Hosting own domain - newb questions.

Frank Hamersley terabite at bigpond.com
Thu Aug 24 02:12:35 UTC 2006 

> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Kevin Darcy
> Sent: Thursday, 24 August 2006 9:58 AM
> Subject: Re: Hosting own domain - newb questions.
>
> >> -----Original Message-----
> >> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> >> Behalf Of Chris Buxton
> >> Sent: Tuesday, 22 August 2006 3:01 AM
> >> Subject: Re: Hosting own domain - newb questions.
[..]
> >>> Can someone in a broad brush explain how a NS can become
> >>> authorative for
> >>> itself?  I presume this is down to the "glue" but am left wondering
> >>> just how
> >>> the discovery process goes from the root servers to the delegation
> >>> point
> >>> (which I presume is my SIP).
> >>>
> >>> If needed I can post /etc/bind/* here.
> >>>
> >>> Regards, Frank.
> >>>
> I can query the name ns.gvmp.com.au successfully over the Internet.

Thanks for the hints Kevin,

The "glue" was oh so slight _wrong_!!!  Doh! - fixed now tks to Chris' eagle
eyes!

> The
> fact that you have the gvmp.com.au apex NS records and associated glue
> set to a 5-minute TTL,

Yup - will be stretching it out when changes have settled down.

> and that the only other delegated nameserver for
> the domain (ns1.westnet.com.au) is lame for it, means that there is
> going to be a lot of glue-fetching, retries, etc.

Zone tfr not happening.  What stimulates that? Is it a push from my NS or a
pull from the secondary?  What should I see in the logs and does it use the
regulation tcp/udp ports?

> and folks with
> marginal DNS connectivity, may not be able to resolve the domain at all.

Not _yet_ of interest to the public fortunately.

> This is a good illustration of why the Internet Standards dictate that
> DNS domains be delegated to at least 2 nameservers, of course with the
> assumption that both nameservers actually _work_. Why don't you try
> fixing whatever is wrong with your master/slave replication (firewall
> rules, allow-transfer ACLs or whatever)?

That is the next work ticket.  Have some reading to do first on how to cure.
Startup log follows...

Aug 24 00:53:36 gvmp named[9071]: /etc/bind/db.gvmp.com.au:39: ignoring
out-of-zone data (5.129.173.202.in-addr.arpa)
Aug 24 00:53:36 gvmp named[9071]: /etc/bind/db.gvmp.com.au:43: ignoring
out-of-zone data (1.0.0.127.in-addr.arpa)
Aug 24 00:53:36 gvmp named[9071]: zone gvmp.com.au/IN: loaded serial
2006082405
Aug 24 00:53:36 gvmp named[9071]: zone gvmp.com.au/IN: sending notifies
(serial 2006082405)

How do I get more info on the send?

> Then see if your resolution
> problems still persist even after you have 2 authoritative nameservers
> fully functional for the zone.

The other question is the PTR record.  The ISP insists of maintaining it as
we are only a small customer.  I presume they have got it right (not sure
where to check) but wanted to know if I also have to re-express it in the
authorative zone.  As logged above named is arcing up about these at the
moment!

; Reverse lookups
$ORIGIN 129.173.202.in-addr.arpa.
5               IN      PTR     gvmp.com.au.
                        ; pointer record for internet requests
;
$ORIGIN 0.0.127.in-addr.arpa.
1               IN      PTR     gvmp.com.au.
;                       ; pointer record to the localhost

For the last one I wasn't sure if it should be the zone or localhost!?!

Cheers Frank.

More information about the bind-users mailing list