Quoting Bill Kendrick (n...@sonic.net): > Here ya go!
First of all, really good job! It's legible, clear, and nothing stands out immediately as 'should be fixed.' Looks like an exemplary professional job. I'm used to seeing ones that make my eyeballs ache and the ghost of Jon Postel weep. ;-> Unpacking my 'If one is being picky' criteria, hmmm.... Three things total. o Already mentioned the RFC2182 section 5 suggestion of min. 3 nameservers. > 604800 ; Expire o RFC1912 suggests an Expire value between 1209600 (14 days) and 2419200 (28 days). Unless you have an unusual reason to make cached zones expire in only 7 days, you might want to at least double zone life. (I tend to be old-school and express all time values in seconds, too, but an argument can be made that using zonefile macros for minutes, hours, days, weeks improves legibility. I'd be a hypocrite if I dinged anyone for eschewing that syntactic-sugar improvement, because I haven't started using it, either. ;-> ) o No glue records in the parent .COM zone for the two authoritative nameservers, with the result that both are 'stealth nameservers'. The consequence of having stealth nameservers is that the situation can be confusing and can cause delays or other hard to diagnose inconsistencies. Basically, there should be NS lines with corresponding A records _within_ the nameserver records of the .COM domain (called 'glue records') for ns1.domaindiscover.com and ns2.domaindiscover.com. This isn't LUGOD's fault. Tierra.net d/b/a Domaindiscover has its glue records slightly fux0red. (I remember this. They've been doing this for a long time. I used to have my domains registered there, and liked them, but never used their nameserers.) Here are .com's own nameservers: $ dig -t ns com. +short e.gtld-servers.net. g.gtld-servers.net. k.gtld-servers.net. c.gtld-servers.net. j.gtld-servers.net. i.gtld-servers.net. h.gtld-servers.net. a.gtld-servers.net. l.gtld-servers.net. d.gtld-servers.net. m.gtld-servers.net. f.gtld-servers.net. b.gtld-servers.net. $ Let's ask the first of them about ns1.domaindiscover.com: $ dig -t ns ns1.domaindiscover.com @e.gtld-servers.net. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34213 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; AUTHORITY SECTION: domaindiscover.com. 172800 IN NS ns1.tierra.net. domaindiscover.com. 172800 IN NS ns2.tierra.net. ;; ADDITIONAL SECTION: ns1.tierra.net. 172800 IN A 216.104.162.2 ns2.tierra.net. 172800 IN A 216.104.163.2 $ So, you see, the parent .com zone completely lacks NS and matching A records for ns1.domaindiscover.com. ns2 is likewise, so I'll not waste space showing that. If you want, you can fix this problem by changing your auth nameserver references in both your domain registrar record and inline in your own zonefile, to use ns1.tierra.net and ns2.tierra.net instead of ns1.domaindiscover.com and ns2.domaindiscover.com. > Anyone want to help us with this? :) Someone(s) with ongoing LUGOD involvement would be best. Please talk to me offlist if you can't find same. Anyway, truly excellent zonefile. The only half-serious issue is the one your registrar imposed on you, and that's doing very well. _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech