My site has been down intermittently for much of the day and I'm going crazy trying to debug why. It seems to be a DNS issue since changing my DNS servers from my ISP's to Google's 8.8.8.8
fixed it for my personal browser. But now that's failing, too! DownForEveryoneOrJustMe says it's up, although I'm getting some complaints from users that it's not.
nslookup
is intermittent:
16:04: ~/d/coachup (master) > nslookup www.coachup.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
*** Can't find www.coachup.com: No answer
Throughout the day, sometimes that has returned a result, but it's not right now. When I try it with one of my GoDaddy DNS nameservers (which I think are authoritative? I got them from whois
) I get:
16:06: ~/d/coachup (master) > nslookup www.coachup.com NS36.DOMAINCONTROL.COM
Server: NS36.DOMAINCONTROL.COM
Address: 208.109.255.18#53
www.coachup.com canonical name = chiba-9316.herokussl.com.
The other one is more flaky:
16:07: ~/d/coachup (master) > nslookup www.coachup.com NS35.DOMAINCONTROL.COM
Server: NS35.DOMAINCONTROL.COM
Address: 216.69.185.18#53
*** Can't find www.coachup.com: No answer
16:08: ~/d/coachup (master) > nslookup www.coachup.com NS35.DOMAINCONTROL.COM
Server: NS35.DOMAINCONTROL.COM
Address: 216.69.185.18#53
www.coachup.com canonical name = chiba-9316.herokussl.com.
However, even with repeated attempts, dig
always comes back with information:
16:08: ~/d/coachup (master) > dig @8.8.8.8 www.coachup.com ANY
; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 www.coachup.com ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49917
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.coachup.com. IN ANY
;; ANSWER SECTION:
www.coachup.com. 2815 IN CNAME chiba-9316.herokussl.com.
;; Query time: 32 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Dec 18 16:09:25 2013
;; MSG SIZE rcvd: 68
16:09: ~/d/coachup (master) > dig @NS35.DOMAINCONTROL.COM www.coachup.com ANY
; <<>> DiG 9.8.3-P1 <<>> @NS35.DOMAINCONTROL.COM www.coachup.com ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58865
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.coachup.com. IN ANY
;; ANSWER SECTION:
www.coachup.com. 3600 IN CNAME chiba-9316.herokussl.com.
;; AUTHORITY SECTION:
coachup.com. 3600 IN NS ns36.domaincontrol.com.
coachup.com. 3600 IN NS ns35.domaincontrol.com.
;; Query time: 309 msec
;; SERVER: 216.69.185.18#53(216.69.185.18)
;; WHEN: Wed Dec 18 16:09:39 2013
;; MSG SIZE rcvd: 120
host
similarly works consistently.
Some questions:
- Why does
dig
andhost
work consistently but notnslookup
? - How do I determine my authoritative nameservers. Does
whois
work there?
My working theory is that the GoDaddy nameserver has been flaky, and at one point when Google's 8.8.8.8
asked for www.coachup.com
and got a non-response, it cached that negatively for a while. Does that seem plausible? But then it's only flaky with nslookup
and not with dig
or host
.
Also, Heroku status shows that they were doing "DNS maintenance" yesterday. Could that cause this somehow? It says it's green now.
Best Answer
*Why does dig and host work consistently but not nslookup?
Because when you ran dig you used the option 'ANY', that means you weren't just looking for an 'A' record, but also for other records such as CNAME. While nslookup was looking for an 'A' record. What is interesting is when i did 'dig @8.8.8.8 www.coachup.com' i got no answer but when i did 'dig @8.8.8.8 www.coachup.com cname' i got a response.
*How do I determine my authoritative nameservers. Does whois work there?
whois is mainly an administrative database, to determine your actual name servers use 'dig +trace www.coachup.com' -
Your authoritative name servers are in the section -
*I would suspect the problem was with Heroku, and google and other some dns servers cached the non-existent record response, and after that they started responding from negative cache. It should work once the negative cache expires. My guess is, still a guess, your authoritative names server did provide the cname response, but google dns servers were not able to complete the resolution for 'chiba-9316.herokussl.com.', assuming Herok had a problem.
To test this i run a dig on several public dns servers - which i got from the site "http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm". All responded for the CNAME, but a few including google didn't respond for an 'A' record query -
Request for an 'A' record. Note: google dns is '8.8.8.8'
Request for a CNAME query -