On 5/2/17 7:34 AM, Kevin A. McGrail wrote:
+cc: sysadmins
On 5/1/2017 10:30 PM, David Jones wrote:
Yes. I did. Boy was that painful! The format of the hyperreal.org
zone file was not standard so I had to manually verify all of the
records. There were a few differences (see below) that I reconciled
so now we are good to request the public slaves point to
62.210.60.231 as their master. When you are talking with the
sonic.net DNS contact, please confirm the IP(s) we should be sending
notifies to and allowing zone transfers from sin
Done. You should see a copy of the request I sent to the list. I
simplified the request for them but I read the notes about the
discrepancies.
Note the differences in even the sonic.net (behind on 4 records) and
hyperreal.org (missing 1 record completely) servers:
# dns_compare -z spamassassin.org --file sa.org --server
a.auth-ns.sonic.net
..............X
(MIS-MATCH) query: 0.3.3.updates.spamassassin.org.
Expected: 3600 IN TXT "1786853"
Received: 3600 IN TXT "1786640"
Interesting. Sounds like one was going out of sync shortly before the
failure.
ns_compare -z spamassassin.org --file sa.org --server ns.hyperreal.org \
Results:
Matches: 101
Mis-matches: 1
We should check that after they sync. Missing a record is weird and
that's not a new record...
My plan is to setup a script on sa-vm1.apache.org that would run daily
and email if there are record differences since we don't have control of
the public DNS servers.
Dave
regards,
KAM
--
Dave