When 2nd nameserver fails....
Joseph S D Yao
jsdy at center.osis.gov
Mon Aug 9 23:58:06 UTC 2004
> To: Quarco <dontbother at hotmail.com>
How annoying when using a mailing list. Even if you are using the
NetworkNews interface to the mailing list.
On Mon, Aug 09, 2004 at 09:07:06AM +0200, Quarco wrote:
> Hi,
>
> I registered a couple domains (.nl) some weeks ago..
> Primary DNS was our server, secondairy (slave) DNS was my computer at home..
> (This had to be a temporarely solution)
>
> Now I have moved to another address and as result my (home) connection has
> been broken...
> Result:: The domains which my home-computer was slave DNS'ing for are
> UNREACHABLE!!
They are UNREACHABLE by whom?
> So, my question: How come a domain is unreachable when a (2nd) DNS fails...
They aren't.
> What is the idea behind multiple DNS servers if it doesnt work ?? :-)
It does.
> Or have I mis-configured something???
Yes.
I would be very happy to help you further, but I have reached the limit
of the information you've given.
NORMALLY, if there are multiple servers for a domain, these servers and
their IP addresses are registered with the parent domain. If the
servers are in different domains, their IP addresses are registered in
the appropriate domains.
Example:
vashti.example.net has four name servers: diesirae.vashti.example.net,
nihil.vashti.example.net, server11.uu.net, and ns-ext.vix.com. The
latter two servers' IP addresses are defined in A records in their
respective zones. However, the first two servers' IP addresses must be
defined in A records in the parent zone, example.net, and all four NS
records must be recorded in example.net. All four NS records and the
two local name servers' IP addresses ALSO have to be in the zone file
for vashti.example.net itself.
Now, a random machine looking for this machine's DNS for the first time
will be referred to the example.net name servers. The example.net name
servers can tell it not only the four name server records, but also the
two IP addresses of the local name servers. When that machine goes
back the second time, though, it will get information from the name
servers themselves - which will still have the four NS records and the
two IP addresses.
How can this break? Lots of ways. Change the IP address of one of the
name servers and never tell example.net. Change the IP address of one
of the name servers and never change the zone. Change the IP address
and have local resolvers that still point to the old IP address.
Change the IP address while someone has the old ones in cache, and they
have a lot of trouble removing it ... because the other name server was
never tested to see whether it was working ... and it doesn't. Change
the IP address and make changes to all the zone files appropriately,
but make one tiny syntax error in the master copy on whichever peer
server holds the master copy - and don't check the log files - and all
the other peer servers can no longer make slave copies of the master
copy of the zone file. Et bleeding cetera.
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list