From owner-freebsd-questions@FreeBSD.ORG Tue Dec 11 20:06:44 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E489416A417 for ; Tue, 11 Dec 2007 20:06:44 +0000 (UTC) (envelope-from bv@bilver.wjv.com) Received: from wjv.com (fl-65-40-24-38.sta.embarqhsd.net [65.40.24.38]) by mx1.freebsd.org (Postfix) with ESMTP id 995DD13C45A for ; Tue, 11 Dec 2007 20:06:44 +0000 (UTC) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.14.1/8.13.1) with ESMTP id lBBK6bNZ002117; Tue, 11 Dec 2007 15:06:37 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.14.1/8.13.1/Submit) id lBBK6WU7002116; Tue, 11 Dec 2007 15:06:32 -0500 (EST) (envelope-from bv) Date: Tue, 11 Dec 2007 15:06:32 -0500 From: Bill Vermillion To: Derek Ragona Message-ID: <20071211200632.GA1911@wjv.com> References: <20071211182359.DAED116A50B@hub.freebsd.org> <20071211192423.GB1301@wjv.com> <6.0.0.22.2.20071211133417.024f0e18@mail.computinginnovations.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20071211133417.024f0e18@mail.computinginnovations.com> User-Agent: Mutt/1.4.2.2i Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com Cc: freebsd-questions@freebsd.org Subject: Re: named mystery X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bv@wjv.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2007 20:06:45 -0000 Derek Ragona, the prominent pundit, on Tue, Dec 11, 2007 at 13:36 while half mumbling, half-witicized: > At 01:24 PM 12/11/2007, Bill Vermillion wrote: > >On Tue, Dec 11, 2007 at 18:23 , while impersonating an expert on > >the internet, freebsd-questions-request@freebsd.org sent this to stdout: > >> Date: Tue, 11 Dec 2007 06:09:11 -0600 > >> From: Derek Ragona > >> Subject: Re: named mystery > >> To: jekillen , User Questions > > > > >> At 12:57 AM 12/10/2007, jekillen wrote: > >> >Hello: [lots of stuff snipped - wjv] > >> >I have two name servers for four domains. > >> >The primary name server is running FreeBSD v 6.0 > >> >and the secondary is running v 6.2. > >> >I have an MX record for each of the four registered > >> >domains. I have set up Postfix to act as a smart host > >> >mail hub (the MX host). One of the named record > >> >database is for one of the sites. When I try to send > >> >an E-mail from this message to list e-mail address. The messages > >> >bounce for dns lookup failure. > >> >The name that is being looked up is > >> > .... > >> >Some how the two names are being mashed together and then > >> >looked up, causing the resolution failure. > >As the other respondent noted, that was because of the missing > >period. > >I've found that 'nslint' in the /usr/ports/dns hierarchy > >is a nice little program that will tell you all your errors. > >I actually run it's output through a 'filter' to get rid of > >extranous things such as 'in use by xxxx.xxx' as i have > >several sites that respond to the same IP. .... > >> >There was a period missing after the MX host name record. > >> >I added that and rebooted the machine with the primary name > >> >server just to insure that named got the change and checked the > >> >secondary record and it has the change > >You don't have to reboot Unix systems for almost all things which > >don't require a kernel change. named.restart will do the job. > >> Jeff, > >> I just checked how my DNS files look on two 6.2 servers. The > >> primary zone files will have the: > >> @ > >> while the secondary zone files will not have these. > >> In my zone files the MX appears on the primary as a the lines: ; > >> MX Record @ IN MX 10 mail.mydomain.com. > >> Note the last period after the domain suffix is there to show > >> it is a fully qualified name, with that name defined earlier in > >> this zone file. .... > >> When you make a change on the primary DNS server zone file be > >> sure to change the serial number in that zone file. Also I > >> usually stop and start named on the primary. I also remove the > >> backup files on the secondary servers and stop and start named > >> on those too to see that the new files are transferred and thus > >> being used. > >I have about 250 zones in my DNS and I've done something which > >makes sure that I always have the correct date, but all the > >domains will show the same date. > >I've extracted much of what you put in a zone file and put > >it in a file called named.soa . And in each file > >is used the $INCLUDE directive [quite handy] that > >is $INCLUDE named.soa > >Then I just update the serial number in the one file. It saves > >a lot of time, particualary yesterday when one client of > >a support house that uses our servers decided he needed > >all the standard variants .com, .net, .biz, .mobi, .info, .org, > >and .tv - plus 5 variants on his domain. > > > >I'd just dupe the zone file and make global changes in 'vi' > >and only have to update the serial number in the named.soa > >just one time. > > > >Bill > Bill, > I didn't know about the include statement, I will do that with > my zone files too. There are many shortcuts availabe and I don't use many of them. I first had to learn and put up DNS on an SCO server back in about 1994 when a local community-college for whom I was doing data base work, needed to get an internet connection. So it was sendmail on SCO - in the 4.x variety and then I took the best parts of the O'Reily book and the SCO docs and came up with my own variant. The SCO system did use the $INCLUDE. And I've used that ever since. I also have machines in our own domain - plus others - so I have the named.conf pointing to a sub-directory called 'sites' that are domains that don't belong to us. And I always found the xx.xx.xx.xx.in-addr.arpa a bit confusing to look at in a directory so I map that to files called named.rev.63.209.114 [and others] so when I search the directory the last relative quad in the listing is last. So when I need to change the reverse file it is just vi *.114. I'm lazy!! The named.hosts has all the IP addresses in it, and the only ones that are 'active' are the domains we control, BUT I have the domain listing for others with a leading ; but the name and IP in the list. This way I can scan that and find out just what IPs are in use. Little things like that make admininstering things much easier, at least for me. > Good to know about the nslint utility too. I am one who makes > typos, so it will be a good way to make sure the files are at least syntax > correct. > -Derek I never restart DNS after modifications without first running nslint. I also have 2 name servers, but I run both as primaries. Probably not the best thing - but they are on two separate machines - and I have only one network connection with a /23 block of IPs. Located in a Level 3 colo and have had less than 45 minutes of downtime from them. One was an admin mistake by our manage, the other was a flacky card in a Cisco 12000 - where small packets would get through but others would start dropping packets. That happened at about 630AM and was fixed by 700AM so no business users were affected. I think we are about the smallest ISP in existance, and we ARE the smallest in the Level 3 colo - going in the first week they opened - before they had the high $$ monthly requirements - which we could not meet now. Glad to be of help. Bill -- Bill Vermillion - bv @ wjv . com