[sdnog] DNS problem

Hiba Eltigani higba6 at gmail.com
Wed Jan 7 10:17:40 SAST 2015 

So, as a way to help you determine whether your DNS is authoritative or
not, try to check if you have any zones files hosted in the server.
Probably a location inside the "named" folder.
If you are using Linux, the following command might help. It will give list
of all locations with that name.

find / -name named

BR
On Jan 7, 2015 10:52 AM, "Manhal Mohammed" <manhal_muhamed at hotmail.com>
wrote:

>
>
>
> hello SdNoggers  and Happy new year to you all ^_^
>
> really thank you Nishal and Daniel  for the very  useful informations
> "with a lot of tasks to do"  ^_^   I'm really interested in  DNS  ^_^
>
> first :
>          now we are  working on having our own IP addresses from AfriNic
> , coz that will solve our major problems
> and when that happen i will return with tons of questions to to ask ^_^
> and i would be very glad if my problems will help others to learn  :)
> second :
>      i would like to inform you that or two NSs "actually it's one" are on
> different geographical locations
> and i am not quite sure what my DNS is "I'm new in this field" !!!
> is it authoritative or cached !! or both and that's lead to this question
> : how to know if its auth. or cached DNS ?
>
> bear my questions :D
>
>
>
>
>
>
> > > Hello SdNoggers
> > > This is my first time on this mailing list , I am Manhal Mohammed from
> the National Data Center ,
> >
> > hi manhal, and happy 2015 !
> >
> > > I have some questions in the DNS
> > >
> > > first one :
> > > Our DNS design is stealth “split-horizon” , we have two NS , NS0 & NS1
> each from different ISP for availability , But NS1 is unreachable due to
> networks problem, can I use the two name servers in the same ISP ?? is that
> an issue to consider ? because now we are working just with one NS and this
> is very bad
> >
> > yes, you can have two name-servers, running through the same ISP. as
> mentioned, though, that does leave you with a single point of failure
> should you have an issue with the ISP....however, working with just one
> name-server from a single ISP, is worse than two working DNS servers. right
> now, if you lose the single DNS server, you're in deep trouble. if you lose
> the internet link, well, DNS is not the only problem you're going to have
> ;-)
> >
> > but - that should also give you an idea about how / where you place your
> DNS servers. so i'm going to assume that both your DNS servers are at your
> data-centre. have you considered locating one somewhere else? geographic
> separation is a Good Thing if you have to worry about losing internet
> access / power / floods / etc. and if your worry is that you want it to be
> in the capital, why don't you consider hosting it at one of the ISPs to
> give you off-site redundancy? that way you don't have to worry about the
> server losing internet connectivity as ISP hosting environments are
> generally quite stable !
> >
> > it should also give you a little hint about addressing, and design; a
> good thing to do, if you have two ISPs, is to get your own IP addresses,
> and ASN from AfriNIC, and then multi-home using this BGP, and your "own"
> address space. there are many people on this list that can help you do this
> ;-) then, it doesn't really matter if you temporarily lose a single
> internet link, since you can easily re-route via the other ISP. if your
> network design today, has you using two ISPs, then this multihoming is
> definitely the path that i would suggest to you.
> >
> > it sounds to me like you have quite a bit of work to do:
> > * sort out your internet connectivity
> > * get a second DNS server running asap
> > * figure out this multihoming stuff
> > * ...
> >
> > it would be great if you were willing to discuss some more of these
> issues here, to give everyone a chance to learn (and see how you're doing
> things!)
> >
> >
> >
> >
> > > second :
> > >
> > > how to apply or implement some sort of security for the DNS ? like
> chroot , now i am not using chroot , can i use it after installing the bind
> and working with it ? is that will affect the DNS server , is there any
> risks ???
> >
> > in general, chroot'ing your DNS daemon is a good thing. someone who
> knows this better than i do, has promised to respond to this :-)
> >
> >
> >
> > > third and last one :
> > >
> > > is flushing the DNS cache will affect it ?
> >
> > from what i understand, you are describing your auth name-servers,
> right? auth-servers don't keep a DNS cache, so flushing this won't make a
> difference. unless you run your auth servers, and your DNS caches on the
> same server. that's not really recommended, and something that you should
> change ASAP !
> >
> > do you run both the auth + caches on the same servers ?
> >
> > --n.
>
> _______________________________________________
> Sdnog mailing list
> Sdnog at sdnog.sd
> http://lists.sdnog.sd/mailman/listinfo/sdnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20150107/3be78a01/attachment.html>

More information about the sdnog mailing list