On Sun, May 2, 2021 at 1:58 PM Doug H. <fedoraproject.org@wombatz.com> wrote:
On Sat, May 1, 2021, at 2:50 PM, Ed Greshko wrote:

> BTW, if you decide to go ahead with using views it would be helpful if you have
> a system on the "outside" for you to use to test queries.
>
> As I understand it, all your "internal" systems have 10.0.0.X IP addresses.


Yup. Something else I just noticed that *might* be important...

i think you are right, i've been wondering about the ns3's behaviour as the dnscheck page keeps telling me i have only one responding dns.
as it is part of the at&t dns, i have been ignoring this; now is the time to deal with it....

i am sporting mike's recent config file cuz its So much prettier than my hack. i hacked in a CAAA record & updated teh serial number giving me, ...

$TTL 3D    ; default ttl for records without a specified lifetime
$ORIGIN linuxlighthouse.com.
linuxlighthouse.com.     CAA       0 issue "letsencrypt.org"
@   IN  SOA     ws.linuxlighthouse.com. root.linuxlighthouse.com. (
                      2021050301   ;  serial number
                      16384        ;  ns refresh
                      2048         ;  ns retry
                      1048576      ;  authority expiry
                      2560        );  min (RFC2308 §4)
     IN NS      ws.linuxlighthouse.com.
     IN NS      ns3.attdns.com.
;    IN MX      linuxlighthouse.com.
ws   IN A       108.220.213.121
     IN A       108.220.213.121


as an aside, if i add  'www in a  108.220.213.121'

would properly define 'www.linuxlighthouse.com' ???

/usr/sbin/named-compilezone -i full -o - linuxlighthouse.com /var/named/linuxlighthouse.com.db

zone linuxlighthouse.com/IN: loaded serial 2021050301
linuxlighthouse.com.      259200 IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. 2021050301 16384 2048 1048576 2560
linuxlighthouse.com.      259200 IN NS ws.linuxlighthouse.com.
linuxlighthouse.com.      259200 IN NS ns3.attdns.com.
linuxlighthouse.com.      259200 IN CAA 0 issue "letsencrypt.org"
ws.linuxlighthouse.com.      259200 IN A 108.220.213.121


>dig @WS.LINUXLIGHTHOUSE.COM LINUXLIGHTHOUSE.COM ns

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @WS.LINUXLIGHTHOUSE.COM LINUXLIGHTHOUSE.COM ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39676
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2da4654bcbbfcf2e20c614f6608f10fb5882579a181961d8 (good)
;; QUESTION SECTION:
;LINUXLIGHTHOUSE.COM.           IN      NS

;; ANSWER SECTION:
linuxlighthouse.com.    86400   IN      NS      ws.linuxlighthouse.com.

;; ADDITIONAL SECTION:
ws.linuxlighthouse.com. 86400   IN      A       108.220.213.121

;; Query time: 97 msec
;; SERVER: 108.220.213.121#53(108.220.213.121)
;; WHEN: Sun May 02 13:52:11 PDT 2021
;; MSG SIZE  rcvd: 128


That says that ws.linuxlighthouse.com is the one and only name server for the domain. Whereas whois shows the more normal 2 minimum:

>whois LINUXLIGHTHOUSE.COM | grep ^Name
Name Server: WS.LINUXLIGHTHOUSE.COM
Name Server: NS3.ATTDNS.COM

So, even if you let NS3.ATTDNS.COM pull the zone from you it might not work correctly if they just use the zone you feed them without adding themselves to the mix with an NS record.

is my registrar or attdns the player to whine to?



--
Doug Herr
fedoraproject.org@wombatz.com
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure