[Volunteers] SVLUG zone file

Rick Moen rick at linuxmafia.com
Thu Mar 2 23:14:10 PST 2006


Eh, no sooner did I post that than I spotted two typos.  Both were in
the _comment_ fields, but one of them might have mildly confused 
some folk.  So, fixed version is attached.


-------------- next part --------------
$TTL 86400
$ORIGIN svlug.org.
@	IN	SOA	ns1.svlug.org.		hostmaster.svlug.org. (
			2006030201		; serial
			7200			; refresh 2 hours
			3600			; retry 1 hour
			2419200			; expire 28 days
			86400 			; negative TTL 1 day
			)		
;
@		IN	A	216.218.255.178
		IN	MX	10	svlug.org.
		IN      TXT     "v=spf1 a mx ptr -all"
;
		IN	NS	ns1.svlug.org.  ; Main SVLUG host.
		IN	NS	ns2.svlug.org.  ; AKA ns1.linuxmafia.com, IP 198.144.195.186, Rick Moen <rick at linuxmafia.com>, see named.conf.local for tel. #.
		IN	NS	ns3.svlug.org.  ; AKA ns1.thecoop.net, IP 216.218.255.165, Drew Bertola <drew at drewb.com>, see named.conf.local for tel. #.
		IN	NS	ns4.svlug.org.  ; AKA ns.primate.net, IP 198.144.194.12, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns5.svlug.org.  ; AKA ns.on.primate.net, IP 207.44.185.143, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns6.svlug.org.  ; AKA ns1.nylug.org, IP 69.31.90.145. Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>, see named.conf.local for tel. #.
;
mail		IN	A	216.218.255.178 
                IN      MX      10      svlug.org.
svlug		IN	A	216.218.255.178
                IN      MX      10      svlug.org.
lists           IN      A       216.218.255.178
                IN      MX      10      svlug.org.
mail            IN      A       216.218.255.178
                IN      MX      10      svlug.org.
ftp		IN	CNAME	svlug.org.
ns1		IN	A	216.218.255.178 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns2		IN	A	198.144.195.186 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns3		IN	A	216.218.255.165 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns4		IN	A	198.144.194.12 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns5		IN	A	207.44.185.143 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns6		IN	A	69.31.90.145 ; "glue" for matching NS record
		IN	MX	10	svlug.org.
;
;
; Remember#1:  Increment serial after any change!
; Remember#2:  Domain NS records at registrar MUST be changed to 
; match any NS-record changes here, and vice-versa.  Test that the
; parent-zone records are correct and include glue "A" records
; for all nameservers by doing 
; "dig  -t ns  svlug.org  @tld6.ultradns.co.uk"
;
; Returned text should be something like this (_note_ "A" records in
; "ADDITIONAL SECTION - those are glue, which speeds queries by averting
; the need for a second lookup to resolve NS hosts' names):
;
;  ; <<>> DiG 9.3.1 <<>> -t ns svlug.org @tld6.ultradns.co.uk
;  ; (1 server found)
;  ;; global options:  printcmd
;  ;; Got answer:
;  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57256
;  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;  
;  ;; QUESTION SECTION:
;  ;svlug.org.                     IN      NS
;
;  ;; ANSWER SECTION:
;  svlug.org.         172800  IN      NS      ns5.svlug.org.
;  svlug.org.         172800  IN      NS      ns4.svlug.org.
;  svlug.org.         172800  IN      NS      ns2.svlug.org.
;  svlug.org.         172800  IN      NS      ns3.svlug.org.
;  svlug.org.         172800  IN      NS      ns1.svlug.org.
;
;  ;; ADDITIONAL SECTION:
;  ns5.svlug.org.          172800  IN      A       207.44.185.143
;  ns4.svlug.org.          172800  IN      A       198.144.194.12
;  ns2.svlug.org.          172800  IN      A       198.144.195.186
;  ns3.svlug.org.          172800  IN      A       216.218.255.165
;  ns1.svlug.org.          172800  IN      A       63.193.123.122
;
;  ;; Query time: 201 msec
;  ;; SERVER: 192.52.178.30#53(192.52.178.30)
;  ;; WHEN: Wed Feb 22 22:32:04 2006
;  ;; MSG SIZE  rcvd: 222

