[Volunteers] SVLUG zone files: ORG and NET

Rick Moen rick at linuxmafia.com
Fri Mar 3 12:06:43 PST 2006


Attached:  
Zonefiles with fixes and clarifications (E.g., how do you know what 
namservers exist for top-level domain .foo?  Do, "dig -t ns foo +short")
for both the svlug.org AND svlug.net domains.

I haven't even looked at svlug.com, yet.  (Thanks, Don.)

If anyone has a current telephone number for Drew Bertola, that would be
handy.  We need to touch base with him.


-------------- next part --------------
$TTL 86400
$ORIGIN svlug.net.
@	IN	SOA	ns1.svlug.net.		hostmaster.svlug.org. (
			2006030301		; serial
			7200			; refresh 2 hours
			3600			; retry 1 hour
			2419200			; expire 28 days
			86400 			; negative TTL 1 day
			)		
;
@		IN	A	216.218.255.178
		IN	MX	10	svlug.org.
		IN      TXT     "v=spf1 a mx ptr -all"
;
		IN	NS	ns1.svlug.net.  ; Main SVLUG host.
		IN	NS	ns2.svlug.net.  ; AKA ns1.linuxmafia.com, IP 198.144.195.186, Rick Moen <rick at linuxmafia.com>, see named.conf.local for tel. #.
		IN	NS	ns1.thecoop.net. ; IP 216.218.255.165, Drew Bertola <drew at drewb.com>, see named.conf.local for tel. #.
		IN	NS	ns.primate.net.  ; IP 198.144.194.12, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns.on.primate.net. ; IP 207.44.185.143, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns3.svlug.net.  ; AKA ns1.nylug.org, IP 69.31.90.145. Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>, see named.conf.local for tel. #.
;
mail		IN	A	216.218.255.178 
                IN      MX      10      svlug.org.
svlug		IN	A	216.218.255.178
                IN      MX      10      svlug.org.
lists           IN      A       216.218.255.178
                IN      MX      10      svlug.org.
mail            IN      A       216.218.255.178
                IN      MX      10      svlug.org.
ftp		IN	CNAME	svlug.org.
ns1		IN	A	216.218.255.178 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns2		IN	A	198.144.195.186 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns3		IN	A	69.31.90.145 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
;
;
; Remember#1:  Increment serial after any change!
; Remember#2:  Domain NS records at registrar MUST be changed to 
; match any NS-record changes here, and vice-versa.  Test that the
; parent-zone records are correct and include glue "A" records
; for all nameservers by doing 
; "dig  -t ns  svlug.net  @g.gtld-servers.net".
; (How did we find out that g.gtld-servers.net is among the authoritative
; nameservers for .NET?  By doing "dig  -t ns  net  +short".)
;
; Returned text should be something like this (_note_ "A" records in
; "ADDITIONAL SECTION - those are glue, which speeds queries by averting
; the need for a second lookup to resolve NS hosts' names):
;
;  ; <<>> DiG 9.3.1 <<>> -t ns svlug.net @g.gtld-servers.net
;  ; (1 server found)
;  ;; global options:  printcmd
;  ;; Got answer:
;  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57256
;  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;  
;  ;; QUESTION SECTION:
;  ;svlug.net.                     IN      NS
;
;  ;; ANSWER SECTION:
;  svlug.net.         172800  IN      NS      ns3.svlug.net.
;  svlug.net.         172800  IN      NS      ns.primate.net.
;  svlug.net.         172800  IN      NS      ns.on.primate.net
;  svlug.net.         172800  IN      NS      ns2.svlug.net.
;  svlug.net.         172800  IN      NS      ns1.thecoop.net
;  svlug.net.         172800  IN      NS      ns1.svlug.net.
;
;  ;; ADDITIONAL SECTION:
;  ns3.svlug.net.          172800  IN      A       69.31.90.145   
;  ns.primate.net.         172800  IN      A       198.144.194.12
;  ns.on.primate.net.      172800  IN      A       207.44.185.143
;  ns2.svlug.org.          172800  IN      A       198.144.195.186
;  ns1.thecoop.net.        172800  IN      A       216.218.255.165
;  ns1.svlug.net.          172800  IN      A       216.218.255.178
;
;  ;; Query time: 201 msec
;  ;; SERVER: 192.52.178.30#53(192.52.178.30)
;  ;; WHEN: Wed Feb 22 22:32:04 2006
;  ;; MSG SIZE  rcvd: 222

