DNS Propagation

SCCutler

SCCutler

Administrator
Management Council Member
PoA Supporter
Joined
Feb 27, 2005
Messages
17,273
Location
Dallas
Display Name
Display name:
Spike Cutler
My email stopped working, could not resolve the mail server, or web site; I submitted a ticket to the tech supp at our web / mail host, and they immediately responded as follows:


SupportFeller said:
Hello,

We have gone through your issue and found that your domain cutler-smith.com is
still pointing to old server. Recently the server has been migrated to new
server for better performance & uptime. Please have change the following
Name Servers at domain registrar end.

dns18.dnsdc9.com. >> 38.102.88.137
dns19.dnsdc9.com. >> 38.102.88.138

Please have make the above DNS changes and allow the time for DNS propagation.
Click to expand...

So, I logged into the domain registrar (Network Solutions), and made the changes suggested. That was about 18 hours ago, and I still see no better result, my web and email domain, cutler-smith.com, are both invisible to teh web-world. Other times I have made DNS changes like that, my recollection is that they have been effectively propagated within 4-6 hours.

My questions:

1. Can any of you hit my website ( www.cutler-smith.com )?
2. Is this time for propagation unusual, or have I just been lucky in the past?
3. Suggestions?
 
Diana said:
I got on. Spike you look very nice in a suit. :yes:
Click to expand...

Why, thank you!

Diana said:
Yes, you need to fly up here to visit more often.
Click to expand...

I quite agree!

---

Right after posting my thread-starter, the support-folk told me to change the name server back to the original. It now works for me, although (of course) email from late 12/28 until right now is AWOL; for those which have not bounced yet, they'll be trickling in for a while, I think

PendingComanchePilot said:
This is why I host in house.
Click to expand...

Yep, I used to do that, changed to off-site for "reliability." May have to re-think that!
 
SCCutler said:
1. Can any of you hit my website ( www.cutler-smith.com )?
Click to expand...

Yup, worked fine for me just now.

2. Is this time for propagation unusual, or have I just been lucky in the past?
Click to expand...

The time for propagation depends on what the TTL is set to. TTL=Time To Live. Basically, here's how it works:

You, on your computer, go to www.cutler-smith.com. Your computer, in its TCP/IP settings, will have some name servers, such as name.isp.com although you may not see them if you're using DHCP, they're still there. Your computer asks name.isp.com for the IP number of www.cutler-smith.com.

Next, name.isp.com looks at its own cache for www.cutler-smith.com. If it finds a listing, it'll spit said listing back to your computer. If not, it'll go to one of the root servers (ie, a.root-servers.net) and ask what machines are authoritative name servers for cutler-smith.com. It'll get a reply such as (in your case) "dns18.dnsdc9.com." and will then ask dns18.dnsdc9.com for the IP number of www.cutler-smith.com, which it will then spit back to you.

The trick is, now that you've asked for www.cutler-smith.com through name.isp.com, name.isp.com will save that name/IP combination for the length of time specified by dns18.dnsdc9.com which is known as the TTL. If the TTL is set to a week, anyone using name.isp.com as one of their name servers will continue to be sent to the same IP number for a week. This is why it's important to set the TTL to a very short period of time prior to moving a server. For example, if your TTL was a week, you'd need to lower the TTL to a day more than a week in advance of a server move, and then more than a day prior you could knock it down to an hour or a minute or something like that. That is why the PoA transition required PoA.net for a while, because the TTL wasn't reduced before the move and PoA.com was sending people to the old server for a while.

So, time of propagation will depend on TTL. Those people who are querying name servers that haven't recently (within TTL) asked for www.cutler-smith.com will get the new IP number right away. In this example, since you just asked for www.cutler-smith.com, it might be a week (or whatever TTL is) before you get the new IP. That may well be why it worked fine for me but not for you.

You can get a pretty good basic education on the workings of DNS here. I'm not going to go into MX records and all of that junk. ;) (OK, I will, briefly - MX = Mail eXchanger. That's what your email goes through, and why people can send email to spike@cutler-smith.com rather than spike@mail.cutler-smith.com for example.)

3. Suggestions?
Click to expand...

Be in town next time I'm in Texas. ;)
 
I thought "Spike" was a tough name. He doesn't look so tough!








:)
 
flyingcheesehead said:
Your computer, in its TCP/IP settings, will have some name servers, such as name.isp.com
Click to expand...
Not quite. It would be rather difficult to resolve the ip address to your name server's domain without a name server :) Your computer uses an IP address for a name server.

Spike--you will be hosed for some people for the full length of your original TTL. The TTL is currently set to 4 hours. It's possible that your TTL might have been set higher before. If someone in here is still unable to reach your domain and is willing to do something for me I can tell you how long this problem will last.

Hopefully 4 hours was your original TTL. If that's the case your problem will be gone in no time.
 
