subject:"first axfr challenges"

Re: first axfr challenges

2021-06-08 Thread Tim via users

Tim:
>> Both of those servers are accessed by name, not numerical IP
>> address, and those names have to be in some public DNS records, so
>> people can find the IP addresses for them to connect to them.

Joe Zeff:
> No.  DNS servers are always accessed by IP address, never by name. 
> Trying to access a DNS server by name would just create an endless
> loop of trying to resolve addresses as you can't get the server's
> address without using DNS to get the IP address.

That was the point I was making about glue records.  I did say it was
chicken and egg.  But let's go through that with a real world example:

I want the numerical IP for google:


$ dig google.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30708
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.IN  A

;; ANSWER SECTION:
google.com. 300 IN  A   142.250.70.238


And I get told it's 142.250.70.238 (for me, right now).  Further down
in the results of that query we find out who was holding the data:


;; AUTHORITY SECTION:
google.com. 1176IN  NS  ns3.google.com.
google.com. 1176IN  NS  ns1.google.com.
google.com. 1176IN  NS  ns2.google.com.
google.com. 1176IN  NS  ns4.google.com.


Any one of four name servers, and ... they're identified by name. 
If we want to connect to them, we have to do something else to find out
their IP.  That info's provided in the next set of data from the same
query:


;; ADDITIONAL SECTION:
ns2.google.com. 1176IN  A   216.239.34.10
ns1.google.com. 1176IN  A   216.239.32.10
ns3.google.com. 1176IN  A   216.239.36.10
ns4.google.com. 1176IN  A   216.239.38.10

;; Query time: 109 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 08 23:11:16 ACST 2021
;; MSG SIZE  rcvd: 191


A bit surprisingly, it's four name servers in the same network.  But
with google being that big, they probably have enough capacity that
they don't need to spread their records far and wide.

It's the same in BIND zone files, the first line of the record lists
the start-of-authority, and it lists the name server by name.  A bit
further down there's a NS record, that lists the name server by name. 
Much further down in all the records for the zone there'll be the A
record for the name server.

It was why the original poster couldn't answer any external queries
some time last year, I think was when the thread started.  The thing
that identified their authoritative name server was itself, isolated
from the rest of the world.

-- 
 
uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-08 Thread Tim via users

Tim:
>> The internet, at large, will always use your primary server.  If it
>> can't, it'll try your secondary server.

Ed Greshko:
> I'm not certain what you mean by the use of "primary" in that
> statement.  But I don't think it is actually accurate in any event.

It's probably an out-of-date concept, now.  When I registered my
domain, years ago, they referred to their name servers as primary and
secondary.

Most services will have several DNS servers.  They may consider one of
theirs the best, since for some reason it's faster, or bigger, or runs
on better hardware if they didn't build identical systems, or they
configure their network to favour it.  ISPs were like that.  They'd
tell you to use /this/ one preferentially.

Or, it could be that what they call their "primary" one is the one that
you're allowed to enter your data into, and the other(s) will extract
your data from their main one.

In any case, the message really is that you should have multiple DNS
servers, ones that you don't have to run yourself.

It was always recommended that you have at least two.  But you often
see some major sites will have at least four name servers.  Though I've
seen a few comments that there's little point in having massive
redundancy in answer DNS queries about you, but only one webserver
hosting your site.

-- 
 
uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-08 Thread Ed Greshko


On 07/06/2021 21:49, Tim via users wrote:

On Sun, 2021-06-06 at 11:54 -0700, Jack Craig wrote:

something i dont get, if my registrar provides glue references for
primary & secondary domain dns servers, what purpose is served by
anything in my host's named.conf (et al) having any reference to my
domain if it's not accessible/useful?

i had thought that i should provide the primary server and my hosting
service provided secondary, but that leaves only the secondary os i
have only 1 responding

The internet, at large, will always use your primary server.  If it
can't, it'll try your secondary server.


I'm not certain what you mean by the use of "primary" in that statement.  But I 
don't think
it is actually accurate in any event.

On 2 different system that have been recently rebooted, haven't done a lookup 
on a given host, so they have no
cached entry I get the following results.