; If there's not an "A" returned-text line (glue record) returned 
; for each and every NS line returned, then you've messed up and probably 
; need to fix NS records at the registrar.  (Note that the parent
; zone records, which you change when you edit the domain record
; for svlug.net, can have glue ONLY for *.net nameserver names, 
; which is why we are assigning some nameservers ns*.svlug.net aliases.)
; 
; Remember#3:  We should always makes sure we have no fewer than three
; and no more than seven _functional_ nameservers (RFC2182 section 5).  
; This and many other aspects of DNS quality can be checked using
; http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.net
; (as long as it continues to exist).
; Remember#4: The domain record's Administrative and Technical
; contact names/phones/e-mails should be _distinct_ to avoid
; single point of failure.
; Remember#5: Periodically verify that domain isn't near 
; expiration, that all nameservers respond, and that contact 
; information in the domain records still is good.  
; 
; TO DO:
; =====
; 
; 1.  Secure and verify edit access to svlug.net domain records.
; I suggest Registrant be changed to "President, Silicon Valley Linux
; User Group".  A long-term USPS address will need to be stated. 
; Telephone number cited can be deliberately bogus.
; 
; 2.  Install & verify nameserver functionality on svlug.org machine.  Initial 
; default caching nameserver is fine.   Must give non-error response to
; "dig  svlug.org  @216.218.255.178  +short".
; 
; 3.  Get Drew Bertola and/or Hurricane Electric to fix 216.218.255.178
; PTR record to point to "svlug.org.", instead of present "svlug.svlug.org.".
; 
; 4.  Contact all volunteer secondaries.  Get their contact info.   Have each
; set up an /etc/bind/named.conf[.local] entry as follows:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.net" {
;         type slave;
;         allow-query { any; };
;         file "/var/cache/bind/svlug.net.zone";
;         masters {
;         //ns1.svlug.net is:
;         216.218.255.178;
;         };
; };
; 
; 5.  Place this zonefile in /etc/bind/ on svlug.org host (master
; nameserver).  Create this /etc/bind/named.conf[.local] stanza:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.net" {
;         type master;
;         allow-query { any; };
;         file "/etc/bind/svlug.net.zone";
;         allow-transfer {
;         //Rick Moen <rick at linuxmafia.com>, 650-283-7902
;         //ns2.svlug.net AKA ns1.linuxmafia.com is:
;         198.144.195.186;
;         //Drew Bertola <drew at drewb.com>, [tel # redacted] (no longer in service)
;         //ns1.thecoop.net is:
;         216.218.255.165;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns.primate.net is:
;         198.144.194.12;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns.on.primate.net is:
;         207.44.185.143;
;         //Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>
;         //[tel # redacted], [tel # redacted] (respectively)
;         //ns3.svlug.net AKA ns1.nylug.org is:
;         69.31.90.145
;         };
; };
; 
; 
; 6.  Verify master nameserver functionality:
; "dig  svlug.net  @216.218.255.178 +short"
; 
; 7.  Verify each volunteer secondary nameserver's functionality:
; "dig  svlug.net  @198.144.195.186 +short"
; "dig  svlug.net  @216.218.255.165 +short"
; "dig  svlug.net  @198.144.194.12 +short"
; "dig  svlug.net  @207.44.185.143 +short"
; "dig  svlug.net  @69.31.90.145 +short"
; 
; 8.  Edit domain record to make NS roster match the full set of master +
; secondaries, exactly.  Note that you will have to create a "glue record"
; in the registrar's domain records for each nameserver.  Each registrar has
; a different name for this function, but they all have it somewhere in
; the domain-administrative screens.
; 
; 9.  After a few minutes' (~5) wait for domain chainges to propagate,
; use e.g., http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.net 
; for an overall DNS health check.
; 
