NOW what?

Gary Kline kline at thought.org
Thu Dec 31 22:33:22 UTC 2009


On Thu, Dec 31, 2009 at 12:48:07PM -0800, Jon Radel wrote:
> 
> Gary Kline wrote:
> 
> >
> >	It was a good lesson that I should NOT have ever dared to mess
> >	around with IPv6 ... but I did.  And yup, after moving the server
> >	everything restarted.  And that v6 stuff busted things.
> 
> Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network 
> actually working does tend to break things all over the place.
> 
> You really need a test server to play with rather than subjecting your 
> main [only] server to these experiments.  ;-)
> 


	Hm.  If live 'n' learn is the best teacher, than my experiences
	last night were worthy.  

> 
> >
> >	[ten mins later with coffee kicking in]:: a question on the
> >	nameserver stuff: given that I have only one ISP, how could I have
> >	another nameserver?  ethic is DNS, mail, and web.  I've got two
> >	secondary nameservers.  One in Dallas, a second in England.  
> 
> Well....which is it?  One or three nameservers....
> 
> I find it helps to think of nameservers as being of two types:
> 
> 1)  Resolving nameservers
> 
> These are the servers that *your* machines use to look up addresses, 
> both your own and things like www.google.com.  You can use your own 
> server.  Your ISP would also have one or more available for customer 
> use.  I'd suggest using a list of servers rather than just one.  This 
> list is what you'd set up in /etc/resolv.conf.
> 
> 2)  Authoritative nameservers
> 
> These are the servers that tell everyone about thought.org (in your 
> case).  You say that you have one on ethic.thought.org and 2 secondaries 
> in Dallas and England.  However, given that neither your parent servers 
> nor your own zone file as found on ethic mention those two other 
> servers, it's very unlikely that they're doing you any good at all. 
> (There are advanced scenarios where "hidden secondaries" are useful, but 
> I don't think any of them apply to your network.)


	Would it help if I send you my named.conf.  And my
	master/thought.org database file...?  I don't think it would 'hurt'
	to share m y configuration, but why spent the bandwidth?  From what
	I See, ethic is my SOA.  Ethic is my primary [ns1.thought.org].
	Steve Bertrand said that I am missing including 'thought.org' A
	record from the database file.  SO I followed his example and added the

	^@	IN A 	209.180.213.210

	(along with my AAAA address record :( )

	I have left out my own A record for the time being.... 

	Jon Horne's DFW site as well as Daniel Bye's secondary are listed in
	named.conf.  Note that two years ago when everything began
	collapsing--mail, and the web, this guy in Dallas came to my
	rescue.  Now that I am reorganizing *again*, I would like to have
	things done right.  I won't even breath on the Dell.  Actually, I
	can't now that it's back in the corner!



> 
> BTW, a single install of a name server on a single machine is perfectly 
> capable of acting as both a resolving and an authoritative server, but 
> it still helps, IMHO, to consider it as serving two different roles. 
> (All of which leaves aside the security issues involved....)


	I have my DSL thru the telco, USQuest or Quest.  I have a set of 5
	IPs from them.  For some reason, Quest consider me as a business,
	[???], but their service has been pretty good so far.  Having a
	second line from them or another provider might make sense if I
	were making money from this.  Nada.

> 
> I would suggest you find out what servers your ISP makes available as 
> resolving servers for customers, and use ethic followed by those servers 
> in resolv.conf and other such setup.
> 
> I would suggest you find out if those secondary servers are actually 
> syncing the data from ethic, and if so, list them with your domain 
> registrar and in NS records in your dns zone.
> 
> With those two steps, dns as a whole will become a bit more resilient 
> for you.


	Thanks for the advice.  I'll see if Quest says what secondaries
	they have.


> 
> --Jon Radel
> jon at radel.com

-- 
 Gary Kline  kline at thought.org  http://www.thought.org  Public Service Unix
        http://jottings.thought.org   http://transfinite.thought.org
    The 7.79a release of Jottings: http://jottings.thought.org/index.php



More information about the freebsd-questions mailing list