How not to set up your DNS (part 15)
This is one of those interesting little DNS glitches:
- the nameservers for the pk country domain say that gem.net.pk lists as nameservers sooraj.gem.net.pk and chand.gem.net.pk.
- if you ask sooraj what gem.net.pk's nameservers are, it gives you a non-authoritative reply saying that they are sooraj, chand, and ns1.gem.net.pk.
- ns1.gem.net.pk doesn't respond.
- if you ask chand what gem.net.pk's nameservers are, you sometimes get a reply without any actual data but with an 'additional authority' section that says that chand and sooraj are the nameservers, as if chand wasn't actually an authoritative nameserver for gem.net.pk.
The net result seems to be that every so often, our nameservers can't resolve anything to do with gem.net.pk because they have decided to query chand and have gotten answers back that make them throw up their hands in disgust.
What seems to be going on is that sooraj and chand are actually general recursive nameservers (for example, neither claim to be authoritative on any answers) that can also talk to ns1, which is presumably an internal-only machine. For some reason sooraj has a local copy of the data (for example, its TTLs on gem.net.pk results never count down) but chand does not; if you query chand during a time when it doesn't have things in its cache, you get useless results.