; If there's not an "A" returned-text lines (glue record) for each
; and every NS line returend, then you've messed up and probably 
; need to fix NS records at the registrar.  (Note that the parent
; zone records, which you change when you edit the domain record
; for svlug.org, can have glue ONLY for *.org nameserver names, 
; which is why we are assigning them ns*.svlug.org aliases.)
; 
; Remember#3:  We should always makes sure we have no fewer than three
; and no more than seven _functional_ nameservers (RFC2182 section 5).  
; This and many other aspects of DNS quality can be checked using
; http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.org
; (as long as it continues to exist).
; Remember#4: The domain record's Administrative and Technical
; contact names/phones/e-mails should be _distinct_ to avoid
; single point of failure.
; Remember#5: Periodically verify that domain isn't near 
; expiration, that all nameservers respond, and that contact 
; information in the domain records still is good.  
; 
; TO DO:
; =====
; 
; 1.  Secure and verify edit access to svlug.org domain records.
; I suggest Registrant be changed to "President, Silicon Valley Linux
; User Group".  A long-term USPS address will need to be stated. 
; Telephone number cited can be deliberately bogus.
; 
; 2.  Install & verify nameserver functionality on svlug.org machine.  Initial 
; default caching nameserver is fine.   Must give non-error response to
; "dig  svlug.org  @216.218.255.178  +short".
; 
; 3.  Get Drew Bertola and/or Hurricane Electric to fix 216.218.255.178
; PTR record to point to "svlug.org.", instead of present "svlug.svlug.org.".
; 
; 4.  Contact all volunteer secondaries.  Get their contact info.   Have each
; set up /etc/bind/named.conf[.local] entry as follows:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.org" {
;         type slave;
;         allow-query { any; };
;         file "/var/cache/bind/svlug.org.zone";
;         masters {
;         //ns1.svlug.org is:
;         216.218.255.178;
;         };
; };
; 
; 5.  Place this zonefile in /etc/bind/ on svlug.org host (master
; nameserver).  Create this /etc/bind/named.conf[.local] stanza:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.org" {
;         type master;
;         allow-query { any; };
;         file "/etc/bind/svlug.org.zone";
;         allow-transfer {
;         //Rick Moen <rick at linuxmafia.com>, 650-283-7902
;         //ns2.svlug.org AKA ns1.linuxmafia.com is:
;         198.144.195.186;
;         //Drew Bertola <drew at drewb.com>, [tel # redacted]
;         //ns3.svlug.org AKA ns1.thecoop.net is:
;         216.218.255.165;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns4.svlug.org AKA ns.primate.net is:
;         198.144.194.12;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns5.svlug.org AKA ns.on.primate.net is:
;         207.44.185.143;
;         //Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>
;         //[tel # redacted], [tel # redacted] (respectively)
;         //ns6.svlug.org AKA ns1.nylug.org is:
;         69.31.90.145
;         };
; };
; 
; 
; 6.  Verify master nameserver functionality:
; "dig  svlug.org  @216.218.255.178 +short"
; 
; 7.  Verify each volunteer secondary nameserver's functionality:
; "dig  svlug.org  @198.144.195.186 +short"
; "dig  svlug.org  @216.218.255.165 +short"
; "dig  svlug.org  @198.144.194.12 +short"
; "dig  svlug.org  @207.44.185.143 +short"
; "dig  svlug.org  @69.31.90.145 +short"
; 
; 8.  Edit domain record to make NS roster match the full set of master +
; secondaries, exactly.  Note that you will have to create a "glue record"
; in the registrar's domain records for each nameserver.  Each registrar has
; a different name for this function, but they all have it somewhere in
; the domain-administrative screens.
; 
; 9.  After a few minutes' (~5) wait for domain chainges to propagate,
; use e.g., http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.org 
; for an overall DNS health check.
; 
; 10.  Edit domain record's Administrative and Technical
; contact names/phones/e-mails as per SVLUG president's preference. 
; Contacts should be _distinct_ to avoid single point of failure.



More information about the volunteers mailing list