From owner-freebsd-questions Sun Dec 8 23:49: 2 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BB4C37B40A for ; Sun, 8 Dec 2002 23:49:00 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AB1043F8E for ; Sun, 8 Dec 2002 23:48:58 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a050.otenet.gr [212.205.215.50]) by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id gB97mSn0024107; Mon, 9 Dec 2002 09:48:41 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.6/8.12.6) with ESMTP id gB97mNQ2005946; Mon, 9 Dec 2002 09:48:23 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by gothmog.gr (8.12.6/8.12.6/Submit) id gB97mEAf005941; Mon, 9 Dec 2002 09:48:14 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Mon, 9 Dec 2002 09:48:14 +0200 From: Giorgos Keramidas To: Gary D Kline Cc: freebsd-questions@freebsd.org Subject: Re: wedged... Message-ID: <20021209074814.GH1257@gothmog.gr> References: <20021209042138.GA1466@tao.thought.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021209042138.GA1466@tao.thought.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-12-08 20:21, Gary D Kline wrote: > > Last month I had to change ISP's. I decided to put all my > servers behind a firewall and use dhcpd to link my private > network to the outside. > > For unknown reasons, on ns1.thought.org (or elsewhere outside), > dig sees my primary web server correctly, as 216.231.43.140. Something doesn't look quite right here. % dig thought.org ns NS1.thought.org. 1d23h56m52s IN A 216.231.43.140 NS2.SECONDARY.COM. 1d10h29m40s IN A 198.133.199.4 NS1.SECONDARY.COM. 1d10h29m40s IN A 198.133.199.3 If I ask these servers about ns1.thought.org by IP address they give: % dig @216.231.43.140 thought.org ns ns1.thought.org. 10M IN A 216.231.43.140 ns1.thought.org. 10M IN A 10.0.0.1 ns1.secondary.com. 1d17h58m58s IN A 198.133.199.3 ns2.secondary.com. 1d17h58m59s IN A 198.133.199.4 % dig @198.133.199.4 thought.org ns ns1.thought.org. 10M IN A 216.39.168.248 ns1.thought.org. 10M IN A 10.0.0.1 % dig @198.133.199.3 thought.org ns ns1.thought.org. 10M IN A 216.39.168.248 ns1.thought.org. 10M IN A 10.0.0.1 The two nameservers of secondary.com have an old start-of-authority record for your domain. dig shows the following SOA serials: ns1.thought.org 2002120802 ns1.secondary.com 2002061403 ns2.secondary.com 2002061403 Perhaps, having 10.0.0.1 in the NS records that ns1.secondary.com and ns2.secondary.com can "see" for thought.org makes them query the wrong nameserver for zone transfers when they attempt to update their zonefiles for thought.org and they still have their old mirrors of the thought.org zone :-( > Behind the firewall--or maybe behind dhcp, I keep picking up > my old IP for ns1.thought.org (aka www.thought.org). The confusion could possibly be related to using 10.0.0.1 as a nameserver. When you are "inside" your private network, 10.0.0.1 is accessible and just happens to be the right nameserver. Everyone else, either fails to connect to 10.0.0.1 or (when a local network happens to have another machine with that address) connects to the wrong nameserver for authoritative information about thought.org. In short, delete the NS record that points to 10.0.0.1 from your publically visible zone files. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message