All nameservers unresponsive when master is down
McNutt, Justin M.
McNuttJ at missouri.edu
Wed Apr 10 13:21:21 UTC 2002
> I have checked the resolv.conf, no, it uses itself as the nameserver.
>=20
> Even though ns3/4 are not routable by the world surely=20
> anybody performing a
> look-up on my domain would eventually hit ns2 which I know is up and
> current?
Probably, but if ns3 and ns4 are not routable by the world, you should =
probably remove them from WHOIS... AND you should make sure that NS =
records for these two servers aren't given out to the rest of the world. =
(E.g. NS-type queries to ns1 or ns2 should not show ns3 and ns4 as name =
servers for this zone).
NS3 and NS4 can function just fine as name servers without having =
existing NS records for them. Just point your clients at them via DHCP. =
Another option is to implement "split DNS", where the RR's shown to =
outside queriers is different from the RR's shown to inside queriers. =
Which solution is more complicated depends upon your environment.
> The only reason I can think of taking ns1 down breaking the=20
> domain is that
> ns1 is the only globally recognised nameserver for this=20
> domain, despite what
> `whois` says.
No one else in the Internet knows anything other than "there are these =
NS records for this zone." A quick dig shows:
;; ANSWER SECTION:
hpdsc.com. 2D IN NS NS1.hpdsc.com.
hpdsc.com. 2D IN NS NS2.hpdsc.com.
hpdsc.com. 2D IN NS NS3.hpdsc.com.
hpdsc.com. 2D IN NS NS4.hpdsc.com.
To me (and my name server, and my resolver, and...) there are no =
differences among these name servers. Any of them should be able to =
respond authoritatively for queries regarding the hpdsc.com zone.
> Is there any way to properly verify what the .com top-level=20
> servers see as
> my nameservers for this domain; would a `dig @anyrootserver=20
> hpdsc.com.` do
> it and be trustworthy?
Should be.
--J
More information about the bind-users
mailing list