search

swig / www

Web pages at http://www.swig.org
10 stars 17 forks source link

Web site www.swig.org cannot resolved even on authorized NS ns11.worldnic.com or ns12.worldnic.com #15

Closed futatuki closed 7 months ago

futatuki commented 7 months ago 
$ dig @ns11.worldnic.com www.swig.org A +norecurse

; <<>> DiG 9.18.20 <<>> @ns11.worldnic.com www.swig.org A +norecurse
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 40490
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 15 (Blocked): (Request blocked by policy)
;; QUESTION SECTION:
;www.swig.org.                  IN      A

;; Query time: 17 msec
;; SERVER: 162.159.26.214#53(ns11.worldnic.com) (UDP)
;; WHEN: Tue Feb 13 12:52:22 JST 2024
;; MSG SIZE  rcvd: 72

What happend?

Though swig.org can be resolved and https://swig.org/ seems to show us same contents of https://www.swig.org ...

ojwb commented 7 months ago

The website is still hosted on sourceforge, and I can see there's a vhost configured for www.swig.org there.

I don't think I have access to the DNS config for the domain though - probably @wsfulton does.

wsfulton commented 7 months ago

Sourceforge hosts the domain. @ojwb, you have the same admin access for Sourceforge as I do, so you can probably see the same configuration at https://sourceforge.net/p/swig/admin/ext/vhost/. There isn't a lot there to configure, so I suppose we should raise a request to SF for an explanation.

futatuki commented 7 months ago

As far as I read https://sourceforge.net/p/forge/documentation/Custom%20VHOSTs/ , Sourceforge does not provide DNS service. Perhaps you need to contact to registrar of swig.org -- NETWORK SOLUTIONS, or hostmaster of DNS zone, namehost@WORLDNIC.COM (which is found in SOA record of swig.org).

wsfulton commented 7 months ago

Hi @dabeaz, is this something you raise with your network provider that you use for SWIG please?

dabeaz commented 7 months ago

Is the problem basically one of configuring DNS as described in the above sourceforge links?

ojwb commented 7 months ago

@dabaez Probably - specifically it seems we're missing this part:

www.yourdomain.com CNAME to vhost2.sourceforge.net.

I'm not sure what happened as this was working.

The configuration at SF seems to be correct, since if I add 204.68.111.101 www.swig.org to my /etc/hosts file locally then https://www.swig.org/ works for me. So adding the missing CNAME should fix this (once DNS changes have propagated).

dabeaz commented 7 months ago

Weird. The DNS record had "www.swig.org" listed as an A-record. I've changed it to a CNAME record and will see if it makes any difference. Keep me posted.

ojwb commented 7 months ago

Either A or CNAME should work, but sourceforge docs say to use a CNAME so probably better to.

It doesn't seem to be visible yet, but will check again later.

dabeaz commented 7 months ago

A screenshot of what the network solutions configuration shows:

image
ojwb commented 7 months ago

Hmm, with 2 hour TTL it ought to be working by now but isn't.

That * entry seems odd to me - that seems like it's trying to define a wildcard A record so .swig.org resolves to that SF IP address, but no subdomains of swig.org I've tried seem to resolve. Maybe that used to work but the registrar broke it. I'd try removing the * entry since it doesn't seem useful to have a wildcard entry and SF is only configured as a vhost for swig.org and www.swig.org anyway.

(The @ entry is OK - that means "the domain itself" so is defining an A record for swig.org, which does seem to be working.)

dabeaz commented 7 months ago

I removed the * entry just now. Will keep an eye on it. I'm not seeing a whole lot of things to change unless the ns11.worldnic.com and ns12.worldnic.com servers are broken themselves. Also, I would add that DNSSEC is disabled (if it might matter).

ojwb commented 7 months ago

Looking at the dig output in detail, one thing I find a bit odd is that the worldnic nameservers return status "REFUSED" (and the detailed error code is "EDE: 15 (Blocked): (Request blocked by policy)"), and the same for any other subdomain of swig.org it seems. I'd expect status "NOERROR" for found and "NXDOMAIN" for not found, which is what I get testing a different domain (but I don't know anyone else still using network solutions, so that's with a different registrar's name servers).

Maybe that's normal though. I don't have to do much DNS debugging these days.

dabeaz commented 7 months ago

That's just bizarre. In any event, the website seems to be working when I tried it just now.

futatuki commented 7 months ago 
$ dig @ns11.worldnic.com www.swig.org A +norecurse             
; <<>> DiG 9.18.20 <<>> @ns11.worldnic.com www.swig.org A +norecurse
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38181
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.swig.org.                  IN      A

;; ANSWER SECTION:
www.swig.org.           7200    IN      CNAME   vhost2.sourceforge.net.

;; Query time: 156 msec
;; SERVER: 162.159.26.214#53(ns11.worldnic.com) (UDP)
;; WHEN: Wed Feb 14 21:04:08 JST 2024
;; MSG SIZE  rcvd: 77

I also confirmed it.

ojwb commented 7 months ago

Working for me too, so closing.

(@dabeaz Doesn't seem very fair you still seem to be paying for the domain - if you want shot of it we could probably transfer it to SFC and pay for it out of project funds.)