[H-GEN] Named
Mark Suter
mark at zwitterion.humbug.org.au
Fri Sep 17 01:17:59 EDT 1999
-----BEGIN PGP SIGNED MESSAGE-----
Joshua,
> My nameserver doesn't seem to flush out old names.
And so it shouldn't - there is no such thing as an "old name" in the
DNS spec. It appears that you are attempting to use DDNS. If this
is the case, then the responsibility from removing "old names" is
with the system performing the updates, for example, the DHCP server.
> In the example
> (/var/named/ussbris) below the ZRKCIQAA should have expired on the 2nd of
> August, but it's still there.
No, you've set this A record with a TTL of 936246873 seconds! It is
*not* a ctime value (that would be Thu Sep 2 14:34:33 1999 anyway),
but a "Time-to-Live" value to be used in making caching decisions.
> Is there something I've configured wrong?
Yes :-)
> Or an option in named to flush expired names?
No. There is no such option in your DNS server. Look to whatever
agent is performing the updates for such an option.
> BIND DUMP V8
What version? Perhaps ISC Bind 8.2.2.T3B ?
> $ORIGIN .
This specifies that the following records are top-level entries.
I don't think you really mean to do this ;-)
> ussbris 38400 IN NS server1.ussbris. ;Cl=1
You really should have at least two NS records.
> 38400 IN SOA server1.switch.aust.com.
> everistg.switch.aust.com. (
> 1999036013 10800 3600 864000 38400 ) ;Cl=1
These values may be good; however, you should understand what
each means. Exactly what these should be set to does vary on
circumstances.
> $ORIGIN ussbris.
> MATTHEWSM 937593060 IN A 10.10.10.24 ;Cl=1
> williamsj 937248786 IN A 10.10.10.36 ;Cl=1
> ZRKCIQAA 936246873 IN A 10.10.10.24 ;Cl=1
Plain A records, with very abnormal TTL values :-)
> Here's the relevant section of the named.conf:
>
> zone "ussbris" {
> type master;
> file "/var/named/ussbris.hosts";
You should use the "directory" directive in the options section so
that this can be 'file "ussbris.hosts";', that is, no explicit path.
> allow-update {
> 10.10.10.1;
> 127.0.0.1;
> };
> };
Are you sure you want this? DDNS is useful, if correctly understood
and setup. When you are using DDNS, then the name server is no
longer the primary source, the database that makes the updates is.
It may be that the correct "remove" updates aren't being made by that
controlling source.
Suggested reading:
http://soa.granitecanyon.com/faq.shtml#other-dns-resources
Yours sincerely,
- -- Mark John Suter | I know that you believe you understand
suter at humbug.org.au | what you think I said, but I am not sure
PGP encryption is OK | you realise that what you heard is not
Ph: +61 4 1162 2316 | what I meant. anonymous
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Public key available from http://www.uq.edu.au/~suter/public_key.txt
Charset: noconv
iQCVAwUBN+HPAnBbxiOCJ17ZAQFfxAQAhWb/NSUw1t6tX+4QGJBd2/Cl0goKnDO9
5ZrW8EvRzZzaVCje754L/9wHYf3ODKlco2YDGOqOySn9M1ma1cOIzBWYcuxRYDB9
kC12Onu/v9Tk9UyxcrJofxxpPYG18SPw2oCy70JPfI5Suzw+r3O5ONgtBFe9WK06
s2b1wgs0Pto=
=puUw
-----END PGP SIGNATURE-----
More information about the General
mailing list