is this getting out?
Ian Smith
smithi at nimnet.asn.au
Fri Dec 18 02:45:48 UTC 2009
In freebsd-questions Digest, Vol 289, Issue 4, Message 14
On Sat, 12 Dec 2009 15:32:07 -0800 Gary Kline <kline at thought.org> wrote:
> ariatotle is offline; i'm exclusively on my new server. will
> somebody please do a digg thought.org and see if they see what i see?
>
> hope i get this.....
At this moment just seeing SERVFAIL for thought.org, and (thus) its
listed nameservers at your registrar:
Name Server:NS1.THOUGHT.ORG
Name Server:ETHIC.THOUGHT.ORG
=======
smithi on sola% dig thought.org
; <<>> DiG 9.3.4-P1 <<>> thought.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20499
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;thought.org. IN A
;; Query time: 4730 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 18 12:35:32 2009
;; MSG SIZE rcvd: 29
=======
That's from Australia (as good as anywhere else in this regard :)
It's a bit fraught, and not recommended (indeed, frowned upon by RFCs),
to have both/all of your domain nameserver IPs on one physical network.
I know you had too many before, but if you know someone who can and will
provide secondary/slave DNS for you, with a decent expiry time you can
be offline for longish periods without your domain disappearing from
view, even if your mail/web//etc servers are temporarily offline.
Rather than having to ask others to look it up, try locating some public
recursive nameserver that you can use, maybe provided by your ISP, let's
call it ns1.example.org .. then (assuming basic connectivity) you can:
% dig @ns1.example.org [whatever.]thought.org [a|ns|soa|mx|..]
to check visibility for yourself while you're tinkering with your DNS,
remembering to allow time for changes to propagate. So it's best to be
running a short default TTL (say 3600 seconds) until you're running ok,
then once OK increase it to something more reasonable, say 1 day.
Don't forget to increase your zone's serial number with each change to
your configuration, or slave servers won't notice and fetch updates.
If in doubt, it never hurts to bump the serial and restart named. Use
the standard format so you never use a smaller integer than before, eg
2009121801 for the first update today. Check the supplied HTML docs.
Ensure that your firewall allows both TCP and UDP connections inbound on
port 53 on each of your externally accessible nameservers, and of course
allows response traffic outbound.
cheers, Ian
PS because thought.org is SERVFAIL at the mo, you won't get this mail
direct till the domain reappears here. It'll be queued for two days.
More information about the freebsd-questions
mailing list