Re: DNS Question

2009-10-28 Thread DAve

Chuck Swiger wrote:

On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote:
You aren't supposed to use CNAMES for anything found in other RR's; 
in particular, you should always use an A record with the hostnames 
used for nameservers (ie, have an NS record), because you are 
supposed to be using the canonical name rather than an alias.


Errr?  You mean the rule that NS and MX and SRV rdata must include an 
A record

rather than a CNAME?  That's true, but what does that have to do with web
serving?


Consider the case of redirects involving cnames; you end up with a lot 
of extra DNS traffic.


The illegality mentioned further upthread is that you can't use a 
CNAME at a zone apex because of the 'CNAME and other data rule'[*] -- 
as there's always got to be SOA and NS records at the zone apex, if 
you want a web page at 'example.com' you'ld have to provide an A or 
 record for it.  Unless you're Verisign and have control over the 
nameservers for .com, this is almost certainly illegal:


example.com. IN CNAME www.example.com

On the other hand:

www.example.com. IN CNAME example.com.

is generally fine.


It's generally fine, sure, but almost never ideal.  You don't save 
traffic by using CNAMEs instead of A records



PS: It's odd where google pulls up references to fairly canonical
docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I
deal with two-letter ISO 3166 country names more than most folks do.
Maybe Ukraine?  :-)


Of course it's Ukraine.  .uk was already taken, even though the two 
letter
iso-code for this country is officially .gb.  We're in an exclusive 
club of
two nations that generally don't use their official iso-code in the 
DNS.  No

prizes for guessing which the other one is.


Shucks, how can you pull in Jeopardy references and then deny giving out 
prizes?  Well, my guess would be ie, although people who speak Finnish 
and call their home "Suomi" might find "fi" odd, also



Cheers,

Matthew

[*] Little known factoid, but there are two legal exceptions to the 
'CNAME
and other data' rule.  You can have RRSIG or NSEC records at the same 
label

as CNAME -- see RFC 4035.  Obscure DNS trivia for 100, Alex...


Regards,



Just so everyone knows, having a domain with a CNAME at the top will 
hose your mail traffic. We tried it, and some servers delivered fine, 
others did not. Checking with dig +trace, and dns stuff, showed the 
problem. Just trying to get a MX record for mainstreetfin.com would fail.


The record we had was,
mainstreetfin.com CNAME website.elliemae.com

And the problem is shown below.

---
DNS Lookup: mainstreetfin.com MX record

Searching for mainstreetfin.com MX record at a.root-servers.net 
[198.41.0.4]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms]


Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET. 
[192.55.83.30]: Got referral to ns2auth.tls.net. (zone: 
mainstreetfin.com.) [took 11 ms]


Searching for mainstreetfin.com MX record at ns2auth.tls.net. 
[65.123.104.30]: Got CNAME of website.elliemae.com. and referral to 
k.root-servers.net [took 36 ms]


Searching for website.elliemae.com MX record at g.root-servers.net 
[192.112.36.4]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took 
143 ms]


Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET. 
[192.43.172.30]: Got referral to ns2.elliemae.net. (zone: elliemae.com.) 
[took 63 ms]


Searching for website.elliemae.com MX record at ns2.elliemae.net. 
[63.241.88.21]: Timed out. Trying again.


Searching for website.elliemae.com MX record at ns2.elliemae.net. 
[63.241.88.21]: Timed out. Trying again.


Searching for website.elliemae.com MX record at ns1.elliemae.net. 
[216.35.165.21]: Reports that no MX records exist. [took 46 ms]


Response:
No MX records exist for website.elliemae.com. [Neg TTL=300 seconds]

Details:
ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says 
that there are no MX records for website.elliemae.com.
The E-mail address in charge of the elliemae.com. zone is: 
hostmas...@elliemae.com.


NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really 
website.elliemae.com.




So some mail servers never asked our authoritative servers what the MX 
record was. Interesting.


