Re: Mother board compatibility and CF card usage as main storage device for small DNS server
Many thanks for the responses! On 01/10/2010 02:52, Paul Wootton wrote: On 09/30/10 14:54, Kaya Saman wrote: On 30/09/2010 17:54, Brent Bloxam wrote: Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) Thanks a lot so it should be ok then! :-) Yeah sounds like a good setup, and also a syslog server :- this is exactly what I need in order to check my IOS logs coming from my Cisco boxes. I had previously imagined it to be a simple tftpboot server but sounds like it's standalone. That's cool! I mean I really like having logwatch mailing me all necessary information anyway so that coupled with a syslog server should be pretty good :-) Nice ideas need to do some Google'ing now as I don't know what MFS is yet but I will :-D Cheers and best regards, Kaya I have been using a Soekris Net5501-70 box since June 2008 with a CF card running FreeBSD 7. This is being used for DNS, DHCP, NNTP, network firewall and a small asterisk server I have turned off writing messages to logs, and in June this year, I started using an MD for /var/db/dhcpd (as that was getting written to a fair amount) Im still on my original CF card, and as of yet, have not seen any problems (touch wood)... Its not the fastest box in the world, but it certainly does what I want it to do. Just takes a long time compiling a world and kernel Just another option for you... Paul I checked out the Soekris and looks more like a firewall style design with multiple LAN ports and kinda a bit more then what I need! Perhaps I'll just stick to my original SSD idea even though I'll pay a bit more but a 40GB Intel X.25 SSD should do the trick. - Am currently using this in another design for DNS where I'm using 2 BSD Jails for primary and secondary and is ultra fast :-) Just a bit more expensive but that's ok I guess Best Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Mother board compatibility and CF card usage as main storage device for small DNS server
Hi, I'm planning on using FreeBSD 8.0 x64 RELEASE edition for a small primary/secondary DNS server setup. The system will run Bind9 and have some zone files and views for the few people I host for. I am considering using a dual Atom system board with 2GB RAM and for storage was thinking of going for 16GB compact flash card instead of a normal hard disk.. This is a bit radical for me as I have never used this kind of setup before so I'm not sure how suited it will be??? These are the system boards: http://www.commell.com.tw/product/SBC/LV-67E.HTM# or http://www.globalamericaninc.com/p2808245/2808245_-_Mini-ITX_Motherboard_with_the_choice_of_Embedded_Intel_Atom_D510,_D410_or_Fanless_N450_Processor/product_info.html I mean for a DNS server (all be it a small one) is it wise to use compact flash as storage?? Thanks and regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
On 9/30/2010 4:11 AM, Kaya Saman wrote: I mean for a DNS server (all be it a small one) is it wise to use compact flash as storage?? For our GSLB DNS Slaves, we boot embedded/low power (or even VMs these days) systems with CF images off of flash, keep a shadow copy of /etc around, and program all file systems with R/W activity (/var/chroot/named/cache, where all zone files are fetched from Master NS) on MFS partitions, eliminating almost all write operations to the CF card. No swap, and RD / (/var, etc.) and MFS /usr extracted from a tarball via modified rc(8). /shadow is mounted noatime. Minimal writes to flash. The systems boot in about 30 seconds. We actually run NetBSD, but we've done similar models on FreeBSD. No CF card failures reported in five (5) years. We use Transcend Industrial series. Where it gets risky is if you just plain install a live functional FreeBSD on CF. A million inodes for /usr/src and CF is about as fast as an ESDI hard drive in an IBM XT. ~BAS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
Thanks very much Brian: On 30/09/2010 17:02, Brian A. Seklecki (CFI NOC) wrote: On 9/30/2010 4:11 AM, Kaya Saman wrote: I mean for a DNS server (all be it a small one) is it wise to use compact flash as storage?? For our GSLB DNS Slaves, we boot embedded/low power (or even VMs these days) systems with CF images off of flash, keep a shadow copy of /etc around, and program all file systems with R/W activity (/var/chroot/named/cache, where all zone files are fetched from Master NS) on MFS partitions, eliminating almost all write operations to the CF card. No swap, and RD / (/var, etc.) and MFS /usr extracted from a tarball via modified rc(8). /shadow is mounted noatime. Are you saying that you custom compiled the kernel here?? I'm not that advanced with FreeBSD yet as I've only been using it for a few months even though I have other UNIX based experience. [...] Where it gets risky is if you just plain install a live functional FreeBSD on CF. A million inodes for /usr/src and CF is about as fast as an ESDI hard drive in an IBM XT. I was planning to go Standard Minimal Install then build Bind9 from ports and of course use SSH as login system and perhaps hack out the Serial port to give me some SPARC/POWER/Cisco style RS232c login. From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. I mean this would have been a cheaper alternative to buying an SSD drive or SAS 2.5 drive but now I'm a bit worried. ~BAS Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
On 30/09/2010 17:54, Brent Bloxam wrote: Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) Thanks a lot so it should be ok then! :-) Yeah sounds like a good setup, and also a syslog server :- this is exactly what I need in order to check my IOS logs coming from my Cisco boxes. I had previously imagined it to be a simple tftpboot server but sounds like it's standalone. That's cool! I mean I really like having logwatch mailing me all necessary information anyway so that coupled with a syslog server should be pretty good :-) Nice ideas need to do some Google'ing now as I don't know what MFS is yet but I will :-D Cheers and best regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
MFS == memory filesystem; aka ram-disk. The problem being that on reboot, MFS looses all its contents, therefore practices like storing the 'startup' state for a filesystem in an archive (tar file works well) and mounting/copying on startup works well. Conversely, if you need to modify that startup state you can just over-write the tarfile again. On Thu, Sep 30, 2010 at 10:54 AM, Kaya Saman kayasa...@gmail.com wrote: On 30/09/2010 17:54, Brent Bloxam wrote: Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) Thanks a lot so it should be ok then! :-) Yeah sounds like a good setup, and also a syslog server :- this is exactly what I need in order to check my IOS logs coming from my Cisco boxes. I had previously imagined it to be a simple tftpboot server but sounds like it's standalone. That's cool! I mean I really like having logwatch mailing me all necessary information anyway so that coupled with a syslog server should be pretty good :-) Nice ideas need to do some Google'ing now as I don't know what MFS is yet but I will :-D Cheers and best regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Nathan Vidican nat...@vidican.com (519) 962-9987 (Canada) (313) 586-1982 (USA) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mother board compatibility and CF card usage as main storage device for small DNS server
On 09/30/10 14:54, Kaya Saman wrote: On 30/09/2010 17:54, Brent Bloxam wrote: Kaya Saman wrote: From what you mention it sounds like a bad idea as the system disk will have many R/W's going through it it seems as /tmp and Swap get written to all the time. You can skip swap altogether and use MFS (memory filesystem) like Brian mentioned for other high write partitions that don't need to be persistent (/tmp, /var/log). See the following article on the freebsd.org website about using solid state storage: http://www.freebsd.org/doc/en/articles/solid-state/article.html Keep in mind though that Brian's setup was for slave nameservers that would be caching from another master. If your nameserver is acting as master, you'll be storing your records on flash since you need persistent storage, but I don't imagine those files will be write intensive. Also, if you make /var/log MFS, you'll want to have an external syslog server set up ;) Thanks a lot so it should be ok then! :-) Yeah sounds like a good setup, and also a syslog server :- this is exactly what I need in order to check my IOS logs coming from my Cisco boxes. I had previously imagined it to be a simple tftpboot server but sounds like it's standalone. That's cool! I mean I really like having logwatch mailing me all necessary information anyway so that coupled with a syslog server should be pretty good :-) Nice ideas need to do some Google'ing now as I don't know what MFS is yet but I will :-D Cheers and best regards, Kaya I have been using a Soekris Net5501-70 box since June 2008 with a CF card running FreeBSD 7. This is being used for DNS, DHCP, NNTP, network firewall and a small asterisk server I have turned off writing messages to logs, and in June this year, I started using an MD for /var/db/dhcpd (as that was getting written to a fair amount) Im still on my original CF card, and as of yet, have not seen any problems (touch wood)... Its not the fastest box in the world, but it certainly does what I want it to do. Just takes a long time compiling a world and kernel Just another option for you... Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Possible to run 2 instances of Bind DNS server in jails??
Hi, I'm just reading through a thread right now on a discussion or debate whether to ports Solaris Zones to FreeBSD. My main Google search criteria was basically that I wanted to know if FreeBSD had something similar. In this discussion it was mentioned that FreeBSD Jails where the sudo 'equivalent' to Zones but of course behave much more like a chroot environment. I have to ask if it's possible since I'm coming over from Solaris to dedicate NICs to Jails and run separate instances of applications in there, the one I am looking for primarily is Bind. As I would like to use a Sun Fire V480 server as a mainframe but stuck between the application advantages of FreeBSD and some of the virtualization technologies within Solaris. Has anyone got any advice or comments as to whether I can achieve my goal?? Many thanks, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Possible to run 2 instances of Bind DNS server in jails??
The only bit I'm not certain on is dedicating a nic to a jail (more because I havent tried than because I believe it cant be done, I'd expect that the network stack virtualization in 8+ should allow this.) You can most definately run seperate instances of applications in jails. I'd recomend subscribing to the freebsd-jails mailing list (http://lists.freebsd.org/mailman/listinfo/freebsd-jail) for jail specific questions as I've only dabbled with them a little. But a 10 second example [r...@seaurchin ~]# jls JID IP Address Hostname Path 1 10.20.0.3 womble/var/jails/womble 2 10.20.0.2 foobar/var/jails/foobar [r...@seaurchin ~]# jexec 1 ps ax PID TT STAT TIME COMMAND 8166 ?? SsJ0:06.69 /usr/sbin/syslogd -s 8231 ?? SsJ1:00.94 sendmail: accepting connections (sendmail) 8235 ?? IsJ0:00.92 sendmail: Queue run...@00:30:00 for /var/spool/client 8241 ?? SsJ0:08.55 /usr/sbin/cron -s 79334 ?? IsJ0:00.06 /usr/sbin/named -u bind 79559 0 R+J0:00.00 ps ax [r...@seaurchin ~]# jexec 2 ps ax PID TT STAT TIME COMMAND 8504 ?? IsJ0:01.15 sendmail: Queue run...@00:30:00 for /var/spool/client 8510 ?? SsJ0:08.35 /usr/sbin/cron -s 79447 ?? IsJ0:00.07 /usr/sbin/named -u bind 79584 0 R+J0:00.00 ps ax Hope that helps Vince Kaya Saman wrote: Hi, I'm just reading through a thread right now on a discussion or debate whether to ports Solaris Zones to FreeBSD. My main Google search criteria was basically that I wanted to know if FreeBSD had something similar. In this discussion it was mentioned that FreeBSD Jails where the sudo 'equivalent' to Zones but of course behave much more like a chroot environment. I have to ask if it's possible since I'm coming over from Solaris to dedicate NICs to Jails and run separate instances of applications in there, the one I am looking for primarily is Bind. As I would like to use a Sun Fire V480 server as a mainframe but stuck between the application advantages of FreeBSD and some of the virtualization technologies within Solaris. Has anyone got any advice or comments as to whether I can achieve my goal?? Many thanks, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Possible to run 2 instances of Bind DNS server in jails??
Vince Hoffman wrote: The only bit I'm not certain on is dedicating a nic to a jail (more because I havent tried than because I believe it cant be done, I'd expect that the network stack virtualization in 8+ should allow this.) You can most definately run seperate instances of applications in jails. I'd recomend subscribing to the freebsd-jails mailing list (http://lists.freebsd.org/mailman/listinfo/freebsd-jail) for jail specific questions as I've only dabbled with them a little. But a 10 second example [r...@seaurchin ~]# jls JID IP Address Hostname Path 1 10.20.0.3 womble/var/jails/womble 2 10.20.0.2 foobar/var/jails/foobar [r...@seaurchin ~]# jexec 1 ps ax PID TT STAT TIME COMMAND 8166 ?? SsJ0:06.69 /usr/sbin/syslogd -s 8231 ?? SsJ1:00.94 sendmail: accepting connections (sendmail) 8235 ?? IsJ0:00.92 sendmail: Queue run...@00:30:00 for /var/spool/client 8241 ?? SsJ0:08.55 /usr/sbin/cron -s 79334 ?? IsJ0:00.06 /usr/sbin/named -u bind 79559 0 R+J0:00.00 ps ax [r...@seaurchin ~]# jexec 2 ps ax PID TT STAT TIME COMMAND 8504 ?? IsJ0:01.15 sendmail: Queue run...@00:30:00 for /var/spool/client 8510 ?? SsJ0:08.35 /usr/sbin/cron -s 79447 ?? IsJ0:00.07 /usr/sbin/named -u bind 79584 0 R+J0:00.00 ps ax Hope that helps Vince Thanks Vince! That really helps a lot :-) Will check the jails mailing list out and see what I can discover regarding the NICs... Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: DNS server Problem
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Ruel Luchavez wrote: Hi, I have BIND DNS Server in my freebsd, i keep on searching in google on how to restart it? is there a command to restart it like the squid and dhcp? or there is no command for it? That is somewhat different to what you've asked about previously. You don't say if you're running the base system version of BIND or one from ports. In the former case, you can do: /etc/rc.d/named restart In the latter case, that command should still work, but may not depending on how it was all set up. (The bind94 port doesn't come with its own rc script -- I believe the expectation is that you should use the system script by setting variables in /etc/rc.conf appropriately) In either case you should be able to do: rndc reload so long as you've properly set up /etc/namedb/rndc.conf or /etc/namedb/rndc.key Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkgDIDUACgkQ3jDkPpsZ+VbMBQCfXxg/zVy3A3WkIFkkCwaaFPBX UDkAoLVno5AyqfbcBqa9lA/J1IJn+2Iv =9bI5 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DNS server Problem
I have BIND DNS Server in my freebsd, i keep on searching in google on how to restart it? is there a command to restart it like the squid and dhcp? or there is no command for it? You might like to try # rndc reload Cheers Thanks in advanced.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server Problem
On Monday 14 April 2008 11:02:43 Ruel Luchavez wrote: I have BIND DNS Server in my freebsd, i keep on searching in google on how to restart it? is there a command to restart it like the squid and dhcp? or there is no command for it? If you start reading here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/system-administration.html It will soon answer your question and you will pick up the basics of FreeBSD administration very quickly. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS server Problem
Hi, I have BIND DNS Server in my freebsd, i keep on searching in google on how to restart it? is there a command to restart it like the squid and dhcp? or there is no command for it? Thanks in advanced.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server Problem
I have BIND DNS Server in my freebsd, i keep on searching in google on how to restart it? /etc/rc.d/named restart is there a command to restart it like the squid and dhcp? or there is no command for it? Thanks in advanced.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question regarding mail and dns server on Alix/Soekris?
Luke Dean wrote: On Mon, 7 Apr 2008, David Duong wrote: I'm planning to redoing my home network. I currently have one server (Opteron 170) that is currently a NAS, Email, and DNS server (btw, the main OS is FreeBSD). I was thinking of purchasing an Alix2c3/Soekris 5501 and use it as a Email + DNS server. Then dedicate my main server as a FreeBSD NFS server. My question is, has anyone installed a mail + DNS server on a ALIX/Soekris PC? If so, is it able to handle the load? I received a Soekris 4801 for Christmas 2005. I put FreeBSD 6 on it. It's my home network's gateway to the outside world, router, firewall (pf), dns server (bind), time server (ntpd), and socks proxy (nylon). I wanted this to be a highly reliable machine, so I opted not to install a hard drive. It boots from the compact flash card, mounted read-only so it won't wear out. I didn't want to trust my email or web content to a memory disk, so I've got those services running on another box. It's running sendmail just for nightly status reports, but that's probably not what you're interested in. It wasn't easy to set this up, but it was very rewarding. FreeBSD's diskless startup code was in a state of flux when I put this box together, but I expect it's a lot better now. I've been happy with it. I'm tempted to try upgrading it to FreeBSD 7 on some rainy weekend, and I may even install a DHCP server on it this time. I'm not sure what numbers you're interested in for determining if the box can handle the load. top registers no load, a mostly idle CPU, and mostly free memory. pfctl -s info registers between 800 and 1000 states and 255 searches per second when I'm saturating my connection with p2p traffic and using a bunch of complicated stateful firewall rules and priority queueing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Thanks for the reply! I appreciate it :) So my plan is basically this, have a Soekris/Kris box with Postfix + Dovecot etc, then mount the appropriate user's mail directories to my future NFS server. That way, nothing is being written on the compact Flash card in the Soekris/Alix box and it's just being passed on to the mount. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question regarding mail and dns server on Alix/Soekris?
On Mon, 7 Apr 2008, David Duong wrote: I'm planning to redoing my home network. I currently have one server (Opteron 170) that is currently a NAS, Email, and DNS server (btw, the main OS is FreeBSD). I was thinking of purchasing an Alix2c3/Soekris 5501 and use it as a Email + DNS server. Then dedicate my main server as a FreeBSD NFS server. My question is, has anyone installed a mail + DNS server on a ALIX/Soekris PC? If so, is it able to handle the load? I received a Soekris 4801 for Christmas 2005. I put FreeBSD 6 on it. It's my home network's gateway to the outside world, router, firewall (pf), dns server (bind), time server (ntpd), and socks proxy (nylon). I wanted this to be a highly reliable machine, so I opted not to install a hard drive. It boots from the compact flash card, mounted read-only so it won't wear out. I didn't want to trust my email or web content to a memory disk, so I've got those services running on another box. It's running sendmail just for nightly status reports, but that's probably not what you're interested in. It wasn't easy to set this up, but it was very rewarding. FreeBSD's diskless startup code was in a state of flux when I put this box together, but I expect it's a lot better now. I've been happy with it. I'm tempted to try upgrading it to FreeBSD 7 on some rainy weekend, and I may even install a DHCP server on it this time. I'm not sure what numbers you're interested in for determining if the box can handle the load. top registers no load, a mostly idle CPU, and mostly free memory. pfctl -s info registers between 800 and 1000 states and 255 searches per second when I'm saturating my connection with p2p traffic and using a bunch of complicated stateful firewall rules and priority queueing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Question regarding mail and dns server on Alix/Soekris?
Hello everyone! I'm planning to redoing my home network. I currently have one server (Opteron 170) that is currently a NAS, Email, and DNS server (btw, the main OS is FreeBSD). I was thinking of purchasing an Alix2c3/Soekris 5501 and use it as a Email + DNS server. Then dedicate my main server as a FreeBSD NFS server. My question is, has anyone installed a mail + DNS server on a ALIX/Soekris PC? If so, is it able to handle the load? I'm currently subscribed to a lot of mailing lists (Linux kernel,FreeBSD, etc) Thanks everyone! -- David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 22, 2007, at 9:04 PM, Olivier Nicole wrote: With some delay, several answers together. Very good. :-) For the example I gave, I am of course authoritative. Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results. I think that the no authoritative means it is an answer from a cache. Am I wrong? If the server is configured to serve the zone as a primary or secondary, it ought to return authoritative; if the record is being served from cache, it will not be authoritative. Perhaps part of the problem seems to be that: % dig -t ns desktops.cs.ait.ac.th ; DiG 9.3.4 -t ns desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 19501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;desktops.cs.ait.ac.th. IN NS ;; ANSWER SECTION: desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 16 12:48:42 2007 ;; MSG SIZE rcvd: 57 ...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability. It should, because dns.cs.ait.ac.th has had a very stable IP for many years and this one is served by 3 name servers. Compare your answers to that of other domains. Most big domains return A records for all nameservers listed; the rest return at least some A records as glue... When I set-up the dynamic DNS, I did not replicate it because I was not sure it woul dnot generate huge traffic, nor that redundancy was as needed as for the static DNS. But I am in the process of upgrading the hardware, so I will duplicate the name servers also for the dynamic part. OK. It's not anticipated that a reverse lookup would return a CNAME rather than a PTR. CNAME in rDNS is to my knowledge the only way to delegate a subnet of a class C: I have a /24 IP range, /25 is static and /25 is dynamic. For separation, stability, etc, I want to rDNS on /25 and that is not possible without a trick: in the zone declaration for the rDNS of the /24 170.41.192.in-addr.arpa. I have a line that says: $GENERATE 128-254 $ IN CNAME $.170.41.192.rev- dns.cs.ait.ac.th. hence the CNAME and the PTR are generated dynamically in the zone 170.41.192.rev-dns.cs.ait.ac.th Ah, you're doing classless DNS delegation. This is fine, so long as what your CNAMEs point to actually exists. If you run something (modulo your shell) like: for x in `jot 128 128` ; do dig -x 192.41.170.$x ; done ...you'll notice that you get a good answer for something like: dig -t ptr 252.170.41.192.rev-dns.cs.ait.ac.th ...so the corresponding reverse lookup works: % dig -x 192.41.170.252 ; DiG 9.3.4 -x 192.41.170.252 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 13714 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;252.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 252.170.41.192.in-addr.arpa. 42654 IN CNAME 252.170.41.192.rev- dns.cs.ait.ac.th. 252.170.41.192.rev-dns.cs.ait.ac.th. 3054 IN PTR alrw14.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 42606 IN NSdns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 23 13:25:48 2007 ;; MSG SIZE rcvd: 142 ...but: % dig -x 192.41.170.253 ; DiG 9.3.4 -x 192.41.170.253 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 4892 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;253.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 253.170.41.192.in-addr.arpa. 42652 IN CNAME 253.170.41.192.rev- dns.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 10252 IN SOA dns.cs.ait.ac.th. postmaster.cs.ait.ac.th. 2006115146 21600 1800 1209600 43200 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 23 13:25:50 2007 ;; MSG SIZE rcvd: 145 ...so perhaps I'd think about adding a: $GENERATE 128-254 $.170.41.192 PTR dhcp-192-41-170-$.cs.ait.ac.th. ...to populate your delegated PTR records, and then permit dynamic DNS or whatever to update these as needed. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Hi Chuck, With some delay, several answers together. For the example I gave, I am of course authoritative. Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results. I think that the no authoritative means it is an answer from a chache. Am I wrong? Perhaps part of the problem seems to be that: % dig -t ns desktops.cs.ait.ac.th ; DiG 9.3.4 -t ns desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 19501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;desktops.cs.ait.ac.th. IN NS ;; ANSWER SECTION: desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 16 12:48:42 2007 ;; MSG SIZE rcvd: 57 ...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability. It should, because dns.cs.ait.ac.th has had a very stable IP for many years and this one is served by 3 name servers. When I set-up the dynamic DNS, I did not replicate it because I was not sure it woul dnot generate huge traffic, nor that redundancy was as needed as for the static DNS. But I am in the process of upgrading the hardware, so I will duplicate the name servers also for the dynamic part. It's not anticipated that a reverse lookup would return a CNAME rather than a PTR. CNAME in rDNS is to my knowledge the only way to delegate a subnet of a class C: I have a /24 IP range, /25 is static and /25 is dynamic. For separation, stability, etc, I want to rDNS on /25 and that is not possible without a trick: in the zone declaration for the rDNS of the /24 170.41.192.in-addr.arpa. I have a line that says: $GENERATE 128-254 $ IN CNAME $.170.41.192.rev-dns.cs.ait.ac.th. hence the CNAME and the PTR are generated dynamically in the zone 170.41.192.rev-dns.cs.ait.ac.th Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? Yes. No, nobody else is going to see the results your local nameserver sends since it isn't authoritative for the domains, and the delegation for the IP block isn't going to point to your server but to the actual nameserver. Take a look at what happens when someone using an external nameserver does the same queries: For the example I gave, I am of course authoritative. Notice the NXDOMAIN response...? Stange, because I don't get such response, even when querying from germany to my domain in Thailand. (Could have been a matter of time of day, Friday 22:00 is busy time in Thailand, the DNS may have been hard to reach). The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check would fail. It could have been a cache issue? Same thing I get correct answer for a request made from Germany to that Thai domain. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 15, 2007, at 11:07 PM, Olivier Nicole wrote: No, nobody else is going to see the results your local nameserver sends since it isn't authoritative for the domains, and the delegation for the IP block isn't going to point to your server but to the actual nameserver. Take a look at what happens when someone using an external nameserver does the same queries: For the example I gave, I am of course authoritative. Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results. Perhaps part of the problem seems to be that: % dig -t ns desktops.cs.ait.ac.th ; DiG 9.3.4 -t ns desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 19501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;desktops.cs.ait.ac.th. IN NS ;; ANSWER SECTION: desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 16 12:48:42 2007 ;; MSG SIZE rcvd: 57 ...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability. Notice the NXDOMAIN response...? Stange, because I don't get such response, even when querying from germany to my domain in Thailand. (Could have been a matter of time of day, Friday 22:00 is busy time in Thailand, the DNS may have been hard to reach). Perhaps. The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check would fail. It could have been a cache issue? Same thing I get correct answer for a request made from Germany to that Thai domain. It's not anticipated that a reverse lookup would return a CNAME rather than a PTR. Best of luck, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Sorry I not explained clearly: Who is assigning the dynamic IP ? This is my Lan, server is freebsd 6.2, My LAN have 5 XP,Linux CLients. I registered a DynamicIP at dyndns.com: www.thecuong.gotdns.com In Freebsd 6.2, I have also postfix MTA. Currently my clients have mail adress such as [EMAIL PROTECTED], [EMAIL PROTECTED] With this mail addressed, I cand send/receive mail from/to my company, Yahoo etc. But my postfix only can receive mails from freebsd-questions mailing list, it can not send mail to this. I recognized that the cause of this problem is that my DNS (on Freebsd 6.2) not reverse lookup as freebsd-questions requiried in order to prevent spam. Freebsd-questions is currently treats [EMAIL PROTECTED], [EMAIL PROTECTED] as spam. When mail fom these addressed come, it rejected. I suggest that now I will attached zone file and reverse file, then could you help me check and let me know what's wrong? Pls help me, I really need your help. Tnx Olivier Nicole wrote: Maybe I'm stupid because I already spent 3 days creating my zone file and reverse file but I still can not sussefull. I'm running FreeBSD 6.2, I have DynamicIP: www.thecuong.gotdns.com. Could you help me to create the simple example of zone file and reverse file for me Who is assigning the dynamic IP ? Dynamic DNS only works with DHCP: DCHP gives and IP to a machine and then it informes DNS that it has given that IP and that now the DNS should update its synamic tables accordingly. You cannot have dynamic DNS working alone (well I think so). Plus the DNS server that holds dynamic reccords should be at a fixed IP address (I never heard of a DNS server on a machine with dynamic IP, that sounds way to unstable to me). Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
I understand your problem. dyndns.com is taking care of the forward dynamic DNS for you. Now who is in charge of the reverse DNS for 58.187.106.120 (your current IP)? I beleive it is FPT. So FPT should upgrade its own reverse DNS every time it gives an IP to your server. Right now if I make a reverse DNS lookup on 58.187.106.120 it gets nothing, while it should get thecuong.gotdns.com. The easiest way to solve your email problem would be that your server sends all the email thought FPT mail server. As a rule, it is a bad idea to use a machine with a dynamic address to be an SMTP server: when the IP changes, the DNS cache will take some time to update everywhere, so for some time your email will be sent to the wrong IP: mailiong list may decide that your account is dead and remove you from the list. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
But my postfix only can receive mails from freebsd-questions mailing list, it can not send mail to this. There is another thing you have to consider. As it is explained in http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 your dynamic IP has been black listed (the IP was used before by someone else who sent SPAM, so now the IP is in a list of bad guys and many mail server will refuse to receive emails from your IP). So it is really a better idea that you sent all your email thought FPT email server. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On 7/13/07, Olivier Nicole [EMAIL PROTECTED] wrote: I understand your problem. dyndns.com is taking care of the forward dynamic DNS for you. Now who is in charge of the reverse DNS for 58.187.106.120 (your current IP)? I beleive it is FPT. So FPT should upgrade its own reverse DNS every time it gives an IP to your server. Right now if I make a reverse DNS lookup on 58.187.106.120 it gets nothing, while it should get thecuong.gotdns.com. The easiest way to solve your email problem would be that your server sends all the email thought FPT mail server. As a rule, it is a bad idea to use a machine with a dynamic address to be an SMTP server: when the IP changes, the DNS cache will take some time to update everywhere, so for some time your email will be sent to the wrong IP: mailiong list may decide that your account is dead and remove you from the list. Olivier This same issue is being discussed at http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Olivier Nicole wrote: But my postfix only can receive mails from freebsd-questions mailing list, it can not send mail to this. There is another thing you have to consider. As it is explained in http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 your dynamic IP has been black listed (the IP was used before by someone else who sent SPAM, so now the IP is in a list of bad guys and many mail server will refuse to receive emails from your IP). So it is really a better idea that you sent all your email thought FPT email server. Best regards, Olivier OK I understood, this is one lession I learned today: In order to run real mail server, fixed IP address for forward and reverse DNS is must-have. I will choose method of relaying through ISP though I prefer the first one. Tnx you very much. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
vuthecuong wrote: Olivier Nicole wrote: But my postfix only can receive mails from freebsd-questions mailing list, it can not send mail to this. There is another thing you have to consider. As it is explained in http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 your dynamic IP has been black listed (the IP was used before by someone else who sent SPAM, so now the IP is in a list of bad guys and many mail server will refuse to receive emails from your IP). So it is really a better idea that you sent all your email thought FPT email server. Best regards, Olivier OK I understood, this is one lession I learned today: In order to run real mail server, fixed IP address for forward and reverse DNS is must-have. I will choose method of relaying through ISP though I prefer the first one. Tnx you very much. The ISP who assigns you the IP from their allocated block are responsible for the reverse entry. You can create one locally, but the Internet as a whole will never look to anything you set up for an rDNS entry. I believe that every IP that is in use on a network, no matter what piece of infrastructure or computer it is assigned to should have a reverse entry. Most ISP's now are configuring rDNS entries for dynamic clients as such, with prefixes that include ppp, dynamic, dialin etc. Almost all of these such entries will cause mail blocks leading to blacklists due to the fact 99.99% of dynamic IP entries should never be sending mail directly to another MX to begin with. In your case, you can still run a fully functional email server at your end, however, instead of sending out directly, you use your upstream as your smart host as stated above. Aside from that, if you are a non-business client without static IP(s), your ISP should be blocking you from sending outbound 25 traffic into their network, except to their mail servers directly anyway. Of course, your ISP should also be blocking port 25 inbound into their network from the outside world, and outbound from their network to you (except to their own legit mail servers) to protect against exploitation of someone with an open relay. (You shouldn't be able to use yourself on the dynamic IP as an SMTP server from outside your own location). If they have implemented this, then you will have to use SMTP Auth on port 587. As a matter of fact, you should be using this anyway. This ISP uses SMTP Auth across the board for all of our users (ADSL, SDSL, dial-up etc). Only a very small handful are permitted to use port 25, and those clients would be the ones (like old Mac OS mail software) that do not have the ability to implement port 587. Cheers! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 12, 2007, at 10:09 PM, vuthecuong wrote: I just confirm only: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? No. Reverse lookups are controlled by whoever owns the IP delegation for the netblock in question, and they are not going to configure PTR records for dynamic IPs. If you want to have reverse lookups you control, you'll need to get static IPs. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 12, 2007, at 10:36 PM, Olivier Nicole wrote: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? Yes. No, nobody else is going to see the results your local nameserver sends since it isn't authoritative for the domains, and the delegation for the IP block isn't going to point to your server but to the actual nameserver. Take a look at what happens when someone using an external nameserver does the same queries: Forward DNS lookup: (alrw17.desktops.cs.ait.ac.th is dynamic DNS) banyanon57: dig alrw17.desktops.cs.ait.ac.th ; DiG 9.3.1 alrw17.desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 15772 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;alrw17.desktops.cs.ait.ac.th. IN A ;; ANSWER SECTION: alrw17.desktops.cs.ait.ac.th. 3600 IN A 192.41.170.214 ;; AUTHORITY SECTION: desktops.cs.ait.ac.th. 43200 IN NS dns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 1 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:23 2007 ;; MSG SIZE rcvd: 96 % dig alrw17.desktops.cs.ait.ac.th ; DiG 9.3.4 alrw17.desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 30625 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;alrw17.desktops.cs.ait.ac.th. IN A ;; AUTHORITY SECTION: desktops.cs.ait.ac.th. 10800 IN SOA dns.cs.ait.ac.th. postmaster.cs.ait.ac.th. 2006139734 21600 1800 1209600 43200 ;; Query time: 892 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jul 13 13:09:14 2007 ;; MSG SIZE rcvd: 97 Notice the NXDOMAIN response...? Reverse DNS lookup: banyanon58: dig -x 192.41.170.214 ; DiG 9.3.1 -x 192.41.170.214 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 14984 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;214.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev- dns.cs.ait.ac .th. 214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR alrw17.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 9 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:31 2007 ;; MSG SIZE rcvd: 158 % dig -x 192.41.170.214 ; DiG 9.3.4 -x 192.41.170.214 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 53167 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;214.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev- dns.cs.ait.ac.th. 214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR VAIO.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th. ;; Query time: 438 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jul 13 13:09:49 2007 ;; MSG SIZE rcvd: 140 The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check would fail. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Chuck Swiger wrote: On Jul 12, 2007, at 10:09 PM, vuthecuong wrote: I just confirm only: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? No. Reverse lookups are controlled by whoever owns the IP delegation for the netblock in question, and they are not going to configure PTR records for dynamic IPs. If you want to have reverse lookups you control, you'll need to get static IPs. Slight correction. To do what you want, you will need to get a static ip. Then you can request your isp (or whoever owns the ip block) to setup the PTR record for you. *whois -a 192.41.170.214* OrgName:Asia Pacific Network Information Centre OrgID: APNIC Address:PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country:AU ReferralServer: whois://whois.apnic.net NetRange: 192.41.170.0 - 192.41.170.255 CIDR: 192.41.170.0/24 NetName:APNIC-ERX-192-41-170-0 NetHandle: NET-192-41-170-0-1 Parent: NET-192-0-0-0-0 NetType:Early Registrations, Transferred to APNIC Comment:This IP address range is not registered in the ARIN database. Comment:This range was transferred to the APNIC Whois Database as Comment:part of the ERX (Early Registration Transfer) project. Comment:For details, refer to the APNIC Whois Database via Comment:WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl Comment:** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment:for the Asia Pacific region. APNIC does not operate networks Comment:using this IP address range and is not able to investigate Comment:spam or abuse reports relating to these addresses. For more Comment:help, refer to http://www.apnic.net/info/faq/abuse RegDate:2005-01-31 Updated:2005-01-31 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3100 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2007-07-12 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. *whois -h WHOIS.APNIC.NET 192.41.170.214* % [whois.apnic.net node-1] % Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html inetnum: 192.41.170.0 - 192.41.170.255 netname: AIT-CS-NET descr:imported inetnum object for AIT-4 country: TH admin-c: KK705-AP tech-c: KK705-AP status: ASSIGNED PORTABLE remarks: -- remarks: imported from ARIN object: remarks: remarks: inetnum: 192.41.170.0 - 192.41.170.255 remarks: netname: AIT-CS-NET remarks: org-id: AIT-4 remarks: status: assignment remarks: rev-srv: CS4.CS.AIT.AC.TH NS.THNIC.NET NS.UU.NET remarks: tech-c: KK96-ARIN remarks: reg-date:1988-07-08 remarks: changed: [EMAIL PROTECTED] 19950525 remarks: source: ARIN remarks: remarks: -- notify: [EMAIL PROTECTED] mnt-by: APNIC-HM changed: [EMAIL PROTECTED] 19950525 changed: [EMAIL PROTECTED] 20041222 source: APNIC person: Kanchana Kanchanasut address: Asian Institute of Technology Km 42 Paholtothin Road Pratumthani Province country: TH phone:+662 5245703 e-mail: [EMAIL PROTECTED] nic-hdl: KK705-AP remarks: -- remarks: imported from ARIN object: remarks: remarks: poc-handle: KK96-ARIN remarks: is-role: N remarks: last-name: Kanchanasut remarks: first-name: Kanchana remarks: street: Asian Institute of Technology Km 42 Paholtothin Road Pratumthani Province remarks: country: TH remarks: mailbox: [EMAIL PROTECTED] remarks: bus-phone: +662 5245703 remarks: reg-date:1992-11-23 remarks: changed: [EMAIL PROTECTED] 19921123 remarks: source: ARIN remarks: remarks: -- notify: [EMAIL PROTECTED] mnt-by: MNT-ERX-ASIANINSTIOFTECHN-NON-TH changed: [EMAIL PROTECTED] 20041222 source: APNIC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 13, 2007, at 10:44 AM, Dan Casey wrote: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? No. Reverse lookups are controlled by whoever owns the IP delegation for the netblock in question, and they are not going to configure PTR records for dynamic IPs. If you want to have reverse lookups you control, you'll need to get static IPs. Slight correction. To do what you want, you will need to get a static ip. Then you can request your isp (or whoever owns the ip block) to setup the PTR record for you. That's not really a correction. :-) If you get a single static IP, for example, normally the ISP or netblock owner will not delegate that, but are willing to setup a PTR record. If you get a larger static netblock, especially a /24 or larger, then your ISP can delegate reverse DNS to nameservers you run, and thus you can set up and change the reverse lookup results at will without needing your ISP to make PTR record changes. See http://www.ietf.org/ rfc/rfc2317.txt about Classless IN-ADDR.ARPA delegation for the deal with regard to delegation of smaller netblocks than a /24. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Chuck Swiger wrote: On Jul 13, 2007, at 10:44 AM, Dan Casey wrote: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? No. Reverse lookups are controlled by whoever owns the IP delegation for the netblock in question, and they are not going to configure PTR records for dynamic IPs. If you want to have reverse lookups you control, you'll need to get static IPs. Slight correction. To do what you want, you will need to get a static ip. Then you can request your isp (or whoever owns the ip block) to setup the PTR record for you. That's not really a correction. :-) Correct ;) If you get a single static IP, for example, normally the ISP or netblock owner will not delegate that, but are willing to setup a PTR record. That is, if the ISP *is* willing to set up a rDNS entry. I have had clients move from their previous provider to us because the old provider would not set up a reverse DNS entry for their statically assigned IP(s). Sounds bad, but it happens. If you get a larger static netblock, especially a /24 or larger, then your ISP can delegate reverse DNS to nameservers you run, and thus you can set up and change the reverse lookup results at will without needing your ISP to make PTR record changes. See http://www.ietf.org/rfc/rfc2317.txt about Classless IN-ADDR.ARPA delegation for the deal with regard to delegation of smaller netblocks than a /24. I personally wouldn't do this. If anything, I would delegate permissions on our name servers so that the client can log in to our DNS interface and make the changes there. That way, we always have control over the names in the event you ever have a rogue employee at the other end. However, we don't do anything of the sort. When clients need rDNS entries changed, the client requests it, and we make it so. It is the same way that we work with one of our external ADSL wholesalers. Mind you, when you call us, someone answers the phone. You can ask for the button pushers directly, and changes are made live time mostly. Try that with a Sympatico, AOL or the like. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
is is able to setting up DNS server reverse lookup with DynamicIP?
I just confirm only: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? Tnx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Maybe I'm stupid because I already spent 3 days creating my zone file and reverse file but I still can not sussefull. I'm running FreeBSD 6.2, I have DynamicIP: www.thecuong.gotdns.com. Could you help me to create the simple example of zone file and reverse file for me Who is assigning the dynamic IP ? Dynamic DNS only works with DHCP: DCHP gives and IP to a machine and then it informes DNS that it has given that IP and that now the DNS should update its synamic tables accordingly. You cannot have dynamic DNS working alone (well I think so). Plus the DNS server that holds dynamic reccords should be at a fixed IP address (I never heard of a DNS server on a machine with dynamic IP, that sounds way to unstable to me). Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Hi Olivier Nicole
Tnx for ur quick response.
I'm very very new to both DNS and Freebsd.
Maybe I'm stupid because I already spent 3 days creating my zone file
and reverse file
but I still can not sussefull.
I'm running FreeBSD 6.2, I have DynamicIP: www.thecuong.gotdns.com.
Could you help me to create the simple example of zone file and reverse
file for me
for thecuong.gotdns.com so that I can learn from you?
I'm really really stuck.
Below is my named.conf:
options {
directory/etc/namedb;
pid-file/var/run/named/pid;
dump-file/var/dump/named_dump.db;
statistics-file/var/stats/named.stats;
listen-on{ 127.0.0.1; 192.168.0.1; };
forward only;
forwarders {
210.245.0.131;
};
};
zone . {
type hint;
file named.root;
};
---
And below is my localhost.rev:
;From: @(#)localhost.rev5.1 (Berkeley) 6/30/90
; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40
peter Exp $
;
; This file is automatically edited by the `make-localhost' script in
; the /etc/namedb directory.
;
$TTL3600
@INSOAlocalhost.localdomain. root.localhost.localdomain. (
20070713; Serial
3600; Refresh
900; Retry
360; Expire
3600 ); Minimum
INNSlocalhost.localdomain.
1INPTRlocalhost.localdomain.
Olivier Nicole wrote:
I'm using dynamicDNS, so I will able to specify the forward *AND*
reverse lookups?
Yes.
Forward DNS lookup: (alrw17.desktops.cs.ait.ac.th is dynamic DNS)
banyanon57: dig alrw17.desktops.cs.ait.ac.th
; DiG 9.3.1 alrw17.desktops.cs.ait.ac.th
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 15772
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;alrw17.desktops.cs.ait.ac.th. IN A
;; ANSWER SECTION:
alrw17.desktops.cs.ait.ac.th. 3600 IN A 192.41.170.214
;; AUTHORITY SECTION:
desktops.cs.ait.ac.th. 43200 IN NS dns.cs.ait.ac.th.
;; ADDITIONAL SECTION:
dns.cs.ait.ac.th. 43200 IN A 192.41.170.15
;; Query time: 1 msec
;; SERVER: 192.41.170.15#53(192.41.170.15)
;; WHEN: Fri Jul 13 12:35:23 2007
;; MSG SIZE rcvd: 96
Reverse DNS lookup:
banyanon58: dig -x 192.41.170.214
; DiG 9.3.1 -x 192.41.170.214
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 14984
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;214.170.41.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev-dns.cs.ait.ac
.th.
214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR alrw17.desktops.cs.ait.ac.th.
;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th.
;; ADDITIONAL SECTION:
dns.cs.ait.ac.th. 43200 IN A 192.41.170.15
;; Query time: 9 msec
;; SERVER: 192.41.170.15#53(192.41.170.15)
;; WHEN: Fri Jul 13 12:35:31 2007
;; MSG SIZE rcvd: 158
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? Yes. Forward DNS lookup: (alrw17.desktops.cs.ait.ac.th is dynamic DNS) banyanon57: dig alrw17.desktops.cs.ait.ac.th ; DiG 9.3.1 alrw17.desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 15772 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;alrw17.desktops.cs.ait.ac.th. IN A ;; ANSWER SECTION: alrw17.desktops.cs.ait.ac.th. 3600 IN A 192.41.170.214 ;; AUTHORITY SECTION: desktops.cs.ait.ac.th. 43200 IN NS dns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 1 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:23 2007 ;; MSG SIZE rcvd: 96 Reverse DNS lookup: banyanon58: dig -x 192.41.170.214 ; DiG 9.3.1 -x 192.41.170.214 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 14984 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;214.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev-dns.cs.ait.ac .th. 214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR alrw17.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 9 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:31 2007 ;; MSG SIZE rcvd: 158 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
On 10/28/06, Matthew Seaman [EMAIL PROTECTED] wrote: On recent FreeBSD, the resolver actually iterates through the listed nameserver lines in order, sending the query out to each in turn until it gets a response. It used to be that the resolver would wait for the full 30s DNS timeout before trying the next server (hence the cry dreaded by sysadmins everywhere that the Internet is slow today), but nowadays Is there any way to configure this 30 second delay for older versions of FreeBSD (eg. 4.11)? Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
In the last episode (Jan 22), patrick said: On 10/28/06, Matthew Seaman [EMAIL PROTECTED] wrote: On recent FreeBSD, the resolver actually iterates through the listed nameserver lines in order, sending the query out to each in turn until it gets a response. It used to be that the resolver would wait for the full 30s DNS timeout before trying the next server (hence the cry dreaded by sysadmins everywhere that the Internet is slow today), but nowadays Is there any way to configure this 30 second delay for older versions of FreeBSD (eg. 4.11)? You should be able to apply the changes made in rev1.31 of /usr/src/lib/libc/net/res_init.c ; the commit log for that revision is revision 1.31 date: 2003/12/07 12:32:24; author: murray; state: Exp; lines: +20 -0 Add support for timeout: and attempts: resolver options. Submitted by: Paul Vixie [EMAIL PROTECTED] / ISC MFC After: 1 week Apparently the MFC never happened :) -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
patrick wrote: On 10/28/06, Matthew Seaman [EMAIL PROTECTED] wrote: On recent FreeBSD, the resolver actually iterates through the listed nameserver lines in order, sending the query out to each in turn until it gets a response. It used to be that the resolver would wait for the full 30s DNS timeout before trying the next server (hence the cry dreaded by sysadmins everywhere that the Internet is slow today), but nowadays Is there any way to configure this 30 second delay for older versions of FreeBSD (eg. 4.11)? Nope. It's specified in the DNS RFCs, and consequently built into the client side resolver stuff in libc. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: how to know what DNS server is being used
Chad Leigh -- Shire.Net LLC writes: On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. For #2, do you mean by the world at large? Which one is being used when people look up your domain and hosts in your domain? Both of them should get used. I don't know what algorithm is used but both will be used by people. As I understand it, when presented with a list of N1 possible nameservers standard resolver libraries will pick one at random and continue to use it until something changes (nameserver goes off-line, local cache is flushed, etc.). Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
Robert Huff wrote: Chad Leigh -- Shire.Net LLC writes: On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. For #2, do you mean by the world at large? Which one is being used when people look up your domain and hosts in your domain? Both of them should get used. I don't know what algorithm is used but both will be used by people. As I understand it, when presented with a list of N1 possible nameservers standard resolver libraries will pick one at random and continue to use it until something changes (nameserver goes off-line, local cache is flushed, etc.). On recent FreeBSD, the resolver actually iterates through the listed nameserver lines in order, sending the query out to each in turn until it gets a response. It used to be that the resolver would wait for the full 30s DNS timeout before trying the next server (hence the cry dreaded by sysadmins everywhere that the Internet is slow today), but nowadays if the resolver hasn't got an immediate answer it will initiate the second and subsequent queries after a wait of some number of milliseconds and then wait for a response from all of the queried servers. Means that if your first listed DNS server is down, users don't notice the delay before the second server is queried. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
RE: how to know what DNS server is being used
On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. 1) http://dnsreport.com 2) # tcpdump -n -i iface | grep .53 | grep domain.com (where domain.com == the domain I want to find out if the server is answering for) Generally, you can do this on all of your name servers, and get a good idea of which ones are handling DNS resolution at any particular time. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to know what DNS server is being used
On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
On Friday 27 October 2006 21:56, David Banning wrote: On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Depends mostly on where you are. On server A you can check local dns resolution by doing: cat /etc/resolv.conf This should show you which servers are being queried for dns resolution. You can check the ability of server A to resolve an address by doing: nslookup www.yahoo.com If the first line says: Server: server a name Address:127.0.0.1 on the first two lines, then that means that Server A is doing its own lookups, and probably using the contents of /etc/resolv.conf for stuff it doesn't know locally. Still on server A you can check the ability of server B to resolve an address by doing: nslookup www.yahoo.com server-b-address And the top two lines will be the Server name and address of server B if server B knows how to do dns resolution. You'd have to log into server b to cat /etc/resolv.conf, probably. If you are on a Windows box you can use the nslookup address server a|b syntax to verify their abilities as well. And, of course, ipconfig /all on windows will show you who he asks for dns resolution. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
On Fri, Oct 27, 2006 at 10:56:26PM -0400, David Banning wrote: On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. 1) dig @dns.server your.host.name 2) Dunno. -- Jonathan Chen [EMAIL PROTECTED] -- Beer. Now there's a temporary solution. - Homer Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to know what DNS server is being used
On Oct 27, 2006, at 8:56 PM, David Banning wrote: On my registrars site I have two DNS servers listing. How would I know that 1) both are working. 2) which one is being used. For #2, do you mean by the world at large? Which one is being used when people look up your domain and hosts in your domain? Both of them should get used. I don't know what algorithm is used but both will be used by people. Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
how to setup DNS server and making sub-domains in DSL server
Hi, I need your help please. On my personal FreeBSD server connected to an ISP with static IP address, I'm planning to setup several websites with their own sub-domains from my main domain as shown below. I just want to know some answers to my questions before I start. Main domain: www.exampledomain.ph http://www.exampledomain.ph Sub-domains: sub1.exampledomain.ph http://sub1.exampledomain.ph sub2.exampledomain.ph http://sub2.exampledomain.ph sub3.exampledomain.ph http://sub3.exampledomain.ph I want to use BIND together with my Apache virtual hosting in one single FreeBSD machine. These are my questions: 1) Is it correct that I only need to register or pay for the main domain? 2) Is it correct that through my local DNS server, I can add sub hosts (sub1 to sub3) without anymore registering those sub domains and pay for them in my main domain provider? 3) Provided that I already have successfully setup my local DNS server, Apache virtual hosting and main domain activated, is it straightforward that I can already access the sub domains (i.e., websites) from the Internet? 4) Do I need to register sub1, sub2 and sub3 in any external domain provider? 5) Can you provide some sample configs if you are already doing this setup? Thank you in advance! - Misoy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
On 11/6/05, Edwin D. Vinas [EMAIL PROTECTED] wrote: Hi, I need your help please. On my personal FreeBSD server connected to an ISP with static IP address, I'm planning to setup several websites with their own sub-domains from my main domain as shown below. I just want to know some answers to my questions before I start. Main domain: www.exampledomain.ph http://www.exampledomain.ph Sub-domains: sub1.exampledomain.ph http://sub1.exampledomain.ph sub2.exampledomain.ph http://sub2.exampledomain.ph sub3.exampledomain.ph http://sub3.exampledomain.ph I want to use BIND together with my Apache virtual hosting in one single FreeBSD machine. These are my questions: 1) Is it correct that I only need to register or pay for the main domain? Yep. 2) Is it correct that through my local DNS server, I can add sub hosts (sub1 to sub3) without anymore registering those sub domains and pay for them in my main domain provider? It's kinda the same as the first one. Yep. 3) Provided that I already have successfully setup my local DNS server, Apache virtual hosting and main domain activated, is it straightforward that I can already access the sub domains (i.e., websites) from the Internet? It's pretty straightforward, but not implicit. You need to explicitly setup a wildcard subdomain. 4) Do I need to register sub1, sub2 and sub3 in any external domain provider? Not if you want to. 5) Can you provide some sample configs if you are already doing this setup? Here's a dump from my xname.org account: csme.ru.26 IN SOA ns0.xname.org. infofarmer.mail.ru. 2005072201 261000 261000 604800 300 csme.ru.26 IN NS ns0.xname.org. csme.ru.26 IN NS ns1.xname.org. csme.ru.26 IN A 193.233.5.13 csme.ru.26 IN MX 10 csme.ru. *.csme.ru. 26 IN CNAME csme.ru. cs.csme.ru. 26 IN CNAME csme.ru. css.csme.ru.26 IN CNAME csme.ru. mx.csme.ru. 26 IN CNAME csme.ru. old.csme.ru.26 IN CNAME killme.ru. sat.csme.ru.26 IN CNAME infofarmer.dyndns.org. source.csme.ru. 26 IN CNAME csme.ru. www.csme.ru.26 IN CNAME csme.ru. zone.csme.ru. 26 IN NS infofarmer.dyndns.org. csme.ru.26 IN SOA ns0.xname.org. infofarmer.mail.ru. 2005072201 261000 261000 604800 300 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
On Sun, Nov 06, 2005 at 11:38:59AM -0800, Edwin D. Vinas wrote: 1) Is it correct that I only need to register or pay for the main domain? Yes, provided you choose a registrar who will allow you to change the namservers on the daomin - i.e. they don't force you to use their nameservers in conjunction with a web hosting package or something (123-reg.co.uk will definitely work as I use them for a similar setup to the one you describe). 2) Is it correct that through my local DNS server, I can add sub hosts (sub1 to sub3) without anymore registering those sub domains and pay for them in my main domain provider? That's correct. Adding a subdomain is generally a case of adding one line to the zone file for that particular domain (assuming you're just adding a simple subdomain that isn't going to be delegated or receive mail or anything comlicated like that) and telling Bind to reload the zone file (/etc/rc.d/named reload will usually work, although I find I often have to use restart instead of reload for some reason). 3) Provided that I already have successfully setup my local DNS server, Apache virtual hosting and main domain activated, is it straightforward that I can already access the sub domains (i.e., websites) from the Internet? Assuming you're not behind a firewall of any type (or you setup the relevant rules), then it should be fairly simple to make everything accessible from the rest of the Internet. If your main domain works, then any subdomains on the same machine should do as well. 4) Do I need to register sub1, sub2 and sub3 in any external domain provider? No, you'd just tell your registrar to change the nameservers to whatever your local DNS servers are. Most will have a control panel allowing you to do this easily. 5) Can you provide some sample configs if you are already doing this setup? Thank you in advance! What kind of sample config? If you're not doing anything special, any tutorial on DNS/Bind will show you how to setup subdomains. Paul -- Rogue Tory http://www.roguetory.org.uk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
Edwin D. Vinas wrote: Hi, I need your help please. On my personal FreeBSD server connected to an ISP with static IP address, I'm planning to setup several websites with their own sub-domains from my main domain as shown below. I just want to know some answers to my questions before I start. Main domain: www.exampledomain.ph http://www.exampledomain.ph Sub-domains: sub1.exampledomain.ph http://sub1.exampledomain.ph sub2.exampledomain.ph http://sub2.exampledomain.ph sub3.exampledomain.ph http://sub3.exampledomain.ph I want to use BIND together with my Apache virtual hosting in one single FreeBSD machine. These are my questions: 1) Is it correct that I only need to register or pay for the main domain? 2) Is it correct that through my local DNS server, I can add sub hosts (sub1 to sub3) without anymore registering those sub domains and pay for them in my main domain provider? 3) Provided that I already have successfully setup my local DNS server, Apache virtual hosting and main domain activated, is it straightforward that I can already access the sub domains (i.e., websites) from the Internet? 4) Do I need to register sub1, sub2 and sub3 in any external domain provider? 5) Can you provide some sample configs if you are already doing this setup? Thank you in advance! - Misoy Your fisrt and hardest roadblock will be getting your provider to allow YOU to be authoritive for the IP or IP's you use. Many will not allow that - meaning, you will get reolution one way, but not reverse - meaning again, 123.123.123.123 = yourname.com = 123.123.123.123 Once you get past that - the rest is easy.. Im willing to bet tho - your provider will not allow you or will have to do that for you. -- Best regards, Chris Never attribute to malice that which is adequately explained by stupidity. signature.asc Description: OpenPGP digital signature
Re: how to setup DNS server and making sub-domains in DSL server
On Sun, Nov 06, 2005 at 02:01:00PM -0600, Chris wrote: Your fisrt and hardest roadblock will be getting your provider to allow YOU to be authoritive for the IP or IP's you use. That's not necessary - I host the DNS, web sites and mail for a dozen different domains off an IP address for which I don't control the DNS (in fact it doesn't even have a DNS record). Reverse DNS control is always useful, but not a requirement for what he wants to do. Paul -- Rogue Tory http://www.roguetory.org.uk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
Paul Waring wrote: On Sun, Nov 06, 2005 at 02:01:00PM -0600, Chris wrote: Your fisrt and hardest roadblock will be getting your provider to allow YOU to be authoritive for the IP or IP's you use. That's not necessary - I host the DNS, web sites and mail for a dozen different domains off an IP address for which I don't control the DNS (in fact it doesn't even have a DNS record). Reverse DNS control is always useful, but not a requirement for what he wants to do. Paul It may not be necessary - but to do it right... I for one like to have mu IP's resolve both forward and reverse. It's just professional looking as a whole. But - to each thier own I suppose. -- Best regards, Chris If you don't say it, they can't repeat it. signature.asc Description: OpenPGP digital signature
Re: how to setup DNS server and making sub-domains in DSL server
On Sun, Nov 06, 2005 at 04:41:06PM -0600, Chris wrote: It may not be necessary - but to do it right... I for one like to have mu IP's resolve both forward and reverse. It's just professional looking as a whole. I like to have my IPs resolve both ways too, but try finding an ISP who will either give you that sort of control through delegation or is willing to setup the required reverse DNS records on their side. If you're lucky you'll get customer114324.myisp.net to play with. I don't know of any residential ISPs, at least not in the UK, who will do that sort of thing. Having said that, there's nothing particularly wrong about not having reverse DNS records for IPs, or having ones that don't match. It only really matters if you're sending out email to people with overly aggressive spam filters that check for that sort of thing. Paul -- Rogue Tory http://www.roguetory.org.uk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
On Nov 6, 2005, at 4:45 PM, Paul Waring wrote: On Sun, Nov 06, 2005 at 04:41:06PM -0600, Chris wrote: It may not be necessary - but to do it right... I for one like to have mu IP's resolve both forward and reverse. It's just professional looking as a whole. I like to have my IPs resolve both ways too, but try finding an ISP who will either give you that sort of control through delegation or is willing to setup the required reverse DNS records on their side. If you're lucky you'll get customer114324.myisp.net to play with. I don't know of any residential ISPs, at least not in the UK, who will do that sort of thing. Having said that, there's nothing particularly wrong about not having reverse DNS records for IPs, or having ones that don't match. It only really matters if you're sending out email to people with overly aggressive spam filters that check for that sort of thing. Paul Actually, my ISP, ipHouse.net is one who's willing to configure reverse DNS for you. Qwest Communications is another one who'll setup DNS for you, and they're HUGE. If you choose to go with ipHouse, tell them I sent you -- then I get free DSL for a month! - Eric F Crist Secure Computing Networks http://www.secure-computing.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to setup DNS server and making sub-domains in DSL server
On Sun, Nov 06, 2005 at 06:22:58PM -0600, Eric F Crist wrote: Actually, my ISP, ipHouse.net is one who's willing to configure reverse DNS for you. Qwest Communications is another one who'll setup DNS for you, and they're HUGE. If you choose to go with ipHouse, tell them I sent you -- then I get free DSL for a month! If you read my post, you'll see I said at least not in the UK. Neither Qwest nor ipHouse have operations outside the USA as far as I can tell. Paul -- Rogue Tory http://www.roguetory.org.uk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
telnetting/netcatting into a DNS server?
Whenever I need to test a mail/ssh/web server, I usually just telnet or nc into the appropriate port, i.e.: $ echo GET / |nc -v yahoo.com 80 $ nc -v localhost 22 Connection to localhost 22 port [tcp/ssh] succeeded! SSH-1.99-OpenSSH_4.2 How would I connect to a nameserver and talk to it so I can know it is working? I get as far as connecting to the port, but I don't know how to make it send back anything meaningful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: telnetting/netcatting into a DNS server?
Mohan Singh wrote: Whenever I need to test a mail/ssh/web server, I usually just telnet or nc into the appropriate port, i.e.: $ echo GET / |nc -v yahoo.com 80 $ nc -v localhost 22 Connection to localhost 22 port [tcp/ssh] succeeded! SSH-1.99-OpenSSH_4.2 How would I connect to a nameserver and talk to it so I can know it is working? I get as far as connecting to the port, but I don't know how to make it send back anything meaningful. if you wish know your nameserver works, then nslookup - your.server.ip then try resolve some hostname/ip or host _name_to_resolve_ your.server.ip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: telnetting/netcatting into a DNS server?
Mohan Singh wrote: How would I connect to a nameserver and talk to it so I can know it is working? I get as far as connecting to the port, but I don't know how to make it send back anything meaningful. You could use the 'dig' command: dig @ip a yahoo.com Or you could use 'nmap' with a -sV option, limiting it to port 53/udp or 53/tcp, to actually scan for an application response. --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: telnetting/netcatting into a DNS server?
On 10/25/05, Mohan Singh [EMAIL PROTECTED] wrote: Whenever I need to test a mail/ssh/web server, I usually just telnet or nc into the appropriate port, i.e.: $ echo GET / |nc -v yahoo.com 80 $ nc -v localhost 22 Connection to localhost 22 port [tcp/ssh] succeeded! SSH-1.99-OpenSSH_4.2 How would I connect to a nameserver and talk to it so I can know it is working? I get as far as connecting to the port, but I don't know how to make it send back anything meaningful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Why don't you read the netcat manpage for starters? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: telnetting/netcatting into a DNS server?
On 10/25/05, Andrew P. [EMAIL PROTECTED] wrote: On 10/25/05, Mohan Singh [EMAIL PROTECTED] wrote: Whenever I need to test a mail/ssh/web server, I usually just telnet or nc into the appropriate port, i.e.: $ echo GET / |nc -v yahoo.com 80 $ nc -v localhost 22 Connection to localhost 22 port [tcp/ssh] succeeded! SSH-1.99-OpenSSH_4.2 How would I connect to a nameserver and talk to it so I can know it is working? I get as far as connecting to the port, but I don't know how to make it send back anything meaningful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Why don't you read the netcat manpage for starters? Oh, I'm mighty sorry. I was sure the exact example was there, but I reread now - and there is none. I will post a link here as soon as I find it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: telnetting/netcatting into a DNS server?
On 10/25/05, Mohan Singh [EMAIL PROTECTED] wrote: How would I connect to a nameserver and talk to it so I can know it is working? I get as far as connecting to the port, but I don't know how to make it send back anything meaningful. Thanks to all who replied. The best answer I got came from someone who emailed me offline and told me that even if I connected sucessfully to the nameserver, I couldn't get back anything readable because the DNS protocol is binary. I guess host/nslookup/dig is the proper way to do this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server on firewall
On Oct 21, 2005, at 8:04 AM, kilim wrote: Hi, I'm getting a second machine next week and was wondering if the following settup would be ok: 1st machine pf + NAT and also primary DNS 2nd machine as a secondary DNS Now I know that its not the smartest thing to do, have primary DNS on the firewall, but I'm thinking since the DNS is going to be chrooted, it would be ok, no ? What do you think ? Thank you ! You're better off not installing and running a DNS server on your firewall. I would recommend you simply turn your new machine into your primary DNS server and ask/pay someone to host a secondary server for you. ___ Eric F Crist I am so smart, S.M.R.T! Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS server on firewall
Hi, I'm getting a second machine next week and was wondering if the following settup would be ok: 1st machine pf + NAT and also primary DNS 2nd machine as a secondary DNS Now I know that its not the smartest thing to do, have primary DNS on the firewall, but I'm thinking since the DNS is going to be chrooted, it would be ok, no ? What do you think ? Thank you ! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
On Wed, Mar 09, 2005 at 02:00:50PM -0800, John Pettitt wrote: Paul Schmehl wrote: --On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston [EMAIL PROTECTED] wrote: I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. Has had being the operative phrase - that would be bind 4 and bind 8 - bind 9 which is a rewrite has a pretty solid record - also in the ports tree. BIND 9 is not only in the ports tree, it's the default bundled with FreeBSD 5.x: % dig @localhost version.bind CHAOS TXT [...] ;; ANSWER SECTION: version.bind. 0 CH TXT 9.3.0 But, more to the point, running the stock BIND in a chroot jail is completely automatic nowadays. All you need do is put 'named_enable=YES' into /etc/rc.conf. Performs well enough to serve typical home uses no problem. Bind 9.3.1 is on the horizon, and I hear that the plan is to build that threaded by default, which will improve responsiveness for more demanding environments. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor School Rd PGP: http://www.infracaninophile.co.uk/pgpkey Tilmanstone Tel: +44 1304 617253 Kent, CT14 0JL UK pgp0v8Poqj3cD.pgp Description: PGP signature
Re: feedback on a good DNS server
Oh, and c) djbdns isn't Free or Open Source by any definition of either phrase. That's not important to some people, but others consider it kind of important. Dan has given explicit permission to read, compile, modify and use the source code of djbdns. The only restriction is that you may not distribute any modified code (enterprising people could modify and distribute the source with deliberately placed bugs in order to try to claim the djb 'Security Guarantee' - at least that's the theory). http://cr.yp.to/distributors.html Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 pgppLEHvBV8dN.pgp Description: PGP signature
Re: feedback on a good DNS server
On Wednesday 09 March 2005 22:22, you wrote: Dan has given explicit permission to read, compile, modify and use the source code of djbdns. From http://www.qmail.org/not-open-source.html: For a program to be open source, you must be able to, among other things, change the source and redistribute it. DJB prohibits distribution of modified code and so programs which are so-licensed are not open source. In other words, people who aren't the Free Software Foundation or OSI also agree that Dan's license isn't an Open Source license. As I said, though, whether that's good, bad, or irrelevant is up to the administrator. It's just something that many people aren't aware of but would be interested in. -- Kirk Strauser pgpjGKGQuYDdn.pgp Description: PGP signature
Re: feedback on a good DNS server
Dan has given explicit permission to read, compile, modify and use the source code of djbdns. From http://www.qmail.org/not-open-source.html: For a program to be open source, you must be able to, among other things, change the source and redistribute it. DJB prohibits distribution of modified code and so programs which are so-licensed are not open source. In other words, people who aren't the Free Software Foundation or OSI also agree that Dan's license isn't an Open Source license. As I said, though, whether that's good, bad, or irrelevant is up to the administrator. It's just something that many people aren't aware of but would be interested in. Good point. I suppose it's also a matter of the definition of 'Open Source'. For me, open source equates to 'I can read the code to see if it's trustworthy and can compile it so I know that I got what I read' but you're right, it doesn't pass the 'official' definition. Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 pgpdK93RGWXnK.pgp Description: PGP signature
Re: feedback on a good DNS server
sn1tch writes: I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated BIND works great for me on my little LAN. -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
feedback on a good DNS server
I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated Thanks in advance ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
--On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston [EMAIL PROTECTED] wrote: I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. If you're concerned about security, BIND has had a large number of security problems. DJBDNS is in /usr/ports/dns/ and it's very easy to setup and very easy to use. More responsive than BIND as well, and you don't have to figure out the esoteric syntax that BIND requires. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
Paul Schmehl wrote: --On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston [EMAIL PROTECTED] wrote: I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. If you're concerned about security, BIND has had a large number of security problems. DJBDNS is in /usr/ports/dns/ and it's very easy to setup and very easy to use. More responsive than BIND as well, and you don't have to figure out the esoteric syntax that BIND requires. Has had being the operative phrase - that would be bind 4 and bind 8 - bind 9 which is a rewrite has a pretty solid record - also in the ports tree. The argument against DJBDNS comes down to a) DJB annoys a lot of people and b) some of those people thinkg DJBDNS is not standards compliant. This argument is about as accurate as the bind not secure argument - they both may have a grain of truth in the past. The DNS discussion is a lot like the Linux vs BSD discussion - it's a religious issue (strongly held views not always supported by facts) John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
On Wednesday 09 March 2005 04:00 pm, John Pettitt wrote: The argument against DJBDNS comes down to a) DJB annoys a lot of people and b) some of those people thinkg DJBDNS is not standards compliant. Erm, b is definitely true. It doesn't support IXFR or NOTIFY, so if you plan on slaving another zone (or having another server slave one of your zones), then you're expected to install rsync and get your peer to do the same. Oh, and c) djbdns isn't Free or Open Source by any definition of either phrase. That's not important to some people, but others consider it kind of important. -- Kirk Strauser pgpf5zsx3GSn1.pgp Description: PGP signature
Re: Caching DNS Server?
