[sf-lug] SF-LUG DNS

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Nov 12 13:15:58 PST 2009 

My fairly quick checks (mostly did them on-and off a bit ago, after my
earlier email) ... not an exhaustive check, but mostly looking
at many key items for sf-lug.com. DNS infrastructure.
I added some comments on lines starting with //
Full analysis/commentary (or explaining exactly what I did (and didn't) do
and why, I'll leave as an exercise ;-) for those interested.

$ lynx -dump http://208.96.15.252/

                                    It works!

$ dig -t NS com. +short
j.gtld-servers.net.
k.gtld-servers.net.
l.gtld-servers.net.
m.gtld-servers.net.
a.gtld-servers.net.
b.gtld-servers.net.
c.gtld-servers.net.
d.gtld-servers.net.
e.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
h.gtld-servers.net.
i.gtld-servers.net.
$ dig @j.gtld-servers.net. -t NS sf-lug.com. +short
ns1.sf-lug.com.
ns2.sf-lug.com.
$ dig @j.gtld-servers.net. -t A ns1.sf-lug.com. +short +norecurse
208.96.15.252
$ dig @j.gtld-servers.net. -t A ns2.sf-lug.com. +short +norecurse
198.144.195.186
$ dig @198.144.195.186 -t A sf-lug.com. +short +norecurse
208.96.15.252
$ dig @198.144.195.186 -t A www.sf-lug.com. +short +norecurse
208.96.15.252
$ dig @208.96.15.252 -t A sf-lug.com. +short +norecurse

; <<>> DiG 9.2.4 <<>> @208.96.15.252 -t A sf-lug.com. +short +norecurse
;; global options:  printcmd
;; connection timed out; no servers could be reached
$ dig @208.96.15.252 -t A www.sf-lug.com. +short +norecurse

; <<>> DiG 9.2.4 <<>> @208.96.15.252 -t A www.sf-lug.com. +short +norecurse
;; global options:  printcmd
;; connection timed out; no servers could be reached
$ dig -x 198.144.195.186 +short
linuxmafia.COM.
$ dig @198.144.195.186 -t SOA sf-lug.com. +short
ns1.sf-lug.com. jim.well.com. 2007102904 3600 3600 1209600 10800
$

If 198.144.195.186 has any or all of these IPs:
208.69.42.165
208.69.42.166
208.96.15.252
as its master for sf-lug.com., it will need updating.
The only other immediate thing I particularly notice, is 208.96.15.252
isn't (yet) handling DNS queries, and presuming (guessing) that
198.144.195.186 is slave for sf-lug.com., not master, where does it
get that data from?  Looks like it may not have a master available to it
"presently" (well, a bit ago, anyway).  SOA would imply it likely gets
that data from 208.96.15.252.


Also, my earlier email should have indicated +trace, rather than -trace.


Quoting "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>:

> You can also ask on the SF-LUG list ... might get (at least some)
> answers more quickly that way.
>
> First, with dig, there's also question of what one's running the
> queries against.  One can use @ to check against a particular DNS server.
> What matters most is what folks see from The Internet at large (at least
> in the case of Internet web server, anyway).
>
> One can also use the -trace option (but don't overuse/abuse it - but it
> is useful to trace the delegation all the way down, when needed.  Still,
> however, one might occasionally need to do some manual checks along the
> way - as -trace will check down just one particular (effectively randomly
> selected) path of chain of delegation (among multiple possible paths)).
>
> Also, for the specific bits other folks might not know about ... what I did
> and didn't (thus far) change in DNS - I haven't (quite yet, anyway)
> changed anything in Internet DNS - neither for BALUG.ORG. or SF-LUG.COM.
>
> The only real bits I/we did yesterday (unless it's been taken further by
> you or others - I presume you're working on that) was mostly minimal bits
> on the relocated physical host to get it back onto the network (and
> even that, mostly just concentrated on dom0 host).
>
> Anyway, let me poke a bit more at sf-lug.com. DNS and see what I see (if
> you and/or others don't already sort that out sooner than I manage to).
>
> For those playing at home ;-) ... we have:
> Silicon Mechanics, updated (moved) on 2009-11-11:
> 208.96.15.248/29 network #formerly 208.69.42.128/25
> 208.96.15.249 router #formerly 208.69.42.129
> 208.96.15.250 dom0 #formerly 208.69.42.165
> 208.96.15.251 sflug domU #formerly 208.69.42.166
> 208.96.15.252 balug domU #formerly 208.69.42.167
> 208.96.15.253 (useable)
> 208.96.15.254 (useable)
> 208.96.15.255 broadcast #formerly 208.69.42.255
> sf-lug.com. was: 208.96.15.252 (that older tower system has been removed
> and taken off-line)
>
> footnote(s)/references/excerpts:
> I may be (and often am) running significantly behind in reading the
> sf-lug list.
> dig(1)
>
> Quoting jim <jim at well.com>:
>
>> when i
>> $ dig sf-lug.com
>> i get
>> 208.96.15.252  # sb 251
>>
>> when i use a browser to access http://www.sf-lug.com
>> i get
>> http://www.sf-lug.com/apache2-default/
>> which i believe is served off of the balug vm (252).
>>
>> the name servers are listed as
>> ns1.sf-lug.com
>> ns2.sf-lug.com
>>
>> $ dig ns1.sf-lug.com
>> shows
>> ns1.sf-lug.com.		85611	IN	A	208.96.15.252
>>
>> $ dig ns2.sf-lug.com
>> shows
>> ns2.sf-lug.com.		85553	IN	A	198.144.195.186
>>
>> i'm guessing that you've copied the dns info from
>> the tower to the balug vm and that it is not on
>> the sf-lug vm.
>>
>> i believe the 198...186 machine is rick moen's.
>>
>> how to update the dns servers so
>> http://www.sf-lug.com
>> works as expected?

More information about the sf-lug mailing list