DAve

--
"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams

http://appleseedinfo.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread RW
On Fri, 23 Oct 2009 10:33:07 -0700
xSAPPYx  wrote:

> Also, MX needs to resolve to an A, not a CNAME.. If you are using mail
> on all these domains, use A records


You can use the domains for mail provided that that they share MX
servers, if example.com has a CNAME pointing to example.net then mail
to example.com will use the mx servers for example.net.

What you shouldn't do is mix the CNAME with separate  MX records
because it creates an ambiguity.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread xSAPPYx
Also, MX needs to resolve to an A, not a CNAME.. If you are using mail
on all these domains, use A records

On Fri, Oct 23, 2009 at 10:19 AM, Sean Cavanaugh
 wrote:
>
>> >how is this illegal?
>>
>> CNAME rule:
>>
>> a node with a CNAME cannot contain any other records.
>>
>> for the node domain.tld:
>>
>> domain.tld. soa ...
>> domain.tld. ns ...
>> domain.tld. cname otherdomain.tld.
>>
>> this node has a CNAME and "other data", so it's illegal, no matter what you 
>> want to do, or what makes sense to you, or what is convenient for you.
>>
>
>
>
>
>
>
> ah yes, forgot about that. you are correct on that line.
>
>
>
> -Sean
>                                          
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread Chuck Swiger

On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote:
You aren't supposed to use CNAMES for anything found in other RR's;  
in particular, you should always use an A record with the hostnames  
used for nameservers (ie, have an NS record), because you are  
supposed to be using the canonical name rather than an alias.


Errr?  You mean the rule that NS and MX and SRV rdata must include  
an A record
rather than a CNAME?  That's true, but what does that have to do  
with web

serving?


Consider the case of redirects involving cnames; you end up with a lot  
of extra DNS traffic.


The illegality mentioned further upthread is that you can't use a  
CNAME at a zone apex because of the 'CNAME and other data rule'[*]  
-- as there's always got to be SOA and NS records at the zone apex,  
if you want a web page at 'example.com' you'ld have to provide an A  
or  record for it.  Unless you're Verisign and have control over  
the nameservers for .com, this is almost certainly illegal:


example.com. IN CNAME www.example.com

On the other hand:

www.example.com. IN CNAME example.com.

is generally fine.


It's generally fine, sure, but almost never ideal.  You don't save  
traffic by using CNAMEs instead of A records



PS: It's odd where google pulls up references to fairly canonical
docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I
deal with two-letter ISO 3166 country names more than most folks do.
Maybe Ukraine?  :-)


Of course it's Ukraine.  .uk was already taken, even though the two  
letter
iso-code for this country is officially .gb.  We're in an exclusive  
club of
two nations that generally don't use their official iso-code in the  
DNS.  No

prizes for guessing which the other one is.


Shucks, how can you pull in Jeopardy references and then deny giving  
out prizes?  Well, my guess would be ie, although people who speak  
Finnish and call their home "Suomi" might find "fi" odd, also



Cheers,

Matthew

[*] Little known factoid, but there are two legal exceptions to the  
'CNAME
and other data' rule.  You can have RRSIG or NSEC records at the  
same label

as CNAME -- see RFC 4035.  Obscure DNS trivia for 100, Alex...


Regards,
--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread Matthew Seaman

Chuck Swiger wrote:

Hi--

On Oct 23, 2009, at 9:18 AM, Sean Cavanaugh wrote:

worse, it's illegal.


how is this illegal? if you are residing your domain on a hosting 
service, this makes sense to me. Granted its bad form and should have 
an A record to the host for the main domain record, but if i had 
control over "otherdomain.com" and not "example.com" and had to change 
the IP address, "example.com" would be dead until i was able to reach 
the owner of that domain and have them change their DNS info.


You aren't supposed to use CNAMES for anything found in other RR's; in 
particular, you should always use an A record with the hostnames used 
for nameservers (ie, have an NS record), because you are supposed to be 
using the canonical name rather than an alias.


Errr?  You mean the rule that NS and MX and SRV rdata must include an A record
rather than a CNAME?  That's true, but what does that have to do with web
serving? 


