[Volunteers] SVLUG zone file

Rick Moen rick at linuxmafia.com
Thu Mar 2 23:07:02 PST 2006


Quoting Ian Kluft (ikluft at thunder.sbay.org):

> See attached.  The domains are unlocked.


After studying this for a bit, I've drafted (and tested) what might be 
a suitable zonefile _when our machine's upgraded_ and has a nameserver.
All of the listed DNSadmins have said "Sure" to doing secondary, except
that I've not yet been able to get a response from Drew Bertola -- but
expect he'll also say yes.  (Note that one of the secondaries is 3000 
miles from here in NYC, which couldn't hurt.)

I'm redacting from this draft people's telephone numbers other than my
own.  The real named.conf[.local] snippets for this domain on people's
boxes would include those numbers.  (That is, it's _my_ favourite way
of making sure out-of-band contact information is available exactly
where you need it, when you need it.)

If people spot errors or things you think might be improved, by all
means do speak up.


-------------- next part --------------
$TTL 86400
$ORIGIN svlug.org.
@	IN	SOA	ns1.svlug.org.		hostmaster.svlug.org. (
			2006030200		; serial
			7200			; refresh 2 hours
			3600			; retry 1 hour
			2419200			; expire 28 days
			86400 			; negative TTL 1 day
			)		
;
@		IN	A	216.218.255.178
		IN	MX	10	svlug.org.
		IN      TXT     "v=spf1 a mx ptr -all"
;
		IN	NS	ns1.svlug.org.  ; Main SVLUG host.
		IN	NS	ns2.svlug.org.  ; AKA ns1.linuxmafia.com, IP 198.144.195.186, Rick Moen <rick at linuxmafia.com>, see named.conf.local for tel. #.
		IN	NS	ns3.svlug.org.  ; AKA ns1.thecoop.net, IP 216.218.255.165, Drew Bertola <drew at drewb.com>, see named.conf.local for tel. #.
		IN	NS	ns4.svlug.org.  ; AKA ns.primate.net, IP 198.144.194.12, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns5.svlug.org.  ; AKA ns.on.primate.net, IP 207.44.185.143, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns6.svlug.org.  ; AKA ns1.nylug.org, IP 69.31.90.145. Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>, see named.conf.local for tel. #.
;
mail		IN	A	216.218.255.178 
                IN      MX      10      svlug.org.
svlug		IN	A	216.218.255.178
                IN      MX      10      svlug.org.
lists           IN      A       216.218.255.178
                IN      MX      10      svlug.org.
mail            IN      A       216.218.255.178
                IN      MX      10      svlug.org.
ftp		IN	CNAME	svlug.org.
ns1		IN	A	216.218.255.178 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns2		IN	A	198.144.195.186 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns3		IN	A	216.218.255.165 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns4		IN	A	198.144.194.12 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns5		IN	A	207.44.185.143 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns6		IN	A	69.31.90.145 ; "glue" for matching NS record
		IN	MX	10	svlug.org.
;
;
; Remember#1:  Increment serial after any change!
; Remember#2:  Domain NS records at registrar MUST be changed to 
; match any NS-record changes here, and vice-versa.  Test that the
; parent-zone records are correct and include glue "A" records
; for all nameservers by doing 
; "dig  -t ns  svlug.org  @tld6.ultradns.co.uk"
;
; Returned text should be something like this (_note_ "A" records in
; "ADDITIONAL SECTION - those are glue, which speeds queries by averting
; the need for a second lookup to resolve NS hosts' names):
;
;  ; <<>> DiG 9.3.1 <<>> -t ns svlug.org @tld6.ultradns.co.uk
;  ; (1 server found)
;  ;; global options:  printcmd
;  ;; Got answer:
;  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57256
;  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;  
;  ;; QUESTION SECTION:
;  ;svlug.org.                     IN      NS
;
;  ;; ANSWER SECTION:
;  svlug.org.         172800  IN      NS      ns5.svlug.org.
;  svlug.org.         172800  IN      NS      ns4.svlug.org.
;  svlug.org.         172800  IN      NS      ns2.svlug.org.
;  svlug.org.         172800  IN      NS      ns3.svlug.org.
;  svlug.org.         172800  IN      NS      ns1.svlug.org.
;
;  ;; ADDITIONAL SECTION:
;  ns5.svlug.org.          172800  IN      A       207.44.185.143
;  ns4.svlug.org.          172800  IN      A       198.144.194.12
;  ns2.svlug.org.          172800  IN      A       198.144.195.186
;  ns3.svlug.org.          172800  IN      A       216.218.255.165
;  ns1.svlug.org.          172800  IN      A       63.193.123.122
;
;  ;; Query time: 201 msec
;  ;; SERVER: 192.52.178.30#53(192.52.178.30)
;  ;; WHEN: Wed Feb 22 22:32:04 2006
;  ;; MSG SIZE  rcvd: 222