System A

linuxlighthouse.com.    7200    IN  A   208.91.197.27
;; Received 64 bytes from 162.159.27.77#53(ns22.worldnic.com) in 222 ms

Sytem B

linuxlighthouse.com.    7200    IN  A   208.91.197.27
;; Received 64 bytes from 162.159.26.132#53(ns21.worldnic.com) in 201 ms

And, actually, if you run the same dig multiple times on each system you'll get 
either one of the 2.
(Not 100% sure what option in my dig command causes TTL to be ignored, probalby 
+trace)

--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Jack Craig

Thanks for all your advice; you are right!

I'll let the registrar do what they are already being paid to do.

I really appreciate your guidance, jackc...

On Mon, Jun 7, 2021 at 2:28 PM Ed Greshko  wrote:

> On 08/06/2021 02:10, Mike Wright wrote:
> > Perhaps a lot of the confusion comes from the dual uses of the term:
> >
> >   primary in search order (which is random)
> >   primary source for zone data (which is fixed by an SOA)
> >
> > To make matters more confusing there are more complex setups where the
> zone masters are also clients making them both primary and secondary.
>
> I would state that somewhat differently.  (And while, yes, violating my
> goal of not introducing tangents
> in threads seeking answers.)
>
> I would say that confusion arises when terms are used interchangeably when
> they shouldn't be.  This
> often happens when the meaning of the terms are understood based on
> context.  The confusion can
> be worse when the individual with different subject matter knowledge are
> involved in the conversation.
>
> Anyway, I feel it would be helpful to use terms in a more consistent and
> "proper" manner.
>
> primary/secondary should be used when discussing name resolution. The "old
> school" way of thinking
> about this would be the order in which DNS servers are listed in
> /etc/resolv.conf.  The first entry being
> primary with subsequent entries being secondary.
>
> master/slave should be used when speaking of the data held in DNS
> servers.  That would coincide with
> the terms used in, for example, the "zone type" declaration within the
> named.conf file of bind.
>
> --
> Remind me to ignore comments which aren't germane to the thread.
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Jack Craig

Thanks Tim,

If you aren't a teacher, you are missing an academic calling!

Thanks again!


On Mon, Jun 7, 2021 at 6:49 AM Tim via users 
wrote:

> On Sun, 2021-06-06 at 11:54 -0700, Jack Craig wrote:
> > something i dont get, if my registrar provides glue references for
> > primary & secondary domain dns servers, what purpose is served by
> > anything in my host's named.conf (et al) having any reference to my
> > domain if it's not accessible/useful?
> >
> > i had thought that i should provide the primary server and my hosting
> > service provided secondary, but that leaves only the secondary os i
> > have only 1 responding
>
> The internet, at large, will always use your primary server.  If it
> can't, it'll try your secondary server.  Both of those servers are
> accessed by name, not numerical IP address, and those names have to be
> in some public DNS records, so people can find the IP addresses for
> them to connect to them.
>
> A glue record is a helping hand to find your primary server, when
> nothing else gives information about it.
>
> e.g. I try to look up linuxlighthouse.com.  My system will find the
> root server for .com, then it will ask it who holds the records for
> linuxlighthose.com, get told ns.linuxlighthouse.com and then query
> whoever that was, for its IP address.
>
> The big gotcha is that .com will say linuxlighthouse.com is handled by
> a particular nameserver by that nameserver's *name* not its IP.
>
> So the person trying to find linuxlighthouse.com first has to find the
> IP for ns.linuxlighthouse.com.  If the only server that knows that IP
> is ns.linuxlighthouse.com, itself, outsiders have no way to find out
> the IP of the nameserver to connect to it.
>
> Having your primary server as yourself, answering queries for itself,
> and nobody outside knowing it's IP to be able query it, is the quandary
> you find yourself in.
>
> How do you spell dictionary?  Dunno, go look it up in the dictionary...
>
> Hence, the glue record.  Querying .com will say ns.linuxlighthouse.com
> is handled by the holder of that gluerecord, we'll call it example.com
> (your registrar or other service provider).  Your registrar will have
> records that everyone else can lookup, so they can find example.com's
> IP address.  Now people can connect to your example.com registrar, your
> registrar's DNS server's glue record will give them the numerical IP of
> your ns.linuxlighthouse.com DNS server that they couldn't look up
> directly.  And, then, after all that, they can find your DNS server and
> query it about linuxlighthouse.com.
>
> This is like borrowing $5 from someone who wants a favour from a third
> party before they'll give you it, and that third party wants a favour
> from a fourth party before they'll do the third party's favour, rinse,
> lather, repeat...
>
> In all seriousness, you're really doing this the hardest way possible.
> I would let your registrar be your primary and secondary DNS servers
> (they'll have more than one server), and have your IP addresses
> programmed into them.  The public can query them.  And just run your
> own name server for your own internal addresses, and for learning how
> things work.
>
> Your registar does not require you to run a DNS server to give them the
> information.  The DNS records will be programmed directly into their
> DNS server.  Either by them, manually, or automatically when you
> registered the domain name, or you'll have some webpage interface to
> enter and edit details.
>
> --
>
> uname -rsvp
> Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021
> x86_64
>
> Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
> I will only get to see the messages that are posted to the mailing list.
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Ed Greshko


