# [SOLVED] Registrar was changed but ping still shows old one.

## CurtE

In moving the web site from server A to Server B, I need to change a few things.

1.  Change the info at the registrar - did that.

2.  Move the site to Server B - did that.

3.  Config Apache - it looks like I did that.

4.  change ???? to make ping info correct - not quite there.

resolv.conf

search site1.com

search site2.com

search site3.com

nameserver 127.0.0.1

nameserver 68.xx.xx.xx (comcast)

do I need another nameserver for the static ip?

When I ping I get serverA.www.website.com instead of serverB.www.website.com.

Am I missing another file change?Last edited by CurtE on Tue Aug 18, 2009 5:13 am; edited 1 time in total

----------

## erik258

is this a public website?  if so, why won't you tell us the domain? 

how are we supposed to diagnose a problem like this without the domain?

anyway, it's probably a problem with dns caching.  what's your TTL on that record?  I can't tell for myself because you didn't tell me the domain name!

----------

## CurtE

Sorry, wasn't sure if that was important.

The site is www.reunions-with-flair.com

pinging it returns rwf1.reunions-with-flair.com (70.89.201.9)

if you check the whois the domain server has been changes to csmn1.cs-mn.com (70.89.201.10)

I have no idea about the TTL or what it is.

Excuse my ignorance and lead me through this.  My son set up the original machine and I'm copying what I can from there but don't have the knowledge of where to look for some of the missing pieces.

BTW, I just noticed your in my neck of the woods.  :Smile: 

----------

## CurtE

I don't know if this is important or not.  Ultimately there will be more web sites on the machine with there own domain names and the main one cs-mn.com will have sub areas e.g. cs-mn.com/port (wife has her page).

----------

## Mike Hunt

Do you have net-dns/bind installed?

----------

## cach0rr0

so, did you actually go into the DNS control panel for your DNS provider and update the A record for the host to reflect the new IP? 

Don't mean to be going over basics you've already tried, only being thorough. 

Changing whois != changing DNS A record

two different DNS servers still show the .9 entry for you

```

laptop02 ~ # host -t A www.reunions-with-flair.com 208.67.222.222

Using domain server:

Name: 208.67.222.222

Address: 208.67.222.222#53

Aliases: 

www.reunions-with-flair.com is an alias for rwf1.reunions-with-flair.com.

rwf1.reunions-with-flair.com has address 70.89.201.9

laptop02 ~ # host -t A www.reunions-with-flair.com 4.2.2.2       

Using domain server:

Name: 4.2.2.2

Address: 4.2.2.2#53

Aliases: 

www.reunions-with-flair.com is an alias for rwf1.reunions-with-flair.com.

rwf1.reunions-with-flair.com has address 70.89.201.9

```

Once you make the DNS change, it will take until the so-called "TTL" is exceeded before caching nameservers are updated to reflect your new IP

They *say* this takes 24-48 hours, I've never seen it take longer than 2-3

----------

## CurtE

Yes, I went to Network solutions and changed the record.  I'd rather you did double check what I do.

The address should have changed by now, it was done days ago.  I may have to talk to them about removing old stuff.  They don't have a delete option, just add or change.

It's interesting about the 208.67.222.222 address since I haven't the slightest idea who it is.  See:

208.67.222.222

Record Type: IP Address

OrgName:    OpenDNS, LLC 

OrgID:      OPEND-2

Address:    199 Fremont St.

Address:    12th Floor

City:       San Francisco

StateProv:  CA

PostalCode: 94105

Country:    US

NetRange:   208.67.216.0 - 208.67.223.255 

CIDR:       208.67.216.0/21 

OriginAS:   AS36692

NetName:    OPENDNS-NET-1

NetHandle:  NET-208-67-216-0-1

Parent:     NET-208-0-0-0-0

NetType:    Direct Assignment

NameServer: AUTH1.OPENDNS.COM

NameServer: AUTH2.OPENDNS.COM

NameServer: AUTH3.OPENDNS.COM

Comment:    

RegDate:    2006-06-06

Updated:    2008-05-05

OrgAbuseHandle: GBP7-ARIN

OrgAbuseName:   Patterson, George B

OrgAbusePhone:  +1-415-344-3139

OrgAbuseEmail:  abuse@opendns.com

OrgNOCHandle: GBP7-ARIN

OrgNOCName:   Patterson, George B

OrgNOCPhone:  +1-415-344-3139

OrgNOCEmail:  abuse@opendns.com

OrgTechHandle: BF205-ARIN

OrgTechName:   Fumerola, Bill 

OrgTechPhone:  +1-415-344-3145

OrgTechEmail:  billf@opendns.com

Any clues that you see?

----------

## CurtE

DNS-Bind.  No, do I need it?  Obviously I do, how about the tools for it?

What does it do?

What do I need to do once it's emerged?  etc etc

----------

## cach0rr0

 *CurtE wrote:*   

> DNS-Bind.  No, do I need it?  Obviously I do, how about the tools for it?
> 
> What does it do?
> 
> What do I need to do once it's emerged?  etc etc

 

no, you don't need it

it was a curiosity as you have 127.0.0.1 set as one of your name servers in /etc/resolv.conf - which would hint at a DNS server running locally

bind-tools is a very useful package to have, but not pertinent to your issue at the moment (it will help you with diag though)

----------

## cach0rr0

208.67.222.222 is a DNS server

It's a publicly accessible DNS server that anyone can use (provided by the company named OpenDNS)

The "host" command I was using, says

```
host -t A somedomain.com 4.2.2.2
```

-t: switch to specify record type. In this case, I want your A record

somedomain.com: the domain whose A record I want to look up

4.2.2.2: the DNS server to use for doing the domain lookup. If none is specified, it defaults to using the one(s) in /etc/resolv.conf

merely a diagnostic tool. 

What my stuff above demonstrates is, that according to 4.2.2.2, the A record for your domain still is the .9

It also demonstrates that 208.67.222.222 ALSO has the .9 on file still

I'm basically confirming that two different DNS servers have yet to receive any information that they should update the A record for your domain to the .10 address. 

What you're showing me is WHOIS data - completely different animal from an A record.

----------

## erik258

thanks!  I can now diagnose your problem. 

I've attempted to make this more of a general troubleshooting tutorial - the why, not just the what.  

DNS

First I lookup the soa with dig (part of bind-tools package) :

```
dan@zeus ~ $ dig reunions-with-flair.com soa

; <<>> DiG 9.4.2-P1 <<>> reunions-with-flair.com soa

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33672

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;reunions-with-flair.com.       IN      SOA

;; ANSWER SECTION:

reunions-with-flair.com. 604624 IN      SOA     rwf1.reunions-with-flair.com. root.reunions-with-flair.com. 2006111201 28800 7200 604800 86400

;; AUTHORITY SECTION:

reunions-with-flair.com. 604624 IN      NS      rwf1.reunions-with-flair.com.

;; ADDITIONAL SECTION:

rwf1.reunions-with-flair.com. 604624 IN A       70.89.201.9

;; Query time: 0 msec

;; SERVER: 192.168.1.87#53(192.168.1.87)

;; WHEN: Thu Aug 13 19:11:38 2009

;; MSG SIZE  rcvd: 117

```

That lists a number of interestin bits and pieces, but the important thing is the NS record.  When the domain name accessed it has to be resolved to an IP address and to do that it, the value of the NS record will be consulted.  

Secondly, and just as importantly, there is a glue record in the ADDITIONAL section above. This glue A record is very important because the primary listed NS record for the domain, rwf1.reunions-with-flair.com, is _within_ the reunions-with-flair.com domain.  The glue record avoids the recursive need to look up rwf1.reunions-with-flair.com on itself (as it is the primary listed nameserver for reunions-with-flair.com).  But this problem is already addressed for you because you have the glue record in place.  

Let's consult the listed nameseerver, rwf1, ourselves.  

```
dan@zeus ~ $ dig reunions-with-flair.com @rwf1.reunions-with-flair.com

; <<>> DiG 9.4.2-P1 <<>> reunions-with-flair.com @rwf1.reunions-with-flair.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42677

;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;reunions-with-flair.com.       IN      A

;; AUTHORITY SECTION:

reunions-with-flair.com. 86400  IN      SOA     rwf1.reunions-with-flair.com. root.reunions-with-flair.com. 2006111201 28800 7200 604800 86400

;; Query time: 63 msec

;; SERVER: 70.89.201.9#53(70.89.201.9)

;; WHEN: Thu Aug 13 19:15:16 2009

;; MSG SIZE  rcvd: 87
```

Oh Oh!  See at the top, ANSWER: 0 ?  Well, it looks like rwf1.reunions-with-flair.com doesn't know the answer to the question we're asking it!  We're asking: what is the address of reunions-with-flair.com.  We're being told: I don't know.  

Now, having a domain name isn't required.  It's nice to avoid the requirement for 'www' in your name but if you want to requrire the 'www' hostname then you don't need an A record for reunions-with-flair.com itself.  

So, that begs the question, does www.reunions-with-flair.com resolve? I bet you know the syntax by now; let's find out.  

```
dan@zeus ~ $ dig www.reunions-with-flair.com @rwf1.reunions-with-flair.com

; <<>> DiG 9.4.2-P1 <<>> www.reunions-with-flair.com @rwf1.reunions-with-flair.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2472

;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;www.reunions-with-flair.com.   IN      A

;; ANSWER SECTION:

www.reunions-with-flair.com. 604800 IN  CNAME   rwf1.reunions-with-flair.com.

rwf1.reunions-with-flair.com. 604800 IN A       70.89.201.9

;; AUTHORITY SECTION:

reunions-with-flair.com. 604800 IN      NS      rwf1.reunions-with-flair.com.

;; Query time: 63 msec

;; SERVER: 70.89.201.9#53(70.89.201.9)

;; WHEN: Thu Aug 13 19:26:15 2009

;; MSG SIZE  rcvd: 94
```

All right, so rwf1.reunions-with-flair.com returns a CNAME from www to rwf1, which in turn refers to 70.89.201.9.  

All right!  We've got an address.  Let's see if we can talk to it: 

```

dan@zeus ~ $ ping www.reunions-with-flair.com

PING rwf1.reunions-with-flair.com (70.89.201.9) 56(84) bytes of data.

64 bytes from 70-89-201-9-BusName-brooklynpark.mn.hfc.comcastbusiness.net (70.89.201.9): icmp_seq=1 ttl=42 time=62.8 ms

64 bytes from 70-89-201-9-BusName-brooklynpark.mn.hfc.comcastbusiness.net (70.89.201.9): icmp_seq=2 ttl=42 time=59.4 ms

64 bytes from 70-89-201-9-BusName-brooklynpark.mn.hfc.comcastbusiness.net (70.89.201.9): icmp_seq=3 ttl=42 time=59.8 ms

^C

--- rwf1.reunions-with-flair.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2027ms

rtt min/avg/max/mdev = 59.491/60.751/62.877/1.511 ms

```

We sure can! And incidentally, it's right down the road from me! (spore.ath.cx is hosted in apple valley of our fine state). 

So here's what we know:

1) The registrar thinks that DNS for reunions-with-flair.com  is served by rwf1.reunions-with-flair.com.  

2) rwf1.reunions-with-flair.com lists the IP address 70.89.201.9 for www.reunions-with-flair.com.

So, to conclude, we can look up hosts in the domain, and the www host in the domain has an address.  

HTTP

```

dan@zeus ~ $ nmap www.reunions-with-flair.com

Starting Nmap 4.62 ( http://nmap.org ) at 2009-08-13 19:42 CDT

Interesting ports on 70-89-201-9-BusName-brooklynpark.mn.hfc.comcastbusiness.net (70.89.201.9):

Not shown: 1703 closed ports

PORT    STATE    SERVICE

22/tcp  open     ssh

25/tcp  open     smtp

53/tcp  open     domain

135/tcp filtered msrpc

136/tcp filtered profile

137/tcp filtered netbios-ns

138/tcp filtered netbios-dgm

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

593/tcp filtered http-rpc-epmap

993/tcp open     imaps

995/tcp open     pop3s

Nmap done: 1 IP address (1 host up) scanned in 4.634 seconds
```

Well, it looks like your server's up and running - the only problem is that you aren't running a webserver on it!  So as soon as you turn on the webserver, you hsould be in great shape.  

SMTP & PTR Records

Incidentally, if you're sending mail from this host you probably want to 

1) configure the mailserver to identify the host by some name

2) ask comcast's business department to update the PTR record for your IP (assuming it's static - you're not hosting on a dynamic ip i hope!) to that hostname you've chosen

due to all the spam nowadays some mail servers are very picky about PTR records.  This is just about the only situation where they matter.

----------

## CurtE

This is my iffy knowledge area.  I accept what is and do, even if I don't know why yet.  As long as it works.

The 127.0.0.1 was on the old server and I copied.

Anytime you think it may not be necessary, ask!!!

My son started building my servers while he was in college (he started at age 16).  He read and research until he got it done.  Good kid and smart but nothing says he didn't do more than he needed to either.

----------

## cach0rr0

the name server for that domain seems to be rwf1.reunions-with-flair.com

Which indeed would hint that you're running a DNS server on that machine

Since it's rwf1.reunions-with-flair.com that's still showing the .9, it means you need to update the zone on rwf1.reunions-with-flair.com to reflect the new .10 address for the A record of rwf1.reunions-with-flair.com

----------

## erik258

I typed all that up while the conversation was going on, so to respond to some of the newer posts...

If your new server is on .10 and not .9 the easiest way to test the web server without waiting for the DNS to update is to override public DNS info with your /etc/hosts file on your client.  

I added this line to /etc/hosts: 

```
70.89.201.10 www.reunions-with-flair.com
```

Now I can bring up the page in my browser.  

note that this isn't necessary if that address serves only this domain.  but since that webserver might be serving this as a name-based virtual domain, referring to it by name but also connecting to the right ip are both crucial.  

I'm getting a Forbidden message from the webserver; it's not properly configured to serve this site.  

But the topic is supposed to be dns.  So building on my last post, what you need to do on your dns server is to change the CNAME record for www to an A record with the data of 70.89.201.10.  

Then you'll look up the right name at least.  Your .9 dns server is already listed as the primary - only - nameserver for this domain.  You can update the TTL too if you want so that changes take effect immediately, but this has the downside that your dns server will have to answer a lot more queries.  Changing the TTL won't effect already cached answers, of course, since they'll be cached until the _old_ TTL expires.

----------

## CurtE

Erik,

Let me see if I can condense that, I goes, it finds the address but it doesn't find a web site?

That's true since my original problem was the 70.89.201.9 server was an old Gentoo (2.6.17-r7 9/2006) and hadn't been updated.  I tried, I failed, Apache was unmerge and failed on emerge.  

Hence, Server B.  Change DNS location & web site loc.

Did I miss something or are we on the same page?

Apple Valley, my wife is from there.  Little did I know at the time, Apple Valley, California

----------

## CurtE

This is the /etc/host:

# /etc/hosts: Local Host Database

#

# This file describes a number of aliases-to-address mappings for the for 

# local hosts that share this file.

#

# In the presence of the domain name service or NIS, this file may not be 

# consulted at all; see /etc/host.conf for the resolution order.

#

# IPv4 and IPv6 localhost aliases

70.89.201.10  csmn1.cs-mn.com     csmn1 

70.89.201.10  csmn1.reunions-with-flair.com csmn1 

70.89.201.10  csmn1.blue-moose-gifts.com  csmn1 

70.89.201.10  csmn1.flitezimz.com   csmn1 

127.0.0.1 localhost

::1   localhost

Is this the correct format for the hosts file?Last edited by CurtE on Fri Aug 14, 2009 2:12 am; edited 1 time in total

----------

## cach0rr0

 *CurtE wrote:*   

> This is the /etc/host:
> 
> # /etc/hosts: Local Host Database
> 
> #
> ...

 

so, among the purposes of /etc/hosts, defining a static mapping of name to IP is one of em

A fair chunk of apps you use will first poll /etc/hosts to see if the site you've instructed them to request is listed there

If it is, they use the IP you've provided in there

If it isn't, it should go and check the IP of the requested site using whatever DNS servers you've defined in /etc/resolv.conf

Since we see you have 127.0.0.1 in /etc/resolv.conf, either:

a)you  have a DNS server running on the box

or

b)the entry is spurious

Since we can see from doing our *own* checks in DNS of what is where with your domains, we can see that indeed, you are hosting your own DNS (see the demos above). Meaning, machines on the internet should check *your* server to see what IP's belong to the site they're requesting. This would seem to agree with the idea that you having 127.0.0.1 in /etc/resolv.conf is *not* spurious, because you DO have a DNS server running on your box. 

Now, the DNS server you have running on your box is still telling people to go to the .9 address for these domains. 

We need to fix that. 

We need to change the DNS server you have running on  your box to tell the world that .10 is the correct address. 

To do this, we first need to know what DNS server you're using - the easiest way is for you to show us the output of

```

rc-status

```

If we see a 'named' you are using BIND

if we see a 'svscan', you are likely using DJBDNS 

If we see a 'dnsmasq', you are using dnsmasq

I personally use DJBDNS, so I see 'svscan' listed in rc-status, and see the following listening on :53

```

gentoob0x ~ # netstat -anp |grep :53

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     5600/dnscache       

tcp        0      0 192.168.1.100:53        0.0.0.0:*               LISTEN     5598/tcpserver      

tcp        0      0 127.0.0.1:6667          127.0.0.1:53958         ESTABLISHED4950/inspircd       

tcp        0      0 127.0.0.1:53958         127.0.0.1:6667          ESTABLISHED18274/irssi         

udp        0      0 127.0.0.1:53            0.0.0.0:*                          5600/dnscache       

udp        0      0 192.168.1.100:53        0.0.0.0:*                          5602/tinydns 

```

At any rate, let us see what dns server you're running on that box - from there we can tell you how to adjust your zone to serve up the correct IP for your WWW host.

----------

## CurtE

svscan

netstat -anp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0 192.168.1.22:3306       0.0.0.0:*               LISTEN     4778/mysqld         

tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     4935/tcpserver      

tcp        0      0 0.0.0.0:209             0.0.0.0:*               LISTEN     4939/tcpserver      

tcp        0      0 0.0.0.0:628             0.0.0.0:*               LISTEN     4940/tcpserver      

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     4858/sshd           

tcp6       0      0 :::993                  :::*                    LISTEN     5288/couriertcpd    

tcp6       0      0 :::995                  :::*                    LISTEN     5358/couriertcpd    

tcp6       0      0 :::80                   :::*                    LISTEN     5112/apache2        

tcp6       0      0 :::22                   :::*                    LISTEN     4858/sshd           

tcp6       0      0 :::443                  :::*                    LISTEN     5112/apache2        

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path

unix  2      [ ACC ]     STREAM     LISTENING     11693    5218/authdaemond    /var/lib/courier/authdaemon/socket.tmp

unix  2      [ ACC ]     STREAM     LISTENING     10781    4778/mysqld         /var/run/mysqld/mysqld.sock

unix  2      [ ]         DGRAM                    185      1193/udevd          @/org/kernel/udev/udevd

----------

## cach0rr0

excellent

so, cat the following and show us

```

/var/tinydns/<your.ip.dir.name>/root/data

```

----------

## cach0rr0

wait...are you doing these commands from the .9 box, or from the .10 box? 

Because the above netstat output doesn't show anything listening on :53 (unless I'm blind, which is possible...)

Meaning there is no DNS server running on the machine where you ran the netstat, so I could well be wrong about this bing tinydns/djbdns whatever you wanna call it

svscan can handle any number of things. i forget which the package is that it's a part of, daemontools?

----------

## CurtE

the .10 machine.

How do I get it to listen to 53?

----------

## cach0rr0

 *CurtE wrote:*   

> the .10 machine.
> 
> How do I get it to listen to 53?

 

so, the .10 machine is unlikely to have any DNS server running on it

the .9 machine is your DNS server. Unless you feel like going through the process of getting a DNS server package installed and configured on the .10 box, it would be best to just continue using .9 as your name server, and use .10 as your web server (unless you have some other reason this isn't feasible)

see about doing rc-status on the .9 machine

----------

## CurtE

That is the point, the .9 box is basically dead for web use, Apache will not emerge.

I'm moving everything to .10

================================================

Okay, searching & finding, I stumbled onto the BIND page.

I filled out named.conf, created the log but got stumped when it said to edit:

/var/bind/pri/YOUR_DOMAIN.external

This does not exist yet, does it get created somewhere else?  Or do I have to create from localhost.zone?

Some new info:

http://www.intodns.com/cs-mn.com

http://www.intodns.com/reunions-with-flair.com

----------

## CurtE

What is a MX record?

----------

## cach0rr0

a good many of those are answered here

http://en.gentoo-wiki.com/wiki/BIND

----------

## erik258

So .9 is missing only apache.  .10 is missing apache, dns, probably more (.9 also has mail pop and imap services )

Don't you think it would be easier to fix one package on .9 rather than install 4 on .10?  

The first time I installed bind it took a while.  Apache too. Email too.  You're looking at A lot of work to get this all going, just to avoid fixing apache on the one box.

----------

## CurtE

Mike Hunt and I went for days already trying that.  I probably will rebuild that machine from scratch and copy it from .10  :Smile: 

----------

## cach0rr0

 *CurtE wrote:*   

> Mike Hunt and I went for days already trying that.  I probably will rebuild that machine from scratch and copy it from .10 

 

link@ old thread plz

----------

## CurtE

The link to the other problem...   https://forums.gentoo.org/viewtopic-t-787654.html

Apache is installed on .10, qmail and such are in the debug stage.  BTW, would email work if the dns doesn't.  And I'm learning  :Smile: 

----------

## cach0rr0

i have no idea why he asked some of the things he was asking. 

am only on page 1 - let me read through the rest. I am quite confident we can get apache working for you, this should not be a problem.

EDIT: what the hell? no, ok. Your apache problem is very fixable. 

First and foremost, let me set you up with a kernel. 

From the .9 machine, please paste me the output of the following

```

ls -l /usr/src/linux

cat /proc/cpuinfo

cat /etc/fstab

lspci -n

```

I will get you set up with a kernel, then we will see about getting apache built. Nearly the entirety of the other problems in that thread have absolutely nothing to do with apache. 

There may indeed be a number of things to fix on that system, but getting apache sorted should be trivial.

----------

## CurtE

Either way, I want to get .10 working as a primary or backup.  My son has moved out a while ago and doesn't have the time to fix things any more.  I'm quite knowledgeable with computers and should be able to pick it up with the right help.

There are things I don't catch such as, what actually 'starts' the DNS server.  Is it a command or just when all the pieces are in the right place?

As I come to the situation, I'll ask if you haven't already beat me to it.  :Smile: 

----------

## cach0rr0

adding to that

If you're amenable, let us have a plan as such:

-get a clean tidy kernel for the .9 box

-get apache working for the .9 box

-do a few --pretend emerges on the .9 box to see what all we need to update

-get the rest of the packages on the .9 box fixed and functional

-build out the .10 box in preparation for a migration if need be

-get another apache instance on .10

-look at moving to postfix instead of qmail (see: http://www.disciplina.net/musings/qmail_rant )

I am more than happy to help guide you through getting the .10 box built, but doing so because of what I've seen are your current issues on the .9 box is analogous to using an MP5 for a squirrel hunt.

----------

## CurtE

Okay, I'm going to continue on the other link for .9 fixes and leave this one for .10

----------

## cach0rr0

 *CurtE wrote:*   

> Either way, I want to get .10 working as a primary or backup.  My son has moved out a while ago and doesn't have the time to fix things any more.  I'm quite knowledgeable with computers and should be able to pick it up with the right help.

 

we'll get ya sorted, no worries

 *Quote:*   

> 
> 
> There are things I don't catch such as, what actually 'starts' the DNS server.  Is it a command or just when all the pieces are in the right place?
> 
> 

 

more often than not, this is done with an init script (look in /etc/init.d/ and you'll see all of the ones there)

If you drill down into the init script, you'll actually see the commands used to start the service in question

For example, Apache, if you look in /etc/init.d/apache2, look for the start{} function

The key bit in there is:

```

${APACHE2} ${APACHE2_OPTS} -k start

```

up a bit higher in the script, you'll see the APACHE2 variable is defined as /usr/sbin/apache2

which translates into

```

/usr/sbin/apache2 ${APACHE2_OPTS} -k start

```

The APACHE2_OPTS variable is pulled from /etc/conf.d/${SVCNAME}

which in this case is /etc/conf.d/apache2

```

gentoob0x ~ # grep OPTS /etc/conf.d/apache2 |grep -v ^\# 

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D PHP5 -D SVN -D SVN_AUTHZ -D DAV -D DAV_FS -D PYTHON -D WSGI -D NAGIOS"

```

so in whenever I'm doing /etc/init.d/apache2 start, what's being done behind the scenes is:

```
/usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D PHP5 -D SVN -D SVN_AUTHZ -D DAV -D DAV_FS -D PYTHON -D WSGI -D NAGIOS -k start

```

Helpful? Clear as mud? 

Basically init scripts are time savers. There are ways to start services by hand, but init scripts make things much easier. If you care to see the ins and outs of how something is started, check its init script. 

That isn't a bullet-proof 100% comprehensive explanation, but that should be enough to get you started on the self-teaching profess. 

 *Quote:*   

> As I come to the situation, I'll ask if you haven't already beat me to it. 

 

No doubt. Questions always welcome - we may point you to doc if it's doc'd, but questions welcome

----------

## CurtE

Precisely.  I'm very familiar with /etc/init.d/...... but wasn't sure what actually starts DNS server, per se.

And when I can't remember what /etc/init.d to do, there is always "reboot" (last resort at 4 AM).  :Smile: 

----------

## cach0rr0

 *CurtE wrote:*   

> Precisely.  I'm very familiar with /etc/init.d/...... but wasn't sure what actually starts DNS server, per se.
> 
> And when I can't remember what /etc/init.d to do, there is always "reboot" (last resort at 4 AM). 

 

ah, right. Well that one depends on which DNS package you've opted for

If you already have one installed, but dont know which it is, i think the quickest way would probably  be:

```
equery list |grep dns
```

which should show you, among other things, all of the packages you have installed from the net-dns category

djbdns is handled by svscan (which i think is part of the daemon tools package? I forget, portage handles all of that for you)

BIND is handled by a 'named' init script if i recall correctly, havent used BIND in years

Whatever that wiki page for BIND tells you to 'rc-update' is the init script responsible for starting bind

and let us not forget about such pleasantries as 'rc-status' and 'rc-update show'

----------

## CurtE

net-dns/bind-9.4.3_p3

net-dns/bind-tools-9.4.3_p3

net-dns/host-991529

Well, I'm sure at some point in time you'll need to know more of what is installed, so let's just go with the full list:

 * installed packages

app-admin/apache-tools-2.2.11

app-admin/eselect-1.1.1

app-admin/eselect-ctags-1.10

app-admin/eselect-fontconfig-1.0

app-admin/eselect-news-20080320

app-admin/eselect-opengl-1.0.6-r1

app-admin/eselect-python-20090606

app-admin/eselect-vi-1.1.5

app-admin/logrotate-3.7.8

app-admin/perl-cleaner-1.05

app-admin/php-toolkit-1.0.1

app-admin/python-updater-0.7

app-admin/syslog-ng-2.1.4

app-admin/webapp-config-1.50.16-r1

app-antivirus/clamav-0.95.2

app-arch/arj-3.10.22-r2

app-arch/bzip2-1.0.5-r1

app-arch/cabextract-1.2-r1

app-arch/cpio-2.9-r2

app-arch/gzip-1.3.12-r1

app-arch/lha-114i-r7

app-arch/lzma-utils-4.32.7

app-arch/tar-1.20

app-arch/unrar-3.8.5

app-arch/unzip-5.52-r2

app-crypt/gnupg-2.0.9

app-crypt/mhash-0.9.9-r1

app-crypt/pinentry-0.7.5

app-editors/nano-2.1.7-r1

app-editors/vim-7.2.182

app-editors/vim-core-7.2.182

app-misc/ca-certificates-20080809

app-misc/hal-info-20090414

app-misc/mime-types-7

app-misc/pax-utils-0.1.19

app-portage/gentoolkit-0.2.4.5

app-portage/portage-utils-0.1.29

app-shells/bash-3.2_p39

app-text/build-docbook-catalog-1.2

app-text/docbook-xsl-stylesheets-1.73.2

app-text/ghostscript-gpl-8.62

app-text/libpaper-1.1.23

app-text/poppler-data-0.2.1

app-text/poppler-utils-0.10.7

app-vim/gentoo-syntax-20081006

dev-db/mysql-5.0.70-r1

dev-db/mysql-init-scripts-1.2

dev-java/java-config-1.3.7

dev-java/java-config-2.1.8-r1

dev-java/java-config-wrapper-0.16

dev-java/sun-jdk-1.6.0.15

dev-lang/perl-5.8.8-r5

dev-lang/php-5.2.10

dev-lang/python-2.4.4-r13

dev-lang/python-2.5.4-r3

dev-lang/swig-1.3.36

dev-libs/apr-1.3.8

dev-libs/apr-util-1.3.9

dev-libs/atk-1.24.0

dev-libs/cyrus-sasl-2.1.23

dev-libs/dbus-glib-0.76

dev-libs/eventlog-0.2.9

dev-libs/expat-2.0.1-r1

dev-libs/geoip-1.4.5

dev-libs/glib-2.18.4-r1

dev-libs/gmp-4.2.4

dev-libs/libassuan-1.0.4

dev-libs/libcroco-0.6.2

dev-libs/libgcrypt-1.4.4

dev-libs/libgpg-error-1.7

dev-libs/libksba-1.0.3

dev-libs/libmcrypt-2.5.8-r1

dev-libs/libpcre-7.9-r1

dev-libs/libpthread-stubs-0.1

dev-libs/libusb-0.1.12-r5

dev-libs/libxml2-2.7.3

dev-libs/libxslt-1.1.24-r1

dev-libs/mpfr-2.4.1_p1

dev-libs/openssl-0.9.8k

dev-libs/poppler-0.10.7

dev-libs/popt-1.10.7

dev-libs/pth-2.0.7-r1

dev-perl/Authen-SASL-2.12

dev-perl/Crypt-SSLeay-0.57

dev-perl/DBD-mysql-4.00.5

dev-perl/DBI-1.601

dev-perl/Digest-HMAC-1.01-r1

dev-perl/Digest-SHA1-2.11

dev-perl/HTML-Parser-3.56

dev-perl/HTML-Tagset-3.20

dev-perl/HTML-Tree-3.23

dev-perl/IO-Socket-INET6-2.51

dev-perl/IO-Socket-SSL-1.13

dev-perl/IO-String-1.08

dev-perl/Locale-gettext-1.05

dev-perl/Net-DNS-0.63

dev-perl/Net-Daemon-0.43

dev-perl/Net-IP-1.25-r1

dev-perl/Net-SSLeay-1.30

dev-perl/PlRPC-0.2020-r1

dev-perl/Socket6-0.20

dev-perl/URI-1.35

dev-perl/XML-Parser-2.36

dev-perl/libwww-perl-5.805

dev-php/PEAR-Auth_SASL-1.0.2

dev-php/PEAR-Cache-1.5.4-r1

dev-php/PEAR-DB-1.7.12

dev-php/PEAR-Date-1.4.7

dev-php/PEAR-File-1.3.0

dev-php/PEAR-HTTP_Request-1.4.2

dev-php/PEAR-Log-1.9.14

dev-php/PEAR-MDB2-2.5.0_alpha2

dev-php/PEAR-MDB2_Driver_mysql-1.5.0_alpha2

dev-php/PEAR-MDB2_Driver_mysqli-1.5.0_alpha2

dev-php/PEAR-Mail-1.1.14

dev-php/PEAR-Mail_Mime-1.5.2

dev-php/PEAR-Mail_mimeDecode-1.5.0

dev-php/PEAR-Net_DIME-0.3-r1

dev-php/PEAR-Net_FTP-1.3.4

dev-php/PEAR-Net_SMTP-1.2.10

dev-php/PEAR-Net_Sieve-1.1.6

dev-php/PEAR-Net_Socket-1.0.8

dev-php/PEAR-Net_URL-1.0.15

dev-php/PEAR-PEAR-1.6.2-r1

dev-php/PEAR-SOAP-0.11.0

dev-php/PEAR-Services_Weather-1.4.2

dev-php/PEAR-XML_Parser-1.2.8

dev-php/PEAR-XML_Serializer-0.18.0

dev-php/PEAR-XML_Util-1.1.4

dev-python/numpy-1.3.0

dev-python/pycairo-1.8.2

dev-python/pycrypto-2.0.1-r6

dev-util/ctags-5.7

dev-util/desktop-file-utils-0.15

dev-util/gperf-3.0.3

dev-util/gtk-doc-am-1.10-r1

dev-util/intltool-0.40.5

dev-util/pkgconfig-0.23

dev-util/re2c-0.13.5

mail-filter/maildrop-2.0.4

mail-mta/netqmail-1.05-r8

media-fonts/corefonts-1-r4

media-fonts/encodings-1.0.2

media-fonts/font-adobe-75dpi-1.0.0

media-fonts/font-alias-1.0.1

media-fonts/font-util-1.0.1

media-fonts/gnu-gs-fonts-std-8.11

media-gfx/graphviz-2.20.3

media-gfx/imagemagick-6.5.2.9

media-libs/fontconfig-2.6.0-r2

media-libs/freetype-2.3.9-r1

media-libs/gd-2.0.35

media-libs/jpeg-6b-r8

media-libs/libpng-1.2.37

media-libs/mesa-7.3-r1

media-libs/openjpeg-1.3-r2

media-libs/t1lib-5.0.2-r1

media-libs/tiff-3.8.2-r8

net-analyzer/rrdtool-1.3.8

net-dialup/ppp-2.4.4-r23

net-dns/bind-9.4.3_p3

net-dns/bind-tools-9.4.3_p3

net-dns/host-991529

net-libs/c-client-2007e

net-libs/courier-authlib-0.62.2

net-libs/libpcap-0.9.8-r2

net-mail/autorespond-2.0.4

net-mail/checkpassword-0.90-r2

net-mail/cmd5checkpw-0.30-r1

net-mail/courier-imap-4.0.6-r3

net-mail/dot-forward-0.71-r2

net-mail/mailbase-1

net-mail/qmailadmin-1.2.10

net-mail/qmhandle-1.2.0-r1

net-mail/queue-repair-0.9.0

net-mail/ripmime-1.4.0.6

net-mail/tnef-1.3.4

net-mail/vpopmail-5.4.16

net-misc/curl-7.19.4

net-misc/iputils-20071127

net-misc/netkit-rsh-0.17-r9

net-misc/openssh-5.2_p1-r1

net-misc/rsync-3.0.5

net-misc/telnet-bsd-1.2-r1

net-misc/wget-1.11.3

net-print/cups-1.3.8-r2

perl-core/Archive-Tar-1.40

perl-core/Compress-Raw-Bzip2-2.015

perl-core/Compress-Raw-Zlib-2.015

perl-core/Compress-Zlib-2.015

perl-core/DB_File-1.815

perl-core/IO-Compress-Base-2.015

perl-core/IO-Compress-Bzip2-2.015

perl-core/IO-Compress-Zlib-2.015

perl-core/IO-Zlib-1.09

perl-core/Package-Constants-0.01

perl-core/PodParser-1.35

perl-core/Scalar-List-Utils-1.19

perl-core/Storable-2.18

perl-core/Sys-Syslog-0.27

perl-core/Test-Harness-3.10

perl-core/Test-Simple-0.80

perl-core/Time-HiRes-1.97.15

perl-core/Time-Local-1.18

perl-core/digest-base-1.15

perl-core/libnet-1.22

sys-apps/acl-2.2.47

sys-apps/attr-2.4.43

sys-apps/baselayout-1.12.11.1

sys-apps/busybox-1.13.2

sys-apps/coreutils-7.1

sys-apps/dbus-1.2.3-r1

sys-apps/debianutils-3.1.3

sys-apps/diffutils-2.8.7-r2

sys-apps/dmidecode-2.10

sys-apps/ed-1.0

sys-apps/eject-2.1.5-r1

sys-apps/file-4.23

sys-apps/findutils-4.4.0

sys-apps/gawk-3.1.6

sys-apps/grep-2.5.4-r1

sys-apps/groff-1.20.1-r1

sys-apps/hal-0.5.11-r9

sys-apps/help2man-1.36.4

sys-apps/kbd-1.13-r1

sys-apps/less-429

sys-apps/man-1.6f-r3

sys-apps/man-pages-3.21

sys-apps/man-pages-posix-2003a

sys-apps/module-init-tools-3.5

sys-apps/net-tools-1.60_p20071202044231-r1

sys-apps/pciutils-3.0.2

sys-apps/portage-2.1.6.13

sys-apps/sandbox-1.6-r2

sys-apps/sed-4.2

sys-apps/shadow-4.1.2.2

sys-apps/slocate-3.1-r1

sys-apps/sysvinit-2.86-r10

sys-apps/tcp-wrappers-7.6-r8

sys-apps/texinfo-4.13

sys-apps/ucspi-tcp-0.88-r16

sys-apps/usbutils-0.73

sys-apps/util-linux-2.14.2

sys-apps/which-2.19

sys-auth/consolekit-0.2.10

sys-auth/pambase-20081028

sys-boot/lilo-22.8-r2

sys-devel/autoconf-2.63-r1

sys-devel/autoconf-wrapper-6

sys-devel/automake-1.7.9-r1

sys-devel/automake-1.9.6-r2

sys-devel/automake-1.10.2

sys-devel/automake-wrapper-3-r1

sys-devel/bc-1.06.95

sys-devel/bin86-0.16.17

sys-devel/binutils-2.18-r3

sys-devel/binutils-config-1.9-r4

sys-devel/bison-2.3

sys-devel/flex-2.5.35

sys-devel/gcc-4.1.2

sys-devel/gcc-4.3.2-r3

sys-devel/gcc-config-1.4.1

sys-devel/gettext-0.17

sys-devel/gnuconfig-20080928

sys-devel/libperl-5.8.8-r2

sys-devel/libtool-1.5.26

sys-devel/m4-1.4.12

sys-devel/make-3.81

sys-devel/patch-2.5.9

sys-fs/cryptsetup-1.0.6-r2

sys-fs/device-mapper-1.02.24-r1

sys-fs/e2fsprogs-1.41.3-r1

sys-fs/udev-141

sys-kernel/gentoo-sources-2.6.25-r8

sys-kernel/gentoo-sources-2.6.30-r4

sys-kernel/linux-headers-2.6.27-r2

sys-libs/cracklib-2.8.13

sys-libs/db-4.3.29-r2

sys-libs/db-4.5.20_p2

sys-libs/db-4.6.21_p4

sys-libs/e2fsprogs-libs-1.41.3-r1

sys-libs/gdbm-1.8.3-r3

sys-libs/glibc-2.9_p20081201-r2

sys-libs/gpm-1.20.5

sys-libs/libutempter-1.1.5

sys-libs/ncurses-5.6-r2

sys-libs/pam-1.0.4

sys-libs/pwdb-0.62

sys-libs/readline-5.2_p13

sys-libs/timezone-data-2009j

sys-libs/zlib-1.2.3-r1

sys-process/cronbase-0.3.2-r1

sys-process/daemontools-0.76-r5

sys-process/procps-3.2.7

sys-process/psmisc-22.6

sys-process/vixie-cron-4.1-r10

virtual/acl-0

virtual/editor-0

virtual/ghostscript-0

virtual/httpd-cgi-0

virtual/init-0

virtual/jdk-1.6.0

virtual/libiconv-0

virtual/libintl-0

virtual/libusb-0

virtual/mysql-5.0

virtual/pager-0

virtual/perl-Archive-Tar-1.40

virtual/perl-Compress-Raw-Zlib-2.015

virtual/perl-Compress-Zlib-2.015

virtual/perl-DB_File-1.815

virtual/perl-Digest-MD5-2.36

virtual/perl-IO-Compress-Base-2.015

virtual/perl-IO-Compress-Zlib-2.015

virtual/perl-IO-Zlib-1.09

virtual/perl-MIME-Base64-3.07

virtual/perl-PodParser-1.35

virtual/perl-Scalar-List-Utils-1.19

virtual/perl-Storable-2.18

virtual/perl-Sys-Syslog-0.27

virtual/perl-Test-Simple-0.80

virtual/perl-Time-HiRes-1.97.15

virtual/perl-Time-Local-1.18

virtual/perl-digest-base-1.15

virtual/perl-libnet-1.22

virtual/poppler-utils-0.10.7

virtual/qmail-1.03

www-apps/horde-pear-1.3-r3

www-client/links-2.2

www-client/lynx-2.8.6-r2

www-servers/apache-2.2.11-r2

x11-apps/bdftopcf-1.0.0

x11-apps/iceauth-1.0.2

x11-apps/luit-1.0.3

x11-apps/mkfontdir-1.0.4

x11-apps/mkfontscale-1.0.5

x11-apps/rgb-1.0.3

x11-apps/xauth-1.0.3

x11-apps/xclock-1.0.3-r1

x11-apps/xhost-1.0.2

x11-apps/xinit-1.0.8-r4

x11-apps/xkbcomp-1.0.5

x11-apps/xmessage-1.0.2-r1

x11-apps/xprop-1.0.4

x11-apps/xrdb-1.0.5

x11-apps/xset-1.0.4

x11-apps/xsm-1.0.1-r1

x11-drivers/xf86-input-keyboard-1.3.2

x11-drivers/xf86-input-mouse-1.4.0

x11-drivers/xf86-video-ati-6.12.1-r1

x11-libs/cairo-1.8.6-r1

x11-libs/libICE-1.0.4

x11-libs/libSM-1.1.0

x11-libs/libX11-1.1.5

x11-libs/libXau-1.0.4

x11-libs/libXaw-1.0.5

x11-libs/libXcomposite-0.4.0

x11-libs/libXcursor-1.1.9

x11-libs/libXdamage-1.1.1

x11-libs/libXdmcp-1.0.2

x11-libs/libXext-1.0.4

x11-libs/libXfixes-4.0.3

x11-libs/libXfont-1.3.4

x11-libs/libXfontcache-1.0.4

x11-libs/libXft-2.1.13

x11-libs/libXi-1.2.1

x11-libs/libXmu-1.0.4

x11-libs/libXp-1.0.0

x11-libs/libXpm-3.5.7

x11-libs/libXrandr-1.2.3

x11-libs/libXrender-0.9.4

x11-libs/libXres-1.0.3

x11-libs/libXt-1.0.5

x11-libs/libXtst-1.0.3

x11-libs/libXxf86misc-1.0.1

x11-libs/libXxf86vm-1.0.2

x11-libs/libdrm-2.4.5

x11-libs/libfontenc-1.0.4

x11-libs/libpciaccess-0.10.5

x11-libs/libxkbfile-1.0.5

x11-libs/libxkbui-1.0.2

x11-libs/pango-1.24.2

x11-libs/pixman-0.14.0-r1

x11-libs/xtrans-1.2.3

x11-misc/makedepend-1.0.1

x11-misc/shared-mime-info-0.60

x11-misc/util-macros-1.2.1

x11-misc/xbitmaps-1.0.1

x11-misc/xdg-utils-1.0.2-r3

x11-misc/xkeyboard-config-1.5

x11-proto/bigreqsproto-1.0.2

x11-proto/compositeproto-0.4

x11-proto/damageproto-1.1.0

x11-proto/evieext-1.0.2

x11-proto/fixesproto-4.0

x11-proto/fontcacheproto-0.1.2

x11-proto/fontsproto-2.0.2

x11-proto/glproto-1.4.9

x11-proto/inputproto-1.5.0

x11-proto/kbproto-1.0.3

x11-proto/printproto-1.0.4

x11-proto/randrproto-1.2.2

x11-proto/recordproto-1.13.2

x11-proto/renderproto-0.9.3

x11-proto/resourceproto-1.0.2

x11-proto/scrnsaverproto-1.1.0

x11-proto/trapproto-3.4.3

x11-proto/videoproto-2.2.2

x11-proto/xcmiscproto-1.1.2

x11-proto/xextproto-7.0.4

x11-proto/xf86bigfontproto-1.1.2

x11-proto/xf86dgaproto-2.0.3

x11-proto/xf86driproto-2.0.4

x11-proto/xf86miscproto-0.9.2

x11-proto/xf86rushproto-1.1.2

x11-proto/xf86vidmodeproto-2.2.2

x11-proto/xineramaproto-1.1.2

x11-proto/xproto-7.0.14

x11-terms/xterm-242

x11-wm/twm-1.0.4

----------

## cach0rr0

ok so yeah, he'd put bind on this machine

once we have your apache up and running, it'll be time to clean up this machine, fix DNS, and go forth with building out the new machine

----------

## erik258

As usual, cach0rr0 has some good points.  

 *Quote:*   

> And when I can't remember what /etc/init.d to do, there is always "reboot" (last resort at 4 AM). :)

 

Only init scripts added to the boot or default runlevel are started on boot, so don't think that rebooting is a solution to the problem of how to get any non-running service running.

rc-status can show you what run levels are supposed to be started at each of these runlevels and whether they're actually running on the machine.  

```
dan@napoleon ~ $ rc-status show boot

Runlevel: boot

 acpid                                                              [ started  ]

 bootmisc                                                           [ started  ]

 checkfs                                                            [ started  ]