; If there's not an "A" returned-text lines (glue record) for each
; and every NS line returend, then you've messed up and probably 
; need to fix NS records at the registrar.  (Note that the parent
; zone records, which you change when you edit the domain record
; for svlug.org, can have glue ONLY for *.org nameserver names, 
; which is why we are assigning them ns*.svlug.org aliases.
; 
; Remember#3:  We should always makes sure we have no fewer than three
; and no more than seven _functional_ nameservers (RFC2182 section 5).  
; This and many other aspects of DNS quality can be checked using
; http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.org
; (as long as it continues to exist).
; Remember#4: The domain record's Administrative and Technical
; contact names/phones/e-mails should be _distinct_ to avoid
; single point of failure.
; Remember#5: Periodically verify that domain isn't near 
; expiration, that all nameservers respond, and that contact 
; information in the domain records still is good.  
; 
; TO DO:
; =====
; 
; 1.  Secure and verify edit access to svlug.org domain records.
; I suggest Registrant be changed to "President, Silicon Valley Linux
; User Group".  A long-term USPS address will need to be stated. 
; Telephone number cited can be deliberately bogus.
; 
; 2.  Install & verify nameserver functionality on svlug.org machine.  Initial 
; default caching nameserver is fine.   Must give non-error response to
; "dig  svlug.org  @216.218.255.178  +short".
; 
; 3.  Get Drew Bertola and/or Hurricane Electric to fix 216.218.255.178
; PTR record to point to "svlug.org.", instead of present "svlug.svlug.org.".
; 
; 4.  Contact all volunteer secondaries.  Get their contact info.   Have each
; set up /etc/bind/named.conf[.local] entry as follows:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.org" {
;         type slave;
;         allow-query { any; };
;         file "/var/cache/bind/svlug.org.zone";
;         masters {
;         //ns1.svlug.org is:
;         216.218.255.178;
;         };
; };
; 
; 5.  Place this zonefile in /etc/bind/ on svlug.org host (master
; nameserver).  Create this /etc/bind/named.conf[.local] stanza:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.org" {
;         type master;
;         allow-query { any; };
;         file "/etc/bind/linuxmafia.com.zone";
;         allow-transfer {
;         //Rick Moen <rick at linuxmafia.com>, 650-283-7902
;         //ns2.svlug.org AKA ns1.linuxmafia.com is:
;         198.144.195.186;
;         //Drew Bertola <drew at drewb.com>, [tel # redacted]
;         //ns3.svlug.org AKA ns1.thecoop.net is:
;         216.218.255.165;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns4.svlug.org AKA ns.primate.net is:
;         198.144.194.12;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns5.svlug.org AKA ns.on.primate.net is:
;         207.44.185.143;
;         //Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>
;         //[tel # redacted], [tel # redacted] (respectively)
;         //ns6.svlug.org AKA ns1.nylug.org is:
;         69.31.90.145
;         };
; };
; 
; 
; 6.  Verify master nameserver functionality:
; "dig  svlug.org  @216.218.255.178 +short"
; 
; 7.  Verify each volunteer secondary nameserver's functionality:
; "dig  svlug.org  @198.144.195.186 +short"
; "dig  svlug.org  @216.218.255.165 +short"
; "dig  svlug.org  @198.144.194.12 +short"
; "dig  svlug.org  @207.44.185.143 +short"
; "dig  svlug.org  @69.31.90.145 +short"
; 
; 8.  Edit domain record to make NS roster match the full set of master +
; secondaries, exactly.  Note that you will have to create a "glue record"
; in the registrar's domain records for each nameserver.  Each registrar has
; a different name for this function, but they all have it somewhere in
; the domain-administrative screens.
; 
; 9.  After a few minutes' (~5) wait for domain chainges to propagate,
; use e.g., http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.org 
; for an overall DNS health check.
; 
; 10.  Edit domain record's Administrative and Technical
; contact names/phones/e-mails as per SVLUG president's preference. 
; Contacts should be _distinct_ to avoid single point of failure.



More information about the volunteers mailing list