The illegality mentioned further upthread is that you can't use a CNAME at a 
zone apex because of the 'CNAME and other data rule'[*] -- as there's always 
got to be SOA and NS records at the zone apex, if you want a web page at 
'example.com' you'ld have to provide an A or  record for it.  Unless you're 
Verisign and have control over the nameservers for .com, this is almost 
certainly illegal:

example.com. IN CNAME www.example.com

On the other hand:

www.example.com. IN CNAME example.com.

is generally fine.


PS: It's odd where google pulls up references to fairly canonical
docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I
deal with two-letter ISO 3166 country names more than most folks do.
Maybe Ukraine?  :-)


Of course it's Ukraine.  .uk was already taken, even though the two letter
iso-code for this country is officially .gb.  We're in an exclusive club of
two nations that generally don't use their official iso-code in the DNS.  No
prizes for guessing which the other one is.

Cheers,

Matthew

[*] Little known factoid, but there are two legal exceptions to the 'CNAME
and other data' rule.  You can have RRSIG or NSEC records at the same label
as CNAME -- see RFC 4035.  Obscure DNS trivia for 100, Alex...

--
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
 Kent, CT11 9PW



signature.asc
Description: OpenPGP digital signature


RE: DNS Question

2009-10-23 Thread Sean Cavanaugh

> >how is this illegal?
> 
> CNAME rule: 
> 
> a node with a CNAME cannot contain any other records. 
> 
> for the node domain.tld:
> 
> domain.tld. soa ...
> domain.tld. ns ...
> domain.tld. cname otherdomain.tld.
> 
> this node has a CNAME and "other data", so it's illegal, no matter what you 
> want to do, or what makes sense to you, or what is convenient for you.
> 


 

 

ah yes, forgot about that. you are correct on that line. 

 

-Sean
  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread Chuck Swiger

Hi--

On Oct 23, 2009, at 9:18 AM, Sean Cavanaugh wrote:

worse, it's illegal.


how is this illegal? if you are residing your domain on a hosting  
service, this makes sense to me. Granted its bad form and should  
have an A record to the host for the main domain record, but if i  
had control over "otherdomain.com" and not "example.com" and had to  
change the IP address, "example.com" would be dead until i was able  
to reach the owner of that domain and have them change their DNS info.


You aren't supposed to use CNAMES for anything found in other RR's; in  
particular, you should always use an A record with the hostnames used  
for nameservers (ie, have an NS record), because you are supposed to  
be using the canonical name rather than an alias.


See:

  
http://docstore.mik.ua/orelly/networking/sendmail/ch21_03.htm#SML2-CH-21-SECT-3-2

You might also find a discussion of webserver redirects and the like  
interesting:


  http://www.aitechsolutions.net/cname-serveralias-redirection.html

Regards,
--
-Chuck

PS: It's odd where google pulls up references to fairly canonical  
docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I  
deal with two-letter ISO 3166 country names more than most folks do.   
Maybe Ukraine?  :-)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


RE: DNS Question

2009-10-23 Thread Len Conrad
>> >All true, and I did not do a very good job of explaining it. My issue 
>> >was that we have requests to use a CNAME for the domain record. Such as 
>> >this.
>> >
>> >example.com CNAME otherdomain.com
>> >www.example.com CNAME otherdomain.com
>> >
>> >I was taught this was not good form
>> 
>> worse, it's illegal.
>
>
>how is this illegal?

CNAME rule: 

a node with a CNAME cannot contain any other records. 

for the node domain.tld:

domain.tld. soa ...
domain.tld. ns ...
domain.tld. cname otherdomain.tld.

this node has a CNAME and "other data", so it's illegal, no matter what you 
want to do, or what makes sense to you, or what is convenient for you.

Len


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread Len Conrad
>
>All true, and I did not do a very good job of explaining it. My issue 
>was that we have requests to use a CNAME for the domain record. Such as 
>this.
>
>example.com  CNAME  otherdomain.com
>www.example.com  CNAME   otherdomain.com
>
>I was taught this was not good form

worse, it's illegal.

, but allowed. I can deal with it. 
>But what of having a SOA record for example.com, no A or CNAME record 
>for the TLD example.com, only hosts such as www, ns1, ftp, etc.
>
>I tried it an it seems to work fine, but doesn't look proper to me. Then 
>again I remember when CNAME were considered evil.

