From owner-freebsd-questions@FreeBSD.ORG Thu Dec 31 22:33:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 073CA106566B for ; Thu, 31 Dec 2009 22:33:22 +0000 (UTC) (envelope-from kline@thought.org) Received: from ethic.thought.org (plato.thought.org [209.180.213.209]) by mx1.freebsd.org (Postfix) with ESMTP id B09148FC1E for ; Thu, 31 Dec 2009 22:33:20 +0000 (UTC) Received: from thought.org (tao.thought.org [10.47.0.250]) (authenticated bits=0) by ethic.thought.org (8.14.3/8.14.3) with ESMTP id nBVMXHue006722; Thu, 31 Dec 2009 14:33:17 -0800 (PST) (envelope-from kline@thought.org) Received: by thought.org (nbSMTP-1.00) for uid 1002 kline@thought.org; Thu, 31 Dec 2009 14:33:17 -0800 (PST) Date: Thu, 31 Dec 2009 14:33:16 -0800 From: Gary Kline To: Jon Radel Message-ID: <20091231223316.GD3733@thought.org> References: <20091231180545.GA41589@thought.org> <4B3CF717.7050100@radel.com> <20091231195744.GA3733@thought.org> <4B3D0E07.7020107@radel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B3D0E07.7020107@radel.com> User-Agent: Mutt/1.4.2.3i X-Organization: Thought Unlimited. Public service Unix since 1986. X-Of_Interest: With 23 years of service to the Unix community. X-Spam-Status: No, score=-4.4 required=3.6 tests=ALL_TRUSTED,BAYES_00 autolearn=failed version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ethic.thought.org Cc: Gary Kline , FreeBSD Mailing List Subject: Re: NOW what? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2009 22:33:22 -0000 On Thu, Dec 31, 2009 at 12:48:07PM -0800, Jon Radel wrote: > > Gary Kline wrote: > > > > > It was a good lesson that I should NOT have ever dared to mess > > around with IPv6 ... but I did. And yup, after moving the server > > everything restarted. And that v6 stuff busted things. > > Hmmmm...yes, putting IPv6 addresses into your DNS w/o your IPv6 network > actually working does tend to break things all over the place. > > You really need a test server to play with rather than subjecting your > main [only] server to these experiments. ;-) > Hm. If live 'n' learn is the best teacher, than my experiences last night were worthy. > > > > > [ten mins later with coffee kicking in]:: a question on the > > nameserver stuff: given that I have only one ISP, how could I have > > another nameserver? ethic is DNS, mail, and web. I've got two > > secondary nameservers. One in Dallas, a second in England. > > Well....which is it? One or three nameservers.... > > I find it helps to think of nameservers as being of two types: > > 1) Resolving nameservers > > These are the servers that *your* machines use to look up addresses, > both your own and things like www.google.com. You can use your own > server. Your ISP would also have one or more available for customer > use. I'd suggest using a list of servers rather than just one. This > list is what you'd set up in /etc/resolv.conf. > > 2) Authoritative nameservers > > These are the servers that tell everyone about thought.org (in your > case). You say that you have one on ethic.thought.org and 2 secondaries > in Dallas and England. However, given that neither your parent servers > nor your own zone file as found on ethic mention those two other > servers, it's very unlikely that they're doing you any good at all. > (There are advanced scenarios where "hidden secondaries" are useful, but > I don't think any of them apply to your network.) Would it help if I send you my named.conf. And my master/thought.org database file...? I don't think it would 'hurt' to share m y configuration, but why spent the bandwidth? From what I See, ethic is my SOA. Ethic is my primary [ns1.thought.org]. Steve Bertrand said that I am missing including 'thought.org' A record from the database file. SO I followed his example and added the ^@ IN A 209.180.213.210 (along with my AAAA address record :( ) I have left out my own A record for the time being.... Jon Horne's DFW site as well as Daniel Bye's secondary are listed in named.conf. Note that two years ago when everything began collapsing--mail, and the web, this guy in Dallas came to my rescue. Now that I am reorganizing *again*, I would like to have things done right. I won't even breath on the Dell. Actually, I can't now that it's back in the corner! > > BTW, a single install of a name server on a single machine is perfectly > capable of acting as both a resolving and an authoritative server, but > it still helps, IMHO, to consider it as serving two different roles. > (All of which leaves aside the security issues involved....) I have my DSL thru the telco, USQuest or Quest. I have a set of 5 IPs from them. For some reason, Quest consider me as a business, [???], but their service has been pretty good so far. Having a second line from them or another provider might make sense if I were making money from this. Nada. > > I would suggest you find out what servers your ISP makes available as > resolving servers for customers, and use ethic followed by those servers > in resolv.conf and other such setup. > > I would suggest you find out if those secondary servers are actually > syncing the data from ethic, and if so, list them with your domain > registrar and in NS records in your dns zone. > > With those two steps, dns as a whole will become a bit more resilient > for you. Thanks for the advice. I'll see if Quest says what secondaries they have. > > --Jon Radel > jon@radel.com -- Gary Kline kline@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php