Solve Common DNS Issues with These Simple Tips
In today’s connected society, domain name systems (DNS) are the backbone of modern day datacenters. Since DNS systems are responsible for linking domain names to IP addresses, they are a mission critical component of any website because when they go down, it becomes impossible to anyone to access your customer websites. As with anything in life, DNS systems aren’t perfect and downtime must be planned for in any datacenter setting.
As Site24x7 mentioned in a recent article on DNS hijacking, these systems are fairly complex and can be difficult to maintain and secure. Even with proper precautions failure can still occur. Fortunately by identifying the most common DNS issues which can occur with clients, you can minimize downtime for when you experience issues.
Basic Components of DNS Configuration
Below are must know requirements of DNS configurations. Failing to meet all these requirements can result in a complete DNS failure:
- An A Record must ALWAYS contain IP address (map host to IP). Without a valid IP address, the domain will not resolve at all.
- CNAME (Alias) records must contain hostnames, not IP addresses.
- NS and MX records must contain host names. As with CNAME records, they cannot contain IP addresses.
- Use the period in the end, whenever you specify a domain name in the DNS zone file. Forgetting the period will cause the DNS configuration to be invalid.
- For example: com. IN~~ NS~~ ns1.example.com. is how your zone file should be formatted.
- MX records for mail servers also need valid hostnames. IP addresses cannot be used.
Simple DNS Errors
No Registered Records
This error commonly occurs on the client side when they fail to fully complete their website setup. To fight this issue, you should offer clients database management, a centralized domain, ease of integration, diagnostics, auditing, verification and data integrity which all combine to provide holistic protection against this issue.
SNAME Error
SNAME errors are one of the most common DNS errors because they occur when a domain name does not have a valid IP address. Since these errors often are due to invalid IP addresses, you can reduce the occurrence of them by advising users to validate the IP addresses before the settings are finalized.
Round Robin DNS
Round robin DNS configurations are commonly used by organizations to keep the workload distributed across multiple servers by constantly cycling requests across the network. While this distribution method works well in theory, a single server failure can bring down the entire service since DNS servers are unable to know when a server is down. Fortunately you can overcome this issue is to use a standard load balancer to distribute the tasks between servers.
Malware on Client Systems
A common aspect of malware today is that the programs typically try to hijack web traffic to generate revenue. If you get a call about a domain redirecting to a malicious site, you should try visiting the address from multiple systems. If the site loads properly on other machines, then the issue is likely on the client side.
Tools to Simplify the Troubleshooting Process
Since DNS issues can be caused by a variety of reasons TechRepublic has a ten step guide for general DNS troubleshooting, Below are a couple of tools which can be used to help make resolving errors much easier.
nslookup
nslookup is short for “name server lookup” and is a tool which allows server administrators to verify that the name resolution system is working. If the name resolution system is not working, then the tool allows you to confirm which DNS server is being used. Nslookup only shows the initial DNS server it connects to, so if a request is being forwarded across multiple servers, you will not see the entire path.
To use nslookup on Windows, simply open a command prompt window and type nslookup. Linux simply requires you to open a bash window and enter the same command.
Ping
If you know which IP address is being accessed by the domain name, you can try pinging the IP to determine if the DNS server is down. If the IP address shows as being operational, then you have a DNS issue. On the other hand, an issue with the IP address can indicate problems elsewhere.
Dig
If you’ve just made changes to your DNS servers and want to make sure they were entered correctly, you can use the dig (domain information groper) command to query your DNS servers for records, specify records, and even specify which DNS server to query.
Since the tool isn’t included on all systems by default, you might have to check your operating system documentation for details on how to enable the command.
Spotting Errors as they Arise
Ultimately when it comes to managing your servers, implementing DNS monitoring solutions on your client websites can allow you to spot trouble in near real-time allowing you to minimize downtime and maximize client satisfaction. By combining monitoring solutions along with implementing safeguards across your infrastructure, you can ensure your datacenter is able to deliver quality services while keeping overhead reasonable. You also can reduce the possibility of server issues by hardening your DNS servers against attacks.