Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am cleaning up a mess with a domain name and some DNS servers and had a question about the NS record found inside the zone file. Should the NS records match the NS records entered at the domain registrar?
These are the "authoritative" name servers for the domain and my guess is that they should match. In my scenario, there are four name serves in the environment, but only two servers are defined in the registrar as authorative.
this is what is defined in the registrar:
These are the four servers in the environment:
This is what is defined in a sample zone sitting on the domain.
We recently ran into an issue where did not not update server NS2.company.com of a new zone and I am wondering why it caused intermittent problems, since NS2.company.com was not listed in the registrar's database, just ns1.company.com and ns1.company-alias.com.
The authoritative servers knew about the unlisted servers, right? So some Internic server says "Ask the authoritative server at a.b.c.a(primary) or a.b.c.b(secondary) what IP addresses can answer questions about domain fubar.com." That a.b.c.a/b are your authoriative servers. When asked, your authoritative server knew about all servers that could answer questions, so it replied "You can get answers about fubar.com from a.b.c.1, a.b.c.2, a.b.c.3, and a.b.c.4."
1 JOHN 1 Christ was Alive when the world began
All any tld registrar is doing is pointing to your servers. So if you need answers about mydomain.com, here's the address for answers. The registrar has no purpose other than telling a dns lookup to look at your servers for answers.
I know this is old school, but quite effective. Substitute with your proper domain names. From any Linux command line as an admin type;
<OUTPUT OF ALL AUTH DNS SERVERS>
<OUTPUT OF ALL AUTH DNS SERVERS>
Repeat for all bind servers. And for any stub zones, even if on the same server. Can't hurt to check the slave servers also.
The output will list all of the name servers you have listed in your bind configurations. You will need to repeat for each bind server and for each domain name. Of course, this information is coming from your zone files such as /var/named/pz/mycompany.com
I suspect what you wanted to do was setup a stealth or non-authoritative test bind server. More info can be found here.
I just reread the original post. When you register a DNS IP address with your domain registration, that is not the final answer. The next step is the DNS lookup asks the server it was pointed to, which is what you control, what are your name server IP addresses? If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.
Thank you for your time on this, in reference to your quote below, where is this "list". When I do a domain whois all i see is my 2 authoritative DNS servers. It would be nice to see the extra two somewhere.
Originally Posted by Suncoast
If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.
The list I refer to is what some remote DNS server gets as a response to it's query. When my DNS server asks your bind server for information, it caches that information until the cache time expires. That cached information includes a list of your authoritative Name Servers.
These would be the zone records on your name servers. Locations of the files vary by installation. Normally, the location of these files are defined in the file named.conf or older named.boot. Normally each domain zone file is given the name of the domain it represents. If setup this way, you should be able to search for the zone file or config file. For example, if I were hosting the domain biblegateway.com, I would have the following file in the following directory:
(Or I could do a "find -name biblegate*" from root) Within that file, after the SOA (Start of Authority) section I will have "NS" lines, which, as the authoritative name server, represent my name server names. If I have improper NS records here, I will have problems.
After that, in the same file, I will have "A" lines. These "A" records define the IP address for the names I defined under the "NS" lines. So it would look like:
ns1 A 18.104.22.168
ns2 A 22.214.171.124
I do have private email enabled here if you need a quicker response or would like to send me your real domain names. I'm unemployed, but I've been busy lately doing a few temp jobs.