A tale of two nameservers - resolution problems

Bob Harold rharolde at umich.edu
Tue Sep 1 15:18:00 UTC 2015


On Tue, Sep 1, 2015 at 10:38 AM, Reindl Harald <h.reindl at thelounge.net>
wrote:

>
> Am 01.09.2015 um 16:28 schrieb John Miller:
>
>> On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz <rgm at htt-consult.com>
>> wrote:
>>
>>>
>>> On 09/01/2015 09:20 AM, John Miller wrote:
>>>
>>>>
>>>> If you check pcap, logs, etc., is the server's following delegation
>>>> for 0.centos.pool.ntp.org? Where do outbound packets stop?
>>>>
>>>
>>>
>>> I don't believe this and I have some serious problems.
>>>
>>> Part of my challenge is I am running the new server on an armv7 board
>>> that
>>> does not have a rtc.  So when the system boots, the time is jan 1 1970.
>>> The
>>> first thing you want to run is ntp to set the time, but requires named
>>> running and resolving.
>>>
>>> For the 'fun' of it, I used 'date' to set the time to now, and then no
>>> problem resolving 0.centos.pool.ntp.org.  So there is something about
>>> that
>>> resolution that does not like the early date.
>>>
>>> So I am caught in a time bind here!
>>>
>>> Is there anyway to get bind not to be particular about system time at
>>> first?
>>>
>>
>>
>> Hopefully this isn't a production server... rtc's kind of important
>> ;-)  I'll ditto here and say: static /etc/hosts entries or static IPs
>> in ntp.conf
>>
>
> additionally every network normally should have it's own ntpd using the
> public pool and act as source for all other machines, just because to be
> nice too the "pool.ntp.org" and hence any other box needs just an IP
> address for doing "ntpdate xx.xx.xx.xx" *before* it's own ntpd starts
>
> so you just need to make sure the correct order
>
> * ntpdate xx.xx.xx.xx
> * start ntpd
> * start named
>
> Can I suggest that rather than use  /etc/hosts, every server should have
more than one resolver listed in /etc/resolv.conf.  The first can be
127.0.0.1, but the second should be another DNS resolver as backup.

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150901/ae5ecb8a/attachment.html>


More information about the bind-users mailing list