From owner-freebsd-questions@FreeBSD.ORG Thu Dec 31 20:48:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21A361065693 for ; Thu, 31 Dec 2009 20:48:22 +0000 (UTC) (envelope-from jon@radel.com) Received: from wave.radel.com (wave.radel.com [216.143.151.4]) by mx1.freebsd.org (Postfix) with ESMTP id CEC8F8FC08 for ; Thu, 31 Dec 2009 20:48:21 +0000 (UTC) Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6) with PIPE id 9297093; Thu, 31 Dec 2009 15:48:20 -0500 Received: from [216.143.146.251] (account laura@radel.com HELO Macintosh-2.local) by wave.radel.com (CommuniGate Pro SMTP 4.1.6) with ESMTP id 9297091; Thu, 31 Dec 2009 15:48:08 -0500 Message-ID: <4B3D0E07.7020107@radel.com> Date: Thu, 31 Dec 2009 12:48:07 -0800 From: Jon Radel User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Gary Kline References: <20091231180545.GA41589@thought.org> <4B3CF717.7050100@radel.com> <20091231195744.GA3733@thought.org> In-Reply-To: <20091231195744.GA3733@thought.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Radel.com-MailScanner-Information: Please contact Jon for more information X-Radel.com-MailScanner: Found to be clean X-Mailer: CommuniGate Pro CLI mailer Cc: Gary Kline , FreeBSD Mailing List Subject: Re: NOW what? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2009 20:48:22 -0000 Gary Kline wrote: > > It was a good lesson that I should NOT have ever dared to mess > around with IPv6 ... but I did. And yup, after moving the server > everything restarted. And that v6 stuff busted things. Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network actually working does tend to break things all over the place. You really need a test server to play with rather than subjecting your main [only] server to these experiments. ;-) > > [ten mins later with coffee kicking in]:: a question on the > nameserver stuff: given that I have only one ISP, how could I have > another nameserver? ethic is DNS, mail, and web. I've got two > secondary nameservers. One in Dallas, a second in England. Well....which is it? One or three nameservers.... I find it helps to think of nameservers as being of two types: 1) Resolving nameservers These are the servers that *your* machines use to look up addresses, both your own and things like www.google.com. You can use your own server. Your ISP would also have one or more available for customer use. I'd suggest using a list of servers rather than just one. This list is what you'd set up in /etc/resolv.conf. 2) Authoritative nameservers These are the servers that tell everyone about thought.org (in your case). You say that you have one on ethic.thought.org and 2 secondaries in Dallas and England. However, given that neither your parent servers nor your own zone file as found on ethic mention those two other servers, it's very unlikely that they're doing you any good at all. (There are advanced scenarios where "hidden secondaries" are useful, but I don't think any of them apply to your network.) BTW, a single install of a name server on a single machine is perfectly capable of acting as both a resolving and an authoritative server, but it still helps, IMHO, to consider it as serving two different roles. (All of which leaves aside the security issues involved....) I would suggest you find out what servers your ISP makes available as resolving servers for customers, and use ethic followed by those servers in resolv.conf and other such setup. I would suggest you find out if those secondary servers are actually syncing the data from ethic, and if so, list them with your domain registrar and in NS records in your dns zone. With those two steps, dns as a whole will become a bit more resilient for you. --Jon Radel jon@radel.com