|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
February 23rd, 2002, 04:58 AM
|
|||
|
|||
|
DNS is killing me
hey guys
 Here goes then. i've tried everything with no luck whatsoever, there's always something that will not work  IP's = 8 Files that were edited/created /etc/resolv.conf /etc/named.conf /var/named/named.ca /var/named/localhost.zone /var/named/zenodine.net resolv.conf File created everytime server is booted. Contains ISP info. Should i add anything else to this file? named.conf Code:
// Config file for caching only name server
options {
directory "/var/named";
// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.
// query-source port 53;
version"";
auth-nxdomain no;
recursion no;
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "localhost.zone";
};
zone "zenodine.net" {
type master;
notify yes;
file "zenodine.net";
};
named.ca Code:
; <<>> DiG 9.1.3 <<>> @e.root-servers.net . ns ; global options: printcmd ; Got answer: ; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51228 ; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ; QUESTION SECTION: ; IN NS ; ANSWER SECTION: . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 B.ROOT-SERVERS.NET. 3600000 IN A 128.9.0.107 J.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.10 K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 ; Query time: 326 msec ; SERVER: 192.203.230.10#53(e.root-servers.net) ; WHEN: Sat Feb 23 04:52:57 2002 ; MSG SIZE rcvd: 436 localhost.zone Code:
$TTL 3D
@ IN SOA localhost. root.localhost. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS localhost.
1 PTR localhost.
zenodine.net Code:
$TTL 86400 zenodine.net. IN SOA ns1.zenodine.net. webmaster.zenodine.net. ( 2002020501 ; serial 86400 ; refresh 1800 ; retry 604800 ; expire 86400 ; default_ttl ) zenodine.net. IN NS ns1.zenodine.net. zenodine.net. IN NS ns2.zenodine.net. ns1.zenodine.net. IN A server-ip-address-1-here ns2.zenodine.net. IN A server-ip-address-2-here zenodine.net. IN A server-ip-address-1-here www.zenodine.net. IN A server-ip-address-1-here mail.zenodine.net. IN MX 0 ns2.zenodine.net. i've searched at linuxdocs.org, at devshed, at google and still aint working. Can anyone enlighten me please? TIA Last edited by nuno : February 23rd, 2002 at 05:02 AM.
|
|
#2
February 23rd, 2002, 06:56 AM
|
|||
|
|||
|
First off, let's see what root servers say about your NS.
$ whois zenodine.net Code:
Name Server.......... NS15A.BOCA15-VERIO.COM Name Server.......... NS15B.BOCA15-VERIO.COM Now let's ask ns15a.boca15-verio.com: $ dnsq any zenodine.net ns15a.boca15-verio.com Code:
255 zenodine.net: 273 bytes, 1+5+2+4 records, response, authoritative, weird ra, noerror query: 255 zenodine.net answer: zenodine.net 86400 A 208.55.91.110 answer: zenodine.net 86400 MX 50 mail-fwd.boca15-verio.com answer: zenodine.net 86400 NS ns15a.boca15-verio.com answer: zenodine.net 86400 NS ns15b.boca15-verio.com answer: zenodine.net 86400 SOA feed15.boca15-verio.com hostmaster.boca15-verio.com 2001081315 7200 3600 604800 86400 authority: zenodine.net 86400 NS ns15a.boca15-verio.com authority: zenodine.net 86400 NS ns15b.boca15-verio.com additional: mail-fwd.boca15-verio.com 7200 A 208.55.91.60 additional: mail-fwd.boca15-verio.com 7200 A 208.55.91.61 additional: ns15a.boca15-verio.com 7200 A 208.55.91.50 additional: ns15b.boca15-verio.com 7200 A 208.55.91.51 Oh no, verio.com sucks, because they have misconfigured your zone record. Like I always said, BIND people or the people who run BIND mostly don't have a clue about DNS. 1) weird ra: That means recursion is available with a setting of recursion yes; within the options { in named.conf. Doing recursion is just lame, waste of resource, like running open relay SMTP for anyone in the world (including spammers) to use your dns cache. In addition, recursion is highly vulnerable to DoS attack to your DNS. 2) feed15.boca15-verio.com: This field is so-called MNAME and it MUST be your primary DNS's FQDN. That said, it should be ns15a.boca15-verio.com instead. Now that you know verio.com sucks so it makes sense to run your own DNS. >> IP's = 8 You mean you have 8 static IPs? What are they? >> resolv.conf File created everytime server is booted. Because your box is configured to ask a DHCP server. Just set IP manually then you're fine. >> version""; >> auth-nxdomain no; >> recursion no; These options are great. Where did you find them? In addition, you should add fetch-glue no; and allow-transfer { ip.of.your.secondary; }; named.conf, change the following: Code:
zone "0.0.127.in-addr.arpa" {
type master;
file "localhost.zone";
};
Code:
zone "0.0.127.in-addr.arpa" {
type master;
file "localhost.zone";
allow-transfer { none; };
notify no;
};
localhost.zone file: Code:
$TTL 3D 0.0.127.in-addr.arpa. IN SOA ns1.zenodine.net. webmaster.zenodine.net. ( 20010507; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 3D ); Minimum 0.0.127.in-addr.arpa. IN NS ns1.zenodine.net. 0.0.127.in-addr.arpa. IN NS ns2.zenodine.net. 1.0.0.127.in-addr.arpa. IN PTR localhost. zenodine.net file change to: Code:
$TTL 86400 zenodine.net. IN SOA ns1.zenodine.net. webmaster.zenodine.net. ( 2002022304 ; serial 12H ; refresh (setting 24H is way too high) 1800 ; retry 2W ; expire (don't set 1 week - 604800) 1D ); default_ttl (move that closing ) on this line) zenodine.net. IN NS ns1.zenodine.net. zenodine.net. IN NS ns2.zenodine.net. ns1.zenodine.net. IN A server-ip-address-1-here ns2.zenodine.net. IN A server-ip-address-2-here zenodine.net. IN A server-ip-address-1-here localhost.zenodine.net. IN A 127.0.0.1 www.zenodine.net. IN A server-ip-address-1-here zenodine.net. IN MX 0 ns2.zenodine.net. Your mail.zenodine.net has no A record, you can't do that. mail.zenodine.net also hasn't been delegated to have its own zone. With these settings, your DNS is all set. You can contact verio.com and tell them to ***** off and update the new changes. Later on when everything is up and running you should contact verio.com again and ask if they can change the PTR records for your assigned IPs to the appropriate FQDN, so you can have a matching reverse DNS. Like I always said, having a matching reverse DNS is not required, but it makes huge difference if you have them. Last edited by freebsd : February 23rd, 2002 at 07:33 AM.
|
|
#3
February 23rd, 2002, 09:10 AM
|
|||
|
|||
|
>> These options are great. Where did you find them?
from you, i've searched your previous posts here at devshed and followed your instructions. >> In addition, you should add fetch-glue no; Shell # tail -f /var/log/messages Code:
...remove fetch-glue no it's giving an error message about being obsolete  and yet again freebsd, you have been a gr8 help many thx bud
|
|
#4
February 23rd, 2002, 09:27 AM
|
|||
|
|||
|
>> from you, i've searched your previous posts
It's good to hear that you actually searched before posting. >> it's giving an error message about being obsolete Because that option was based on BIND 8.X. So BIND in 9.X finally aware that fetch-glue is bad. BTW, in your previous post you said it didn't work. Please be more specific if you need hlep on that. Also, don't expect your authoritative DNS servers to be authoritative for your domain until it's really transferred from verio.com to you. In the meantime, you should not start BIND on boot, just use your ISP's caching nameservers. Once you verified that it's been transferred then you may run it at anytime. And don't forget, ditch BIND in 2 or 3 months and migrate to djbdns.
|
|
#5
February 23rd, 2002, 09:21 PM
|
|||
|
|||
|
i'm having a really bad time with register.com, u see.
zenodine.com registrar was register.com zenodine.net was verio and zenodine.org was tera-byte. Guess what, since they require email confirmation to change DNS, and by accident i've changed IP's i no longer have access to webmaster@register.com. I already contacted support with no answers. http://mail.zenodine.com is gone now, i guess. Do i have to ask them to change DNS or should i do it manually?Will they charge me?
|
|
#6
February 24th, 2002, 06:46 AM
|
|||
|
|||
|
Guess what, register.com has been known for being the worst registrar for many many years. They only care about new customers and existing customers who are about to renew with them. Nameserver change? They don't care. You will need to send them at least 10 emails and wait for about 3 months for them to act to just make a very little change to your zone record. So the fastest way is to change registrar like godaddy.com so you don't have to fill out forms yourself.
|
|
| Viewing: Dev Shed Forums > System Administration > DNS > DNS is killing me |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
