[Smaug] Access to scruz.org was DNS problem.
Rick Moen
rick at linuxmafia.com
Wed May 18 15:14:05 PDT 2011
Quoting Peter Belew (peterbe at sonic.net):
> The DNS problem which prevented access (by name) with our web site at
> http://scruz.org or http://www.scruz.org or http://scruz.got.net etc.
> was resolved, after Rick Moen contacted the people responsible for
> primary and secondary DNS for our site.
No, it's not. Nothing's changed. The domain is down to exactly one
functioning nameserver, mine. This is a BIG problem.
And I always told my sysadmin staff at Linuxcare, 'The problem isn't
fixed until you've verified the outcome.'
I've created /etc/cron.weekly/smaug based on the prototype I created
earlier. Output is a bit peculiar and hard to read: The dig command
tries the nameservers a couple of times each. One of the nameservers,
David A. Gatwood's ns3.scruz.org AKA ns.infiniteloopfilms.com, turns out
to be returning 'REFUSED'.
Anyway, the script can be improved quite a lot, but it suffices to show
that there's only _one_ correctly functioning nameserver, that being
shown on the first line, the one starting with S/N value '2008072800'.
Date: Wed, 18 May 2011 15:04:34 -0700
>From root at linuxmafia.com Wed May 18 15: 4:34 2011
From: root <root at linuxmafia.com>
To: rick at linuxmafia.com
Subject: Domain scruz.org SOA check
2008072800 on ns1.scruz.org, aka ns1.linuxmafia.com, Rick Moen
on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain
DiG on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain
options: on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain
timed on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain
on ns4.scruz.org, IP 74.95.202.57, Paul Hall
DiG on ns4.scruz.org, IP 74.95.202.57, Paul Hall
options: on ns4.scruz.org, IP 74.95.202.57, Paul Hall
timed on ns4.scruz.org, IP 74.95.202.57, Paul Hall
on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker
DiG on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker
options: on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker
timed on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker
/etc/cron.weekly/smaug follows:
#!/bin/sh
# smaug Cron script to sanity-check domain scruz.org's SOA records at
# all of its authoritative nameservers, as a quick and
# dirty way of making sure (1) they're all online and
# (2) they're all serving up the same data (or at least
# data with the same zonefile serial number).
#
# The script queries all five nameservers for their current
# SOA value (for scruz.org), and then uses awk to parse
# out of that verbose record just the S/N field, which is
# field #3. The point is that you can visually spot offline
# or aberrant nameservers by their S/Ns being (respectively)
# missing or an out-of-step value.
#
# Written by Rick Moen (rick at linuxmafia.com)
# $Id: cron.weekly,v 1.02 2009/11/17 17:04:05 rick
# Copyright (C) Rick Moen, 2011. Do anything you want with this work.
set -o errexit #aka "set -e": exit if any line returns non-true value
set -o nounset #aka "set -u": exit upon finding an uninitialised variable
test -x /usr/bin/mail || exit 0
{
dig -t soa scruz.org. @NS1.SCRUZ.ORG. +short | awk '{ print $3 " on ns1.scruz.org, aka ns1.linuxmafia.com, Rick Moen" }'
dig -t soa scruz.org. @NS2.SCRUZ.ORG. +short | awk '{ print $3 " on ns2.scruz.org, AKA ns1.phosphor.net, Eric Cain" }'
dig -t soa scruz.org. @NS3.SCRUZ.ORG. +short | awk '{ print $3 " on ns3.scruz.org, AKA ns.infiniteloopfilms.com, David A. Gatwood" }'
dig -t soa scruz.org. @NS4.SCRUZ.ORG. +short | awk '{ print $3 " on ns4.scruz.org, IP 74.95.202.57, Paul Hall"}'
dig -t soa scruz.org. @NS5.SCRUZ.ORG. +short | awk '{ print $3 " on ns5.scruz.org, AKA ns.portalpotty.net, Max Baker"}'
} |
/usr/bin/mail -s "Domain scruz.org SOA check" rick at linuxmafia.com
More information about the Smaug
mailing list