I have 2 legacy secondary DNS domains with ZoneEdit: scconsult.com and solidclues.com. On an irregular basis and every time I make any change on my primary, I verify that everything is working right and tend to use the tools at dnscheck.pingdom.com or dnscheck.ripe.net because they're more thorough than my aging brain.
So, yesterday was one of those days and I used the dnscheck.pingdom.com tool to check scconsult.com. To my surprise, it told me that neither ns13.zoneedit.com nor ns14.zoneedit.com were answering UDP or TCP queries. In alarm I logged into ZE and dug around the knowledge base rather uselessly: no page I could find says what NS records to use for free domains with simple secondary service. Eventually in the control panel I was able to find that dns{1,2}.zoneedit.com are now the nameservers to use. So I edit my master zone files, update the SOA serial, rndc reload, see the sending of notifies logged, and see the notify acknowledgment in hits on my firewall rules that exist to let the ZE AXFR machines skip anything that might inadvertently block them. Eventually (23m after the notify for one domain, 95m for the other!) the zone transfers finally happen. Because the second transfer was so delayed, I didn't even see that it had happened until this morning. I rechecked the 1st domain last night and it looked good: dns{1,2} are answering and have the right zone serial. I rechecked the 2nd this morning: bad. Neither of dns{1,2} answers the Pingdom checker or my own system. The OLD ones (ns{13,14}) answer just fine with aa flags on the answers: they think they're authoritative, which is fine I guess... 10 minutes later, dns{1,2} also are answering the RIPE checker just fine.
12:18 EDT, I did minor (SOA serial and TTL) changes to both zones, reloaded, notifies sent and ack'd, rechecked: now the new machines are talking to the pingdom checker but not to me, and of course ZE didn't do the AXFR in a timely manner so they had the old serial. 12:55: one zone gets AXFR'd but not the other. The querylog shows that 64.68.198.91 asked for the SOA right before the AXFR, a minute short of the SOA refresh time after its last query for the SOA, exactly as if sending notifies to the ZE nameserver is worthless.
So... I've got 3 questions that probably only ZE can answer and one for other users:
So, yesterday was one of those days and I used the dnscheck.pingdom.com tool to check scconsult.com. To my surprise, it told me that neither ns13.zoneedit.com nor ns14.zoneedit.com were answering UDP or TCP queries. In alarm I logged into ZE and dug around the knowledge base rather uselessly: no page I could find says what NS records to use for free domains with simple secondary service. Eventually in the control panel I was able to find that dns{1,2}.zoneedit.com are now the nameservers to use. So I edit my master zone files, update the SOA serial, rndc reload, see the sending of notifies logged, and see the notify acknowledgment in hits on my firewall rules that exist to let the ZE AXFR machines skip anything that might inadvertently block them. Eventually (23m after the notify for one domain, 95m for the other!) the zone transfers finally happen. Because the second transfer was so delayed, I didn't even see that it had happened until this morning. I rechecked the 1st domain last night and it looked good: dns{1,2} are answering and have the right zone serial. I rechecked the 2nd this morning: bad. Neither of dns{1,2} answers the Pingdom checker or my own system. The OLD ones (ns{13,14}) answer just fine with aa flags on the answers: they think they're authoritative, which is fine I guess... 10 minutes later, dns{1,2} also are answering the RIPE checker just fine.
12:18 EDT, I did minor (SOA serial and TTL) changes to both zones, reloaded, notifies sent and ack'd, rechecked: now the new machines are talking to the pingdom checker but not to me, and of course ZE didn't do the AXFR in a timely manner so they had the old serial. 12:55: one zone gets AXFR'd but not the other. The querylog shows that 64.68.198.91 asked for the SOA right before the AXFR, a minute short of the SOA refresh time after its last query for the SOA, exactly as if sending notifies to the ZE nameserver is worthless.
So... I've got 3 questions that probably only ZE can answer and one for other users:
- Which ZE nameservers should I actually put in my NS records?
- Is the intermittent availability of apparently ALL ZE nameservers just a case of getting what I pay for, these being 2 legacy zones from the ancient epoch of free secondaries?
- Is the reply from 64.68.198.91 to my server's NOTIFYs an indication that there's a real NOTIFY-driven AXFR queue somewhere that just takes a long time to get through or is there significance to the fact that ZE seems to just use the SOA refresh time?