; 10.  Edit domain record's Administrative and Technical
; contact names/phones/e-mails as per SVLUG president's preference. 
; Contacts should be _distinct_ to avoid single point of failure.
-------------- next part --------------
$TTL 86400
$ORIGIN svlug.org.
@	IN	SOA	ns1.svlug.org.		hostmaster.svlug.org. (
			2006030301		; serial
			7200			; refresh 2 hours
			3600			; retry 1 hour
			2419200			; expire 28 days
			86400 			; negative TTL 1 day
			)		
;
@		IN	A	216.218.255.178
		IN	MX	10	svlug.org.
		IN      TXT     "v=spf1 a mx ptr -all"
;
		IN	NS	ns1.svlug.org.  ; Main SVLUG host.
		IN	NS	ns2.svlug.org.  ; AKA ns1.linuxmafia.com, IP 198.144.195.186, Rick Moen <rick at linuxmafia.com>, see named.conf.local for tel. #.
		IN	NS	ns3.svlug.org.  ; AKA ns1.thecoop.net, IP 216.218.255.165, Drew Bertola <drew at drewb.com>, see named.conf.local for tel. #.
		IN	NS	ns4.svlug.org.  ; AKA ns.primate.net, IP 198.144.194.12, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns5.svlug.org.  ; AKA ns.on.primate.net, IP 207.44.185.143, Aaron T. Porter <atporter at primate.net>, see named.conf.local for tel. #.
		IN	NS	ns1.nylug.org.  ; IP 69.31.90.145. Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>, see named.conf.local for tel. #.
;
mail		IN	A	216.218.255.178 
                IN      MX      10      svlug.org.
svlug		IN	A	216.218.255.178
                IN      MX      10      svlug.org.
lists           IN      A       216.218.255.178
                IN      MX      10      svlug.org.
mail            IN      A       216.218.255.178
                IN      MX      10      svlug.org.
ftp		IN	CNAME	svlug.org.
ns1		IN	A	216.218.255.178 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns2		IN	A	198.144.195.186 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns3		IN	A	216.218.255.165 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns4		IN	A	198.144.194.12 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
ns5		IN	A	207.44.185.143 ; "glue" for matching NS record
                IN      MX      10      svlug.org.
;
;
; Remember#1:  Increment serial after any change!
; Remember#2:  Domain NS records at registrar MUST be changed to 
; match any NS-record changes here, and vice-versa.  Test that the
; parent-zone records are correct and include glue "A" records
; for all nameservers by doing 
; "dig  -t ns  svlug.org  @tld6.ultradns.co.uk"
; (How did we find out that tld6.ultradns.co.uk is among the authoritative
; nameservers for .ORG?  By doing "dig  -t ns  org  +short".)
;
; Returned text should be something like this (_note_ "A" records in
; "ADDITIONAL SECTION - those are glue, which speeds queries by averting
; the need for a second lookup to resolve NS hosts' names):
;
;  ; <<>> DiG 9.3.1 <<>> -t ns svlug.org @tld6.ultradns.co.uk
;  ; (1 server found)
;  ;; global options:  printcmd
;  ;; Got answer:
;  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57256
;  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;  
;  ;; QUESTION SECTION:
;  ;svlug.org.                     IN      NS
;
;  ;; ANSWER SECTION:
;  svlug.org.         172800  IN      NS      ns5.svlug.org.
;  svlug.org.         172800  IN      NS      ns4.svlug.org.
;  svlug.org.         172800  IN      NS      ns1.nylug.org.
;  svlug.org.         172800  IN      NS      ns2.svlug.org.
;  svlug.org.         172800  IN      NS      ns3.svlug.org.
;  svlug.org.         172800  IN      NS      ns1.svlug.org.
;
;  ;; ADDITIONAL SECTION:
;  ns5.svlug.org.          172800  IN      A       207.44.185.143
;  ns4.svlug.org.          172800  IN      A       198.144.194.12
;  ns1.nylug.org.          172800  IN      A       69.31.90.145
;  ns2.svlug.org.          172800  IN      A       198.144.195.186
;  ns3.svlug.org.          172800  IN      A       216.218.255.165
;  ns1.svlug.org.          172800  IN      A       63.193.123.122
;
;  ;; Query time: 201 msec
;  ;; SERVER: 192.52.178.30#53(192.52.178.30)
;  ;; WHEN: Wed Feb 22 22:32:04 2006
;  ;; MSG SIZE  rcvd: 222

