[vox-tech] some people can't send to list
Rick Moen
rick at linuxmafia.com
Sun Mar 22 14:23:55 PDT 2015
Quoting Bill Kendrick (nbs at sonic.net):
> Here ya go!
First of all, really good job! It's legible, clear, and nothing stands
out immediately as 'should be fixed.' Looks like an exemplary
professional job. I'm used to seeing ones that make my eyeballs ache
and the ghost of Jon Postel weep. ;->
Unpacking my 'If one is being picky' criteria, hmmm.... Three things
total.
o Already mentioned the RFC2182 section 5 suggestion of min. 3 nameservers.
> 604800 ; Expire
o RFC1912 suggests an Expire value between 1209600 (14 days) and 2419200
(28 days). Unless you have an unusual reason to make cached zones
expire in only 7 days, you might want to at least double zone life.
(I tend to be old-school and express all time values in seconds, too,
but an argument can be made that using zonefile macros for minutes,
hours, days, weeks improves legibility. I'd be a hypocrite if I dinged
anyone for eschewing that syntactic-sugar improvement, because I haven't
started using it, either. ;-> )
o No glue records in the parent .COM zone for the two authoritative
nameservers, with the result that both are 'stealth nameservers'.
The consequence of having stealth nameservers is that the situation can
be confusing and can cause delays or other hard to diagnose
inconsistencies.
Basically, there should be NS lines with corresponding A records
_within_ the nameserver records of the .COM domain (called 'glue
records') for ns1.domaindiscover.com and ns2.domaindiscover.com.
This isn't LUGOD's fault. Tierra.net d/b/a Domaindiscover has its glue
records slightly fux0red. (I remember this. They've been doing this
for a long time. I used to have my domains registered there, and liked
them, but never used their nameserers.)
Here are .com's own nameservers:
$ dig -t ns com. +short
e.gtld-servers.net.
g.gtld-servers.net.
k.gtld-servers.net.
c.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
h.gtld-servers.net.
a.gtld-servers.net.
l.gtld-servers.net.
d.gtld-servers.net.
m.gtld-servers.net.
f.gtld-servers.net.
b.gtld-servers.net.
$
Let's ask the first of them about ns1.domaindiscover.com:
$ dig -t ns ns1.domaindiscover.com @e.gtld-servers.net.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34213
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; AUTHORITY SECTION:
domaindiscover.com. 172800 IN NS ns1.tierra.net.
domaindiscover.com. 172800 IN NS ns2.tierra.net.
;; ADDITIONAL SECTION:
ns1.tierra.net. 172800 IN A 216.104.162.2
ns2.tierra.net. 172800 IN A 216.104.163.2
$
So, you see, the parent .com zone completely lacks NS and matching A
records for ns1.domaindiscover.com. ns2 is likewise, so I'll not waste
space showing that.
If you want, you can fix this problem by changing your auth nameserver
references in both your domain registrar record and inline in your own
zonefile, to use ns1.tierra.net and ns2.tierra.net instead of
ns1.domaindiscover.com and ns2.domaindiscover.com.
> Anyone want to help us with this? :)
Someone(s) with ongoing LUGOD involvement would be best. Please talk to
me offlist if you can't find same.
Anyway, truly excellent zonefile. The only half-serious issue is the
one your registrar imposed on you, and that's doing very well.
More information about the vox-tech
mailing list