Date: Thu, 31 Dec 2009 14:33:16 -0800 From: Gary Kline <kline@thought.org> To: Jon Radel <jon@radel.com> Cc: Gary Kline <kline@magnesium.net>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: NOW what? Message-ID: <20091231223316.GD3733@thought.org> In-Reply-To: <4B3D0E07.7020107@radel.com> References: <20091231180545.GA41589@thought.org> <4B3CF717.7050100@radel.com> <20091231195744.GA3733@thought.org> <4B3D0E07.7020107@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 31, 2009 at 12:48:07PM -0800, Jon Radel wrote: > > Gary Kline wrote: > > > > > It was a good lesson that I should NOT have ever dared to mess > > around with IPv6 ... but I did. And yup, after moving the server > > everything restarted. And that v6 stuff busted things. > > Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network > actually working does tend to break things all over the place. > > You really need a test server to play with rather than subjecting your > main [only] server to these experiments. ;-) > Hm. If live 'n' learn is the best teacher, than my experiences last night were worthy. > > > > > [ten mins later with coffee kicking in]:: a question on the > > nameserver stuff: given that I have only one ISP, how could I have > > another nameserver? ethic is DNS, mail, and web. I've got two > > secondary nameservers. One in Dallas, a second in England. > > Well....which is it? One or three nameservers.... > > I find it helps to think of nameservers as being of two types: > > 1) Resolving nameservers > > These are the servers that *your* machines use to look up addresses, > both your own and things like www.google.com. You can use your own > server. Your ISP would also have one or more available for customer > use. I'd suggest using a list of servers rather than just one. This > list is what you'd set up in /etc/resolv.conf. > > 2) Authoritative nameservers > > These are the servers that tell everyone about thought.org (in your > case). You say that you have one on ethic.thought.org and 2 secondaries > in Dallas and England. However, given that neither your parent servers > nor your own zone file as found on ethic mention those two other > servers, it's very unlikely that they're doing you any good at all. > (There are advanced scenarios where "hidden secondaries" are useful, but > I don't think any of them apply to your network.) Would it help if I send you my named.conf. And my master/thought.org database file...? I don't think it would 'hurt' to share m y configuration, but why spent the bandwidth? From what I See, ethic is my SOA. Ethic is my primary [ns1.thought.org]. Steve Bertrand said that I am missing including 'thought.org' A record from the database file. SO I followed his example and added the ^@ IN A 209.180.213.210 (along with my AAAA address record :( ) I have left out my own A record for the time being.... Jon Horne's DFW site as well as Daniel Bye's secondary are listed in named.conf. Note that two years ago when everything began collapsing--mail, and the web, this guy in Dallas came to my rescue. Now that I am reorganizing *again*, I would like to have things done right. I won't even breath on the Dell. Actually, I can't now that it's back in the corner! > > BTW, a single install of a name server on a single machine is perfectly > capable of acting as both a resolving and an authoritative server, but > it still helps, IMHO, to consider it as serving two different roles. > (All of which leaves aside the security issues involved....) I have my DSL thru the telco, USQuest or Quest. I have a set of 5 IPs from them. For some reason, Quest consider me as a business, [???], but their service has been pretty good so far. Having a second line from them or another provider might make sense if I were making money from this. Nada. > > I would suggest you find out what servers your ISP makes available as > resolving servers for customers, and use ethic followed by those servers > in resolv.conf and other such setup. > > I would suggest you find out if those secondary servers are actually > syncing the data from ethic, and if so, list them with your domain > registrar and in NS records in your dns zone. > > With those two steps, dns as a whole will become a bit more resilient > for you. Thanks for the advice. I'll see if Quest says what secondaries they have. > > --Jon Radel > jon@radel.com -- Gary Kline kline@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091231223316.GD3733>