability situation.

[..]

For this situation, for this customer, running a nameserver on his own VPS is absolutely fine. If he wants a more robust solution, he can arrange for another VPS in JAG's geographically distinct datacenter.

I don't agree with that. Any shared and SDX account here, costing less than $40, has the standard multiple name servers (soon to be in two different data centers). This is normal in the industry, not exceptional. I find it harsh that a VPS user has to pay extra for that. I guess it's time to tie a name server management section into NixCore . (There's a Dutch host that already has a complete management system for this, i.e. including the setup and management of custom branded nameservers on their name-server boxes rather than on a customers own reseller / VPS / dedicated account.)

[the_ancient]

I am not arguing the RFC. I am not arguing the validity of distributing the network and removing SPOFs. This is a $40 a month VPS, this is not even a single dedicated machine, never mind a high availability situation. If the machine is down, the DNS is down. When they come up, they come up, and in practice everyone sees the site just fine. If this weren't the case, I'd be the FIRST one screaming about it (and all of the times that JAG's NS go offline).

There are two nameservers because most registrars REQUIRE 2 nameservers. That's all. I'm sure JAG would be very happy to give only 1 extra IP address to VPS customers, that's all they need.

For this situation, for this customer, running a nameserver on his own VPS is absolutely fine. If he wants a more robust solution, he can arrange for another VPS in JAG's geographically distinct datacenter.

Sheeesh guys, c'mon.

you keep bringing up the price of the Plans.. That should have nothing to do with it . Jag should not be Requiring the VPS to host their own DNS. That should be a separte function all together. I am on a $9 Giga Deal should I host my own DNS

Jag should have Multiple Master DNS Servers, whose whole function is to anwser dns queries, FOR ALL of the jags Customers.

and 50% should be In atlanta, and 50% should be in Houston, When they add the 3 NOC, 33% should be in each. if they add a 4th, 25% should be in each, Do you see a Pattern?