Hi folks
With help from this list I recently updated my DNS configuration to provide for a primary and secondary DNS server where the primary DNS server is my host inside my domain and the secondary server is provided by AT&T
I discovered that the secondary server on file with my registrar was wrong so I got the right data and they claim to have created a glue record but I'm still getting that host is not responding
*primary dns ws.linuxlighthouse.com http://ws.linuxlighthouse.com* *Secondary server ns2.swbell.net http://ns2.swbell.net*
would some kind soul direct me to a coherent glue (or duct tape) record test?
also, given some domain name how do you know which top level domain name servers should be the first set that you query to locate your domain in question??
tia...
On Fri, 14 May 2021 13:14:08 -0700 Jack Craig jack.craig.aptos@gmail.com wrote:
Hi folks
With help from this list I recently updated my DNS configuration to provide for a primary and secondary DNS server where the primary DNS server is my host inside my domain and the secondary server is provided by AT&T
I discovered that the secondary server on file with my registrar was wrong so I got the right data and they claim to have created a glue record but I'm still getting that host is not responding
*primary dns ws.linuxlighthouse.com http://ws.linuxlighthouse.com* *Secondary server ns2.swbell.net http://ns2.swbell.net*
would some kind soul direct me to a coherent glue (or duct tape) record test?
also, given some domain name how do you know which top level domain name servers should be the first set that you query to locate your domain in question??
tia...
Primary: ]$ dig ws.linuxlighthouse.com
; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> ws.linuxlighthouse.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14144 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 2
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ws.linuxlighthouse.com. IN A
;; ANSWER SECTION: ws.linuxlighthouse.com. 172284 IN A 108.220.213.121
;; AUTHORITY SECTION: . 54377 IN NS k.root-servers.net. . 54377 IN NS a.root-servers.net. . 54377 IN NS j.root-servers.net. . 54377 IN NS m.root-servers.net. . 54377 IN NS b.root-servers.net. . 54377 IN NS l.root-servers.net. . 54377 IN NS d.root-servers.net. . 54377 IN NS c.root-servers.net. . 54377 IN NS i.root-servers.net. . 54377 IN NS f.root-servers.net. . 54377 IN NS e.root-servers.net. . 54377 IN NS g.root-servers.net. . 54377 IN NS h.root-servers.net.
;; ADDITIONAL SECTION: a.root-servers.net. 151362 IN A 198.41.0.4
;; Query time: 3 msec ;; SERVER: 192.168.168.10#53(192.168.168.10) ;; WHEN: Fri May 14 22:42:09 CEST 2021 ;; MSG SIZE rcvd: 294
Secondary: $ dig @ns2.swbell.net ws.linuxlighthouse.com
; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> @ns2.swbell.net ws.linuxlighthouse.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 7882 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ws.linuxlighthouse.com. IN A
;; Query time: 143 msec ;; SERVER: 151.164.11.218#53(151.164.11.218) ;; WHEN: Fri May 14 22:39:57 CEST 2021 ;; MSG SIZE rcvd: 51
BR, Bob
On 15/05/2021 04:14, Jack Craig wrote:
Hi folks
With help from this list I recently updated my DNS configuration to provide for a primary and secondary DNS server where the primary DNS server is my host inside my domain and the secondary server is provided by AT&T
I discovered that the secondary server on file with my registrar was wrong so I got the right data and they claim to have created a glue record but I'm still getting that host is not responding
*primary dns ws.linuxlighthouse.com http://ws.linuxlighthouse.com* *Secondary server ns2.swbell.net http://ns2.swbell.net*
would some kind soul direct me to a coherent glue (or duct tape) record test?
also, given some domain name how do you know which top level domain name servers should be the first set that you query to locate your domain in question??
tia...
In addition to what Bob has written.
I have configured my test named server to request a zone transfer from your system. Basically, setting it as a secondary. Although non-authoritative, it successfully requested and received a zone transfer.
May 15 04:43:33 f33k.greshko.com systemd[1]: Started Berkeley Internet Name Domain (DNS). May 15 04:43:33 f33k.greshko.com named[1069]: running May 15 04:43:33 f33k.greshko.com named[1069]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted May 15 04:43:33 f33k.greshko.com named[1069]: resolver priming query complete May 15 04:43:33 f33k.greshko.com named[1069]: zone linuxlighthouse.com/IN: Transfer started. May 15 04:43:34 f33k.greshko.com named[1069]: transfer of 'linuxlighthouse.com/IN' from 108.220.213.121#53: connected using 192.168.122.26#49381 May 15 04:43:34 f33k.greshko.com named[1069]: zone linuxlighthouse.com/IN: transferred serial 2021051201 May 15 04:43:34 f33k.greshko.com named[1069]: transfer of 'linuxlighthouse.com/IN' from 108.220.213.121#53: Transfer status: success May 15 04:43:34 f33k.greshko.com named[1069]: transfer of 'linuxlighthouse.com/IN' from 108.220.213.121#53: Transfer completed: 1 messages, 7 records, 229 bytes, 0.162 secs (1413 bytes/sec) May 15 04:43:34 f33k.greshko.com named[1069]: zone linuxlighthouse.com/IN: sending notifies (serial 2021051201)
My clock is GMT+8.
You should check your logs that time period to see the request.
Then, you should look for similar log entries for ns2.swbell.net. If you don't find it, they have not done a zone transfer and as such haven't gotten a copy of your information.
On 5/14/21 1:14 PM, Jack Craig wrote:
Hi folks
With help from this list I recently updated my DNS configuration to provide for a primary and secondary DNS server where the primary DNS server is my host inside my domain and the secondary server is provided by AT&T
I discovered that the secondary server on file with my registrar was wrong so I got the right data and they claim to have created a glue record but I'm still getting that host is not responding
*primary dns ws.linuxlighthouse.com http://ws.linuxlighthouse.com* *Secondary server ns2.swbell.net http://ns2.swbell.net*
would some kind soul direct me to a coherent glue (or duct tape) record test?
also, given some domain name how do you know which top level domain name servers should be the first set that you query to locate your domain in question??
pick a random root-server: ( [a..m] means a through m )
dig @[a..m].root-servers.net. linuxlighthouse.com.
will give you the servers for com.
which are [a..m].gtld-servers.net.
dig @[a..m].gtld-servers.net. linuxlighthouse.com.
;linuxlighthouse.com. IN A
;; AUTHORITY SECTION: linuxlighthouse.com. 172800 IN NS ns2.swbell.net. linuxlighthouse.com. 172800 IN NS ws.linuxlighthouse.com.
;; ADDITIONAL SECTION: ws.linuxlighthouse.com. 172800 IN A 108.220.213.121
The A record points to your primary.
If you need to find out about your IP address you use the ARPA servers
dig @[a..f].in-addr-servers.arpa. 121.213.220.108.in-addr.arpa.
will give you the servers for 108.in-addr.arpa.
dig @[ruxyz].arin.net. 121.213.220.108.in-addr.arpa.
gives you bell nameservers. Now that you are there you must search for your PTR record.
;121.213.220.108.in-addr.arpa. IN PTR
;; ANSWER SECTION: 121.213.220.108.in-addr.arpa. 7200 IN PTR ws.linuxlighthouse.com.
;; AUTHORITY SECTION: 213.220.108.in-addr.arpa. 7200 IN NS ns2.swbell.net. 213.220.108.in-addr.arpa. 7200 IN NS ns3.sbcglobal.net. 213.220.108.in-addr.arpa. 7200 IN NS ns1.swbell.net.
On 5/14/21 5:21 PM, Mike Wright wrote:
On 5/14/21 1:14 PM, Jack Craig wrote:
Hi folks
With help from this list I recently updated my DNS configuration to provide for a primary and secondary DNS server where the primary DNS server is my host inside my domain and the secondary server is provided by AT&T
I discovered that the secondary server on file with my registrar was wrong so I got the right data and they claim to have created a glue record but I'm still getting that host is not responding
*primary dns ws.linuxlighthouse.com http://ws.linuxlighthouse.com* *Secondary server ns2.swbell.net http://ns2.swbell.net*
Are you absolutely certain that at&t told you that ns2.swbell.net is your secondary? If so, your server is publishing correct information. The gtld servers are also publishing the correct information. The big recursive servers (think google, etc) are publishing correct information. ns2.swbell.net is saying REFUSED. That leads me to believe they haven't updated their server(s) with your information.
On Fri, 2021-05-14 at 13:14 -0700, Jack Craig wrote:
With help from this list I recently updated my DNS configuration to provide for a primary and secondary DNS server where the primary DNS server is my host inside my domain and the secondary server is provided by AT&T
I discovered that the secondary server on file with my registrar was wrong so I got the right data and they claim to have created a glue record but I'm still getting that host is not responding
primary dns ws.linuxlighthouse.com Secondary server ns2.swbell.net
When it comes to using primary and secondary servers, the primary server needs to update the secondary when changes happen (it sends "notifications") and the secondary server needs to accept them.
This should be automatic. If manual intervention is required, either something is wrong, or their system is deliberately configured in a way that manual intervention is always going to be required. That's not a good thing for you.
As to which one you ought to use and declare as your primary server, it should be the real primary one. And it should be the fastest one with the ability to handle the workload.
would some kind soul direct me to a coherent glue (or duct tape) record test?
Your "dig" tool can query any DNS server, so pick some servers that other people will be querying (to see what they will see).
Remember that you've set time-to-live and expiry times, each server will/can cache results for those time periods, and any changes may propagate through slowly. Some systems completely ignore your times, and do whatever they feel like (huge long cache times, tiny ones, whatever).
Having a domain answer its own queries (your name server, and the answer it gives for your domain at the same IP), is a chicken and egg situation. If I want the IP for example.com, and example.com is the name server going to answer that question, how to I connect to it to find out its IP? Something outside of that has to set queries going in the right direction. In essence, a third party is going to give them an IP address for your nameserver (most likely, your DNS registrar).
See: https://ns1.com/blog/glue-records-and-dedicated-dns or: https://serverfault.com/questions/309622/what-is-a-glue-record
This is yet another reason I don't act as my public DNS server.
also, given some domain name how do you know which top level domain name servers should be the first set that you query to locate your domain in question??
How things query DNS systems is generally automatic (other than your manual testing). A system asked to find out about linuxlighthouse.com will find out (or already know) who to first ask about .com top-level domains. Then it'll query one of them about who to ask about linuxlighthouse.com. Then it'll query that one for the answers.
Think of a family tree, searched in the opposite direction.
-
Bob Marcan -
Ed Greshko -
Jack Craig -
Mike Wright -
Tim