[BALUG-Admin] Why_ should ns1.linuxmafia.com be doing secondary nameservice (for balug.org.), given that you aren't including it in the authoritative list?
Michael Paoli
Michael.Paoli@cal.berkeley.edu
Thu Aug 25 05:33:36 PDT 2016
> From: "Rick Moen" <rick@linuxmafia.com>
> Subject: Re: [BALUG-Admin] (forw) AXFR failures from 198.144.194.238
> Date: Wed, 24 Aug 2016 01:19:28 -0700
> It was the other way around (sorry, edit error). ns1.linuxmafia.com is
> NOT in the authoritative roster for domain balug.org. Specifics were in the
> same message:
>
>> $ whois balug.org | grep '^Name Server'
>> Name Server: NS1.DREAMHOST.COM
>> Name Server: NS2.DREAMHOST.COM
>> Name Server: NS3.DREAMHOST.COM
>> $
>
> So, getting back to my point (now that I'm back from Kansas City):
> _Why_ should ns1.linuxmafia.com be doing secondary nameservice, given
> that you aren't including it in the authoritative list? That's kind of
> pointless.
>
> Please advise. Thanks.
Your option on balug.org., to be or not be slave at this time.
I explained the situation earlier. Notably it's part of migration
strategy off of DreamHost.Com. - but we're not there yet (still have
to get the dang lists migrated). See the earlier explanation again
here (now for the 3rd time ;-)) ... note particularly the bit that
starts with "If you'd prefer, for balug.org, could also" ...
> From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
> To: "Rick Moen" <rick@linuxmafia.com>
> Cc: balug-admin@lists.balug.org
> Subject: Re: AXFR failures from 198.144.194.238
> Date: Mon, 22 Aug 2016 18:26:04 -0700
> And also, more info for your notes
> (e.g. /etc/named.conf.local comments)
> further below.
>
> references/excerpts:
>
>> From: "Rick Moen" <rick@linuxmafia.com>
>> Subject: Re: AXFR failures from 198.144.194.238
>> Date: Mon, 22 Aug 2016 16:05:26 -0700
>
>> Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
>>
>>> Try again, and please reenable.
>>
>> Done, and successful.
>>
>> So, is 198.144.194.238 a 'hidden master' for domains balug.org,
>> sf-lug.org, and sf-lug.com (providing AXFR to slave nameservers but not
>> declared publicly authoritative)?
>>
>> Let me know if so, and I'll annotate that in my /etc/named.conf.local
>> file.
>
> Well, yes, 198.144.194.238 is (partially?) "hidden master".
> I believe it is, however, well listed in the SOA origin, though ...
> to at least provide some clue(s):
> $ dig -t SOA sf-lug.org. +short
> ns1.sf-lug.org. jim.well.com. 1463887991 10800 3600 1209600 3600
> $ dig -t SOA sf-lug.com. +short
> ns1.sf-lug.com. jim.well.com. 1463887991 10800 3600 1209600 10800
> $ dig +short ns1.sf-lug.org. A ns1.sf-lug.org. AAAA
> 198.144.194.238
> 2001:470:1f04:19e::2
> $ dig +short ns1.sf-lug.com. A ns1.sf-lug.com. AAAA
> 198.144.194.238
> 2001:470:1f04:19e::2
> $
> ... of course those IPv6 addreses would've been likely also unresponsive
> (on same host that was wedged as is also 198.144.194.238)
>
> A reminder on the balug.org situation, as it's wee bit more complex,
> bit of expert - more fully context further below:
>> Do note, however, that at present time,
>> balug.org is NOT (yet) Internet delegated to those IPs - I don't expect
>> that to happen until we extricate ourselves from DreamHost.com
>
> Also, prefer if/whenever there might be issue contacting
> master, that slaves don't drop merely, or quickly on account
> of just that, and nothing else having changed ... as that
> semi-defeats one of the purposes of having slaves, and also
> a fairly long expire time (e.g. if disaster strikes and it takes
> some fair while to get things in operation again - at least if
> DNS slaves are still operating, the situation is a bit more
> clear for those entities trying to figure out what's going on).
>
> Thanks.
>
> More full background on balug.org, from earlier:
>> From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
>> To: "Rick Moen" <rick@linuxmafia.com>
>> Cc: BALUG-Admin <balug-admin@lists.balug.org>
>> Subject: [BALUG-Admin] DNS slaves for BALUG? :-)
>> Date: Fri, 19 Feb 2016 03:16:35 -0800
>
>> Rick,
>>
>> If you could please, and would be willing,
>> could you cover DNS slave services for BALUG,
>> notably these zones:
>> e.9.1.0.5.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
>> balug.org
>> master(s) (all for each of the above):
>> 198.144.194.238
>> 2001:470:1f04:19e::2
>> Do note, however, that at present time,
>> balug.org is NOT (yet) Internet delegated to those IPs - I don't expect
>> that to happen until we extricate ourselves from DreamHost.com - however
>> in the meantime it is maintained quite highly alike to the balug.org.
>> DNS data on DreamHost.com - I check periodically, and only differences
>> I'm aware of are SOA MNAME, RNAME, and often the REFRESH (I don't know
>> where they get their REFRESH number from - it seems to vary some fair
>> bit, with no particular discernible pattern) and I tend to keep the
>> serial # one ahead of DreamHost.com (at least most of the time when I
>> check/notice it). If you'd prefer, for balug.org, could also
>> just set up as "warm standby" - verify (to-be) slaves can do
>> AXFR pull, and put most of the configuration in place, but just
>> don't actually activate it until DNS is fully and properly Internet
>> delegated (or we're free from DreamHost.com and about to so delegate).
>>
>> I'm presuming you could do/offer this on both ns1.linuxmafia.com. and
>> also ns1.svlug.org.? That would be great, if you're able to.
>>
>> I'm also presuming the various IP information and out-of-band
>> communication information is still the same as when we set up
>> slaves for sf-lug.org (plus any relevant updates received since then).
>>
>> Just let me know, thanks (can also email just me directly for any bits
>> that ought not get publicly archived, etc.).
More information about the BALUG-Admin
mailing list