On Sun, May 2, 2021 at 1:58 PM Doug H. <fedoraproject.org(a)wombatz.com>
wrote:
On Sat, May 1, 2021, at 2:50 PM, Ed Greshko wrote:
> BTW, if you decide to go ahead with using views it would be helpful if
you have
> a system on the "outside" for you to use to test queries.
>
> As I understand it, all your "internal" systems have 10.0.0.X IP
addresses.
Yup. Something else I just noticed that *might* be important...
*i think you are right, i've been wondering about the ns3's behaviour as
the dnscheck page keeps telling me i have only one responding dns.*
*as it is part of the at&t dns, i have been ignoring this; now is the time
to deal with it....*
*i am sporting mike's recent config file cuz its So much prettier than my
hack. i hacked in a CAAA record & updated teh serial number giving me, ...*
*$TTL 3D ; default ttl for records without a specified lifetime$ORIGIN
linuxlighthouse.com <
http://linuxlighthouse.com>.linuxlighthouse.com
<
http://linuxlighthouse.com>. CAA 0 issue "letsencrypt.org
<
http://letsencrypt.org>"@ IN SOA
ws.linuxlighthouse.com
<
http://ws.linuxlighthouse.com>.
root.linuxlighthouse.com
<
http://root.linuxlighthouse.com>. ( 2021050301 ;
serial number 16384 ; ns refresh
2048 ; ns retry 1048576 ;
authority expiry 2560 ); min (RFC2308 §4)
IN NS
ws.linuxlighthouse.com <
http://ws.linuxlighthouse.com>. IN
NS
ns3.attdns.com <
http://ns3.attdns.com>.; IN MX
linuxlighthouse.com <
http://linuxlighthouse.com>.ws IN A
108.220.213.121 IN A 108.220.213.121*
*as an aside, if i add 'www in a 108.220.213.121'*
*would properly define 'www.linuxlighthouse.com
<
http://www.linuxlighthouse.com>' ???*
/usr/sbin/named-compilezone -i full -o -
linuxlighthouse.com
/var/named/linuxlighthouse.com.db
zone
linuxlighthouse.com/IN: loaded serial 2021050301
linuxlighthouse.com. 259200 IN SOA
ws.linuxlighthouse.com.
root.linuxlighthouse.com. 2021050301 16384 2048 1048576 2560
linuxlighthouse.com. 259200 IN NS
ws.linuxlighthouse.com.
linuxlighthouse.com. 259200 IN NS
ns3.attdns.com.
linuxlighthouse.com. 259200 IN CAA 0 issue "letsencrypt.org"
ws.linuxlighthouse.com. 259200 IN A 108.220.213.121
>dig @WS.LINUXLIGHTHOUSE.COM
LINUXLIGHTHOUSE.COM ns
; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>>
@WS.LINUXLIGHTHOUSE.COM
LINUXLIGHTHOUSE.COM ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39676
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2da4654bcbbfcf2e20c614f6608f10fb5882579a181961d8 (good)
;; QUESTION SECTION:
;LINUXLIGHTHOUSE.COM. IN NS
;; ANSWER SECTION:
linuxlighthouse.com. 86400 IN NS
ws.linuxlighthouse.com.
;; ADDITIONAL SECTION:
ws.linuxlighthouse.com. 86400 IN A 108.220.213.121
;; Query time: 97 msec
;; SERVER: 108.220.213.121#53(108.220.213.121)
;; WHEN: Sun May 02 13:52:11 PDT 2021
;; MSG SIZE rcvd: 128
That says that
ws.linuxlighthouse.com is the one and only name server for
the domain. Whereas whois shows the more normal 2 minimum:
>whois
LINUXLIGHTHOUSE.COM | grep ^Name
Name Server:
WS.LINUXLIGHTHOUSE.COM
Name Server:
NS3.ATTDNS.COM
So, even if you let
NS3.ATTDNS.COM pull the zone from you it might not
work correctly if they just use the zone you feed them without adding
themselves to the mix with an NS record.
*is my registrar or attdns the player to whine to?*
--
Doug Herr
fedoraproject.org(a)wombatz.com
_______________________________________________
users mailing list -- users(a)lists.fedoraproject.org
To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure