Date: Mon, 9 Dec 2002 09:48:14 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Gary D Kline <kline@thought.org> Cc: freebsd-questions@freebsd.org Subject: Re: wedged... Message-ID: <20021209074814.GH1257@gothmog.gr> In-Reply-To: <20021209042138.GA1466@tao.thought.org> References: <20021209042138.GA1466@tao.thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-12-08 20:21, Gary D Kline <kline@thought.org> wrote: > > Last month I had to change ISP's. I decided to put all my > servers behind a firewall and use dhcpd to link my private > network to the outside. > > For unknown reasons, on ns1.thought.org (or elsewhere outside), > dig sees my primary web server correctly, as 216.231.43.140. Something doesn't look quite right here. % dig thought.org ns NS1.thought.org. 1d23h56m52s IN A 216.231.43.140 NS2.SECONDARY.COM. 1d10h29m40s IN A 198.133.199.4 NS1.SECONDARY.COM. 1d10h29m40s IN A 198.133.199.3 If I ask these servers about ns1.thought.org by IP address they give: % dig @216.231.43.140 thought.org ns ns1.thought.org. 10M IN A 216.231.43.140 ns1.thought.org. 10M IN A 10.0.0.1 ns1.secondary.com. 1d17h58m58s IN A 198.133.199.3 ns2.secondary.com. 1d17h58m59s IN A 198.133.199.4 % dig @198.133.199.4 thought.org ns ns1.thought.org. 10M IN A 216.39.168.248 ns1.thought.org. 10M IN A 10.0.0.1 % dig @198.133.199.3 thought.org ns ns1.thought.org. 10M IN A 216.39.168.248 ns1.thought.org. 10M IN A 10.0.0.1 The two nameservers of secondary.com have an old start-of-authority record for your domain. dig shows the following SOA serials: ns1.thought.org 2002120802 ns1.secondary.com 2002061403 ns2.secondary.com 2002061403 Perhaps, having 10.0.0.1 in the NS records that ns1.secondary.com and ns2.secondary.com can "see" for thought.org makes them query the wrong nameserver for zone transfers when they attempt to update their zonefiles for thought.org and they still have their old mirrors of the thought.org zone :-( > Behind the firewall--or maybe behind dhcp, I keep picking up > my old IP for ns1.thought.org (aka www.thought.org). The confusion could possibly be related to using 10.0.0.1 as a nameserver. When you are "inside" your private network, 10.0.0.1 is accessible and just happens to be the right nameserver. Everyone else, either fails to connect to 10.0.0.1 or (when a local network happens to have another machine with that address) connects to the wrong nameserver for authoritative information about thought.org. In short, delete the NS record that points to 10.0.0.1 from your publically visible zone files. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021209074814.GH1257>