[sf-lug] SFLUG.org

Al awsflug at sunnyside.com
Fri Apr 12 07:55:59 PDT 2019 

Rick, Michael, et al,
Ok, I'm back in town.  I think there was an email with a concise list of 
the name servers but I've lost track of it,
and I think Jim was pushing for something slightly different.
It would help me to get the short summary of name servers.
Temporarily I have just stuck in the name servers for linuxmafia, but I 
will reset the list to whatever you send.
Also, I see someone wanted ns1.sflug.org to exist (or was it ns.?), so 
let me know the list of IPs and names for root registered name servers
and I'll put them in as well.
I keep offering to be a name server as well (I'm triple homed) but I 
don't need to be.  I think you have a pretty robust set already.

Al


On 4/8/2019 23:48, Rick Moen wrote:
> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
>
>> The basics are there ... presuming slave(s) want to use
>> 198.144.194.238 and/or 2001:470:1f04:19e::2
>> as master, and authority wants to so delegate.
> OK, righty-o.  Time to crank up the secondaries.  On ns1.linuxmafia.com,
> which is still using BIND9 as a legacy choice, add a suitable stanza
> to /etc/bind/named.conf.local for the new slave zone, then:
>
> # rndc reconfig
> #
>
> /var/log/daemon.log now reflects that operation:
>
> Apr  8 22:35:20 linuxmafia named[12569]: received control channel command 'reconfig'
> Apr  8 22:35:20 linuxmafia named[12569]: loading configuration from '/etc/bind/named.conf'
> Apr  8 22:35:21 linuxmafia named[12569]: reading built-in trusted keys from file '/etc/bind/bind.keys'
> Apr  8 22:35:21 linuxmafia named[12569]: using default UDP/IPv4 port range: [1024, 65535]
> Apr  8 22:35:21 linuxmafia named[12569]: using default UDP/IPv6 port range: [1024, 65535]
> Apr  8 22:35:21 linuxmafia named[12569]: no IPv6 interfaces found
> Apr  8 22:35:21 linuxmafia named[12569]: set up managed keys zone for view _default, file 'managed-keys.bind'
> Apr  8 22:35:21 linuxmafia named[12569]: reloading configuration succeeded
> Apr  8 22:35:22 linuxmafia named[12569]: any newly configured zones are now loaded
> Apr  8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: Transfer started.
> Apr  8 22:35:22 linuxmafia named[12569]: transfer of 'sflug.org/IN' from 198.144.194.238#53: connected using 198.144.195.186#54455
> Apr  8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: transferred serial 1554781309
> Apr  8 22:35:22 linuxmafia named[12569]: transfer of 'sflug.org/IN' from 198.144.194.238#53: Transfer completed: 1 messages, 19 records, 591 bytes, 0.188 secs (3143 bytes/sec)
> Apr  8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: sending notifies (serial 1554781309)
> Apr  8 22:35:23 linuxmafia named[12569]: error (connection refused) resolving 'ns.primate.net/A/IN': 178.63.84.200#53
> Apr  8 22:35:23 linuxmafia named[12569]: error (connection refused) resolving 'ns.primate.net/AAAA/IN': 178.63.84.200#53
>
> Doing the smoke test to make _sure_ the secondary is Doing The Right Thing:
>
> $ dig -t soa sflug.org @ns1.linuxmafia.com +short
> ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
> $ dig -t soa sflug.org @ns1.sf-lug.org +short
> ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
> $
>
>
> One down, one to go.  ns1.svlug.org has a saner, more modern choice of
> software, the excellent, small, fast, authoritative-only daemon nsd.
> 'Course, I'm rusty, so I have to go read notes for SVLUG admins that I
> wrote years ago in the site-docs directory, to remember how to do this.
> (And ISTR that the instructions are still a little shaky.  As it turns
> out, and I show below, I've not yet figured out how to add/remove zones
> without restarting the daemon, but I played around to see if I could
> discover the secret.)
>
> Add a stanza to /etc/nsd3/nsd.conf for the new slave zone.  Now,
> do manual AXFR transfer.
>
> root at gruyere:/etc/nsd3 # nsd-xfer -z sflug.org -f secondary/sflug.org.zone 198.144.194.238
> [1554789154] nsd-xfer[3239]: info: send AXFR query to 198.144.194.238 for sflug.org.
> root at gruyere:/etc/nsd3 # # ls -al secondary/sflug.org.zone
> -rw-r--r-- 1 root root 1065 Apr  8 22:52 secondary/sflug.org.zone
> root at gruyere:/etc/nsd3 #
>
> (I'm editing out of this transcript where I later had weirdness because
> this file is root:root-owned and needed to be nsd:nsd-owned, which I
> later fixed.)
>
> And, lo!  The zonefile's there.  But NSD needs a binary-hashed version
> to work with (for speed), and needs to know it's within the running
> daemon's bailiwick.
>
> root at gruyere:/etc/nsd3 # nsdc rebuild
> root at gruyere:/etc/nsd3 #
>
> That's supposed to do all needed compiles using zonec(8), but now that I
> think about it, I'm not sure the running daemon has yet reparsed the
> revised nsd.conf.
>
> root at gruyere:/etc/nsd3 # nsdc reload
> root at gruyere:/etc/nsd3 #
>
> That's supposed to make the running daemon re-parse nsd.conf and the
> compiled zones.  Are we there, yet?
>
> root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
> root at gruyere:/etc/nsd3 #
>
> Nope.  That's what I vaguely recalled, that my notes didn't suffice
> to enable a new zone's service without doing 'nsdc restart', which
> stops and starts the daemon completely.  Hmm, worth playing around
> before I bring out the big hammer, eh?
>
> This one is supposed to read in the binary-hashed nsd.db file and
> difffile ixfr.db and merge in any changes to the ASCII-format zone files
> if they've been updated (which allows trimming the diffile).  Also,
> if any of the ASCII format zonefiles have changed, nsd.db gets rebuilt
> and nsd reloaded:
>
> iroot at gruyere:/etc/nsd3 # nsdc patch
> reading database
> reading updates to database
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> [1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
> writing changed zones
> zone e.9.1.0.5.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa had not changed.
> zone bluedreamz.com had not changed.
> zone cherylmorris.com had not changed.
> zone sf-lug.com had not changed.
> zone substancez.com had not changed.
> zone svlug.com had not changed.
> zone substancez.net had not changed.
> zone svlug.net had not changed.
> writing zone balug.org to file secondary/balug.org.zone
> writing zone saclug.org to file secondary/saclug.org.zone
> writing zone sf-lug.org to file secondary/sf-lug.org.zone
> zone sflug.org had not changed.
> zone substancez.org had not changed.
> zone svlug.org had not changed.
> done
> root at gruyere:/etc/nsd3
>
> (That was a good thing to do, but not directly relevant to the
> adding-a-zone problem.)
>
> Are we there, yet?
>
> root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
> root at gruyere:/etc/nsd3 #
>
> Still nope.  Running short on patience and tempted to switch to the
> big hammer:
>
> root at gruyere:/etc/nsd3 # nsdc rebuild
> root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
> root at gruyere:/etc/nsd3 # nsdc reload
> root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
> root at gruyere:/etc/nsd3 # nsdc update
> Sending notify to localhost to update secondary zones...
> [1554790316] nsd-notify[3623]: warning: bad reply from 127.0.0.1 for zone sflug.org., error response NAME ERROR (3).
> root at gruyere:/etc/nsd3 #
>
> Brief sanity check to make sure I don't have a syntax error:
>
> root at gruyere:/usr/share/doc/nsd3 # nsd-checkconf /etc/nsd3/nsd.conf
> root at gruyere:/usr/share/doc/nsd3 #
>
> Well, that's reassuring.  (Snip interlude where I checked everything in
> /usr/share/doc/nsd/ , and every relevant-seeming Web-search hit.)
>
>
> {sigh}  Time for the big hammer:
>
> root at gruyere:/etc/nsd3 # nsdc restart
> root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
> ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
> root at gruyere:/etc/nsd3 #
>
> Et voila, we're there.  (One of these days, I'll either figure out how
> to add/remove zones in nsd.conf without restarting the daemon, or
> determine that it's a limitation of the software and stop looking.)
>
>
> Michael, care to knock on Aaron T. Porter's door?
>
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20190412/be0ddf2d/attachment-0001.html>

More information about the sf-lug mailing list