[H-ADMIN] dns issues?

Russell Stuart russell-humbug at stuart.id.au
Thu Feb 18 20:52:50 EST 2016


On Fri, 2016-02-19 at 10:50 +1000, Greg Black wrote:
> My suggestion to Russell was to move excalibur to Digital Ocean and I
> still think that's the best solution. But that will need to be dealt
> with at an Exec meeting because it involves money.

Maybe.  There was definitely an issue with Crissic over committing the
VM, but the best canary is the backups and they seem to be OK now.

Bind9 was set up to disable zone transfers from zoneedit.  (It wasn't
meant to be that way, but the secondaries acl hadn't been updated in
years.)  Someone apparently thought preventing zone transfers enhanced
security, even though it's a public DNS server and the information can
be obtained other ways.  I've now changed it to allow anyone to do zone
transfers.

Despite that, and even though I updated the serial to try and force
things along zoneedit remains out of sync.  I have no idea why.  I'll
give it a few hours, and if it doesn't burst into life I contact
zoneedit.

If someone could double check the setup I'd appreciate it.


More information about the Admin mailing list