[Nelug] [Fwd: Forward of moderated message]

Richard Patterson richard at rp2k.co.uk
Wed Apr 14 20:05:27 UTC 2004 

Hi All,

Just to let you know, this has been resolved in a private discussion 
between Andrew and I, the solution is summarised below.

The DNS system requires at least 2 different name servers, the main 
problem Andrew had was that the root servers had the wrong name servers 
for the domain.

In Andrew's case, his IP address is not guaranteed to be static, he has 
had the same address for 2+ years, but the risk is the address may 
change in the future. Obviously, this would cause major problems if the 
root servers still have his old IP address, and changes on the root 
servers take a while to propagate.

The solution we came up with was "Shadow Primary", where he uses 2 free 
secondary dns service providers to provide both servers for the root 
records. The real primary server is known only to the 2 secondary servers.

His SOA record declares 1 of the secondaries as the primary server, and 
he only lists the 2 secondary servers as NS records in his zone.

The secondary service provider transfers the zone from his home PC, by 
using his current IP address. In the event of his IP address changing, 
the 2 secondary servers will continue to work for about 7 days. During 
which time, he can update the local copy of his zone (if required), and 
change his IP address on the servers, then force the zones to reload.

Some DNS resources:

http://www.twisted4life.com/ - Free secondary service
http://www.secondary.org/ - Free secondary service

http://www.granitecanyon.com/ - Free public dns service (Primary & 
Secondary)

Regards

Richard



Andrew Hatch wrote:
> 
> Just enquiring to see if anybody has run a DNS service from their
> own Linux box?  My setup is as follows:
> 
>  [home lan]
>      |
> [debian linux]
>      |
>   [ ISP ]
> 
> Where my linux box is acting as firewall, web server, mail server
> and DNS server.  I recently experimented with changing a domain name
> I own to point to my linux box so I could do clever things with it.
> 
> My Domain Name manager interface REQUIRES me to specify two host
> names (not IP addresses) that are the primary and secondary DNS
> machines for the domain.  Using some jiggery pokery, I manage to get
> these to point to the correct name/IP.  However, despite leaving
> this for a long time (for the changes to propagate), my domain name
> doesn't appear to work.  nslookup/dig from various locations don't
> work.
> 
> Does anybody know how to debug the SERVFAIL problem I appear to
> have?  I've no idea how to work out where the problem is - the BIND
> daemon seems to be running fine - I use it for my home lan as a DNS
> cache - and it resolves my domain name correctly too for internal
> machines.  Externally, however, no joy.
> 
> Any help would be gratefully appreciated.
> 
> Regards,
> 
> Andrew Hatch
>

More information about the Nelug mailing list