[Smaug] DNS revamp: completed

Rick Moen rick at linuxmafia.com
Fri May 20 20:17:09 PDT 2011


With my thanks for help by Eric Cain, Max Baker, and Crawford Rainwater, 
we've now put Smaug's DNS (for domain scruz.org) in the best shape it's
ever been in.  Details:



1 of 2:  Authoritative roster at the org. top-level domain level:

You can look at either the 'whois' data...

$ whois scruz.org | grep 'Name Server' | awk -F: '{ print $2 }' | awk NF
NS1.SCRUZ.ORG
NS1.SVLUG.ORG
NS7.SCRUZ.ORG
NS6.SCRUZ.ORG
NS8.SCRUZ.ORG
NS9.SCRUZ.ORG
$

...or at the NS lines for the domain within org.'s own zonefile:

$ dig -t ns scruz.org. @$(dig -t ns org. +short | head -n 1) +nocmd +noquestion

; <<>> DiG 9.7.3 <<>> -t ns scruz.org. @b0.org.afilias-nst.org. +nocmd +noquestion
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30074
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; AUTHORITY SECTION:
scruz.org.              86400   IN      NS      ns7.scruz.org.
scruz.org.              86400   IN      NS      ns8.scruz.org.
scruz.org.              86400   IN      NS      ns9.scruz.org.
scruz.org.              86400   IN      NS      ns1.svlug.org.
scruz.org.              86400   IN      NS      ns6.scruz.org.
scruz.org.              86400   IN      NS      ns1.scruz.org.

;; ADDITIONAL SECTION:
ns1.scruz.org.          86400   IN      A       198.144.195.186
ns1.svlug.org.          86400   IN      A       64.62.190.98
ns6.scruz.org.          86400   IN      A       38.102.132.186
ns7.scruz.org.          86400   IN      A       209.237.247.49
ns8.scruz.org.          86400   IN      A       209.133.21.10
ns9.scruz.org.          86400   IN      A       207.111.232.23

;; Query time: 25 msec
;; SERVER: 199.19.54.1#53(199.19.54.1)
;; WHEN: Fri May 20 19:42:16 2011
;; MSG SIZE  rcvd: 237

$
(Note the 'glue records', the 'A' ones sent with the NS lines even
though we asked only for the latter.)

With either method, _six_ nameservers are listed in the parent org. zone.
Now, we turn to the domain's own zone, one level down from org., at 
scruz.org.:


2 of 2:  In-domain NS lines.  These need to be kept identical to the 
prior set (and they are):

$ dig -t ns scruz.org. @$(dig -t ns scruz.org. +short | head -n 1) +short
ns6.scruz.org.
ns7.scruz.org.
ns9.scruz.org.
ns8.scruz.org.
ns1.scruz.org.
ns1.svlug.org.
$


Last, although it's really nice to have six nameservers, it's even more
reassuring if you make sure they are all, y'know, answering with the same
DNS.  Here, we ask each of the authoritative servers fetched from
'whois' for subfield #3 (zonefile S/N) of the SOA field, and verify
they're the same:


$ whois scruz.org | grep 'Name Server' | awk -F: '{ print $2 }' | awk NF | xargs -I '{}' dig -t soa scruz.org. @'{}' +short | awk '{ print $3 }'
2011051900
2011051900
2011051900
2011051900
2011051900
2011051900
$


Basically, that's about as solid DNS as you're going to find on the
Internet.




More information about the Smaug mailing list