[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS



What I mean't was that initially I wanted my ISP to delegate the reverse
zone for my IP to my nameserver that is simply what I meant by being the
SOA sorry for putting it out wrongly. I laso wanted it in such a way
that if someone wanted 208.132.129.216.in-addr.arpa they would be
directed to my server as the server from which to get authoritative
answers. Here is the output from top. 
  1:58pm  up 14 days, 23:36,  1 user,  load average: 1.00, 1.00, 1.00
42 processes: 39 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: 99.7% user,  0.1% system,  0.0% nice,  0.2% idle
Mem:  127836K av, 124108K used,   3728K free,  68472K shrd,  38280K buff
Swap: 136512K av,    116K used, 136396K free                 56408K cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT  LIB %CPU %MEM   TIME COMMAND
  232 root      12   0  2764 2764   540 R       0 99.5  2.1 17257m ntop
30929 root       1   0   772  772   596 R       0  0.3  0.6   0:01 top
    1 root       0   0   164  156   132 S       0  0.0  0.1   0:13 init
    2 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kflushd
    3 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kpiod
    4 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kswapd
    5 root       0   0     0    0     0 SW      0  0.0  0.0   0:00
md_thread
   12 root       0   0    52   24    20 S       0  0.0  0.0   0:01 update
   39 root       0   0   812  812   484 S       0  0.0  0.6   0:00 snmpd
   97 root       0   0   460  460   360 S       0  0.0  0.3   0:00 argus
  105 root       0   0   540  540   440 S       0  0.0  0.4   0:25 syslogd
  109 root       0   0   736  736   340 S       0  0.0  0.5   0:00 klogd
  136 at         0   0   448  448   364 S       0  0.0  0.3   0:00 atd
  229 root       0   0   512  512   424 S       0  0.0  0.4   0:00 lpd
  244 root       0   0  1060 1060   828 S       0  0.0  0.8   0:11
sendmail
  249 root       0   0   868  868   724 S       0  0.0  0.6   0:00 sshd2
  253 root       0   0   520  520   420 S       0  0.0  0.4   0:00 cron
  279 root       0   0   432  432   364 S       0  0.0  0.3   0:00
mingetty
So otherwise all these errors it is reporting about its files being wrong
should I just ignore them?
By the way I am running SuSE linux 6.1 on this machine.
On Sat, 24 Jun 2000, Brian Candler wrote:

> Date: Sat, 24 Jun 2000 11:11:07 +0100
> From: Brian Candler <B.Candler at pobox.com>
> To: ksemat at eahd.or.ug
> Cc: afnog at afnog.org
> Subject: Re: DNS
> 
> On Sat, Jun 24, 2000 at 12:21:47PM +0300, ksemat at eahd.or.ug wrote:
> > So the problem has nothing to do with the fact that I am not authoritative
> > for my reverse zone. I can run a name server with just entries in the
> > reverse zone files for my server without being the SOA myself?
> 
> I don't understand the question, because there is no such thing as "being
> the SOA". SOA is a type of record stored within the DNS. Let me try to
> explain.
> 
> For some zones, you will be 'authoritative': that is, you are configured as
> either primary or secondary. If someone sends a query for a zone for which
> you are authoritative (which could be one of your local clients), then you
> will respond with the answer immediately without reference to any other
> nameserver.
> 
> For the rest, you will be 'non-authoritative' or caching: that is, you go
> look for the answer somewhere else, return the answer to the person who
> asked, then keep a temporary copy in case one of your clients asks for the
> same information again (before the information has expired - TTL)
> 
> There is then the question of 'delegation'. That is, how do caching servers
> find the authoritative servers with the information they need? Delegation
> comes from the higher level above you, by them putting NS records pointing
> to your authoritative nameservers (of which you should have at least two for
> any particular zone, see RFC2182)
> 
> Now, delegation and authority don't necessarily coincide.
> 
> * If you are authoritative for a zone, but do not receive delegation, then
> you are a "stealth" authoritative nameserver. For example, you could be a
> "stealth primary", where the actual delegated nameservers are all secondary
> to you. But because you are not listed in the higher level zone, you never
> receive any queries about your zone from machines on the Internet at large;
> they simply don't know that you exist.
> 
> Alternatively, you can be a stealth secondary, where you transfer the zone
> from the primary but are not delegated to. This might be for reasons of
> efficiency (reducing queries which go outside your nameserver). This is
> perhaps what you mean you are doing for your reverse zone - someone else is
> primary, and you are authoritative (secondary), but you are not delegated
> to. This is fine, but I don't recommend it, for the simple reason that if
> the primary changes to be a different machine, and you're not told about it,
> you will have broken DNS.
> 
> * If you are NOT authoritative for a zone, but DO receive delegation, that
> is called "Lame Delegation" and that is always a Bad Thing [TM].
> 
> > alpha:~ # uptime
> >  12:02pm  up 14 days, 21:41,  1 user,  load average: 1.00, 1.00, 1.00
> 
> A continuous load average of 1.00 is not good, and this is getting closer to
> the source of the problem. It may indicate (a) that there is a process in an
> infinite loop, or (b) that you have a process stuck on I/O which cannot
> complete. For example, you may have an NFS mount to an NFS server which is
> down or unreachable.
> 
> To check for (a), look at "top" and see if there is a process hogging 100%
> of the CPU.
> 
> Checking for (b) is a bit more difficult. In "top", look for processes in
> state D - if there is one, that will be the culprit. Do "mount" and then do
> an 'ls' in each of the mounted partitions, and see if one hangs. It might be
> that you have a faulty hard-drive which is unable to read or write a
> particular block, although in that case I would expect to see errors in
> /var/log/messages
> 
> > alpha:~ # free
> >              total       used       free     shared    buffers     cached
> > Mem:        127836     122436       5400      45324      38296      55604
> > -/+ buffers/cache:      28536      99300
> > Swap:       136512        116     136396
> 
> OK that's fine, lots of free swap space, and 99M RAM free (not including
> cached disk blocks)
> 
> > also here is what I get from rpm -V bind8
> > alpha:~ # rpm -V bind8
> > Unsatisfied dependencies for bind8-8.1.2-48: bind, bind8
> > S.5....T c /etc/named.conf
> > Also here is the output from rpm -V bind
> > Unsatisfied dependencies for bind-4.9.7-60: bind8, bind, bind, bind, bind
> > S.5....T c /etc/named.boot
> > S.5....T c /sbin/init.d/named
> > S.5....T   /usr/bin/addr
> > S.5....T   /usr/bin/dig
> 
> Bleurgh. You have two different versions of bind installed simultaneously.
> 
> The package 'bind' is complaining that all its files are wrong:
> 
> S = File size is wrong
> 5 = MD5 checksum is wrong (i.e. it's a different file)
> T = Timestamp is wrong
> 
> Having said that, I don't _think_ that the fact you have installed one
> version of BIND on top of another version will cause you problems. Since
> 'bind8' doesn't report any differences (except the config file, of course)
> then I think you are OK.
> 
> > As for kernel it says package kernel is not installed I think it is
> > probably called something else I will check.
> 
> It's called "kernel" in Red Hat, but if you are running a different
> distribution it might be called something else.
> 
> Regards,
> 
> Brian.
> 

Sematimba Noah
Network Administrator
Uganda Online
-------------------------------------------------------------------------------
ksemat at eahd.or.ug P.O.Box 1254 Kampala 




-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a requet to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is mantained by owner-afnog at afnog.org