On 08/06/2021 02:10, Mike Wright wrote:

Perhaps a lot of the confusion comes from the dual uses of the term:

  primary in search order (which is random)
  primary source for zone data (which is fixed by an SOA)

To make matters more confusing there are more complex setups where the zone masters are also clients making them both primary and secondary. 


I would state that somewhat differently.  (And while, yes, violating my goal of 
not introducing tangents
in threads seeking answers.)

I would say that confusion arises when terms are used interchangeably when they 
shouldn't be.  This
often happens when the meaning of the terms are understood based on context.  
The confusion can
be worse when the individual with different subject matter knowledge are 
involved in the conversation.

Anyway, I feel it would be helpful to use terms in a more consistent and 
"proper" manner.

primary/secondary should be used when discussing name resolution. The "old 
school" way of thinking
about this would be the order in which DNS servers are listed in 
/etc/resolv.conf.  The first entry being
primary with subsequent entries being secondary.

master/slave should be used when speaking of the data held in DNS servers.  
That would coincide with
the terms used in, for example, the "zone type" declaration within the 
named.conf file of bind.

--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Ed Greshko


On 07/06/2021 02:54, Jack Craig wrote:

/[jackc@ws ~ $ host -t axfr linuxlighthouse.com  
ns22.worldnic.com 
Trying "linuxlighthouse.com "
Using domain server:
Name: ns22.worldnic.com 
Address: 162.159.27.77#53
Aliases:

Host linuxlighthouse.com  not found: 4(NOTIMP)
/
/; Transfer failed./
*
*
*something i dont get, if my registrar provides glue references for primary & 
secondary domain dns servers,*
*what purpose is served by anything in my host's named.conf (et al) having any 
reference to my domain if it's not*
*accessible/useful?*
*
*
*i had thought that i should provide the primary server and my hosting service 
provided secondary, but*
*that leaves only the secondary os i have only 1 responding *


I feel you are making your life more complex/difficult than it need be.  This 
is especially the case when
your network is comprised of minimal IP addresses and public facing hosts.

It seems you want to have your DNS server as the master (using more specific 
terms now) while having
your registra's servers be slaves.  This is generally not what people do.  They 
let the registra deal with having
both master and slaves and don't run a DNS server.  On some occasions they have 
the registra as the master, plus
slaves, and they run a slave copy locally for internal use.  It is not often 
that people run a master DNS server with
their registra running slaves.  That is what I think you're attempting to do.

I frankly don't see any value in that.

However, if that is what you're wanting to do then your discussions should be 
with your registra on how to
configure their side to accommodate your wishes.  My registra allows for this 
and actually covers the topic in
various articles in the "Knowledge Base".  They also include caveats about this 
configuration as it renders some
of the services they provide customers unusable by them.

Another reason for consulting your registra is to be certain of their 
configuration.  An example would be what I
found out with my registra when I wanted to have a slave copy locally.  I 
assumed that I could do a zone transfer
from any of their public DNS servers.  That was not the case. They have a 
specific server for customers to use
from which to request the transfers.

--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Mike Wright


On 6/7/21 6:49 AM, Tim via users wrote:

On Sun, 2021-06-06 at 11:54 -0700, Jack Craig wrote:

something i dont get, if my registrar provides glue references for
primary & secondary domain dns servers, what purpose is served by
anything in my host's named.conf (et al) having any reference to my
domain if it's not accessible/useful?

i had thought that i should provide the primary server and my hosting
service provided secondary, but that leaves only the secondary os i
have only 1 responding


The internet, at large, will always use your primary server.



Hi Tim,

Are you sure about that?  If I query the gtld-servers.net. for my 
domains I always receive my two nameservers but they are in random 
order.  Typically the first record received is used for a search 
followed by the second record received.  In that sense, the first record 
received is primary in the search order, the next, secondary, and so on. 
 Since they arrive in a random order there is no such thing as a fixed 
primary or secondary.  A dnsadmin may refer to the server they manage as 
primary, but that is primary only to the dnsadmin for referential purposes.


To the best of my knowledge the SOA contains the name of the AXFR server 
(the master or primary source for zone data) and recipients of the zone 
data are referred to as clients or secondaries.


Perhaps a lot of the confusion comes from the dual uses of the term:

  primary in search order (which is random)
  primary source for zone data (which is fixed by an SOA)

To make matters more confusing there are more complex setups where the 
zone masters are also clients making them both primary and secondary.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Joe Zeff


On 6/7/21 7:49 AM, Tim via users wrote:

The internet, at large, will always use your primary server.  If it
can't, it'll try your secondary server.  Both of those servers are
accessed by name, not numerical IP address, and those names have to be
in some public DNS records, so people can find the IP addresses for
them to connect to them.


No.  DNS servers are always accessed by IP address, never by name. 
Trying to access a DNS server by name would just create an endless loop 
of trying to resolve addresses as you can't get the server's address 
without using DNS to get the IP address.  To quote Professor Harold 
Hill, "Now think, boys, think!"

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-07 Thread Tim via users

On Sun, 2021-06-06 at 11:54 -0700, Jack Craig wrote:
> something i dont get, if my registrar provides glue references for
> primary & secondary domain dns servers, what purpose is served by
> anything in my host's named.conf (et al) having any reference to my
> domain if it's not accessible/useful?
> 
> i had thought that i should provide the primary server and my hosting
> service provided secondary, but that leaves only the secondary os i
> have only 1 responding

The internet, at large, will always use your primary server.  If it
can't, it'll try your secondary server.  Both of those servers are
accessed by name, not numerical IP address, and those names have to be
in some public DNS records, so people can find the IP addresses for
them to connect to them.

A glue record is a helping hand to find your primary server, when
nothing else gives information about it.

e.g. I try to look up linuxlighthouse.com.  My system will find the
root server for .com, then it will ask it who holds the records for
linuxlighthose.com, get told ns.linuxlighthouse.com and then query
whoever that was, for its IP address.

The big gotcha is that .com will say linuxlighthouse.com is handled by
a particular nameserver by that nameserver's *name* not its IP.

So the person trying to find linuxlighthouse.com first has to find the
IP for ns.linuxlighthouse.com.  If the only server that knows that IP
is ns.linuxlighthouse.com, itself, outsiders have no way to find out
the IP of the nameserver to connect to it.

Having your primary server as yourself, answering queries for itself,
and nobody outside knowing it's IP to be able query it, is the quandary
you find yourself in.

How do you spell dictionary?  Dunno, go look it up in the dictionary...

Hence, the glue record.  Querying .com will say ns.linuxlighthouse.com
is handled by the holder of that gluerecord, we'll call it example.com
(your registrar or other service provider).  Your registrar will have
records that everyone else can lookup, so they can find example.com's
IP address.  Now people can connect to your example.com registrar, your
registrar's DNS server's glue record will give them the numerical IP of
your ns.linuxlighthouse.com DNS server that they couldn't look up
directly.  And, then, after all that, they can find your DNS server and
query it about linuxlighthouse.com.

This is like borrowing $5 from someone who wants a favour from a third
party before they'll give you it, and that third party wants a favour
from a fourth party before they'll do the third party's favour, rinse,
lather, repeat...

In all seriousness, you're really doing this the hardest way possible. 
I would let your registrar be your primary and secondary DNS servers
(they'll have more than one server), and have your IP addresses
programmed into them.  The public can query them.  And just run your
own name server for your own internal addresses, and for learning how
things work.

Your registar does not require you to run a DNS server to give them the
information.  The DNS records will be programmed directly into their
DNS server.  Either by them, manually, or automatically when you
registered the domain name, or you'll have some webpage interface to
enter and edit details.

