DNS question

Fri Feb 13 23:07:41 UTC 2004

Hello,

Thanks for the many helpful comments.

> ; Name servers
> IN	NS	ns1.shambhalatoronto.org.
> IN	NS	ns.istop.com.
> 
> ; Mail server for domain
> IN	MX	10	ns1.shambhalatoronto.org.

>The "IN" bit is normally indented, and might be getting misparsed.

I just indented the IN lines and then checked syslog and got the
following:
Feb 13 17:46:50 ns1 named[1063]: loading configuration from
'/etc/named.conf'
Feb 13 17:46:50 ns1 named[1063]: no IPv6 interfaces found
Feb 13 17:46:50 ns1 named[1063]: zone shambhalatoronto.org/IN: loaded
serial 15
Feb 13 17:46:50 ns1 named[1063]: zone shambhalatoronto.org/IN: sending
notifies (serial 15)
Feb 13 17:46:50 ns1 named: named reload succeeded

syslog had never reported lines four and five before so perhaps things
are working now. However, odd thing is typing #host
ns1.shambhalatoronto.org is returning the incorrect IP address. It
returns 11.66.164.95 instead of 66.11.164.95. I can't figure out where
this typo occurred. The domain is registered with directnic.com. The
only data I've given them is my nameserver and istop.com's secondary
nameserver.

>You need to have UDP port 53 open to the world, for normal queries, but
TCP 53 can be
>restricted to allow only your secondaries to AXFR the domain.  The only
case in which the 
>world needs TCP/53 is if you have so many DNS records of a particular
type that a response 
>doesn't fit in a UDP packet and a resolver has to fall back on TCP to
get the whole answer 
>from your nameserver (and the right thing to do is to keep large
recordsets under the limit)

At first I hadn't opened :53 for UDP and got error messages in syslog,
then corrected that problem, so it's not that.

Thanks for the help,
Robert

Robert F. Kennedy
Toronto
H. 416-538-3904
C. 647-224-3904
Cell email: 6472243904-0QqZKF9DVJhqQkARBuupfiwD8/FfD2ys at public.gmane.org 

-----Original Message-----
From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug at ss.org] On Behalf Of Anthony
de Boer
Sent: Friday, February 13, 2004 5:30 PM
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: Re: [TLUG]: DNS question

Robert F. Kennedy wrote:
> ; Name servers
> IN	NS	ns1.shambhalatoronto.org.
> IN	NS	ns.istop.com.
> 
> ; Mail server for domain
> IN	MX	10	ns1.shambhalatoronto.org.

The "IN" bit is normally indented, and might be getting misparsed.

One of the first things you should be doing is checking
/var/log/messages for things named is saying.

(Note: syslog might be putting it in a different file, depending on your
distribution.)

> Host - ns1.shambhalatoronto.org
> Primary DNS - 66.11.164.95
> Secondary DNS - 66.11.168.199
> Tertiary DNS - 192.168.2.27
> DNS Search Path - shambhalatoronto.org

WHOIS indicates the domain's not even registered, and you want to do
that before someone squats it for you.

Also, never publish a private address (the tertiary you list) in a
public zonefile.

Other things to check: depending on what you're using for a firewall, it
might be catching DNS queries and resolving them itself.

You need to have UDP port 53 open to the world, for normal queries, but
TCP 53 can be restricted to allow only your secondaries to AXFR the
domain.  The only case in which the world needs TCP/53 is if you have so
many DNS records of a particular type that a response doesn't fit in a
UDP packet and a resolver has to fall back on TCP to get the whole
answer from your nameserver (and the right thing to do is to keep large
recordsets under the limit)

Locally, for people allowed to use your nameserver as a resolver, some
clients do want TCP/53.

Also, http://cr.yp.to/djbdns.html is homepage of a nameserver
implementation I trust enough to use; I've seen too many people get
r00ted by bugs in named.  Bernstein's stuff is quite a bit simpler, too,
although he does spread it out in a bunch of modular pieces instead of
loading it all into one monolithic program.

-- 
Anthony de Boer
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to
UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml