Posting to Newsgroup

Tue Jul 10 02:59:41 UTC 2001

On Monday 09 July 2001 07:09 pm, you wrote:
> Bryan A. Zimmer wrote:
> > Dear Paul:
> >
> > I had this exact problem once before and tore my hair out for a whole
> > weekend recreating and testing my zone and conf files. I really have
> > sympathy for your plight.
> >
> > In the following examples, imagine your domain is "yourdomain.com" and
> > your address range is
> > 201.202.123.176, netmask 255.255.255.240 (201.202.123.176 thru 191)
> >
> > Check the following:
> > 1. The first lines in your /etc/resolv.conf should read
> >
> > search yourdomain.com
> > nameserver host1.yourdomain.com
> > (etc.)    ......
>
> No, you can't use DNS names in the "nameserver" directive, at least this
> doesn't work on any OS I know of. Doing so creates a nasty chicken-and-egg
> problem: how is your resolver supposed to resolve "host1.yourdomain.com" if
> it can't resolve "host1.yourdomain.com" to know where to send the DNS
> query? You *have* to use an IP address here (unless somehow your OS'es
> resolver has been hacked to resolve this from /etc/hosts or something
> asinine like that).
>

Absolutely right, my mistake. Sorry! The "nameserver" directives in 
/etc/resolv.conf need to point at dotted-quad IP addresses and NOT to host 
names.

"nameserver 192.168.1.5 "

is what I should have had the presence of mind to remember.

My apologies for that blunder.

> > Finally, allow me to put in a good word for the utility "h2n", which is a
> > Perl program that essentially takes your /etc/hosts file and, with a
> > bunch of command line parms, creates some pretty nice zone and
> > configuration files. You may have to go in and clean up a bit, but the
> > utility will give you a good start if you are stuck. It is available on
> > ftp.isc.org.
>
> GRRR, pet peeve... "You may have to go in and clean up a bit". If you've
> outgrown "h2n" to the point where you have to "clean up a bit", then DON'T
> USE h2n!!!! Make DNS your central repository for hostname information;
> there are a plethora of tools available to maintain DNS directly without
> having to go through a hosts file and/or h2n. And, of course, with DNS as
> your central repository, you can still generate an /etc/hosts file from
> DNS, if for some extraterrestrial reason you still need an /etc/hosts
> file...
>

Yes, I understand you, I just meant that h2n can create the basic db files at 
a time when someone untrained at creating zone and conf files is having fits 
because of minor syntax errors, etc. and needs to get named up and running 
pronto.

I still have a lot to learn (obviously); but I certainly would be interested 
in the "plethora" of tools for maintaining DNS which you mentioned. I'm only 
aware of a scant few, so if you have any recommendations, I am all ears. 
Personally I favor open-source but I will pay a reasonable amount for an 
excellent tool.

---baz
-------------------------------------------------------
Sudden topic switch:

I am still trying to figure out the programming API for the resolver and name 
server library/interface on a Unix/BIND (or even Win2000) system. The DNS and 
BIND book (the O'Reilly one) says in chapter 14, "the easiest way to learn 
how to parse a DNS packet is to look at the code that already does it...". 
Then he recommends studying "res_debug.c" (from BIND 8.1.2) and the p_query 
and fp_query routines. 

Yet, things are different now with BIND version 9. Is there any sort of 
guidebook for programmers, or is this sort of guruhood only acquired by 
grinding, nitty experience? Or by poring over RFC's?

I am trying to get down as far as I can go, perhaps I will be able to have a 
go at the actual BIND source code someday. For now I just want to create and 
parse resolver packets and resource records, to have a fine grained control 
over my servers and incidentally understand more about DNS as a whole. ( If 
IPv6 became current tomorrow, I would have to return to grade school).

For now, I need a programming API that can do the basic stuff. Perl is fine, 
but C, assembly (really!) or other languages (C++, Java, Python?) have the 
low-level capabilities I'm looking for. Particularly C or similar languages. 
Maybe even Forth.

Any resource pointers would be appreciated. Old, public-domain programs, 
whatever.

If it tells you anything about why I would want to do this, I spent probably 
three or four long (22-hour) weekends plus some late nights troubleshooting 
BIND and Sendmail, which both "broke" unexpectedly after I physically moved 
equipment and reconfigured my LAN ethernet topology, switches, routers, etc. 

I was a named and sendmail maniac during those times, studying how they work 
together, learning the arcane syntax that both tend to use, etc., and trying 
to the utmost to have working mail and name service (and http and ftp and ssh 
and so on). Without DNS and Sendmail, my operations came screeching to a 
halt. Workstation PC's, unable to reach their servers, ground to a bleeding 
halt, It was a mess --- although I learned quite a bit from it all.

So I am not exactly a newbie at either BIND or Sendmail, but the more I learn 
about these and other internet programs, the more I realize I don't know. 
Surprise! There is always more...

Bryan A. Zimmer
baz at baz-tech.com
-- 
 "The New York Times is read by the people who run the country.  The
 Washington Post is read by the people who think they run the country. The
 National Enquirer is read by the people who think Elvis is alive and running
 the country ..."