[linuxkernelnewbies] DNS FGA

[Peter Teoh]

http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/ The answering of DNS questions Do not obscure your DNS data when asking for help. It's pointless and silly. Always prove that your problem actually is a DNS problem. DNS Concepts The various rôles performed by DNS servers. The notions of "primary" and "secondary" DNS content servers only apply to database replication. The bailiwick of content DNS servers. The taxonomy of DNS server responses. What DNS query resolution is. Whence one obtains proxy DNS service. SOA is a resource record type. Content DNS servers may be "masters". The semantics of the fields of an SOA resource record. The uselessness of "Round Robin" resource record set shuffling. The gen on Verisign's Internet coup. "double reverse" DNS lookup is not a security measure. Many application client softwares use SRV lookups, but some (to their shame and embarrassment) do not. Providing DNS service Avoid RFC 2317's classless "in-addr.arpa." delegation. Modern well designed DNS server softwares simply don't need it. The DNS shaped holes that one cuts into firewalls. How to set up one's DNS servers to provide "split horizon" DNS service. How one goes about updating a resolving proxy DNS server's list of root content DNS servers. How to switch a domain from one set of content DNS servers to another. Your firewall is preventing you from using EDNS0. Fix it. How to provide proxy DNS service with an all-the-hats-at-once DNS server software. How to provide content DNS service with an all-the-hats-at-once DNS server software. Remember to populate your "internal" DNS database with data after setting up "split horizon" DNS service. Your fallback proxy DNS servers must provide the same view of the DNS namespace as your principal one. Employ split horizon DNS service if you are using non-public IP address ranges. The Superdomain owner Hall of Shame. DNS softwares The "Big Picture" for Dan Bernstein's djbdns. A similar "Big Picture" for the ISC's BIND. ISC's BIND understands bailiwick. It doesn't make full use of it, however. The tools that are available for DNS diagnosis. nslookup displays a daft error message because it is badly designed. Don't use it. nslookup is a seriously flawed tool. Don't use it. Why the results from nslookup are different to the operation of ping. The various problems with djbdns. Some of what is said about djbdns is simply wrong. dnstracer doesn't diagnose what it is intended to diagnose because it uses an incorrect query resolution algorithm. Don't rely upon it. Microsoft Windows Domain Controllers dynamically register their own IP addresses as the domain name. The Secure Dynamic DNS update client authorisation schemes used by Microsoft and ISC are incompatible.