kline at thought.org
Thu Dec 31 22:33:22 UTC 2009
On Thu, Dec 31, 2009 at 12:48:07PM -0800, Jon Radel wrote:
> Gary Kline wrote:
> > It was a good lesson that I should NOT have ever dared to mess
> > around with IPv6 ... but I did. And yup, after moving the server
> > everything restarted. And that v6 stuff busted things.
> Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network
> actually working does tend to break things all over the place.
> You really need a test server to play with rather than subjecting your
> main [only] server to these experiments. ;-)
Hm. If live 'n' learn is the best teacher, than my experiences
last night were worthy.
> > [ten mins later with coffee kicking in]:: a question on the
> > nameserver stuff: given that I have only one ISP, how could I have
> > another nameserver? ethic is DNS, mail, and web. I've got two
> > secondary nameservers. One in Dallas, a second in England.
> Well....which is it? One or three nameservers....
> I find it helps to think of nameservers as being of two types:
> 1) Resolving nameservers
> These are the servers that *your* machines use to look up addresses,
> both your own and things like www.google.com. You can use your own
> server. Your ISP would also have one or more available for customer
> use. I'd suggest using a list of servers rather than just one. This
> list is what you'd set up in /etc/resolv.conf.
> 2) Authoritative nameservers
> These are the servers that tell everyone about thought.org (in your
> case). You say that you have one on ethic.thought.org and 2 secondaries
> in Dallas and England. However, given that neither your parent servers
> nor your own zone file as found on ethic mention those two other
> servers, it's very unlikely that they're doing you any good at all.
> (There are advanced scenarios where "hidden secondaries" are useful, but
> I don't think any of them apply to your network.)
Would it help if I send you my named.conf. And my
master/thought.org database file...? I don't think it would 'hurt'
to share m y configuration, but why spent the bandwidth? From what
I See, ethic is my SOA. Ethic is my primary [ns1.thought.org].
Steve Bertrand said that I am missing including 'thought.org' A
record from the database file. SO I followed his example and added the
^@ IN A 188.8.131.52
(along with my AAAA address record :( )
I have left out my own A record for the time being....
Jon Horne's DFW site as well as Daniel Bye's secondary are listed in
named.conf. Note that two years ago when everything began
collapsing--mail, and the web, this guy in Dallas came to my
rescue. Now that I am reorganizing *again*, I would like to have
things done right. I won't even breath on the Dell. Actually, I
can't now that it's back in the corner!
> BTW, a single install of a name server on a single machine is perfectly
> capable of acting as both a resolving and an authoritative server, but
> it still helps, IMHO, to consider it as serving two different roles.
> (All of which leaves aside the security issues involved....)
I have my DSL thru the telco, USQuest or Quest. I have a set of 5
IPs from them. For some reason, Quest consider me as a business,
[???], but their service has been pretty good so far. Having a
second line from them or another provider might make sense if I
were making money from this. Nada.
> I would suggest you find out what servers your ISP makes available as
> resolving servers for customers, and use ethic followed by those servers
> in resolv.conf and other such setup.
> I would suggest you find out if those secondary servers are actually
> syncing the data from ethic, and if so, list them with your domain
> registrar and in NS records in your dns zone.
> With those two steps, dns as a whole will become a bit more resilient
> for you.
Thanks for the advice. I'll see if Quest says what secondaries
> --Jon Radel
> jon at radel.com
Gary Kline kline at thought.org http://www.thought.org Public Service Unix
The 7.79a release of Jottings: http://jottings.thought.org/index.php
More information about the freebsd-questions