[Smaug] Eric, David, Paul, and Mox: Problem at your nameservers

Paul hall phall at csumb.edu
Wed May 18 12:07:56 PDT 2011


have to plead ignorance CSUmb does not host this dns

Sent from Paul's iPhone 

Paul Hall
Senior Operations Analyst
Information Technology
831.582.3802
paul at csumb.edu

On May 18, 2011, at 11:36 AM, Rick Moen <rick at linuxmafia.com> wrote:

> [Guys who are CCd:  Your nameservice for scruz.org is broken.  Please
> advise.  Thanks.  See below.]
> 
> 
> Quoting Peter Belew (peterbe at sonic.net):
> 
>> Right now, our http://scruz.org / http://scruz.got.net web site seems
>> to be down - in fact got.net seems to be down. Anyone know about that?
> 
> First, no.  I pulled up a Web browser and got it immediately.
> 
> ~ $ lynx -dump www.scruz.org | more
>         [1]Smaug - Technology Enthusiasts of Santa Cruz, California
> 
>   Meetings and Events
> 
>   Mail List
> 
>   In order to post on the mail list, it is necessary to join the list.
>   Click on "Mail List for SMAUG" below for instructions.
> 
>   Smaug Meetings
> 
>   We are now meeting at [2]Mr Toots in Capitola Village, at 7:30 pm on
>   Thursday evenings.
>   [...]
> 
> However, looks like a bunch of our five nameservers are flaking out on
> us:
> 
> $ whois scruz.org | grep 'Name Server'
> Name Server:NS1.SCRUZ.ORG
> Name Server:NS2.SCRUZ.ORG
> Name Server:NS3.SCRUZ.ORG
> Name Server:NS4.SCRUZ.ORG
> Name Server:NS5.SCRUZ.ORG
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> $ 
> 
> And, by the way, checking the rest of the 'whois' results confirms that
> the domain's still registered and in current, unexpired status:
> 
> Domain Name:SCRUZ.ORG
> Created On:30-Dec-2001 09:10:30 UTC
> Last Updated On:17-May-2006 16:46:17 UTC
> Expiration Date:30-Dec-2013 09:10:30 UTC
> Sponsoring Registrar:TierraNet Inc. dba DomainDiscover (R86-LROR)
> Status:CLIENT TRANSFER PROHIBITED
> Registrant ID:TNTN-0000311033
> Registrant Name:The Linux ETC Company
> 
> 
> Querying each of the five nameservers for the 'SOA' record, which
> includes the zonefile S/N subfield and the (subfield that by social
> convention is) location of the master nameserver:
> 
> 
> $ dig -t soa scruz.org +short @NS1.SCRUZ.ORG
> ns1.scruz.org. rick.deirdre.NET. 2008072800 10800 3600 2419200 86400
> $ dig -t soa scruz.org +short @NS2.SCRUZ.ORG
> ;; connection timed out; no servers could be reached
> $ dig -t soa scruz.org +short @NS3.SCRUZ.ORG
> $ dig -t soa scruz.org +short @NS4.SCRUZ.ORG
> ;; connection timed out; no servers could be reached
> $ dig -t soa scruz.org +short @NS5.SCRUZ.ORG
> ;; connection timed out; no servers could be reached
> $
> 
> ns1.scruz.org is identified in the first return result as the master
> nameserver.  It, as a reminder, is _my_ nameserver, IP 198.144.195.186,
> better known as linuxmafia.com.  The other four you can identify by a
> couple of uses of the 'dig' command, but I happen to have a cheatsheet
> in my /etc/bind/named.conf.local file's stanza for scruz.org:
> 
> //For the Smaug group
> zone "scruz.org" {
>        type master;
>        file "/etc/bind/scruz.org.zone";
>        allow-query { any; };
>        allow-transfer {
>        //Eric Cain <ecain at phosphor.net>, 408-293-3829
>        //ns2.scruz.org aka ns1.phosphor.net is:
>        207.7.137.130;
>        //David A. Gatwood <dgatwood at gatwood.net>, 408-974-7347
>        //ns3.scruz.org aka ns.infiniteloopfilms.com is: 
>        68.165.1.187;
>        //Paul Hall <paul at csumb.edu>, 831 402 2311 cell
>        //ns4.scruz.org is:
>        74.95.202.57;
>        //Max Baker, max at warped.org, maxbaker at gmail.com
>        //ns5 aka ns.portalpotty.net is:
>        64.34.174.102;
>        };
> };
> 
> 
> Wow, guys:  Four out of five nameservers flaking out is disappointing.
> I hope y'all fix that.
> 
> I neglected to add a comment line to /etc/bind/named.conf.local with 
> contact information for Crawford Rainwater of Linux Etc Company, who
> kindly picks up the tab for the domain renewals and is owner of the
> domain.  I'll go find his contact information and remedy that omission.  
> 
> I think I'll need to write him to add an additional nameserver --
> possibly more than one if our four misbehaving nameservers aren't fixed,
> but I have in mind to add SVLUG's nameserver.
> 
> 
> And, Peter?  Above shows how to meaningfully diagnose connectivity
> problems.  You start with:  Is the domain still registered?  Good.
> What are its nameservers?  Do each of the nameservers respond with the
> correct data, e.g., serve up the same zonefile S/N in the SOA record?
> Do they serve up the correct IP for 'www', etc.?  Finally, does the IP
> respond to ping, and can you pull down the desired content from port 80
> (HTTP), e.g., with lynx?
> 
> Those data are meaningful.  Just saying 'the site is down' doesn't
> actually say anything specific.  It just lets other people know that
> _you_ had a problem, but not anything about why or how, which is
> probably not what you want.
> 
> 
> Finally, it's obvious that some sort of periodic checking of the
> nameservice will be necessary going forward.  Here's a cron script I've
> written to send me a weekly report every Sunday about the six
> nameservers for my _own_ domain, linuxmafia.com:
> 
> 
> #!/bin/sh
> 
> # mydomains     Cron script to sanity-check my domain's SOA records at
> #               all of its authoritative nameservers, as a quick and 
> #               dirty way of making sure (1) they're all online and
> #               (2) they're all serving up the same data (or at least
> #               data with the same zonefile serial number).
> #  
> #               The script queries all five nameservers for their current
> #               SOA value (for linuxmafia.com), and then uses awk to parse 
> #               out of that verbose record just the S/N field, which is 
> #               field #3.  The point is that you can visually spot offline 
> #               or aberrant nameservers by their S/Ns being (respectively) 
> #               missing or an out-of-step value.
> #
> #        Written by Rick Moen (rick at linuxmafia.com)
> #        $Id: cron.weekly,v 1.02 2009/11/17 17:04:05 rick
> 
> set -o errexit  #aka "set -e": exit if any line returns non-true value
> set -o nounset  #aka "set -u": exit upon finding an uninitialised variable
> 
> test -x /usr/bin/mail || exit 0
> 
> {
> dig -t soa linuxmafia.com. @NS.PRIMATE.NET. +short | awk {'print $3'}
> dig -t soa linuxmafia.com. @NS.TX.PRIMATE.NET. +short | awk {'print $3'}
> dig -t soa linuxmafia.com. @NS3.LINUXMAFIA.COM. +short | awk {'print $3'}
> dig -t soa linuxmafia.com. @NS1.THECOOP.NET. +short | awk {'print $3'}
> dig -t soa linuxmafia.com. @NS1.LINUXMAFIA.COM. +short | awk {'print $3'}
> } |
> /usr/bin/mail -s "Domain linuxmafia.com SOA check" rick at linuxmafia.com
> 
> 
> 
> That's trivial and I don't think it even is entitled to copyright, but
> if it is, consider this line included:
> 
> Copyright (C) Rick Moen, 2011.  Do anything you want with this work.
> 
> 
> How about a few of you who run Linux or some other *ix on something
> (including Mac OS X) step forward and say 'Good idea.  I'll be running
> that as a cronjob from now on, to monitor Smaug's DNS'?  Anyone?
> 



More information about the Smaug mailing list