CNAMEs are still evil, unless 
1) no other solution exists and 
2) the user knows how to use CNAMEs (rare).

Len

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread DAve

Sean Cavanaugh wrote:

 > Date: Fri, 23 Oct 2009 08:30:08 -0400
 > From: dave.l...@pixelhammer.com
 > To: freebsd-questions@freebsd.org
 > Subject: DNS Question
 >
 > Good morning.
 >
 > I have been asked by my co-workers and sales why I always create a A
 > record for new domains we host instead of a CNAME.
 >
 > The issue I run into lately with some domains is that a client has a
 > website with a industry host such as frank.relator.com and he wants to
 > have DNS point www.frank.com to frank.relator.com with a CNAME. The
 > client does not want an A record for frank.com.
 >
 > Somewhere, in a class far far away, I was taught a DNS zone had to have
 > a A record to function properly. I can't seem to locate anything in the
 > RFCs.
 >
 > Am I wrong?
 >

 
I think you are confusing basics of DNS records. you are partially 
correct in that a DNS zone needs an initial A record to be able to 
translate a name to an IP, but there is nothing wrong about setting up a 
CNAME to point to a record in a different zone instead. you just cannot 
do a zone that has a CNAME only that does not at some point to a valid A 
record. CNAMEs are forwarders only whereas A records are actual lookups.
 
for proper way to set this up
 
The A record would be assigned for the main name that you want to 
associate to an IP address.
The CNAME record just relates a different name to that original name. 
this allows you to change the IP address of the server and only have to 
update the original A record instead of every DNS record for that server.
 
for small number of vhosts, this would not really be an issue, but 
imagine if you were hosting a couple hundred vhosts from a single IP and 
then had to change that IP because you switched your ISP. It would take 
you a LONG time to update them if they were all A records, but only a 
couple of seconds if you had it properly set up as CNAME's
 
www.bobshosting.com A 192.168.0.1
www.vhost1.com   CNAME  
www.bobshosting.com .
www.vhost2.com   CNAME  
www.bobshosting.com .
www.vhost3.com   CNAME  
www.bobshosting.com .
www.vhost4.com   CNAME  
www.bobshosting.com .


 
 
-Sean


All true, and I did not do a very good job of explaining it. My issue 
was that we have requests to use a CNAME for the domain record. Such as 
this.


example.com  CNAME  otherdomain.com
www.example.com  CNAME   otherdomain.com

I was taught this was not good form, but allowed. I can deal with it. 
But what of having a SOA record for example.com, no A or CNAME record 
for the TLD example.com, only hosts such as www, ns1, ftp, etc.


I tried it an it seems to work fine, but doesn't look proper to me. Then 
again I remember when CNAME were considered evil.


DAve

--
"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams

http://appleseedinfo.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: DNS Question

2009-10-23 Thread Matthew Seaman

DAve wrote:

Good morning.

I have been asked by my co-workers and sales why I always create a A 
record for new domains we host instead of a CNAME.


The issue I run into lately with some domains is that a client has a 
website with a industry host such as frank.relator.com and he wants to 
have DNS point www.frank.com to frank.relator.com with a CNAME. The 
client does not want an A record for frank.com.


Somewhere, in a class far far away, I was taught a DNS zone had to have 
a A record to function properly. I can't seem to locate anything in the 
RFCs.


Am I wrong?


Yes, you're wrong.

In terms of web service, you can use either an A record or a CNAME record
to provide the address part of a site's URL[*].  As far as the web server is
concerned, it looks for the 'Host=' line in the HTTP packet to decide what
name-based VHOST to dispatch the query to internally, and doesn't necessarily
do any DNS lookups at all.  Web clients just do a gethostbyname(3) or 
getaddrinfo(3) call to resolve the  site name into an IP, and anything 
supported by those (/etc/hosts, NIS, LDAP, DNS) will do the trick.