EdFred said:
This is why I host in house.
Click to expand...
You may host your e-main in house but you do not house your DNS in house. So really you are in the exact same boat as Spike. Your TTL is about the same as Spike's too, about 4 hours.

You also don't have a MX record. It may work without one--sort of--but it's a bad idea and can cause issues.
 
Last edited:
jesse said:
You may host your e-main in house but you do not house your DNS in house. So really you are in the exact same boat as Ed. Your TTL is about the same as Spike's too, about 4 hours.

You also don't have a MX record. It may work without one--sort of--but it's a bad idea and can cause issues.
Click to expand...

So, learning today. This is good.

Where does one set the TTL; is it within my control?

Also, how can you readily determine whether one (Ed, for example) has an MX record defined?

I know, in general, that the MX record can be set separately from the (other) one, because we used to have our email hosted with one outfit, and the website (less critical) with another.
 
As of 4:53 PM CST, I couldn't see it going through Earthlink.
 
SCCutler said:
So, learning today. This is good.

Where does one set the TTL; is it within my control?
Click to expand...
It might be. Check and see if your web host has a control panel that lets you make DNS changes. They might let you change it there. The TTL is specified on the DNS server for that domain.


SSCutler said:
Also, how can you readily determine whether one (Ed, for example) has an MX record defined?
Click to expand...
By querying his authoritative name server.

In order to bypass any potential caching issue you can start at the root name servers. This is *WAY* overkill but will help you understand DNS. I'll show you how I can start at a root name server and eventually get your MX record.

[jangell@server1 ~]$ dig @a.root-servers.net MX cutler-smith.com

; <<>> DiG 9.3.3rc2 <<>> @a.root-servers.net cutler-smith.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12071
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14

;; QUESTION SECTION:
;cutler-smith.com. IN A

;; AUTHORITY SECTION:
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30
A.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:a83e::2:30
B.GTLD-SERVERS.NET. 172800 IN A 192.33.14.30
B.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:231d::2:30
C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30
D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30
E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30
F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30
G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30
H.GTLD-SERVERS.NET. 172800 IN A 192.54.112.30
I.GTLD-SERVERS.NET. 172800 IN A 192.43.172.30
J.GTLD-SERVERS.NET. 172800 IN A 192.48.79.30
K.GTLD-SERVERS.NET. 172800 IN A 192.52.178.30
L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30

;; Query time: 5 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun Dec 30 16:54:51 2007
;; MSG SIZE rcvd: 506
Click to expand...
As you can tell we did not get an ANSWER. But we did get some information. It referred us to additional name servers that hold the "com" zone. We'll take the first one "L.GTLD-SERVERS.NET." and query it for the same thing.
[jangell@server1 ~]$ dig @L.GTLD-SERVERS.NET MX cutler-smith.com

; <<>> DiG 9.3.3rc2 <<>> @L.GTLD-SERVERS.NET MX cutler-smith.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26705
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cutler-smith.com. IN MX

;; AUTHORITY SECTION:
cutler-smith.com. 172800 IN NS ns1.kazix.com.
cutler-smith.com. 172800 IN NS ns2.kazix.com.

;; ADDITIONAL SECTION:
ns1.kazix.com. 172800 IN A 72.232.141.153
ns2.kazix.com. 172800 IN A 72.232.141.226

;; Query time: 10 msec
;; SERVER: 192.41.162.30#53(192.41.162.30)
;; WHEN: Sun Dec 30 16:57:10 2007
;; MSG SIZE rcvd: 108
Click to expand...
Notice how we still didn't get an answer. That's OK because we got yet another referral. This one is saying to query ns1.kasix.com. This probably sounds familiar to you as this is the authoritative name server for the cutler-smith.com zone.

So let's query this name server asking for the same thing:
[jangell@server1 ~]$ dig @ns1.kazix.com. MX cutler-smith.com

; <<>> DiG 9.3.3rc2 <<>> @ns1.kazix.com. MX cutler-smith.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46817
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;cutler-smith.com. IN MX

;; ANSWER SECTION:
cutler-smith.com. 14400 IN MX 0 cutler-smith.com.

;; AUTHORITY SECTION:
cutler-smith.com. 86400 IN NS ns2.kazix.com.
cutler-smith.com. 86400 IN NS ns1.kazix.com.

;; ADDITIONAL SECTION:
cutler-smith.com. 14400 IN A 72.232.141.153
ns1.kazix.com. 14400 IN A 72.232.141.153
ns2.kazix.com. 14400 IN A 72.232.141.226

;; Query time: 37 msec
;; SERVER: 72.232.141.153#53(72.232.141.153)
;; WHEN: Sun Dec 30 17:00:33 2007
;; MSG SIZE rcvd: 140
Click to expand...
Perfect. We got an answer. Your record is set to cutler-smith.com. As you can tell this is a pretty intensive process with multiple queries to just get a simple answer in the end. But this process is what makes the internet so great. TTLs are in place all throughout this to limit the number of queries that happen. You can see the TTL for each record in those queries. It is the NUMBER after the domain.

