[Nelug] [Fwd: Forward of moderated message]
richard at rp2k.co.uk
Wed Apr 14 20:05:27 UTC 2004
Just to let you know, this has been resolved in a private discussion
between Andrew and I, the solution is summarised below.
The DNS system requires at least 2 different name servers, the main
problem Andrew had was that the root servers had the wrong name servers
for the domain.
In Andrew's case, his IP address is not guaranteed to be static, he has
had the same address for 2+ years, but the risk is the address may
change in the future. Obviously, this would cause major problems if the
root servers still have his old IP address, and changes on the root
servers take a while to propagate.
The solution we came up with was "Shadow Primary", where he uses 2 free
secondary dns service providers to provide both servers for the root
records. The real primary server is known only to the 2 secondary servers.
His SOA record declares 1 of the secondaries as the primary server, and
he only lists the 2 secondary servers as NS records in his zone.
The secondary service provider transfers the zone from his home PC, by
using his current IP address. In the event of his IP address changing,
the 2 secondary servers will continue to work for about 7 days. During
which time, he can update the local copy of his zone (if required), and
change his IP address on the servers, then force the zones to reload.
Some DNS resources:
http://www.twisted4life.com/ - Free secondary service
http://www.secondary.org/ - Free secondary service
http://www.granitecanyon.com/ - Free public dns service (Primary &
Andrew Hatch wrote:
> Just enquiring to see if anybody has run a DNS service from their
> own Linux box? My setup is as follows:
> [home lan]
> [debian linux]
> [ ISP ]
> Where my linux box is acting as firewall, web server, mail server
> and DNS server. I recently experimented with changing a domain name
> I own to point to my linux box so I could do clever things with it.
> My Domain Name manager interface REQUIRES me to specify two host
> names (not IP addresses) that are the primary and secondary DNS
> machines for the domain. Using some jiggery pokery, I manage to get
> these to point to the correct name/IP. However, despite leaving
> this for a long time (for the changes to propagate), my domain name
> doesn't appear to work. nslookup/dig from various locations don't
> Does anybody know how to debug the SERVFAIL problem I appear to
> have? I've no idea how to work out where the problem is - the BIND
> daemon seems to be running fine - I use it for my home lan as a DNS
> cache - and it resolves my domain name correctly too for internal
> machines. Externally, however, no joy.
> Any help would be gratefully appreciated.
> Andrew Hatch
More information about the Nelug