In terms of the DNS a 'Zone' is a delegated block of the name space under
a single administrative control.  Typically with BIND this maps onto a single
'Zone file' containing all of the DNS resource records for the zone.  The only 
records a zone *has* to have are:

  * 1 SOA record, with the zone serial number

  * Some number of NS records giving the nameservers for the zone.

It's perfectly permissible to have a zone that doesn't contain any A
records (or  records) and in fact, reasonably common: reverse domains
generally contain mostly PTR records. 


Cheers,

Matthew

[*] Possibly others, but A and CNAME are the vast majority.  Being able to
use SRV for webservers would be cool.

--
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
 Kent, CT11 9PW



signature.asc
Description: OpenPGP digital signature


Re: DNS Question

2008-03-05 Thread David Alanis

Hi Erik:

I don't recall the how-to explaining the usage of this script. I too,  
just recently setup a DNS server for a couple domains. My  
recommendation is to familiarize yourself with the Administrators  
Reference Manual (ARM) on BIND's website:


http://www.isc.org/index.pl?/sw/bind/arm93/

I found it more valuable than just following someone else's simple steps!

David Alanis

Quoting ?? <[EMAIL PROTECTED]>:


Hello,

I am building the DNS Server,But I can't find the script   
"/etc/namedb/make-localhost" used in the document, So I can't go on   
now? Please tell me how to find the script,Thank you very much!



Best Regards!

Freebsd Lover:Erik


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






This message was sent using IMP, the Internet Messaging Program.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: DNS Question

2008-03-05 Thread Matthew Seaman
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

国徽 wrote:
> Hello,
> 
> I am building the DNS Server,But I can't find the script
> "/etc/namedb/make-localhost" used in the document, So I can't go on
> now? Please tell me how to find the script,Thank you very much!> 
> 

Unfortunately the documentation is a bit out of date.  You no longer need
to run 'make-localhost' -- there are pre-built zone files for localhost, and
for 1.0.0.127.in-addr.arpa and the equivalent inverse domain for IPv6-ish
::1 that come with the system and which you can just use without further ado.

Cheers,

Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.   Flat 3
  7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW, UK
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHzsJT3jDkPpsZ+VYRA9/oAJwPFc7OhS/5rl2RAVhqKGRP0ii/8wCbBf+m
0HqFbp1sTRR/wadko9k5BRQ=
=ufcj
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: dns question

2005-01-20 Thread Jeff MacDonald
I think it depends upon the registrar. Of the 200 domains, they are
probably registered across 2 or 3 registrars.

Some ask for just the host name, while others ask for both hostname and IP.

Jeff.


On Thu, 20 Jan 2005 13:14:01 +, Dick Davies
<[EMAIL PROTECTED]> wrote:
> * Jeff MacDonald <[EMAIL PROTECTED]> [0157 12:57]:
> > Not really a freebsdquestion specifically.
> >
> > My company uses
> >ns.foo.com  and ns1.foo.com for primay/secondary dns, about 200
> > domains rely on these.
> >
> > We want a new physical machine , in a different location, with a
> > different IP to be our secondary dns. lets call it  www.jerky.com ip =
> > 244.233.222.211 imaginary..
> 
> > Can I just make ns1.foo.com point to the new ip address, and update
> > the registrar with the new ip for ns1.foo.com, and here's the kicker
> >
> > _ NOT have to worry about changing the secondary dns info for all 200
> > other domains _
> 
> Is the second NS server listed in the domain by hostname?
> If so, you'll be alright.
> 
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> 
> --
> 'When you have to kill a man it costs nothing to be polite.'
> -- Winston Churchill, On formal declarations of war
> Rasputin :: Jack of All Trades - Master of Nuns
> 


-- 
Jeff MacDonald
http://www.halifaxbudolife.ca
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: dns question

2005-01-20 Thread Dick Davies
* Jeff MacDonald <[EMAIL PROTECTED]> [0157 12:57]:
> Not really a freebsdquestion specifically.
> 
> My company uses 
>ns.foo.com  and ns1.foo.com for primay/secondary dns, about 200
> domains rely on these.
> 
> We want a new physical machine , in a different location, with a
> different IP to be our secondary dns. lets call it  www.jerky.com ip =
> 244.233.222.211 imaginary..
 