-- 

uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64

Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-06-06 Thread Jack Craig

*whois linuxlighthouse.com  | grep ^NameName
Server: NS21.WORLDNIC.COM Name Server:
NS22.WORLDNIC.COM [jackc@ws ~ $ whois
linuxlighost -t axfr linuxlighthouse.com 
ns21.worldnic.com Trying "linuxlighthouse.com
"Using domain server:Name: ns21.worldnic.com
Address: 162.159.26.132#53Aliases: Host
linuxlighthouse.com  not found: 4(NOTIMP)*
*; Transfer failed.*









*[jackc@ws ~ $ host -t axfr linuxlighthouse.com
 ns22.worldnic.com
Trying "linuxlighthouse.com
"Using domain server:Name: ns22.worldnic.com
Address: 162.159.27.77#53Aliases: Host
linuxlighthouse.com  not found: 4(NOTIMP)*
*; Transfer failed.*

*something i dont get, if my registrar provides glue references for primary
& secondary domain dns servers,*
*what purpose is served by anything in my host's named.conf (et al) having
any reference to my domain if it's not*
*accessible/useful?*

*i had thought that i should provide the primary server and my hosting
service provided secondary, but*

*that leaves only the secondary os i have only 1 responding *


*Thx, jackc...*


On Mon, May 17, 2021 at 5:31 PM Ed Greshko  wrote:

> On 18/05/2021 03:50, Jack Craig wrote:
> > *i am getting a notauth on my axfr attempt. what i am not seeing is an
> A ip# for the secondary dns server.*
>
> Oh, FWIW, I have previously mentioned that since your system is quite
> "open" I configured a system here as a
> slave to your domain.  My named.conf contains
>
> zone "greshko.com" {
>   type master;
>   file "greshko.com.zone";
>   allow-update { none; };
>   allow-transfer { 2001:470:66:cce::2; 192.168.0.0/16;
> 2001:b030:112f:::/56; };
>  };
>
> zone "linuxlighthouse.com" {
>type slave;
>file "light.zone";
>masters { 108.220.213.121; };
>   };
>
> So, transfers of greshko.com are limited to the listed IPs.  While
> linuxlighthouse.com is wide open.
>
> So, try these to see the results.
>
> host -t axfr linuxlighthouse.com 211.75.128.214
> host -t axfr greshko.com 211.75.128.214
>
>
> --
> Remind me to ignore comments which aren't germane to the thread.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-05-17 Thread Ed Greshko


On 18/05/2021 03:50, Jack Craig wrote:

*i am getting a notauth on my axfr attempt. what i am not seeing is an  A ip# 
for the secondary dns server.*


Oh, FWIW, I have previously mentioned that since your system is quite "open" I 
configured a system here as a
slave to your domain.  My named.conf contains

zone "greshko.com" {
 type master;
 file "greshko.com.zone";
 allow-update { none; };
 allow-transfer { 2001:470:66:cce::2; 192.168.0.0/16; 
2001:b030:112f:::/56; };
    };

zone "linuxlighthouse.com" {
  type slave;
  file "light.zone";
  masters { 108.220.213.121; };
 };

So, transfers of greshko.com are limited to the listed IPs.  While 
linuxlighthouse.com is wide open.

So, try these to see the results.

host -t axfr linuxlighthouse.com 211.75.128.214
host -t axfr greshko.com 211.75.128.214


--
Remind me to ignore comments which aren't germane to the thread.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

2021-05-17 Thread Ed Greshko


On 18/05/2021 03:50, Jack Craig wrote:

*i am getting a notauth on my axfr attempt. what i am not seeing is an  A ip# 
for the secondary dns server.*
*
*
*is this missing A record a problem i need to fix for following host cli???
*
*
*
*dig @ws.linuxlighthouse.com  axfr linuxlighthouse.com 
*

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc32 <<>> @ws.linuxlighthouse.com 
 axfr linuxlighthouse.com 
; (1 server found)
;; global options: +cmd
linuxlighthouse.com . 259200 IN SOA ws.linuxlighthouse.com 
. root.linuxlighthouse.com 
. 2021051603 86400 7200 360 172800
linuxlighthouse.com . 259200 IN A 108.220.213.121
linuxlighthouse.com . 259200 IN CAA 0 issue "letsencrypt.org 
"
linuxlighthouse.com . 259200 IN NS ws.linuxlighthouse.com 
.
/_linuxlighthouse.com . 259200 IN NS ns2.swbell.net 
._/
ws.linuxlighthouse.com . 259200 IN A 
108.220.213.121
www.linuxlighthouse.com . 259200 IN A 
108.220.213.121
linuxlighthouse.com . 259200 IN SOA ws.linuxlighthouse.com 
. root.linuxlighthouse.com 
. 2021051603 86400 7200 360 172800
;; Query time: 1 msec
;; SERVER: 108.220.213.121#53(108.220.213.121)
;; WHEN: Mon May 17 12:43:43 PDT 2021
;; XFR size: 8 records (messages 1, bytes 284)

*
[jackc@ws ~ $ host -t axfr ns2.swbell.net  
ws.linuxlighthouse.com *
Trying "ns2.swbell.net "
Using domain server:
Name: ws.linuxlighthouse.com 
Address: 108.220.213.121#53
Aliases:

Host ns2.swbell.net  not found: 9(NOTAUTH)
; Transfer failed.
[jackc@ws ~ $



See "man host".  The server to query is the last entry on the line. So, the 
command should be

host -t axfr linuxlighthouse.com ns2.swbell.net

But I don't know why you'd want/need to do that.

First off, it would seem to me (and others) that AT&T or SW-Bell or whoever is 
responsible for making
your secondary DNS server hasn't completed the task.

[egreshko@acer ~]$ host ws.linuxlighthouse.com ns2.swbell.net
Using domain server:
Name: ns2.swbell.net
Address: 151.164.11.218#53
Aliases:

Host ws.linuxlighthouse.com not found: 5(REFUSED)

Says as much.  It doesn't have the info to complete the request without 
recursion and that server is
set for "no recursion".

Next, even if that server were set up as secondary server it would normally have 
"allow-transfer { none; };"
for secondary zones.  As there should be no need by anyone to request download 
of whole zones.  Especially
secondary zones.

It still puzzles me as to why you need to rely on AT&T or SW-Bell to be your 
secondary.  Why don't you just
use your registra as your secondary?  You should be able to set that up on your 
own without help from the
outside world.  I know my registra allows this.  If I wanted to, I could host 
the master DNS and let them be
slaves.  It would make your life so much easier as *everything* would be under 
your control.



--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

first axfr challenges

2021-05-17 Thread Jack Craig

*i am getting a notauth on my axfr attempt. what i am not seeing is an  A
ip# for the secondary dns server.*


*is this missing A record a problem i need to fix for following host cli???*

*dig @ws.linuxlighthouse.com  axfr
linuxlighthouse.com *

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc32 <<>> @ws.linuxlighthouse.com axfr
linuxlighthouse.com
; (1 server found)
;; global options: +cmd
linuxlighthouse.com. 259200 IN SOA ws.linuxlighthouse.com.
root.linuxlighthouse.com. 2021051603 86400 7200 360 172800
linuxlighthouse.com. 259200 IN A 108.220.213.121
linuxlighthouse.com. 259200 IN CAA 0 issue "letsencrypt.org"
linuxlighthouse.com. 259200 IN NS ws.linuxlighthouse.com.
*linuxlighthouse.com . 259200 IN NS
ns2.swbell.net .*
ws.linuxlighthouse.com. 259200 IN A 108.220.213.121
www.linuxlighthouse.com. 259200 IN A 108.220.213.121
linuxlighthouse.com. 259200 IN SOA ws.linuxlighthouse.com.
root.linuxlighthouse.com. 2021051603 86400 7200 360 172800
;; Query time: 1 msec
;; SERVER: 108.220.213.121#53(108.220.213.121)
;; WHEN: Mon May 17 12:43:43 PDT 2021
;; XFR size: 8 records (messages 1, bytes 284)


*[jackc@ws ~ $ host -t axfr ns2.swbell.net 
 ws.linuxlighthouse.com *
Trying "ns2.swbell.net"
Using domain server:
Name: ws.linuxlighthouse.com
Address: 108.220.213.121#53
Aliases:

Host ns2.swbell.net not found: 9(NOTAUTH)
; Transfer failed.
[jackc@ws ~ $
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

Re: first axfr challenges

first axfr challenges

14 matches

Site Navigation

Mail list logo

Footer information