• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

No AAAA record

Started by bmgtenty, April 22, 2010, 02:06:16 AM

Previous topic - Next topic

bmgtenty

Hi,

I started with the Administrator level and sending of an email to my domain  tenty.ca 
and receive the error:  no AAAA record.

I have  A  and AAAA records for tenty.ca and ns1.tenty.ca and they  resolve correctly from
other servers at internet

I queried also the dns 2001:470:20::2  & 74.82.42.42  of  he.net and they  resolve also correctly
there so I don't understand it.

Greetings,

Bob





jimb

I see the AAAA.  Sometimes the HE name server they cert machine resolves against gets negative cache entries.  This will typically happen if your NS doesn't have the AAAA when it first queries (misconfiguration or whatever).  If you wait a bit, it may just start working.

cholzhauer

Same here...I'm able to see the AAAA records...have you been able to re-try the test?

IIRC, when I made the changes that were needed to pass the sage test, it took a couple of days for them to become active.

jimb

This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

bmgtenty

I just tried and now it is working again  and I  could do the test.

Strange as I had  always the correct AAAA records in my dns.

Anyhow  whatever it is at HE, thanks  for the reponse.

Bob

kcochran

Quote from: jimb on April 22, 2010, 05:42:38 AM
This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

It does use a local caching recursor.  Alas, the only way to do that and make it available to the various testing bits is to make it the system global one.  Restarting it that often has caused issues in the brief window when it's restarting.

Consider it an additional educational element on DNS TTL values. ;-)

jimb

#6
Quote from: kcochran on April 22, 2010, 08:19:24 AM
Quote from: jimb on April 22, 2010, 05:42:38 AM
This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

It does use a local caching recursor.  Alas, the only way to do that and make it available to the various testing bits is to make it the system global one.  Restarting it that often has caused issues in the brief window when it's restarting.

Consider it an additional educational element on DNS TTL values. ;-)
I wonder if using "rndc flush" would be disruptive?  I can see how restarting would cause problems, but with "rndc flush" it doesn't stop the DNS server, just tells it to dump its cache (presumably negative cache entries too).  Presuming you're using BIND.

Yeah I was also thinking that it's sort of part of the deal to have to wait for DNS if you dork it up, since the same thing would happen in a non test scenario too.  :)