 checkroot                                                          [ started  ]

 clock                                                              [ started  ]

 consolefont                                                        [ started  ]

 hald                                                               [ started  ]

 hostname                                                           [ started  ]

 keymaps                                                            [ started  ]

 localmount                                                         [ started  ]

 modules                                                            [ started  ]

 net.lo                                                             [ started  ]

 rmnologin                                                          [ started  ]

 urandom                                                            [ started  ]

dan@napoleon ~ $ rc-status show default

Runlevel: default

 local                                                              [ started  ]

 netmount                                                           [ started  ]

```

You could see what init scripts you have (not necessarily set to start at boot, but available) with rc-config:

```

dan@napoleon ~ $ rc-config list

Available init scripts

  acpid                     boot

  alsasound                 

  bootmisc                  boot

  checkfs                   boot

  checkroot                 boot

  clock                     boot

  consolefont               boot

  consolekit                

  cpufrequtils              

  crypto-loop             

  [... ... ... ]
```

And you can add a script to boot like this: 

```

napoleon ~ # rc-update add xdm default

 * xdm added to runlevel default

```

That was just for a window manager on my laptop, but you'll need to set up apache that way if you want it to run when the system comes up (this is a good idea for webservers!).

----------

## erik258

I have copied my zone forward file template to my webserver for you, and added some annotations, so that you can move on with the DNS config if you're ready.  

I don't know if you need it but if you do it's at http://spore.ath.cx/~dan/__DOMAIN.fw

Replace all the __DOMAIN bits with the zone's domain - in your case that'd be reunions-with-flair.com.

You also have to replace some IP addresses and add your email addresss (note in email address @ is replaced by . )

Your nameservers, MX records, etc don't need to be  in the domain you're setting up DNS for.  There's no reason the nameservers can't be listed as CSMN1 and CSMN2  .CS-MN.COM.  In other words, since the IP addresses at the nameserver is right, you don't necessarily have to change to something in the reunions-... domain.  

I can send you a template for a named.conf too, but it looks like you've got that covered.

----------

## Mike Hunt

 *cach0rr0 wrote:*   

> i have no idea why he asked some of the things he was asking. 

 

Because I am like you my friend, I was taking our friend by the hand to walk him through getting his Gentoo box working perfectly.

Blessed be.  :Smile: 

MH

----------

## cach0rr0

 *Mike Hunt wrote:*   

>  *cach0rr0 wrote:*   i have no idea why he asked some of the things he was asking.  
> 
> Because I am like you my friend, I was taking our friend by the hand to walk him through getting his Gentoo box working perfectly.
> 
> Blessed be. 
> ...

 

no worries, and no offense intended on my behalf - you just lost me

----------

## cach0rr0

 *erik258 wrote:*   

> 
> 
> I don't know if you need it but if you do it's at http://spore.ath.cx/~dan/__DOMAIN.fw
> 
> Replace all the __DOMAIN bits with the zone's domain - in your case that'd be reunions-with-flair.com.
> ...

 

NOW i remember why I went the djbdns route. cripes i had forgotten how ugly their zone files are

----------

## CurtE

zones are done.  Lead me onward.  :Smile: 

In case you needed to know:

Runlevel: 

 apache2               

 courier-imapd-ssl  

 courier-pop3d-ssl  

 local                      

 mysql                      

 named                       

 net.eth0           

 net.eth1              

 netmount                 

 sshd                                        

 svscan                                                

Available init scripts

  apache2                   default

  bootmisc                  boot

  checkfs                   boot

  checkroot                 boot

  clamd                     

  clock                     boot

  consolefont               boot

  consolekit                

  courier-authlib           

  courier-imapd             

  courier-imapd-ssl         default

  courier-pop3d             

  courier-pop3d-ssl         default

  crypto-loop               

  cupsd                     

  dbus                      

  device-mapper             

  dmcrypt                   

  dmeventd                  

  gpm                       

  hald                      

  hostname                  boot

  keymaps                   boot

  local                     default

  localmount                boot

  modules                   boot

  mysql                     default

  mysqlmanager              

  named                     default

  net.eth0                  default

  net.eth1                  default

  net.lo                    boot

  netmount                  default

  nscd                      

  numlock                   

  pciparm                   

  pwcheck                   

  pydoc-2.4                 

  pydoc-2.5                 

  rmnologin                 boot

  rsyncd                    

  saslauthd                 

  sshd                      default

  svscan                    default

  syslog-ng                 

  udev                      

  udev-dev-tarball          

  udev-mount                

  udev-postmount            

  urandom                   boot

  vixie-cron                

  xdm

----------

## cach0rr0

once we get you booted in the new kernel, we're going to get you sorted with a functional apache

there *are* special considerations going from 2.0 to 2.2, as I think Pappy may have linked to earlier. 

