On Fri, Dec 18, 2009 at 01:45:39PM +1100, Ian Smith wrote:
> In freebsd-questions Digest, Vol 289, Issue 4, Message 14
> On Sat, 12 Dec 2009 15:32:07 -0800 Gary Kline <kl...@thought.org> wrote:
>  > ariatotle is offline; i'm exclusively on my new server.  will 
>  > somebody please do a digg thought.org and see if they see what i see?
>  > 
>  >    hope i get this.....
> At this moment just seeing SERVFAIL for thought.org, and (thus) its 
> listed nameservers at your registrar:
>  Name Server:NS1.THOUGHT.ORG
> =======
> smithi on sola% dig thought.org
> ; <<>> DiG 9.3.4-P1 <<>> thought.org
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20499
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;thought.org.                   IN      A
> ;; Query time: 4730 msec
> ;; SERVER:
> ;; WHEN: Fri Dec 18 12:35:32 2009
> ;; MSG SIZE  rcvd: 29
> =======
> That's from Australia (as good as anywhere else in this regard :)
> It's a bit fraught, and not recommended (indeed, frowned upon by RFCs), 
> to have both/all of your domain nameserver IPs on one physical network.
> I know you had too many before, but if you know someone who can and will 
> provide secondary/slave DNS for you, with a decent expiry time you can 
> be offline for longish periods without your domain disappearing from 
> view, even if your mail/web//etc servers are temporarily offline.
> Rather than having to ask others to look it up, try locating some public 
> recursive nameserver that you can use, maybe provided by your ISP, let's 
> call it ns1.example.org .. then (assuming basic connectivity) you can:
> % dig @ns1.example.org [whatever.]thought.org [a|ns|soa|mx|..]

        thanks for the dig examples, first.  i saw this email before i
        threw in the towel last night, so something must be woriking

        about having too many [[that were pointing every-whichway, i
        have one secondary in the UK that has kept in step with my
        update almost at once.  but yes, there are some free or
        low-cost public org sites ....  i just [MIS]assumed that
        things were set.   BZZT!

> to check visibility for yourself while you're tinkering with your DNS, 
> remembering to allow time for changes to propagate.  So it's best to be 
> running a short default TTL (say 3600 seconds) until you're running ok, 
> then once OK increase it to something more reasonable, say 1 day.

        ah, good point, thanks.

> Don't forget to increase your zone's serial number with each change to 
> your configuration, or slave servers won't notice and fetch updates.  
> If in doubt, it never hurts to bump the serial and restart named.  Use 
> the standard format so you never use a smaller integer than before, eg 
> 2009121801 for the first update today.  Check the supplied HTML docs.

        yep.  [i forgot up update twice... . ] <***>

> Ensure that your firewall allows both TCP and UDP connections inbound on 
> port 53 on each of your externally accessible nameservers, and of course 
> allows response traffic outbound.

        hm.  since i was switched to pfSense that means yet another
        thing to master.  prev, i was using ifpw and did allow TCP AND
        UDP.  Will check.


> cheers, Ian
> PS because thought.org is SERVFAIL at the mo, you won't get this mail 
> direct till the domain reappears here.  It'll be queued for two days.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

 Gary Kline  kl...@thought.org  http://www.thought.org  Public Service Unix
        http://jottings.thought.org   http://transfinite.thought.org
    The 7.79a release of Jottings: http://jottings.thought.org/index.php

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to