For example, our first query, tells us which DNS servers are responsible for the "com" zone. The TTL for this is 172800 (2 days). This is fine because these pretty much never change.

The second query tells us which DNS server on the internet is authorative for the "cutler-smith.com" domain. This also has a 172800 TTL. This is why changing name servers can taunt you for awhile.

The third query tells us what the actual MX record is. This has a TTL of 14400 seconds (4 hours). This means that if you make a change to that MX record it could take 4 hours to take effect as other DNS servers might have cached your old record for 4 hours.

I made this pretty complicated. But this is to show you the entire process. I think the thing that most people don't understand is that "com" is actually a zone in itself. Inside the "com" zone are the records pointing to the name servers for the next level up "blah.com", "google.com". In those name servers are generally the records for the domain--or yet another referral to another name server.

Your computer probably never has queried the root name servers. Your computer queries your internet service provider. If they have cached records that is the end of the line. Otherwise they will go out and talk to the authoritative server. If the record for the authorative server has expired--they'll go out to the ROOT dns servers to get the list of authoritative servers for that domain.

Spike--your host basically hosed you. The problem wasn't that you needed to switch DNS servers. The problem was that your DNS records pointed to a wrong IP address. Instead of just fixing the record in your zone they had you switch to a whole new DNS server which can carry that 48 hour penalty. The funny this is that DNS server they told you to switch to doesn't even have a record for your zone:
[jangell@server1 ~]$ dig @dns18.dnsdc9.com cutler-smith.com

; <<>> DiG 9.3.3rc2 <<>> @dns18.dnsdc9.com cutler-smith.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49604
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;cutler-smith.com. IN A

;; AUTHORITY SECTION:
com. 166645 IN NS k.gtld-servers.net.
com. 166645 IN NS l.gtld-servers.net.
com. 166645 IN NS m.gtld-servers.net.
com. 166645 IN NS a.gtld-servers.net.
com. 166645 IN NS b.gtld-servers.net.
com. 166645 IN NS c.gtld-servers.net.
com. 166645 IN NS d.gtld-servers.net.
com. 166645 IN NS e.gtld-servers.net.
com. 166645 IN NS f.gtld-servers.net.
com. 166645 IN NS g.gtld-servers.net.
com. 166645 IN NS h.gtld-servers.net.
com. 166645 IN NS i.gtld-servers.net.
com. 166645 IN NS j.gtld-servers.net.

;; Query time: 190 msec
;; SERVER: 38.102.88.137#53(38.102.88.137)
;; WHEN: Sun Dec 30 17:15:44 2007
;; MSG SIZE rcvd: 258
Click to expand...

So in conclusion--one can make DNS changes almost instant by setting a REALLY low TTL. The one thing that *DOES* take time is if you change the name servers for your domain with your registrar. This can take 48 hours for the servers that cached the old one.

The changes you made Spike--could take some time to work out. Some people might have cached that invalid DNS server they first told you to point the domain at. If so it'll take 48 hours for that to clear out. If people just cached a record in your zone on the correct name server this will take 4 hours (your TTL is set to 4 hours).
 
Last edited:
jesse said:
You may host your e-main in house but you do not house your DNS in house. So really you are in the exact same boat as Spike. Your TTL is about the same as Spike's too, about 4 hours.

You also don't have a MX record. It may work without one--sort of--but it's a bad idea and can cause issues.
Click to expand...

I also host the website in house, I never have to worry about server migration issues.
 
EdFred said:
I also host the website in house, I never have to worry about server migration issues.
Click to expand...
If your ISP has a DNS problem--your website and mail are offline (for non-cached servers..which will be most of them). If your ISP suddenly decides to move DNS to another server and you don't move your domain. You're off line (this is the common one that gets people). I'm sure your ISP probably does a decent job running multiple DNS servers. But you should be aware of the potential for a problem.

It seems to me that most people don't understand DNS. They just "make it worK" and don't understand why it works. Some day it comes back to bite you.
 
No, I know that. But the hard data doesn't move and it always seems that these down times are them moving the data from one server to another and because they do that the DNS needs to be rerouted.
 
Jesse, I truly appreciate your taking the time to give that explanation. I do not claim to fully understand it - yet - but I am going to study it.

I originally decided to move the website and mail outside because, at one time, we had routing issues to our in-house IP address, and I decided it was better to be outside in a "more robust" environment. Of course, the outside hosts are not more robust at all (nor am I paying a rate which would justify confidence in their robustness, to be fair), so I need to buck up and do something better.

I liked having it in-house, but know I'd have to deal with greater exposure to attacks of various kinds...
 
email still bouncing 12pm Sunday

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<Xcutler@cutler-xxxxx.com>: (edit address altered by DT)
Sorry, I couldn't find any host by that name. (#4.1.2)
I'm not going to try again; this message has been in the queue too long.
 
You must log in or register to reply here.
Back
Top