On Fri, Dec 18, 2009 at 01:45:39PM +1100, Ian Smith wrote: > In freebsd-questions Digest, Vol 289, Issue 4, Message 14 > On Sat, 12 Dec 2009 15:32:07 -0800 Gary Kline <kl...@thought.org> wrote: > > ariatotle is offline; i'm exclusively on my new server. will > > somebody please do a digg thought.org and see if they see what i see? > > > > hope i get this..... > > At this moment just seeing SERVFAIL for thought.org, and (thus) its > listed nameservers at your registrar: > Name Server:NS1.THOUGHT.ORG > Name Server:ETHIC.THOUGHT.ORG > > ======= > smithi on sola% dig thought.org > > ; <<>> DiG 9.3.4-P1 <<>> thought.org > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20499 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;thought.org. IN A > > ;; Query time: 4730 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Dec 18 12:35:32 2009 > ;; MSG SIZE rcvd: 29 > ======= > > That's from Australia (as good as anywhere else in this regard :) > > It's a bit fraught, and not recommended (indeed, frowned upon by RFCs), > to have both/all of your domain nameserver IPs on one physical network. > > I know you had too many before, but if you know someone who can and will > provide secondary/slave DNS for you, with a decent expiry time you can > be offline for longish periods without your domain disappearing from > view, even if your mail/web//etc servers are temporarily offline. > > Rather than having to ask others to look it up, try locating some public > recursive nameserver that you can use, maybe provided by your ISP, let's > call it ns1.example.org .. then (assuming basic connectivity) you can: > > % dig @ns1.example.org [whatever.]thought.org [a|ns|soa|mx|..] >
thanks for the dig examples, first. i saw this email before i threw in the towel last night, so something must be woriking again. about having too many [[that were pointing every-whichway, i have one secondary in the UK that has kept in step with my update almost at once. but yes, there are some free or low-cost public org sites .... i just [MIS]assumed that things were set. BZZT! > to check visibility for yourself while you're tinkering with your DNS, > remembering to allow time for changes to propagate. So it's best to be > running a short default TTL (say 3600 seconds) until you're running ok, > then once OK increase it to something more reasonable, say 1 day. ah, good point, thanks. > > Don't forget to increase your zone's serial number with each change to > your configuration, or slave servers won't notice and fetch updates. > If in doubt, it never hurts to bump the serial and restart named. Use > the standard format so you never use a smaller integer than before, eg > 2009121801 for the first update today. Check the supplied HTML docs. yep. [i forgot up update twice... . ] <***> > > Ensure that your firewall allows both TCP and UDP connections inbound on > port 53 on each of your externally accessible nameservers, and of course > allows response traffic outbound. > hm. since i was switched to pfSense that means yet another thing to master. prev, i was using ifpw and did allow TCP AND UDP. Will check. gary > cheers, Ian > > PS because thought.org is SERVFAIL at the mo, you won't get this mail > direct till the domain reappears here. It'll be queued for two days. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"