* Andrew Smith [EMAIL PROTECTED] [1104 17:04]: I want to setup a Caching DNS server for my network using FreeBSD 5.3. Can someone point me in the right direction with what port I need to install and any links to installation guides? You can use bind as others have suggested , though I found that pdnsd was good for frequently rebooted machines (dual-boot laptops for example) as it saves cached zones to disk. -- That question was less stupid; though you asked it in a profoundly stupid way. - Prof. Farnsworth Rasputin :: Jack of All Trades - Master of Nuns ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Caching DNS Server?
I want to setup a Caching DNS server for my network using FreeBSD 5.3. Can someone point me in the right direction with what port I need to install and any links to installation guides? Thanks in Advance! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
AS I want to setup a Caching DNS server for my network using FreeBSD 5.3. Can someone point me in the right direction with what port I need to install and any links to installation guides? AS Thanks in Advance! AS ___ AS [EMAIL PROTECTED] mailing list AS http://lists.freebsd.org/mailman/listinfo/freebsd-questions AS To unsubscribe, send any mail to [EMAIL PROTECTED] - I found this very helpful. Note that it is not FreeBSD specific but focuses more ob BIND. http://langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO.html#toc5 The DNS section in the FreeBSD Handbook. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
Hi This might help: http://www.de.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html You don't need to install any ports. BIND9 is part of the FreeBSD. Ben On Tuesday 09 November 2004 16:56, Andrew Smith wrote: I want to setup a Caching DNS server for my network using FreeBSD 5.3. Can someone point me in the right direction with what port I need to install and any links to installation guides? Thanks in Advance! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
On Tue, Nov 09, 2004 at 09:56:42AM -0700, Andrew Smith wrote: I want to setup a Caching DNS server for my network using FreeBSD 5.3. Can someone point me in the right direction with what port I need to install and any links to installation guides? No doubt BIND can do this ... but I find djbdns much easier to configure. The following URL outlines what you need to do, and is dead simple: http://cr.yp.to/djbdns/run-cache-x.html Install the /usr/ports/dns/djbdns port, then head to the above page. Don't forget to set up daemontools (it will be installed as a dependency but requires some configuration). -- Danny ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
Ok I think I've got bind working correctly, in resolve.conf I've only put 127.0.0.1 as the nameserver and I'm able to ping stuff on the internet. Is there anyway I can test to see if it's actually caching my requests? Where is the cache stored? FYI, The only things I did to /etc/named/named.conf was comment-out the listen-on line and put in my ISP DNS servers in the forwarders. I also deleted all the zone information. Andrew - Original Message - From: Benjamin Sobotta [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Andrew Smith [EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 2:30 PM Subject: Re: Caching DNS Server? Hi This might help: http://www.de.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html You don't need to install any ports. BIND9 is part of the FreeBSD. Ben On Tuesday 09 November 2004 16:56, Andrew Smith wrote: I want to setup a Caching DNS server for my network using FreeBSD 5.3. Can someone point me in the right direction with what port I need to install and any links to installation guides? Thanks in Advance! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
Danny MacMillan wrote: No doubt BIND can do this ... but I find djbdns much easier to configure. I have never tried out djbdns, so I cannot say for myself, and I also understand that apparently djbdns has caused similarly intense discussions as KDE-vs-GNOME or vi-vs-emacs; so I want to make clear that I am not ranting about djbdns. But I don't really find BIND hard to configure as a caching nameserver. I run BIND on my NetBSD machine doing exactly that, and the caching part took no modification to the default configuration to work. On the other hand, like I said, I haven't worked with djbdns so far - from what I know it seems to be worth trying. I'm just a lazy person, so I never bothered trying when I had BIND installed already. =) And since I've been working on a BIND4-to-BIND9-migration for the recent months I got kind of used to it. Still, I really like the idea of having seperate servers for resolving recursive queries and for hosting zones, since this affects both security and performance. Nominum, the company that wrote BIND9, offers a commercial, closed-source nameserver as well, that also uses different servers for caching and hosting authoritative zon data. Then again, performance shouldn't differ for home use. Kind regards, Benjamin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
On Tue, Nov 09, 2004 at 12:06:14PM -0700, Benjamin Walkenhorst wrote: Danny MacMillan wrote: No doubt BIND can do this ... but I find djbdns much easier to configure. I have never tried out djbdns, so I cannot say for myself, and I also understand that apparently djbdns has caused similarly intense discussions as KDE-vs-GNOME or vi-vs-emacs; so I want to make clear that I am not ranting about djbdns. Understood, but it wouldn't matter to me if you were. I've never understood why so many people seem so badly to want to make others' software choices for them. I like djbdns, but I'm not ego-attached to it. The same disclaimer applies to what I'm about to say; I'm not looking for converts. Besides, real men edit files with cat and sed. :) But I don't really find BIND hard to configure as a caching nameserver. I run BIND on my NetBSD machine doing exactly that, and the caching part took no modification to the default configuration to work. I've actually never tried running BIND as just a caching server, just as an authoritative server. To me, it seemed unnecessarily complex. Actually, it just seemed complex. The 'unnecessarily' was added after I tried djbdns. On the other hand, like I said, I haven't worked with djbdns so far - from what I know it seems to be worth trying. I'm just a lazy person, so I never bothered trying when I had BIND installed already. =) And since I've been working on a BIND4- to-BIND9-migration for the recent months I got kind of used to it. I'm lazy too. That's why after seeing how djbdns and bind stack up complexity wise on authoritative servers, I went with djbdns on the caching side :) I find that djbdns works the way I think, BIND definitely doesn't -- but not everyone has to think the way I do. Still, I really like the idea of having seperate servers for resolving recursive queries and for hosting zones, since this affects both security and performance. Yeah, that's the reasoning that made me try djbdns in the first place. My experience with BIND is fairly limited though so I can't actually make an objective comparison. Nominum, the company that wrote BIND9, offers a commercial, closed-source nameserver as well, that also uses different servers for caching and hosting authoritative zon data. Then again, performance shouldn't differ for home use. Probably not. -- Danny ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching DNS Server?
Andrew Smith wrote:
Ok I think I've got bind working correctly, in resolve.conf I've only
put 127.0.0.1 as the nameserver and I'm able to ping stuff on the
internet. Is there anyway I can test to see if it's actually caching my
requests? Where is the cache stored?
The size of the cache you get like this, for example:
$ top -U bind -n | grep named | awk '{print $6}'
4228K
In /var/named/etc/namedb/named.conf I have following lines:
# file created by 'rndc dumpdb'
dump-file /var/dump/named_dump.db;
# files created by 'rndc stats'
statistics-file /var/stats/named.stats;
memstatistics-file /var/stats/named.memstats;
You can create these files with rndc command, but the files are
not so easy to understand.
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Private (only) DNS server setup?
Guys, I am trying to decrease the amount of traffic going through my cable modem. Presently, I have a FreeBSD 4.10 system acting as a gateway router. It runs ipf/ipnat for filtering, and acts as a dhcp server to the internal network. I also run ntpd, and have pointed all of my internal machines to the router for time services. I plan to add a caching web proxy, and a private DNS server - which is where my question comes in. I want to run a private DNS server which is visible internally only. Comcast doesn't like servers, so I don't want to broadcast any DNS information upstream. (this would also be kind of dumb, as the entries would point to non-routable addresses) I also want to create a private, internal zone so that I can stop passing hosts files around. (i.e. 192.168.1.1 - internal_host1, etc) IOW - I would like internal machines to point to my DNS server for internal external addresses. If the DNS server (on the router) can't find the address in its local cache, I would like the router to retrieve the record, and pass it along to the internal machine. In the end, I want to block all DNS traffic from the internal network from leaving the network - internal machines should only request DNS info from the router. I am already running dhcpd - so i plan to simply point all of the machines to my DNS server. If all goes well, new machines should be network ready right after the install. I have seen a large number of HOWTO's on the web, but all seem to assume that you want to propogate internal DNS info back upstream. Can anyone refer me to an appropriate README, HOWTO? Thanks, Seth Henry _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Private (only) DNS server setup?
Seth Henry writes: I have seen a large number of HOWTO's on the web, but all seem to assume that you want to propogate internal DNS info back upstream. Install Bind 9. (It's now the default for 5.x, don't know about 4.x) In the ARM (/usr/share/doc/bind9/arm), read section 6.2.22. Robert Huff ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
Hello, Seth Henry wrote: I want to run a private DNS server which is visible internally only. Comcast doesn't like servers, so I don't want to broadcast any DNS information upstream. (this would also be kind of dumb, as the entries would point to non-routable addresses) I also want to create a private, internal zone so that I can stop passing hosts files around. (i.e. 192.168.1.1 - internal_host1, etc) IOW - I would like internal machines to point to my DNS server for internal external addresses. If the DNS server (on the router) can't find the address in its local cache, I would like the router to retrieve the record, and pass it along to the internal machine. In the end, I want to block all DNS traffic from the internal network from leaving the network - internal machines should only request DNS info from the router. I did exactly that recently. This is pretty easy to set up once you understand DNS - DNS *can* be complicated, but for what you want to do, it's simple. You can find info in the FreeBSD-Handbook as well as in the BIND v9 Administrator's Reference Manual (which can be found at www.bind9.net, also, it's installed locally along with BIND9). I am already running dhcpd - so i plan to simply point all of the machines to my DNS server. If all goes well, new machines should be network ready right after the install. Works in my network. =) As I said, it's rather easy. I have seen a large number of HOWTO's on the web, but all seem to assume that you want to propogate internal DNS info back upstream. Can anyone refer me to an appropriate README, HOWTO? See the FreeBSD handbook and the Bindv9 ARM for caching-only nameserver. Beyond that, you just need to set up an internal zone. If you feel it might be helpful, I can send you a copy of my configuration and zone file/s. Kind regards, Benjamin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
On Tue, 19 Oct 2004, Seth Henry wrote: Guys, I am trying to decrease the amount of traffic going through my cable modem. Presently, I have a FreeBSD 4.10 system acting as a gateway router. It runs ipf/ipnat for filtering, and acts as a dhcp server to the internal network. I also run ntpd, and have pointed all of my internal machines to the router for time services. I plan to add a caching web proxy, and a private DNS server - which is where my question comes in. I want to run a private DNS server which is visible internally only. Comcast doesn't like servers, so I don't want to broadcast any DNS information upstream. (this would also be kind of dumb, as the entries would point to non-routable addresses) Hi! Hm, basically you set up BIND (or one of DNS demons of your choice) and tell them to a) take queries from clients and get the resolution stuff done b) tell the named that he is primary server for certain domains, like foo.bar.homezone a) ist done automatically after named ist started, that BIND is a caching nameserver, for easy you should put a forwarders clause in your named.conf so that BIND always tries to ask your providers DNS first, will also help to reduce traffic. b) Well, if you want to propagate DNS upstream or only on a local network is the same setup, when you have a primary DNS running- its the same named.conf, where named is responsible for a certain zone. As you are running a firewall, I assume that every port that is not needed to be visible from outer space ist closed, so there is no problem with that. Or you could tell named to only listen on the internal interface, which is the technically correct solution. All that stuff should be covered within the handbook, as pointed out, in my named.conf on a 4-stable the comments in the named.conf are also sufficient to create a primary DNS... HTH Olaf -- Olaf Hoyer[EMAIL PROTECTED] Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
The allow-recursion option would limit queries only to your lan. like this
options {
allow-recursion { 192.168.1.0/24; 127.0.0.1; };
};
Olaf Hoyer wrote:
On Tue, 19 Oct 2004, Seth Henry wrote:
Guys,
I am trying to decrease the amount of traffic going through my cable
modem. Presently, I have a FreeBSD 4.10 system acting as a gateway
router. It runs ipf/ipnat for filtering, and acts as a dhcp server to
the internal network. I also run ntpd, and have pointed all of my
internal machines to the router for time services.
I plan to add a caching web proxy, and a private DNS server - which is
where my question comes in.
I want to run a private DNS server which is visible internally only.
Comcast doesn't like servers, so I don't want to broadcast any DNS
information upstream. (this would also be kind of dumb, as the entries
would point to non-routable addresses)
Hi!
Hm, basically you set up BIND (or one of DNS demons of your choice) and
tell them to
a) take queries from clients and get the resolution stuff done
b) tell the named that he is primary server for certain domains, like
foo.bar.homezone
a) ist done automatically after named ist started, that BIND is a
caching nameserver, for easy you should put a forwarders clause in your
named.conf so that BIND always tries to ask your providers DNS first,
will also help to reduce traffic.
b) Well, if you want to propagate DNS upstream or only on a local
network is the same setup, when you have a primary DNS running- its the
same named.conf, where named is responsible for a certain zone.
As you are running a firewall, I assume that every port that is not
needed to be visible from outer space ist closed, so there is no
problem with that. Or you could tell named to only listen on the
internal interface, which is the technically correct solution.
All that stuff should be covered within the handbook, as pointed out, in
my named.conf on a 4-stable the comments in the named.conf are also
sufficient to create a primary DNS...
HTH
Olaf
--
Ezequiel O. Block
Cooperativa La Lonja.
Soporte Internet.
Buenos Aires, Argentina
F 02322-470406
T 02322-474537
E [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
Hi,
Ezequiel O. Block wrote:
The allow-recursion option would limit queries only to your lan. like
this
options {
allow-recursion { 192.168.1.0/24; 127.0.0.1; };
};
You can also say:
options {
...
listen-on { 192.168.0.1; 127.0.0.1; };
}; ^^^
(Or whatever your server's local IP is)
This way it will only listen on those interfaces.
Also, there's allow-query and blackhole... _Plus_ you can just use a
packet filter
to protect your DNS-server from the internet. Possibilities are
endless... =)
Kind regards,
Benjamin
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
On Tue, Oct 19, 2004 at 08:34:45AM -0600, Seth Henry wrote: ... I also want to create a private, internal zone so that I can stop passing hosts files around. (i.e. 192.168.1.1 - internal_host1, etc) IOW - I would like internal machines to point to my DNS server for internal external addresses. If the DNS server (on the router) can't find the address in its local cache, I would like the router to retrieve the record, and pass it along to the internal machine. In the end, I want to block all DNS traffic from the internal network from leaving the network - internal machines should only request DNS info from the router. ... I eschew BIND in favour of djbdns, which is in the ports. It's quite modular which makes the sort of setup you're talking about quite trivial. I'm sure it's equally possible with BIND. I'm just not familiar with BIND. Anyway, the djbdns solution entails setting up two DNS servers on the router, one being the authoritative server for your internal domain and the other being the full service resolver and cache. The DNS cache will be configured to ask your internal DNS server about local names and your upstream provider's cache for all other names. Here's the djbdns home page, which contains more information than you need: http://cr.yp.to/djbdns.html Read the following pages linked from that site and you'll be in good shape: o How to tell a computer to respond to an IP address o How to run an external forwarding cache o How to run a DNS server o How to create local DNS names When I set up djbdns at work, I also referenced a page that specifically addressed setting up djbdns on a FreeBSD server. While the information is not strictly necessary, I did find it useful, even though I did not follow the instructions exactly: http://www.free-x.ch/pub/djbdns.html As far as preventing the information being published: When configuring your djbdns servers, you will need to supply the IP address on which they will listen. Just use one of the addresses bound to the private interface. -- Danny ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS server
I can ping both NS servers but when it comes to pinging my domain it doesn't ping. Ideas on what could be wrong? Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
Sean Dicks wrote: I can ping both NS servers but when it comes to pinging my domain it doesn't ping. Ideas on what could be wrong? You probably didn't configure the resolver library correctly. In /etc/resolv.conf, you need to add the name server entries: /etc/resolv.conf: domain example.com nameserver 1.2.3.4 nameserver 5.6.7.8 Pinging the name servers using their IP addresses doesn't test the resolver at all. While that is the most likely cause, it is also possible that you just bought a domain (or changed its records), and it can take up to 72 hours for the DNS entries to propagate throught the net. Another reason is that you (or your net admin) blocked ICMP at the firewall level, so you can't expect a reply to a ping. You can test this easily by pinging, say, www.altavista.com or another site that replies to pings. Other reasons are possible too. Sean cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
I am only using dns forwarding. I already have default values in /etc/resolv.conf from my ISP, do I have to add my 2 others and delete the ones from the ISP or just leave it as is. I registered the domain today when I whois rimouski-undernet.org I see right nameservers on it. Doesn't that mean it has propagated? Sean On Sun, 11 Jul 2004 18:47:23 +0200, cpghost [EMAIL PROTECTED] wrote: Sean Dicks wrote: I can ping both NS servers but when it comes to pinging my domain it doesn't ping. Ideas on what could be wrong? You probably didn't configure the resolver library correctly. In /etc/resolv.conf, you need to add the name server entries: /etc/resolv.conf: domain example.com nameserver 1.2.3.4 nameserver 5.6.7.8 Pinging the name servers using their IP addresses doesn't test the resolver at all. While that is the most likely cause, it is also possible that you just bought a domain (or changed its records), and it can take up to 72 hours for the DNS entries to propagate throught the net. Another reason is that you (or your net admin) blocked ICMP at the firewall level, so you can't expect a reply to a ping. You can test this easily by pinging, say, www.altavista.com or another site that replies to pings. Other reasons are possible too. Sean cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
On Sunday 11 July 2004 12:35, Sean Dicks wrote: I am only using dns forwarding. I already have default values in /etc/resolv.conf from my ISP, do I have to add my 2 others and delete the ones from the ISP or just leave it as is. I registered the domain today when I whois rimouski-undernet.org I see right nameservers on it. Doesn't that mean it has propagated? Sean No, it doesn't. I can successfully perform a whois from here on your domain, but an nslookup/dig both fail. Give it 72 hours to propagate across the net. While the whois server for your domain is correct, the root servers for the .org TLD have not been updated to know where to look for that domain's information. If it's still not working 3 days from now, let us know and we'll see if we can help you from there. -- Eric F Crist Keep your pecker hard and your powder dry, and the world WILL turn. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
Sean Dicks wrote: I am only using dns forwarding. I already have default values in /etc/resolv.conf from my ISP, do I have to add my 2 others and delete the ones from the ISP or just leave it as is. I registered the domain today when I whois rimouski-undernet.org I see right nameservers on it. Doesn't that mean it has propagated? The WHOIS and DNS databases are distinct, and not necessarily synchronized. You need to wait until your domain is added to the .ORG zone file of the master .ORG DNS Server (that normally happens every 12 hours from the PIR registry, IIRC [I can be wrong here!]). It can then take up to 72 hours to propagate to the other .ORG DNS slaves, and also to your ISPs DNS servers. Just give it some time to propagate. % dig rimouski-undernet.org ; DiG 8.3 rimouski-undernet.org ;; res options: init recurs defnam dnsrch ;; res_nsend: Operation timed out Yep, not yet visible here... -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
No, it doesn't. I can successfully perform a whois from here on your domain, but an nslookup/dig both fail. Give it 72 hours to propagate across the net. propagation is a bogus idea when applied to DNS. Like WMD and immediate threat when applied to Iraq. As soon as the delegation and glue data for domain.tld is present in the .tld servers, that data is instantaneously available across all of Internet. dig @NS_auth_for_tld domain.tld any Forget about whois data, it is operationally irrelevant for DNS operation. whois protocol with whois servers, dns protocol with dns servers, ne'ver the twain meet. Len _ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
On Sunday 11 July 2004 13:12, cpghost wrote: Just give it some time to propagate. % dig rimouski-undernet.org ; DiG 8.3 rimouski-undernet.org ;; res options: init recurs defnam dnsrch ;; res_nsend: Operation timed out Yep, not yet visible here... -cpghost. Something I didn't think about at my last reply, are you sure your DNS server is set up correctly? Does it resolve it's own domains correctly, and is it able to answer queries about other domains? I would check that while you were waiting for propagation. -- Eric F Crist Keep your pecker hard and your powder dry, and the world WILL turn. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
Perhaps you need to do some research on the subject. perhaps you need to clarify your vagary There are a series of DNS systems ??? For a public domain.tld, the only two servers involved are : 1. the servers authoritative for .tld to publish the delegation and glue records for domain.tld. 2. the servers authoritative for domain.tld to answer authoritatively. Period. There are NO other servers involved, nor is there any propagation. a domain needs to be added to before it will function correctly. This is known as propagation. the misnomer propagation is used by people who think DNS data needs time to be available, to propagate, over several days or a week, for all of Internet. This is pure BS. There is no such concept in DNS. Len _ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS server
On Sun, Jul 11, 2004 at 01:53:22PM -0500, Len Conrad wrote: a domain needs to be added to before it will function correctly. This is known as propagation. the misnomer propagation is used by people who think DNS data needs time to be available, to propagate, over several days or a week, for all of Internet. This is pure BS. There is no such concept in DNS. For a brand new domain, you are exactly correct, or indeed for an RR added to an existing domain. For modification to any RR within a previously existing domain there may well be a delay perceived by the end user while waiting out the TTL of any old data cached in various servers between him and the authoritative servers. Those TTLs are typically somewhere between an hour and several days. It's not actually a propagation delay, but the effect is much the same. As the administrator of a zone, you can avoid or mitigate the delay by dropping the TTL on any zone sufficiently far in advance of any important changes. You will see DNS traffic to your server increase somewhat as network caches invalidate their stored data more often, but that's the price of getting the fresh data out there promptly. The worst case is where the NS records in the parent zone are modified to point to a new set of authoritative servers, but the previous authoritative servers are neither shut down nor loaded with the up to date zone data. A cache may keep referring back to the old servers and refreshing itself with what it has no way of telling is old data for some time. It's a good idea when changing the servers for a domain to make sure both the old and the new servers carry the latest zone data for some suitable overlap period. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpOgzGztlAuO.pgp Description: PGP signature
