[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BerkeleyLUG.ORG - renewed & transferred; slaves? ...: Re: Wither berkeleylug.ORG - keep/drop decide by: 2019-04-17T04:39:28Z - currently expires 2019-05-17T04:39:28Z

Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

[snip berkeleylug.org acquired, paid up for a year]

> DNS slaves - per RFC, we're required to have MINIMUM of 3,
> we currently have only 2 8-O (I wasn't going to sweat it if
> we were winding down to drop it - but now that we're not ...).
> So, who'd like to and is able to provide DNS slave services for
> BerkeleyLUG.ORG?  Just reply here on-list, and/or let me know
> (via email).

Got two more here.

{scratches head}  Hey, I think someone made a boo-boo in the auth
nameserver listings (as I'm seeing double).

$ whois berkeleylug.org | grep 'Name Server' | grep -v "Name Server\n"
Name Server: PUCK.NETHER.NET
Name Server: NS0.BERKELEYLUG.ORG
Name Server: PUCK.NETHER.NET
Name Server: NS0.BERKELEYLUG.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
$

Moving on from that...

$ dig -t soa berkeleylug.org +short
ns0.berkeleylug.org. Michael\.Paoli.cal.berkeley.edu.berkeleylug.org.  1555254673 10800 3600 1209600 86400
$

Er, I suspect that backslash is another boo-boo, but I was requesting
that record just to verify where the master nameserver is.

$ dig -t axfr berkeleylug.org. @ns0.berkeleylug.org

[RM:  redacting return value of the entire zonefile.  Suffice to say,
public AXFR appears to be supported, which you might want to curtail
for security reasons over the long term.]


Okie-doke.  Adding slave nameservice on offered nameserver 1 of 2,
ns1.linuxmafia.com:

[Snip my adding a new stanza to /etc/bind/named.conf.local.  Then:]

linuxmafia:/etc/bind# rndc reconfig
linuxmafia:/etc/bind# dig -t soa berkeleylug.org @ns1.linuxmafia.com +short
ns0.berkeleylug.org. Michael\.Paoli.cal.berkeley.edu.berkeleylug.org.  1555254673 10800 3600 1209600 86400
linuxmafia:/etc/bind#

That slave nameserver is now live and waiting for authoritative
delegation.

Moving on to configurating slave nameservice on offered nameserver 2 of 2, 
ns1.svlug.org, where it's NSD rather than BIND, and I greatly prefer NSD
generally, but haven't yet figured out how to add/remove a zone without
restarting the daemon.

rick@gruyere:~$ sudo su -
[sudo] password for rick:
root@gruyere:~ # cd /etc/nsd3
root@gruyere:/etc/nsd3 

[Snip my adding a new stanza to /etc/nsd3/nsd.conf.  Then:]

root@gruyere:/etc/nsd3 # nsdc restart
root@gruyere:/etc/nsd3 # nsd-xfer -z berkeleylug.org -f secondary/berkeleylug.org.zone 198.144.194.238
[1555572648] nsd-xfer[22600]: info: send AXFR query to 198.144.194.238 for berkeleylug.org.
root@gruyere:/etc/nsd3 # chown nsd:nsd secondary/berkeleylug.org.zone
root@gruyere:/etc/nsd3 # nsdc rebuild
root@gruyere:/etc/nsd3 # dig -t soa berkeleylug.org @ns1.svlug.org +short
ns0.berkeleylug.org. michael\.paoli.cal.berkeley.edu.berkeleylug.org.  1555254673 10800 3600 1209600 86400
root@gruyere:/etc/nsd3 #

That slave nameserver is now live and waiting for authoritative
delegation.

Please advise when that has been done (making authoritative), otherwise
I'll be uncertain whether the offer has been accepted in a substantive
sense.

-- 
Cheers,            You must rise or sink / You must conquer or win, 
Rick Moen          Or serve and lose. / Suffer or triumph, / Be anvil or hammer.
rick@linuxmafia.com 
McQ! (4x80)        -- Johann Wolfgang von Goethe, Gesellige Lieder, Ein Anderes 

-- 
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To post to this group, send email to berkeleylug@googlegroups.com.
Visit this group at https://groups.google.com/group/berkeleylug.
For more options, visit https://groups.google.com/d/optout.