On Wed, 23 Jun 2010, Steve Edwards wrote: > On Wed, 23 Jun 2010, Gordon Henderson wrote: > >>>> Ouch. 82.0.0.0/8 is on my block list, available at: >>>> >>>> http://www.sedwards.com/class-a-block-list >>>> >>>> If you don't need to receive packets from far away places, it's a great >>>> start. >> >> I'd like to have a look, but can't - I think there may be issues with your >> registrar for your domain - from where I am, there are no glue records for >> the nameservers, therefore I can't look it up... Looks like it was last >> edited just over 4 weeks ago, so maybe some caches are starting to >> time-out... >> >>> From whois: >> >> Domain servers in listed order: >> DOMAIN0.SEDWARDS.COM >> DOMAIN1.SEDWARDS.COM >> >> You need to supply the IP address of the nameservers (the glue records) if >> they're inside your own domain... > > I think I have the name servers configured correctly. I think you were having > difficulty because I was blocking everything from 195.0.0.0/8
> Please try again. I have and get the same results. DNS glue records are held by the registrar on the gTLD name servers, not your own servers - so (even though I can't access them), I should be able to see the IP addresses for your 2 name servers (DOMAIN[01].SEDWARDS.COM). The output of 'whois' should provide me with those IP addresses, but it's not. See: http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records E.g. do a whois on my domain, drogon.net and you'll see ns1.drogon.net 195.10.225.68 which indicates the glue record is in-place for ns1.drogon.net - the glue is needed because otherwise no-one would be able to find ns1.drogon.net unless they already knew it's IP address - which they won't without the glue in the gTLD servers. Same for your nameservers - no-one can find domain0.sedwards.com unless they know it's IP address, and they can't find that IP address because they don't know the IP address of your nameservers - a circular dependancy that can only be broken by providing the IP address as glue in the gTLD server. This are probably working for some people right now because of caching going on - I suspect you made a change just over 4 weeks ago and that's a typical cache-time out for a lot of systems. Your site is going to drop off the Internet fairly soon unless you get the glue records in-place. And I wasn't accessing from 195/8, but from 81/8. (Although I've tried from both places) Your filtering is far to wide-spread - you can't invite people to view things when you're blocking off a third of the Internet - including most of Europe. Well, you can, but then people are just going to whinge. That's as bad as what Earthlink or was it Verizon did a while back when they decided to reject all email from Europe on the flawed basis that more spam comes from Europe than the US. (It doesn't) Gordon -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
