DNS question

[Anthony de Boer]

Robert F. Kennedy wrote:
> ; Name servers
> IN	NS	ns1.shambhalatoronto.org.
> IN	NS	ns.istop.com.
> 
> ; Mail server for domain
> IN	MX	10	ns1.shambhalatoronto.org.

The "IN" bit is normally indented, and might be getting misparsed.

One of the first things you should be doing is checking /var/log/messages
for things named is saying.

(Note: syslog might be putting it in a different file, depending on your
distribution.)

> Host - ns1.shambhalatoronto.org
> Primary DNS - 66.11.164.95
> Secondary DNS - 66.11.168.199
> Tertiary DNS - 192.168.2.27
> DNS Search Path - shambhalatoronto.org

WHOIS indicates the domain's not even registered, and you want to do
that before someone squats it for you.

Also, never publish a private address (the tertiary you list) in a public
zonefile.

Other things to check: depending on what you're using for a firewall,
it might be catching DNS queries and resolving them itself.

You need to have UDP port 53 open to the world, for normal queries, but
TCP 53 can be restricted to allow only your secondaries to AXFR the
domain.  The only case in which the world needs TCP/53 is if you have so
many DNS records of a particular type that a response doesn't fit in a
UDP packet and a resolver has to fall back on TCP to get the whole answer
from your nameserver (and the right thing to do is to keep large
recordsets under the limit)

Locally, for people allowed to use your nameserver as a resolver, some
clients do want TCP/53.

Also, http://cr.yp.to/djbdns.html is homepage of a nameserver
implementation I trust enough to use; I've seen too many people get
r00ted by bugs in named.  Bernstein's stuff is quite a bit simpler,
too, although he does spread it out in a bunch of modular pieces instead
of loading it all into one monolithic program.

-- 
Anthony de Boer
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml