Re: DNS

[Brian Candler <B.Candler at pobox.com>]

On Sat, Jun 24, 2000 at 12:21:47PM +0300, ksemat at eahd.or.ug wrote:
> So the problem has nothing to do with the fact that I am not authoritative
> for my reverse zone. I can run a name server with just entries in the
> reverse zone files for my server without being the SOA myself?

I don't understand the question, because there is no such thing as "being
the SOA". SOA is a type of record stored within the DNS. Let me try to
explain.

For some zones, you will be 'authoritative': that is, you are configured as
either primary or secondary. If someone sends a query for a zone for which
you are authoritative (which could be one of your local clients), then you
will respond with the answer immediately without reference to any other
nameserver.

For the rest, you will be 'non-authoritative' or caching: that is, you go
look for the answer somewhere else, return the answer to the person who
asked, then keep a temporary copy in case one of your clients asks for the
same information again (before the information has expired - TTL)

There is then the question of 'delegation'. That is, how do caching servers
find the authoritative servers with the information they need? Delegation
comes from the higher level above you, by them putting NS records pointing
to your authoritative nameservers (of which you should have at least two for
any particular zone, see RFC2182)

Now, delegation and authority don't necessarily coincide.

* If you are authoritative for a zone, but do not receive delegation, then
you are a "stealth" authoritative nameserver. For example, you could be a
"stealth primary", where the actual delegated nameservers are all secondary
to you. But because you are not listed in the higher level zone, you never
receive any queries about your zone from machines on the Internet at large;
they simply don't know that you exist.

Alternatively, you can be a stealth secondary, where you transfer the zone
from the primary but are not delegated to. This might be for reasons of
efficiency (reducing queries which go outside your nameserver). This is
perhaps what you mean you are doing for your reverse zone - someone else is
primary, and you are authoritative (secondary), but you are not delegated
to. This is fine, but I don't recommend it, for the simple reason that if
the primary changes to be a different machine, and you're not told about it,
you will have broken DNS.

* If you are NOT authoritative for a zone, but DO receive delegation, that
is called "Lame Delegation" and that is always a Bad Thing [TM].

> alpha:~ # uptime
>  12:02pm  up 14 days, 21:41,  1 user,  load average: 1.00, 1.00, 1.00

A continuous load average of 1.00 is not good, and this is getting closer to
the source of the problem. It may indicate (a) that there is a process in an
infinite loop, or (b) that you have a process stuck on I/O which cannot
complete. For example, you may have an NFS mount to an NFS server which is
down or unreachable.

To check for (a), look at "top" and see if there is a process hogging 100%
of the CPU.

Checking for (b) is a bit more difficult. In "top", look for processes in
state D - if there is one, that will be the culprit. Do "mount" and then do
an 'ls' in each of the mounted partitions, and see if one hangs. It might be
that you have a faulty hard-drive which is unable to read or write a
particular block, although in that case I would expect to see errors in
/var/log/messages

> alpha:~ # free
>              total       used       free     shared    buffers     cached
> Mem:        127836     122436       5400      45324      38296      55604
> -/+ buffers/cache:      28536      99300
> Swap:       136512        116     136396

OK that's fine, lots of free swap space, and 99M RAM free (not including
cached disk blocks)

> also here is what I get from rpm -V bind8
> alpha:~ # rpm -V bind8
> Unsatisfied dependencies for bind8-8.1.2-48: bind, bind8
> S.5....T c /etc/named.conf
> Also here is the output from rpm -V bind
> Unsatisfied dependencies for bind-4.9.7-60: bind8, bind, bind, bind, bind
> S.5....T c /etc/named.boot
> S.5....T c /sbin/init.d/named
> S.5....T   /usr/bin/addr
> S.5....T   /usr/bin/dig

Bleurgh. You have two different versions of bind installed simultaneously.

The package 'bind' is complaining that all its files are wrong:

S = File size is wrong
5 = MD5 checksum is wrong (i.e. it's a different file)
T = Timestamp is wrong

Having said that, I don't _think_ that the fact you have installed one
version of BIND on top of another version will cause you problems. Since
'bind8' doesn't report any differences (except the config file, of course)
then I think you are OK.

> As for kernel it says package kernel is not installed I think it is
> probably called something else I will check.

It's called "kernel" in Red Hat, but if you are running a different
distribution it might be called something else.

Regards,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a requet to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is mantained by owner-afnog at afnog.org