Date: Tue, 11 Dec 2007 15:06:32 -0500 From: Bill Vermillion <bv@wjv.com> To: Derek Ragona <derek@computinginnovations.com> Cc: freebsd-questions@freebsd.org Subject: Re: named mystery Message-ID: <20071211200632.GA1911@wjv.com> In-Reply-To: <6.0.0.22.2.20071211133417.024f0e18@mail.computinginnovations.com> References: <20071211182359.DAED116A50B@hub.freebsd.org> <20071211192423.GB1301@wjv.com> <6.0.0.22.2.20071211133417.024f0e18@mail.computinginnovations.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Derek Ragona, the prominent pundit, on Tue, Dec 11, 2007 at 13:36 while half mumbling, half-witicized: > At 01:24 PM 12/11/2007, Bill Vermillion wrote: > >On Tue, Dec 11, 2007 at 18:23 , while impersonating an expert on > >the internet, freebsd-questions-request@freebsd.org sent this to stdout: > >> Date: Tue, 11 Dec 2007 06:09:11 -0600 > >> From: Derek Ragona <derek@computinginnovations.com> > >> Subject: Re: named mystery > >> To: jekillen <jekillen@prodigy.net>, User Questions > > ><freebsd-questions@freebsd.org> > >> At 12:57 AM 12/10/2007, jekillen wrote: > >> >Hello: [lots of stuff snipped - wjv] > >> >I have two name servers for four domains. > >> >The primary name server is running FreeBSD v 6.0 > >> >and the secondary is running v 6.2. > >> >I have an MX record for each of the four registered > >> >domains. I have set up Postfix to act as a smart host > >> >mail hub (the MX host). One of the named record > >> >database is for one of the sites. When I try to send > >> >an E-mail from this message to list e-mail address. The messages > >> >bounce for dns lookup failure. > >> >The name that is being looked up is > >> > <mxhost>.<domainName>.<tld>.<targetDomainName>.<tld> > >> >Some how the two names are being mashed together and then > >> >looked up, causing the resolution failure. > >As the other respondent noted, that was because of the missing > >period. > >I've found that 'nslint' in the /usr/ports/dns hierarchy > >is a nice little program that will tell you all your errors. > >I actually run it's output through a 'filter' to get rid of > >extranous things such as 'in use by xxxx.xxx' as i have > >several sites that respond to the same IP. .... > >> >There was a period missing after the MX host name record. > >> >I added that and rebooted the machine with the primary name > >> >server just to insure that named got the change and checked the > >> >secondary record and it has the change > >You don't have to reboot Unix systems for almost all things which > >don't require a kernel change. named.restart will do the job. > >> Jeff, > >> I just checked how my DNS files look on two 6.2 servers. The > >> primary zone files will have the: > >> @ > >> while the secondary zone files will not have these. > >> In my zone files the MX appears on the primary as a the lines: ; > >> MX Record @ IN MX 10 mail.mydomain.com. > >> Note the last period after the domain suffix is there to show > >> it is a fully qualified name, with that name defined earlier in > >> this zone file. .... > >> When you make a change on the primary DNS server zone file be > >> sure to change the serial number in that zone file. Also I > >> usually stop and start named on the primary. I also remove the > >> backup files on the secondary servers and stop and start named > >> on those too to see that the new files are transferred and thus > >> being used. > >I have about 250 zones in my DNS and I've done something which > >makes sure that I always have the correct date, but all the > >domains will show the same date. > >I've extracted much of what you put in a zone file and put > >it in a file called named.soa . And in each file > >is used the $INCLUDE directive [quite handy] that > >is $INCLUDE named.soa > >Then I just update the serial number in the one file. It saves > >a lot of time, particualary yesterday when one client of > >a support house that uses our servers decided he needed > >all the standard variants .com, .net, .biz, .mobi, .info, .org, > >and .tv - plus 5 variants on his domain. > > > >I'd just dupe the zone file and make global changes in 'vi' > >and only have to update the serial number in the named.soa > >just one time. > > > >Bill > Bill, > I didn't know about the include statement, I will do that with > my zone files too. There are many shortcuts availabe and I don't use many of them. I first had to learn and put up DNS on an SCO server back in about 1994 when a local community-college for whom I was doing data base work, needed to get an internet connection. So it was sendmail on SCO - in the 4.x variety and then I took the best parts of the O'Reily book and the SCO docs and came up with my own variant. The SCO system did use the $INCLUDE. And I've used that ever since. I also have machines in our own domain - plus others - so I have the named.conf pointing to a sub-directory called 'sites' that are domains that don't belong to us. And I always found the xx.xx.xx.xx.in-addr.arpa a bit confusing to look at in a directory so I map that to files called named.rev.63.209.114 [and others] so when I search the directory the last relative quad in the listing is last. So when I need to change the reverse file it is just vi *.114. I'm lazy!! The named.hosts has all the IP addresses in it, and the only ones that are 'active' are the domains we control, BUT I have the domain listing for others with a leading ; but the name and IP in the list. This way I can scan that and find out just what IPs are in use. Little things like that make admininstering things much easier, at least for me. > Good to know about the nslint utility too. I am one who makes > typos, so it will be a good way to make sure the files are at least syntax > correct. > -Derek I never restart DNS after modifications without first running nslint. I also have 2 name servers, but I run both as primaries. Probably not the best thing - but they are on two separate machines - and I have only one network connection with a /23 block of IPs. Located in a Level 3 colo and have had less than 45 minutes of downtime from them. One was an admin mistake by our manage, the other was a flacky card in a Cisco 12000 - where small packets would get through but others would start dropping packets. That happened at about 630AM and was fixed by 700AM so no business users were affected. I think we are about the smallest ISP in existance, and we ARE the smallest in the Level 3 colo - going in the first week they opened - before they had the high $$ monthly requirements - which we could not meet now. Glad to be of help. Bill -- Bill Vermillion - bv @ wjv . com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071211200632.GA1911>