bv at wjv.com
Tue Dec 11 12:06:45 PST 2007
Derek Ragona, the prominent pundit, on Tue, Dec 11, 2007 at 13:36
while half mumbling, half-witicized:
> At 01:24 PM 12/11/2007, Bill Vermillion wrote:
> >On Tue, Dec 11, 2007 at 18:23 , while impersonating an expert on
> >the internet, freebsd-questions-request at freebsd.org sent this to stdout:
> >> Date: Tue, 11 Dec 2007 06:09:11 -0600
> >> From: Derek Ragona <derek at computinginnovations.com>
> >> Subject: Re: named mystery
> >> To: jekillen <jekillen at prodigy.net>, User Questions >
> ><freebsd-questions at freebsd.org>
> >> At 12:57 AM 12/10/2007, jekillen wrote:
> >> >Hello:
[lots of stuff snipped - wjv]
> >> >I have two name servers for four domains.
> >> >The primary name server is running FreeBSD v 6.0
> >> >and the secondary is running v 6.2.
> >> >I have an MX record for each of the four registered
> >> >domains. I have set up Postfix to act as a smart host
> >> >mail hub (the MX host). One of the named record
> >> >database is for one of the sites. When I try to send
> >> >an E-mail from this message to list e-mail address. The messages
> >> >bounce for dns lookup failure.
> >> >The name that is being looked up is
> >> > <mxhost>.<domainName>.<tld>.<targetDomainName>.<tld>
> >> >Some how the two names are being mashed together and then
> >> >looked up, causing the resolution failure.
> >As the other respondent noted, that was because of the missing
> >I've found that 'nslint' in the /usr/ports/dns hierarchy
> >is a nice little program that will tell you all your errors.
> >I actually run it's output through a 'filter' to get rid of
> >extranous things such as 'in use by xxxx.xxx' as i have
> >several sites that respond to the same IP.
> >> >There was a period missing after the MX host name record.
> >> >I added that and rebooted the machine with the primary name
> >> >server just to insure that named got the change and checked the
> >> >secondary record and it has the change
> >You don't have to reboot Unix systems for almost all things which
> >don't require a kernel change. named.restart will do the job.
> >> Jeff,
> >> I just checked how my DNS files look on two 6.2 servers. The
> >> primary zone files will have the:
> >> @
> >> while the secondary zone files will not have these.
> >> In my zone files the MX appears on the primary as a the lines: ;
> >> MX Record @ IN MX 10 mail.mydomain.com.
> >> Note the last period after the domain suffix is there to show
> >> it is a fully qualified name, with that name defined earlier in
> >> this zone file.
> >> When you make a change on the primary DNS server zone file be
> >> sure to change the serial number in that zone file. Also I
> >> usually stop and start named on the primary. I also remove the
> >> backup files on the secondary servers and stop and start named
> >> on those too to see that the new files are transferred and thus
> >> being used.
> >I have about 250 zones in my DNS and I've done something which
> >makes sure that I always have the correct date, but all the
> >domains will show the same date.
> >I've extracted much of what you put in a zone file and put
> >it in a file called named.soa . And in each file
> >is used the $INCLUDE directive [quite handy] that
> >is $INCLUDE named.soa
> >Then I just update the serial number in the one file. It saves
> >a lot of time, particualary yesterday when one client of
> >a support house that uses our servers decided he needed
> >all the standard variants .com, .net, .biz, .mobi, .info, .org,
> >and .tv - plus 5 variants on his domain.
> >I'd just dupe the zone file and make global changes in 'vi'
> >and only have to update the serial number in the named.soa
> >just one time.
> I didn't know about the include statement, I will do that with
> my zone files too.
There are many shortcuts availabe and I don't use many of them.
I first had to learn and put up DNS on an SCO server back in about
1994 when a local community-college for whom I was doing data base
work, needed to get an internet connection. So it was sendmail on
SCO - in the 4.x variety and then I took the best parts of
the O'Reily book and the SCO docs and came up with my own variant.
The SCO system did use the $INCLUDE. And I've used that ever
I also have machines in our own domain - plus others - so
I have the named.conf pointing to a sub-directory called 'sites'
that are domains that don't belong to us.
And I always found the xx.xx.xx.xx.in-addr.arpa a bit confusing to
look at in a directory so I map that to files called
named.rev.63.209.114 [and others] so when I search the directory
the last relative quad in the listing is last. So when I need
to change the reverse file it is just vi *.114. I'm lazy!!
The named.hosts has all the IP addresses in it, and the only
ones that are 'active' are the domains we control, BUT I have
the domain listing for others with a leading ; but the name
and IP in the list. This way I can scan that and find out
just what IPs are in use.
Little things like that make admininstering things much easier,
at least for me.
> Good to know about the nslint utility too. I am one who makes
> typos, so it will be a good way to make sure the files are at least syntax
I never restart DNS after modifications without first running
I also have 2 name servers, but I run both as primaries. Probably
not the best thing - but they are on two separate machines - and I
have only one network connection with a /23 block of IPs. Located
in a Level 3 colo and have had less than 45 minutes of downtime
from them. One was an admin mistake by our manage, the other
was a flacky card in a Cisco 12000 - where small packets would get
through but others would start dropping packets. That happened at
about 630AM and was fixed by 700AM so no business users were
I think we are about the smallest ISP in existance, and we ARE
the smallest in the Level 3 colo - going in the first week they
opened - before they had the high $$ monthly requirements - which
we could not meet now.
Glad to be of help.
Bill Vermillion - bv @ wjv . com
More information about the freebsd-questions