> Can I just make ns1.foo.com point to the new ip address, and update
> the registrar with the new ip for ns1.foo.com, and here's the kicker
> 
> _ NOT have to worry about changing the secondary dns info for all 200
> other domains _

Is the second NS server listed in the domain by hostname?
If so, you'll be alright.
 
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 
'When you have to kill a man it costs nothing to be polite.'
-- Winston Churchill, On formal declarations of war
Rasputin :: Jack of All Trades - Master of Nuns
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: DNS question...

2003-08-19 Thread Supote Leelasupphakorn
Hi, 

Have you try "host" command ?

  host 

Maybe DNS takes a couple day for propagation.
If this is the case try later in next 2-3 days.

Cheers,
 --- Xpression <[EMAIL PROTECTED]> wrote: > Hi list, I'm
getting a problem with my DNS, I'm running 4.7 +
> named, the
> config files are teorically well, but when I tried to get
> access from
> outside (of the network) to my ftp site, no returns records,
> when I tried
> with the real IP, everything's fine, any suggestion...???
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]" 


Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: DNS question...

2003-06-05 Thread Jez Hancock
On Wed, Jun 04, 2003 at 12:29:29PM -0400, Xpression wrote:
> Hi list:
> 
> I want to change my DNS server/service, I still using named almost
> understand it so good, then I want to know is anyone have knowledge of any
> other DNS server that can be installed to serve DNS requests...thanks...
djbdns is highly recommended - very easy to setup if you already
understand the concept of zone files with named (although the syntax of
djbdns 'data' files is different).

djbdns is nice in that it separates the various tasks that named does
into distinct modules - one for udp auth nameserver queries (tinydns), another for
tcp (axfrdns), another for caching name server (dnscache).

The best place to read is here:
http://cr.yp.to/djbdns.html

note that djbdns is in the ports under /usr/ports/net/djbdns iirc.

Best Regards,
Jez
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


RE: DNS question

2003-02-01 Thread Len Conrad


Ahh okay, I understand that. Someone once told me the information is
already downloaded in a list, so the server doesn't have to contact
root all the time to get ns information. Is this not true anymore?


bind9 has the root-servers "hints zone" in its binary, but will use an 
external hints zone if listed in named.conf.

Len


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message


RE: DNS question

2003-02-01 Thread aSe
>[please wrap you lines at 72 characters or so]
>
>aSe wrote:
>
>> When a person does a dns lookup to the server and its not already cached,
>> how does It find out the correct name server to use to find the ip?
>
>FreeBSD comes with a list of "root" DNS servers.  These are master servers
>maintained by many different sources that have information on the top level
>domains.
> From this list, the DNS can figure out which root server to contact for .com
>or .net or .whatever.  That server then directs your server to the specific
>DNS server that has the information you are asking for.
>
>This is oversimplified.  If you have forwarders configured, then the forwarders
>check their cache first, before consulting the root servers.
>But the basic method is described there.

Ahh okay, I understand that. Someone once told me the information is 
already downloaded in a list, so the server doesn't have to contact 
root all the time to get ns information. Is this not true anymore?



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message



Re: DNS question

2003-02-01 Thread Len Conrad


When a person does a dns lookup to the server and its not already cached, 
how does It find out the correct name server to use to find the ip?

The DNS navigates the DNS namespace until it finds a positive or negative 
answer, or the until DNS's that should have the answer fail to respond.

Len


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message


Re: DNS question

2003-02-01 Thread Bill Moran
[please wrap you lines at 72 characters or so]

aSe wrote:


When a person does a dns lookup to the server and its not already cached,

> how does It find out the correct name server to use to find the ip?

FreeBSD comes with a list of "root" DNS servers.  These are master servers
maintained by many different sources that have information on the top level
domains.
From this list, the DNS can figure out which root server to contact for .com
or .net or .whatever.  That server then directs your server to the specific
DNS server that has the information you are asking for.

This is oversimplified.  If you have forwarders configured, then the forwarders
check their cache first, before consulting the root servers.
But the basic method is described there.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message