<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Rick, Michael, et al,<br>
Ok, I'm back in town. I think there was an email with a concise
list of the name servers but I've lost track of it,<br>
and I think Jim was pushing for something slightly different.<br>
It would help me to get the short summary of name servers.<br>
Temporarily I have just stuck in the name servers for linuxmafia,
but I will reset the list to whatever you send.<br>
Also, I see someone wanted ns1.sflug.org to exist (or was it
ns.?), so let me know the list of IPs and names for root
registered name servers<br>
and I'll put them in as well.<br>
I keep offering to be a name server as well (I'm triple homed) but
I don't need to be. I think you have a pretty robust set already.<br>
<br>
Al<br>
<br>
<br>
</font>
<div class="moz-cite-prefix">On 4/8/2019 23:48, Rick Moen wrote:<br>
</div>
<blockquote cite="mid:20190409064846.GV15867@linuxmafia.com"
type="cite">
<pre wrap="">Quoting Michael Paoli (<a class="moz-txt-link-abbreviated" href="mailto:Michael.Paoli@cal.berkeley.edu">Michael.Paoli@cal.berkeley.edu</a>):
</pre>
<blockquote type="cite">
<pre wrap="">The basics are there ... presuming slave(s) want to use
198.144.194.238 and/or 2001:470:1f04:19e::2
as master, and authority wants to so delegate.
</pre>
</blockquote>
<pre wrap="">
OK, righty-o. Time to crank up the secondaries. On ns1.linuxmafia.com,
which is still using BIND9 as a legacy choice, add a suitable stanza
to /etc/bind/named.conf.local for the new slave zone, then:
# rndc reconfig
#
/var/log/daemon.log now reflects that operation:
Apr 8 22:35:20 linuxmafia named[12569]: received control channel command 'reconfig'
Apr 8 22:35:20 linuxmafia named[12569]: loading configuration from '/etc/bind/named.conf'
Apr 8 22:35:21 linuxmafia named[12569]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Apr 8 22:35:21 linuxmafia named[12569]: using default UDP/IPv4 port range: [1024, 65535]
Apr 8 22:35:21 linuxmafia named[12569]: using default UDP/IPv6 port range: [1024, 65535]
Apr 8 22:35:21 linuxmafia named[12569]: no IPv6 interfaces found
Apr 8 22:35:21 linuxmafia named[12569]: set up managed keys zone for view _default, file 'managed-keys.bind'
Apr 8 22:35:21 linuxmafia named[12569]: reloading configuration succeeded
Apr 8 22:35:22 linuxmafia named[12569]: any newly configured zones are now loaded
Apr 8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: Transfer started.
Apr 8 22:35:22 linuxmafia named[12569]: transfer of 'sflug.org/IN' from 198.144.194.238#53: connected using 198.144.195.186#54455
Apr 8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: transferred serial 1554781309
Apr 8 22:35:22 linuxmafia named[12569]: transfer of 'sflug.org/IN' from 198.144.194.238#53: Transfer completed: 1 messages, 19 records, 591 bytes, 0.188 secs (3143 bytes/sec)
Apr 8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: sending notifies (serial 1554781309)
Apr 8 22:35:23 linuxmafia named[12569]: error (connection refused) resolving 'ns.primate.net/A/IN': 178.63.84.200#53
Apr 8 22:35:23 linuxmafia named[12569]: error (connection refused) resolving 'ns.primate.net/AAAA/IN': 178.63.84.200#53
Doing the smoke test to make _sure_ the secondary is Doing The Right Thing:
$ dig -t soa sflug.org @ns1.linuxmafia.com +short
ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
$ dig -t soa sflug.org @ns1.sf-lug.org +short
ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
$
One down, one to go. ns1.svlug.org has a saner, more modern choice of
software, the excellent, small, fast, authoritative-only daemon nsd.
'Course, I'm rusty, so I have to go read notes for SVLUG admins that I
wrote years ago in the site-docs directory, to remember how to do this.
(And ISTR that the instructions are still a little shaky. As it turns
out, and I show below, I've not yet figured out how to add/remove zones
without restarting the daemon, but I played around to see if I could
discover the secret.)
Add a stanza to /etc/nsd3/nsd.conf for the new slave zone. Now,
do manual AXFR transfer.
root@gruyere:/etc/nsd3 # nsd-xfer -z sflug.org -f secondary/sflug.org.zone 198.144.194.238
[1554789154] nsd-xfer[3239]: info: send AXFR query to 198.144.194.238 for sflug.org.
root@gruyere:/etc/nsd3 # # ls -al secondary/sflug.org.zone
-rw-r--r-- 1 root root 1065 Apr 8 22:52 secondary/sflug.org.zone
root@gruyere:/etc/nsd3 #
(I'm editing out of this transcript where I later had weirdness because
this file is root:root-owned and needed to be nsd:nsd-owned, which I
later fixed.)
And, lo! The zonefile's there. But NSD needs a binary-hashed version
to work with (for speed), and needs to know it's within the running
daemon's bailiwick.
root@gruyere:/etc/nsd3 # nsdc rebuild
root@gruyere:/etc/nsd3 #
That's supposed to do all needed compiles using zonec(8), but now that I
think about it, I'm not sure the running daemon has yet reparsed the
revised nsd.conf.
root@gruyere:/etc/nsd3 # nsdc reload
root@gruyere:/etc/nsd3 #
That's supposed to make the running daemon re-parse nsd.conf and the
compiled zones. Are we there, yet?
root@gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root@gruyere:/etc/nsd3 #
Nope. That's what I vaguely recalled, that my notes didn't suffice
to enable a new zone's service without doing 'nsdc restart', which
stops and starts the daemon completely. Hmm, worth playing around
before I bring out the big hammer, eh?
This one is supposed to read in the binary-hashed nsd.db file and
difffile ixfr.db and merge in any changes to the ASCII-format zone files
if they've been updated (which allows trimming the diffile). Also,
if any of the ASCII format zonefiles have changed, nsd.db gets rebuilt
and nsd reloaded:
iroot@gruyere:/etc/nsd3 # nsdc patch
reading database
reading updates to database
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
writing changed zones
zone e.9.1.0.5.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa had not changed.
zone bluedreamz.com had not changed.
zone cherylmorris.com had not changed.
zone sf-lug.com had not changed.
zone substancez.com had not changed.
zone svlug.com had not changed.
zone substancez.net had not changed.
zone svlug.net had not changed.
writing zone balug.org to file secondary/balug.org.zone
writing zone saclug.org to file secondary/saclug.org.zone
writing zone sf-lug.org to file secondary/sf-lug.org.zone
zone sflug.org had not changed.
zone substancez.org had not changed.
zone svlug.org had not changed.
done
root@gruyere:/etc/nsd3
(That was a good thing to do, but not directly relevant to the
adding-a-zone problem.)
Are we there, yet?
root@gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root@gruyere:/etc/nsd3 #
Still nope. Running short on patience and tempted to switch to the
big hammer:
root@gruyere:/etc/nsd3 # nsdc rebuild
root@gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root@gruyere:/etc/nsd3 # nsdc reload
root@gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root@gruyere:/etc/nsd3 # nsdc update
Sending notify to localhost to update secondary zones...
[1554790316] nsd-notify[3623]: warning: bad reply from 127.0.0.1 for zone sflug.org., error response NAME ERROR (3).
root@gruyere:/etc/nsd3 #
Brief sanity check to make sure I don't have a syntax error:
root@gruyere:/usr/share/doc/nsd3 # nsd-checkconf /etc/nsd3/nsd.conf
root@gruyere:/usr/share/doc/nsd3 #
Well, that's reassuring. (Snip interlude where I checked everything in
/usr/share/doc/nsd/ , and every relevant-seeming Web-search hit.)
{sigh} Time for the big hammer:
root@gruyere:/etc/nsd3 # nsdc restart
root@gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
root@gruyere:/etc/nsd3 #
Et voila, we're there. (One of these days, I'll either figure out how
to add/remove zones in nsd.conf without restarting the daemon, or
determine that it's a limitation of the software and stop looking.)
Michael, care to knock on Aaron T. Porter's door?
_______________________________________________
sf-lug mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sf-lug@linuxmafia.com">sf-lug@linuxmafia.com</a>
<a class="moz-txt-link-freetext" href="http://linuxmafia.com/mailman/listinfo/sf-lug">http://linuxmafia.com/mailman/listinfo/sf-lug</a>
SF-LUG is at <a class="moz-txt-link-freetext" href="http://www.sf-lug.org/">http://www.sf-lug.org/</a>
</pre>
</blockquote>
<br>
</body>
</html>