named mystery

[Bill Vermillion]

Derek Ragona, the prominent pundit, on Tue, Dec 11, 2007 at 13:36  
while half mumbling, half-witicized:

> At 01:24 PM 12/11/2007, Bill Vermillion wrote:
> >On Tue, Dec 11, 2007 at 18:23 , while impersonating an expert on
> >the internet, freebsd-questions-request at freebsd.org sent this to stdout:

> >> Date: Tue, 11 Dec 2007 06:09:11 -0600
> >> From: Derek Ragona <derek at computinginnovations.com>
> >> Subject: Re: named mystery
> >> To: jekillen <jekillen at prodigy.net>,  User Questions > 
> ><freebsd-questions at freebsd.org>

> >> At 12:57 AM 12/10/2007, jekillen wrote:
> >> >Hello:

[lots of stuff snipped - wjv]

> >> >I have two name servers for four domains.
> >> >The primary name server is running FreeBSD v 6.0
> >> >and the secondary is running v 6.2.
> >> >I have an MX record for each of the four registered
> >> >domains. I have set up Postfix to act as a smart host
> >> >mail hub (the MX host). One of the named record
> >> >database is for one of the sites. When I try to send
> >> >an E-mail from this message to list e-mail address. The messages
> >> >bounce for dns lookup failure.
> >> >The name that is being looked up is
> >> >  <mxhost>.<domainName>.<tld>.<targetDomainName>.<tld>

> >> >Some how the two names are being mashed together and then
> >> >looked up, causing the resolution failure.

> >As the other respondent noted, that was because of the missing
> >period.

> >I've found that 'nslint' in the /usr/ports/dns hierarchy
> >is a nice little program that will tell you all your errors.
> >I actually run it's output through a 'filter' to get rid of
> >extranous things such as 'in use by xxxx.xxx' as i have
> >several sites that respond to the same IP.

....

> >> >There was a period missing after the MX host name record.
> >> >I added that and rebooted the machine with the primary name
> >> >server just to insure that named got the change and checked the
> >> >secondary record and it has the change

> >You don't have to reboot Unix systems for almost all things which
> >don't require a kernel change.  named.restart   will do the job.

> >> Jeff,

> >> I just checked how my DNS files look on two 6.2 servers. The
> >> primary zone files will have the:
> >> @
> >> while the secondary zone files will not have these.

> >> In my zone files the MX appears on the primary as a the lines: ;
> >> MX Record @ IN MX 10 mail.mydomain.com.

> >> Note the last period after the domain suffix is there to show
> >> it is a fully qualified name, with that name defined earlier in
> >> this zone file.

....

> >> When you make a change on the primary DNS server zone file be
> >> sure to change the serial number in that zone file. Also I
> >> usually stop and start named on the primary. I also remove the
> >> backup files on the secondary servers and stop and start named
> >> on those too to see that the new files are transferred and thus
> >> being used.

> >I have about 250 zones in my DNS and I've done something which
> >makes sure that I always have the correct date, but all the
> >domains will show the same date.

> >I've extracted much of what you put in a zone file and put
> >it in a file called   named.soa  .  And in each file
> >is used the $INCLUDE directive [quite handy] that
> >is   $INCLUDE named.soa

> >Then I just update the serial number in the one file.  It saves
> >a lot of time, particualary yesterday when one client of
> >a support house that uses our servers decided he needed
> >all the standard variants .com, .net, .biz, .mobi, .info, .org,
> >and .tv - plus 5 variants on his domain.
> >
> >I'd just dupe the zone file and make global changes in 'vi'
> >and only have to update the serial number in the named.soa
> >just one time.
> >
> >Bill

> Bill,

> I didn't know about the include statement, I will do that with
> my zone files too.

There are many shortcuts availabe and I don't use many of them.
I first had to learn and put up DNS on an SCO server back in about
1994 when a local community-college for whom I was doing data base
work, needed to get an internet connection.  So it was sendmail on
SCO - in the 4.x variety and then I took the best parts of 
the O'Reily book and the SCO docs and came up with my own variant.
The SCO system did use the $INCLUDE.  And I've used that ever
since.

I also have machines in our own domain - plus others - so
I have the named.conf pointing to a sub-directory called 'sites'
that are domains that don't belong to us.

And I always found the xx.xx.xx.xx.in-addr.arpa a bit confusing to
look at in a directory so I map that to files called
named.rev.63.209.114 [and others] so when I search the directory
the last relative quad in the listing is last.  So when I need
to change the reverse file it is just   vi *.114.  I'm lazy!!

The named.hosts has all the IP addresses in it, and the only
ones that are 'active' are the domains we control, BUT I have
the domain listing for others with a leading ; but the name
and IP in the list.  This way I can scan that and find out
just what IPs are in use.

Little things like that make admininstering things much easier,
at least for me.

> Good to know about the nslint utility too.  I am one who makes 
> typos, so it will be a good way to make sure the files are at least syntax 
> correct.

>         -Derek

I never restart DNS after modifications without first running
nslint.

I also have 2 name servers, but I run both as primaries.  Probably
not the best thing - but they are on two separate machines - and I
have only one network connection with a /23 block of IPs. Located
in a Level 3 colo and have had less than 45 minutes of downtime
from them. One was an admin mistake by our manage, the other
was a flacky card in a Cisco 12000  - where small packets would get
through but others would start dropping packets.  That happened at
about 630AM and was fixed by 700AM so no business users were
affected.

I think we are about the smallest ISP in existance, and we ARE
the smallest in the Level 3 colo - going in the first week they
opened - before they had the high $$ monthly requirements - which
we could not meet now.

Glad to be of help.

Bill


-- 
Bill Vermillion - bv @ wjv . com