NOW what?
Jon Radel
jon at radel.com
Thu Dec 31 20:48:22 UTC 2009
Gary Kline wrote:
>
> It was a good lesson that I should NOT have ever dared to mess
> around with IPv6 ... but I did. And yup, after moving the server
> everything restarted. And that v6 stuff busted things.
Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network
actually working does tend to break things all over the place.
You really need a test server to play with rather than subjecting your
main [only] server to these experiments. ;-)
>
> [ten mins later with coffee kicking in]:: a question on the
> nameserver stuff: given that I have only one ISP, how could I have
> another nameserver? ethic is DNS, mail, and web. I've got two
> secondary nameservers. One in Dallas, a second in England.
Well....which is it? One or three nameservers....
I find it helps to think of nameservers as being of two types:
1) Resolving nameservers
These are the servers that *your* machines use to look up addresses,
both your own and things like www.google.com. You can use your own
server. Your ISP would also have one or more available for customer
use. I'd suggest using a list of servers rather than just one. This
list is what you'd set up in /etc/resolv.conf.
2) Authoritative nameservers
These are the servers that tell everyone about thought.org (in your
case). You say that you have one on ethic.thought.org and 2 secondaries
in Dallas and England. However, given that neither your parent servers
nor your own zone file as found on ethic mention those two other
servers, it's very unlikely that they're doing you any good at all.
(There are advanced scenarios where "hidden secondaries" are useful, but
I don't think any of them apply to your network.)
BTW, a single install of a name server on a single machine is perfectly
capable of acting as both a resolving and an authoritative server, but
it still helps, IMHO, to consider it as serving two different roles.
(All of which leaves aside the security issues involved....)
I would suggest you find out what servers your ISP makes available as
resolving servers for customers, and use ethic followed by those servers
in resolv.conf and other such setup.
I would suggest you find out if those secondary servers are actually
syncing the data from ethic, and if so, list them with your domain
registrar and in NS records in your dns zone.
With those two steps, dns as a whole will become a bit more resilient
for you.
--Jon Radel
jon at radel.com
More information about the freebsd-questions
mailing list