Topic: [HELP] Troubleshoot DNS issues

[Elliott]

Last night, I put new DNS servers into authoritative roles for my 20+ zones. I had been using an older Windows DNS server and finally updated to some debian boxes. All testing was completed before I put the switch into effect (via godaddy, my registrar) and the dns servers are all resolving fine.

The way my internal network is currently setup is with my user lan behind a NAT/Firewall box. My SME servers sit on that user LAN and their 2nd NICs have public IPs right behind my routers. Both of these SME's server as mail servers and are used for some VPN and port forwarding type services.

Well suddenly this morning things are failing or slowing to a crawl. I sent myself an email at 9:16am (US Eastern/GMT-4) this morning from yahoo and it hasn't bounced or been received my me sme mail server. When I login to a shell on the main server it seems as if it's having resolution problems. The SME is setup from the panel with 2 corporate DNS servers which are currently pointing at the new debian boxes.

The old Windows DNS server is still up and has up to date info in it so that shouldn't be an issue, but why would the SME's look to that anyhow? I'm scanning the SME manual now to look for DNS anomalies but if anyone has insight on where to look it would be much appreciated.

-E

[CharlieBrady]

Did you reduce the zone TTL value before switching over the name servers?

Have you kept the old DNS servers running for more than the TTL value after you changed the delegations in the parent zone?

When you switch to new name servers, you need to arrange for an overlap period. The duration of the overlap period can be reduced if you plan ahead. If you just turn off the old name servers then you can expect problems.

[Elliott]

The TTLs on the new servers are low (1H) with 30M retry values. The old DNS Server is up but it has slightly longer TTLs. I wont remove the old DNS server for at least a week to allow for worst case scenario in the propagation chain.

In the meantime, I'm wondering how exactly SME decides what it uses for resolution. If I remove the corporate DNS servers, where does it look for it's resolution. Perhaps the best case here is to point them to a simple caching resolver, or one of my ISPs for their lookups?

[mmccarn]

If I remove the corporate DNS servers, where does it look for it's resolution.

If you remove the corporate DNS servers, SME will do full DNS resolution starting at the root servers for each unique query, caching the results for subsequent queries.  There's a description of this on the wiki: http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Appendix#DNS_Basics

[CharlieBrady]

Perhaps the best case here is to point them to a simple caching resolver,...

SME server already contains a simple caching resolver - arguably the best one available.

[Elliott]

@Charlie - thanks, that's what I wanted to hear... setting them that way now.

@mmccarn - thanks for the link - reading that as well.