is this getting out?
Gary Kline
kline at thought.org
Fri Dec 18 18:50:15 UTC 2009
On Fri, Dec 18, 2009 at 01:45:39PM +1100, Ian Smith wrote:
> In freebsd-questions Digest, Vol 289, Issue 4, Message 14
> On Sat, 12 Dec 2009 15:32:07 -0800 Gary Kline <kline at thought.org> wrote:
> > ariatotle is offline; i'm exclusively on my new server. will
> > somebody please do a digg thought.org and see if they see what i see?
> >
> > hope i get this.....
>
> At this moment just seeing SERVFAIL for thought.org, and (thus) its
> listed nameservers at your registrar:
> Name Server:NS1.THOUGHT.ORG
> Name Server:ETHIC.THOUGHT.ORG
>
> =======
> smithi on sola% dig thought.org
>
> ; <<>> DiG 9.3.4-P1 <<>> thought.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20499
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;thought.org. IN A
>
> ;; Query time: 4730 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Dec 18 12:35:32 2009
> ;; MSG SIZE rcvd: 29
> =======
>
> That's from Australia (as good as anywhere else in this regard :)
>
> It's a bit fraught, and not recommended (indeed, frowned upon by RFCs),
> to have both/all of your domain nameserver IPs on one physical network.
>
> I know you had too many before, but if you know someone who can and will
> provide secondary/slave DNS for you, with a decent expiry time you can
> be offline for longish periods without your domain disappearing from
> view, even if your mail/web//etc servers are temporarily offline.
>
> Rather than having to ask others to look it up, try locating some public
> recursive nameserver that you can use, maybe provided by your ISP, let's
> call it ns1.example.org .. then (assuming basic connectivity) you can:
>
> % dig @ns1.example.org [whatever.]thought.org [a|ns|soa|mx|..]
>
thanks for the dig examples, first. i saw this email before i
threw in the towel last night, so something must be woriking
again.
about having too many [[that were pointing every-whichway, i
have one secondary in the UK that has kept in step with my
update almost at once. but yes, there are some free or
low-cost public org sites .... i just [MIS]assumed that
things were set. BZZT!
> to check visibility for yourself while you're tinkering with your DNS,
> remembering to allow time for changes to propagate. So it's best to be
> running a short default TTL (say 3600 seconds) until you're running ok,
> then once OK increase it to something more reasonable, say 1 day.
ah, good point, thanks.
>
> Don't forget to increase your zone's serial number with each change to
> your configuration, or slave servers won't notice and fetch updates.
> If in doubt, it never hurts to bump the serial and restart named. Use
> the standard format so you never use a smaller integer than before, eg
> 2009121801 for the first update today. Check the supplied HTML docs.
yep. [i forgot up update twice... . ] <***>
>
> Ensure that your firewall allows both TCP and UDP connections inbound on
> port 53 on each of your externally accessible nameservers, and of course
> allows response traffic outbound.
>
hm. since i was switched to pfSense that means yet another
thing to master. prev, i was using ifpw and did allow TCP AND
UDP. Will check.
gary
> cheers, Ian
>
> PS because thought.org is SERVFAIL at the mo, you won't get this mail
> direct till the domain reappears here. It'll be queued for two days.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
Gary Kline kline at thought.org http://www.thought.org Public Service Unix
http://jottings.thought.org http://transfinite.thought.org
The 7.79a release of Jottings: http://jottings.thought.org/index.php
More information about the freebsd-questions
mailing list