Date: Thu, 31 Dec 2009 12:48:07 -0800 From: Jon Radel <jon@radel.com> To: Gary Kline <kline@thought.org> Cc: Gary Kline <kline@magnesium.net>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: NOW what? Message-ID: <4B3D0E07.7020107@radel.com> In-Reply-To: <20091231195744.GA3733@thought.org> References: <20091231180545.GA41589@thought.org> <4B3CF717.7050100@radel.com> <20091231195744.GA3733@thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Gary Kline wrote: > > It was a good lesson that I should NOT have ever dared to mess > around with IPv6 ... but I did. And yup, after moving the server > everything restarted. And that v6 stuff busted things. Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network actually working does tend to break things all over the place. You really need a test server to play with rather than subjecting your main [only] server to these experiments. ;-) > > [ten mins later with coffee kicking in]:: a question on the > nameserver stuff: given that I have only one ISP, how could I have > another nameserver? ethic is DNS, mail, and web. I've got two > secondary nameservers. One in Dallas, a second in England. Well....which is it? One or three nameservers.... I find it helps to think of nameservers as being of two types: 1) Resolving nameservers These are the servers that *your* machines use to look up addresses, both your own and things like www.google.com. You can use your own server. Your ISP would also have one or more available for customer use. I'd suggest using a list of servers rather than just one. This list is what you'd set up in /etc/resolv.conf. 2) Authoritative nameservers These are the servers that tell everyone about thought.org (in your case). You say that you have one on ethic.thought.org and 2 secondaries in Dallas and England. However, given that neither your parent servers nor your own zone file as found on ethic mention those two other servers, it's very unlikely that they're doing you any good at all. (There are advanced scenarios where "hidden secondaries" are useful, but I don't think any of them apply to your network.) BTW, a single install of a name server on a single machine is perfectly capable of acting as both a resolving and an authoritative server, but it still helps, IMHO, to consider it as serving two different roles. (All of which leaves aside the security issues involved....) I would suggest you find out what servers your ISP makes available as resolving servers for customers, and use ethic followed by those servers in resolv.conf and other such setup. I would suggest you find out if those secondary servers are actually syncing the data from ethic, and if so, list them with your domain registrar and in NS records in your dns zone. With those two steps, dns as a whole will become a bit more resilient for you. --Jon Radel jon@radel.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B3D0E07.7020107>