[Smaug] Access to scruz.org was DNS problem.

Rick Moen rick at linuxmafia.com
Wed May 18 15:14:05 PDT 2011


Quoting Peter Belew (peterbe at sonic.net):

> The DNS problem which prevented access (by name) with our web site at
> http://scruz.org or http://www.scruz.org or http://scruz.got.net etc.
> was resolved, after Rick Moen contacted the people responsible for
> primary and secondary DNS for our site.

No, it's not.  Nothing's changed.  The domain is down to exactly one
functioning nameserver, mine.  This is a BIG problem.

And I always told my sysadmin staff at Linuxcare, 'The problem isn't
fixed until you've verified the outcome.'

I've created /etc/cron.weekly/smaug based on the prototype I created 
earlier.  Output is a bit peculiar and hard to read:  The dig command
tries the nameservers a couple of times each.  One of the nameservers,
David A. Gatwood's ns3.scruz.org AKA ns.infiniteloopfilms.com, turns out
to be returning 'REFUSED'.

Anyway, the script can be improved quite a lot, but it suffices to show
that there's only _one_ correctly functioning nameserver, that being
shown on the first line, the one starting with S/N value '2008072800'.



Date: Wed, 18 May 2011 15:04:34 -0700                                           
>From root at linuxmafia.com Wed May 18 15: 4:34 2011                               
From: root <root at linuxmafia.com>                                                
To: rick at linuxmafia.com                                                         
Subject: Domain scruz.org SOA check                                             
                                                                                
2008072800 on ns1.scruz.org, aka ns1.linuxmafia.com, Rick Moen                  
 on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain                              
DiG on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain                           
options: on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain                      
timed on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain                         
 on ns4.scruz.org, IP 74.95.202.57, Paul Hall                                   
DiG on ns4.scruz.org, IP 74.95.202.57, Paul Hall                                
options: on ns4.scruz.org, IP 74.95.202.57, Paul Hall                           
timed on ns4.scruz.org, IP 74.95.202.57, Paul Hall                              
 on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker                            
DiG on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker                         
options: on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker                    
timed on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker 


/etc/cron.weekly/smaug follows:


#!/bin/sh

# smaug         Cron script to sanity-check domain scruz.org's SOA records at
#               all of its authoritative nameservers, as a quick and 
#               dirty way of making sure (1) they're all online and
#               (2) they're all serving up the same data (or at least
#               data with the same zonefile serial number).
#  
#               The script queries all five nameservers for their current
#               SOA value (for scruz.org), and then uses awk to parse 
#               out of that verbose record just the S/N field, which is 
#               field #3.  The point is that you can visually spot offline 
#               or aberrant nameservers by their S/Ns being (respectively) 
#               missing or an out-of-step value.
#
#		Written by Rick Moen (rick at linuxmafia.com)
#		$Id: cron.weekly,v 1.02 2009/11/17 17:04:05 rick
# Copyright (C) Rick Moen, 2011.  Do anything you want with this work.

set -o errexit  #aka "set -e": exit if any line returns non-true value
set -o nounset  #aka "set -u": exit upon finding an uninitialised variable

test -x /usr/bin/mail || exit 0

{
dig -t soa scruz.org. @NS1.SCRUZ.ORG. +short | awk '{ print $3 " on ns1.scruz.org, aka ns1.linuxmafia.com, Rick Moen" }'
dig -t soa scruz.org. @NS2.SCRUZ.ORG. +short | awk '{ print $3 " on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain" }'
dig -t soa scruz.org. @NS3.SCRUZ.ORG. +short | awk '{ print $3 " on ns3.scruz.org, AKA ns.infiniteloopfilms.com, David A. Gatwood" }'
dig -t soa scruz.org. @NS4.SCRUZ.ORG. +short | awk '{ print $3 " on ns4.scruz.org, IP 74.95.202.57, Paul Hall"}'
dig -t soa scruz.org. @NS5.SCRUZ.ORG. +short | awk '{ print $3 " on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker"}'
} |
/usr/bin/mail -s "Domain scruz.org SOA check" rick at linuxmafia.com




More information about the Smaug mailing list