All nameservers unresponsive when master is down
Sam Pointer
sam.pointer at hpdsoftware.com
Wed Apr 10 13:25:31 UTC 2002
Right, there's a bit of an admission to do here.
ns3 and ns4 are routable from the internet, there are just not *pingable" -
if you do a `dig @ns3.hpdsc.com` you should get a valid answer. This is due
to a routing "feature" of our site which is beyond my direct control.
The reason for having 4 "logcial" nameservers is that my registrar would not
permit me to enter 2 IP addresses for any given nameserver. What I wanted to
do originally was to have:
hpdsc.com. NS ns1.hpdsc.com.
hpdsc.com. NS ns2.hpdsc.com.
...
ns1.hpdsc.com. IN A 212.158.99.194
IN A 195.167.246.3
ns2.hpdsc.com. IN A 212.158.99.195
IN A 195.167.246.4
I understand that this is not allowed.
What are you thoughs on me reducing the number of presented nameservers to
2, ns1 and ns2 and setting this up thus:
hpdsc.com. NS ns1.hpdsc.com.
hpdsc.com. NS ns2.hpdsc.com.
ns1.hpdsc.com IN A 212.158.99.194
ns2.hpdsc.com IN A 195.167.246.4
and have one nameserver per leased line in my case, which should surely mean
that if the leased line serving the "212 network" was to go down, ns2 would
be avaliable to answer queries.
-----Original Message-----
From: McNutt, Justin M. [mailto:McNuttJ at missouri.edu]
Sent: 10 April 2002 14:21
To: Sam Pointer; comp-protocols-dns-bind at isc.org
Subject: RE: All nameservers unresponsive when master is down
> I have checked the resolv.conf, no, it uses itself as the nameserver.
>=20
> Even though ns3/4 are not routable by the world surely=20
> anybody performing a
> look-up on my domain would eventually hit ns2 which I know is up and
> current?
Probably, but if ns3 and ns4 are not routable by the world, you should =
probably remove them from WHOIS... AND you should make sure that NS =
records for these two servers aren't given out to the rest of the world. =
(E.g. NS-type queries to ns1 or ns2 should not show ns3 and ns4 as name =
servers for this zone).
NS3 and NS4 can function just fine as name servers without having =
existing NS records for them. Just point your clients at them via DHCP. =
Another option is to implement "split DNS", where the RR's shown to =
outside queriers is different from the RR's shown to inside queriers. =
Which solution is more complicated depends upon your environment.
> The only reason I can think of taking ns1 down breaking the=20
> domain is that
> ns1 is the only globally recognised nameserver for this=20
> domain, despite what
> `whois` says.
No one else in the Internet knows anything other than "there are these =
NS records for this zone." A quick dig shows:
;; ANSWER SECTION:
hpdsc.com. 2D IN NS NS1.hpdsc.com.
hpdsc.com. 2D IN NS NS2.hpdsc.com.
hpdsc.com. 2D IN NS NS3.hpdsc.com.
hpdsc.com. 2D IN NS NS4.hpdsc.com.
To me (and my name server, and my resolver, and...) there are no =
differences among these name servers. Any of them should be able to =
respond authoritatively for queries regarding the hpdsc.com zone.
> Is there any way to properly verify what the .com top-level=20
> servers see as
> my nameservers for this domain; would a `dig @anyrootserver=20
> hpdsc.com.` do
> it and be trustworthy?
Should be.
--J
This email and any attachments are strictly confidential and are intended
solely for the addressee. If you are not the intended recipient you must
not disclose, forward, copy or take any action in reliance on this message
or its attachments. If you have received this email in error please notify
the sender as soon as possible and delete it from your computer systems.
Any views or opinions presented are solely those of the author and do not
necessarily reflect those of HPD Software Limited or its affiliates.
At present the integrity of email across the internet cannot be guaranteed
and messages sent via this medium are potentially at risk. All liability
is excluded to the extent permitted by law for any claims arising as a re-
sult of the use of this medium to transmit information by or to
HPD Software Limited or its affiliates.
More information about the bind-users
mailing list