[sdnog] DNS problem

Manhal Mohammed manhal_muhamed at hotmail.com
Wed Jan 7 10:32:56 SAST 2015 

hello Hiba ^_^ yes i have zone files located on /var/named as my new tasks i'm responsible of adding new  zones to the DNS , but i'm still wondering weather its just authoritative or both auth + cashes DNS , i meant by my question if  there any  specific configuration to check , that shows me if its authoritative or cashes DNS 


So, as a way to help you determine whether your DNS is authoritative or not, try to check if you have any zones files hosted in the server. Probably a location inside the "named" folder. 

If you are using Linux, the following command might help. It will give list of all locations with that name.
find / -name named
BR

hello SdNoggers  and Happy new year to you all ^_^ 
really thank you Nishal and Daniel  for the very  useful informations "with a lot of tasks to do"  ^_^   I'm really interested in  DNS  ^_^ 
first :         now we are  working on having our own IP addresses from AfriNic , coz that will solve our major problems and when that happen i will return with tons of questions to to ask ^_^ and i would be very glad if my problems will help others to learn  :) second :      i would like to inform you that or two NSs "actually it's one" are on different geographical locationsand i am not quite sure what my DNS is "I'm new in this field" !!! is it authoritative or cached !! or both and that's lead to this question : how to know if its auth. or cached DNS ? bear my questions :D





> > Hello SdNoggers 
> > This is my first time on this mailing list , I am Manhal Mohammed from the National Data Center ,
> 
> hi manhal,  and happy 2015 ! 
> 
> > I have some questions in the DNS
> > 
> > first one : 
> > Our DNS design is stealth “split-horizon” , we have two NS , NS0 & NS1 each from different ISP for availability , But NS1 is unreachable due to networks problem, can I use the two name servers in the same ISP ?? is that an issue to consider ? because now we are working just with one NS and this is very bad 
> 
> yes, you can have two name-servers, running through the same ISP.  as mentioned, though, that does leave you with a single point of failure should you have an issue with the ISP....however, working with just one name-server from a single ISP, is worse than two working DNS servers.  right now, if you lose the single DNS server, you're in deep trouble.  if you lose the internet link, well, DNS is not the only problem you're going to have  ;-)
> 
> but - that should also give you an idea about how / where you place your DNS servers.  so i'm going to assume that both your DNS servers are at your data-centre.  have you considered locating one somewhere else?   geographic separation is a Good Thing if you have to worry about losing internet access / power / floods / etc.  and if your worry is that you want it to be in the capital, why don't you consider hosting it at one of the ISPs to give you off-site redundancy?  that way you don't have to worry about the server losing internet connectivity as ISP hosting environments are generally quite stable ! 
> 
> it should also give you a little hint about addressing, and design;  a good thing to do, if you have two ISPs, is to get your own IP addresses, and ASN from AfriNIC, and then multi-home using this BGP, and your "own" address space.  there are many people on this list that can help you do this  ;-)       then, it doesn't really matter if you temporarily lose a single internet link, since you can easily re-route via the other ISP.  if your network design today, has you using two ISPs, then this multihoming is definitely the path that i would suggest to you.  
> 
> it sounds to me like you have quite a bit of work to do: 
> * sort out your internet connectivity
> * get a second DNS server running asap
> * figure out this multihoming stuff 
> * ...
> 
> it would be great if you were willing to discuss some more of these issues here, to give everyone a chance to learn (and see how you're doing things!) 
> 
> 
> 
> 
> > second : 
> > 
> > how to apply or implement some sort of security for the DNS ? like chroot , now i am not using chroot , can i use it after installing the bind and working with it ? is that will affect the DNS server , is there any risks ??? 
> 
> in general, chroot'ing your DNS daemon is a good thing.  someone who knows this better than i do, has promised to respond to this  :-)
> 
> 
> 
> > third  and last one : 
> > 
> > is flushing the DNS cache will affect it ?
> 
> from what i understand, you are describing your auth name-servers, right?   auth-servers don't keep a DNS cache, so flushing this won't make a difference.  unless you run your auth servers, and your DNS caches on the same server.   that's not really recommended, and something that you should change ASAP ! 
> 
> do you run both the auth + caches on the same servers ? 
> 
> --n.
 		 	   		  

_______________________________________________

Sdnog mailing list

Sdnog at sdnog.sd

http://lists.sdnog.sd/mailman/listinfo/sdnog


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20150107/6f323543/attachment.html>

More information about the sdnog mailing list