; If there's not an "A" returned-text line (glue record) returned 
; for each and every NS line returned, then you've messed up and probably 
; need to fix NS records at the registrar.  (Note that the parent
; zone records, which you change when you edit the domain record
; for svlug.org, can have glue ONLY for *.org nameserver names, 
; which is why we are assigning some nameservers ns*.svlug.org aliases.)
; 
; Remember#3:  We should always makes sure we have no fewer than three
; and no more than seven _functional_ nameservers (RFC2182 section 5).  
; This and many other aspects of DNS quality can be checked using
; http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.org
; (as long as it continues to exist).
; Remember#4: The domain record's Administrative and Technical
; contact names/phones/e-mails should be _distinct_ to avoid
; single point of failure.
; Remember#5: Periodically verify that domain isn't near 
; expiration, that all nameservers respond, and that contact 
; information in the domain records still is good.  
; 
; TO DO:
; =====
; 
; 1.  Secure and verify edit access to svlug.org domain records.
; I suggest Registrant be changed to "President, Silicon Valley Linux
; User Group".  A long-term USPS address will need to be stated. 
; Telephone number cited can be deliberately bogus.
; 
; 2.  Install & verify nameserver functionality on svlug.org machine.  Initial 
; default caching nameserver is fine.   Must give non-error response to
; "dig  svlug.org  @216.218.255.178  +short".
; 
; 3.  Get Drew Bertola and/or Hurricane Electric to fix 216.218.255.178
; PTR record to point to "svlug.org.", instead of present "svlug.svlug.org.".
; 
; 4.  Contact all volunteer secondaries.  Get their contact info.   Have each
; set up an /etc/bind/named.conf[.local] entry as follows:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.org" {
;         type slave;
;         allow-query { any; };
;         file "/var/cache/bind/svlug.org.zone";
;         masters {
;         //ns1.svlug.org is:
;         216.218.255.178;
;         };
; };
; 
; 5.  Place this zonefile in /etc/bind/ on svlug.org host (master
; nameserver).  Create this /etc/bind/named.conf[.local] stanza:
; 
; //For SVLUG, ## FIXME: Out-of-band contact for primary DNS admin, here
; zone "svlug.org" {
;         type master;
;         allow-query { any; };
;         file "/etc/bind/svlug.org.zone";
;         allow-transfer {
;         //Rick Moen <rick at linuxmafia.com>, 650-283-7902
;         //ns2.svlug.org AKA ns1.linuxmafia.com is:
;         198.144.195.186;
;         //Drew Bertola <drew at drewb.com>, [tel # redacted] (no longer in service)
;         //ns3.svlug.org AKA ns1.thecoop.net is:
;         216.218.255.165;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns4.svlug.org AKA ns.primate.net is:
;         198.144.194.12;
;         //Aaron T. Porter <atporter at primate.net>, [tel # redacted]
;         //http://www.lbl.gov/cgi-bin/ds/ds.cgi?include=n&peopleName=atporter
;         //ns5.svlug.org AKA ns.on.primate.net is:
;         207.44.185.143;
;         //Ron Guerin and Tony Marchesano <spacey-admin-nylug at ssr.com>
;         //[tel # redacted], [tel # redacted] (respectively)
;         //ns1.nylug.org is:
;         69.31.90.145
;         };
; };
; 
; 
; 6.  Verify master nameserver functionality:
; "dig  svlug.org  @216.218.255.178 +short"
; 
; 7.  Verify each volunteer secondary nameserver's functionality:
; "dig  svlug.org  @198.144.195.186 +short"
; "dig  svlug.org  @216.218.255.165 +short"
; "dig  svlug.org  @198.144.194.12 +short"
; "dig  svlug.org  @207.44.185.143 +short"
; "dig  svlug.org  @69.31.90.145 +short"
; 
; 8.  Edit domain record to make NS roster match the full set of master +
; secondaries, exactly.  Note that you will have to create a "glue record"
; in the registrar's domain records for each nameserver.  Each registrar has
; a different name for this function, but they all have it somewhere in
; the domain-administrative screens.
; 
; 9.  After a few minutes' (~5) wait for domain chainges to propagate,
; use e.g., http://www.dnsreport.com/tools/dnsreport.ch?domain=svlug.org 
; for an overall DNS health check.
; 
; 10.  Edit domain record's Administrative and Technical
; contact names/phones/e-mails as per SVLUG president's preference. 
; Contacts should be _distinct_ to avoid single point of failure.



More information about the volunteers mailing list