[conspire] penlug DNS seems to be down...

Rick Moen rick at linuxmafia.com
Mon Dec 12 15:10:37 PST 2005


Quoting Peter Knaggs (peter.knaggs at gmail.com):

>    Wow, thanks for your explanation.

No problem.  Since I'm on an "explain DNS" kick, I may do at least one 
follow-up to my December 2005 "The Basics of DNS" article in _Linux Gazette_, 
attempting to cover such matters.  In that article, you may have
noticed, I explained about the four flavours of DNS service, explained
the first three & showed that they were dead simple, and mostly punted
on the fourth one, primary authoritative service.  Which is of course
what we're talking about, now.

>    So when you hinted about offering to do
>    secondary DNS, would that mean we'd need
>    to get the .org nameserver to add an NS entry
>    for ns1.linuxmafia.org (and a glue record for
>    ns1.linuxmafia.org pointing it to the real
>    ns1.linuxmafia.com)? Sounds complicated :)

There's a simple way, and there's a slightly more complex but better
way.

The simple way is just add an "NS" record for ns1.linuxmafia.com.  Boom,
done.  You would have to add that to both the penlug.org zonefile and
in the domain records at the registrar.  (The one aspect of primary
authoritative DNS that people most often get wrong is failing to update
records at the registrar when they change nameservers' NS or A records
in their zonefiles.)

The more-complex way is to first add NS and A records in penlug.org's
zonefile for new hostname "ns4.penlug.org", with the A record pointing
to ns1.linuxmafia.com's IP.  Then -- per usual -- do the same in records
at the registrar.  Again, boom, done.

In either case, someone would also have to adjust the master
nameserver's security controls (ACLs) to let my IP pull down the zonefile
from it.

But that's really all that's required.  Everything else is automatic, 
and I would neither have nor want any involvement in the actual contents
of penlug.org's DNS, that being controlled 100% at the master
nameserver, which according to the zonefile is "a.ns.joker.com".  The
only difference is, PenLUG would have greater redundancy.





More information about the conspire mailing list