Holler once you get booted into the new kernel, and get apache built - I'm getting old (late 20's) and planning on staying in tonight, so I have nothing better to do

----------

## erik258

Good; looks like named is ready to start when the default runlevel is entered.  Since you're already in the default runlevel, you can start it manually like this:

```
/etc/init.d/named start
```

I'm guessing we'll have to do some error checking to get bind up and running, but as you run into problems, post them here and I'll get you through them.  With the help of these others, of course.

----------

## cach0rr0

 *erik258 wrote:*   

> 
> 
> I'm guessing we'll have to do some error checking to get bind up and running, but as you run into problems, post them here and I'll get you through them.  With the help of these others, of course.

 

ohhhh no, you're on your own with bind!

That's half the reason i went to djb

```

=whitehathouston.com:192.168.1.100

@whitehathouston.com::gentoob0x.whitehathouston.com

.whitehathouston.com::ns1.no-ip.com

```

andddd done!

Not slagging off bind, just overkill for my needs. it's been standard fare in enough large-scale high-volume high availability deployments, and myself being too uneducated to critique it fairly, I go no further than to say "ick, the zone files are hideous"

----------

## CurtE

Erik,

  I restarted /etc/init.d/named

no errors just stopped & started

I may regret fixing two computers at the same time.  :Smile: 

cach0rr0 is getting confused on which message board.

Let's hope I'm don't get confused on which server I'm in.  LOL

----------

## cach0rr0

 *CurtE wrote:*   

> Erik,
> 
>   I restarted /etc/init.d/named
> 
> no errors just stopped & started
> ...

 

so long as I'm dosed up on skoal and coffee, I'm good

EDIT: on the server where you just started named via init script, if it's operational you should now be able to

```
netstat -an |grep :53
```

and see your DNS listener

----------

## CurtE

tcp         0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     

udp        0      0 127.0.0.1:53            0.0.0.0:*

----------

## doctork

When ask the root about it, I  find that the NS servers for reunions-with-flair.com are:

```
dig +trace reunions-with-flair.com. ns

...stuff removed....

;; Received 504 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 53 ms

reunions-with-flair.com. 172800 IN      NS      csmn1.cs-mn.com.

reunions-with-flair.com. 172800 IN      NS      csmn2.cs-mn.com.
```

But now I have a problem:

```
~ $ host -v www.reunions-with-flair.com.

Trying "www.reunions-with-flair.com"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57696

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:

;www.reunions-with-flair.com.   IN      A

;; ANSWER SECTION:

www.reunions-with-flair.com. 0  IN      A       67.215.66.132

;; AUTHORITY SECTION:

reunions-with-flair.com. 171861 IN      NS      csmn2.cs-mn.com.

reunions-with-flair.com. 171861 IN      NS      csmn1.cs-mn.com.

Received 107 bytes from 172.20.31.74#53 in 2654 ms

Trying "www.reunions-with-flair.com"

;; connection timed out; no servers could be reached

Trying "www.reunions-with-flair.com"

;; connection timed out; no servers could be reached
```

Rather strange -- the www address is returned with 0 time-to-live.  Thus my name server attempts to query the NS servers for an update and neither of your names servers could be reached.

--

doc

----------

## erik258

Load that IP in a browser.  Or better yet let me save you the effort.  You'll end up here:

http://guide.opendns.com/?url=67.215.66.132&servfail

Apparently opendns has made the poor choice of answering all A Queries that fail with an IP that will say "This lookup failed".  I think it's a despicable practice myself and am surprised opendns so.   

But in reality, both .9 and .10  fail to answer queries.  It's no surprise because .9 is rebooting and .10 is not yet up.

----------

## doctork

Oh, another one of those.  It lets opendns sell advertising, so it's not too surprising, I guess. 

--

doc

----------

## CurtE

http://www.intodns.com/reunions-with-flair.com as I said earlier does have some good (if not obvious info).

It does tell the obvious that there is no csmn2, since we are in the process of getting it moving.

BTW, what is the connection of OpenDNS to reunions-with-flair?  Does only one place have it?

----------

## cach0rr0

 *doctork wrote:*   

> Oh, another one of those.  It lets opendns sell advertising, so it's not too surprising, I guess. 
> 
> --
> 
> doc

 

heh

They provide free, speedy DNS servers, with basic but freebie content filtering - I'm not going to complain if they chunk up ads on pages I'll only ever visit if I make a typo

----------

## cach0rr0

 *CurtE wrote:*   

> 
> 
> BTW, what is the connection of OpenDNS to reunions-with-flair?  Does only one place have it?

 

No connection whatsoever. Your basic home user will use their ISP's DNS server, which ends up handling all of the domain resolution for their browsing and whatnot. OpenDNS provides freebie DNS should that user decide their ISP's DNS servers are too slow or unreliable, among other things. 

I use it at my mother's place, because my sister's kids are always over there playing games on the  old computers, and they DO allow you to do some very basic URL category based content filtering - so at least the bulk of the adult sites are blocked off from the kids. 

Regarding its application for our purposes here, as far as I use it, it's something I suggest people use as a troubleshooting step, when I want to make sure their DNS server isn't acting up and causing whatever symptom. Any publicly accessible DNS server will do for this, it doesn't have to be the ones for OpenDNS - I often use 4.2.2.2 for this testing purpose as well, since it's another freely usable DNS server. 

There are a number of speedy DNS servers on the net, but not all of them are freely accessible (e.g. I probably couldn't use *your* ISP's DNS servers too long before they'd cut me off for wasting their resources, nor could you do the same with my ISP's DNS servers [comcast])

----------

## CurtE

That's my question, I'm with comcast.  They are my provider (at least that's who I pay the bill to).

----------

## erik258

 *Quote:*   

> BTW, what is the connection of OpenDNS to reunions-with-flair? Does only one place have it?

 

Cach0rr0 is quite right, there's no connection at all.  doctork used the host command to query the nameservers; his box is evidently configured to query openDNS.  So openDNS is being used on his end to look up names.  It couldn't look up the record for your domain name (both servers are down) and so it filled in a name of a server that, if you sere using a web browser, would provide an error message to that extent.  

OpenDNS is wrong.  THat is not the A record for your domain.  It provided that A record because it broke RFC adherence and answered queries with the wrong information.  

It has nothing to do with you.  If you look up the domain on a proper server, you should get something more like this:

```

dan@napoleon ~ $ dig reunions-with-flair.com 

; <<>> DiG 9.4.3-P3 <<>> reunions-with-flair.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16215

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;reunions-with-flair.com.       IN      A

;; Query time: 810 msec

;; SERVER: 192.168.1.87#53(192.168.1.87)

;; WHEN: Sat Aug 15 21:18:49 2009

;; MSG SIZE  rcvd: 41

```

 *Quote:*   

> ohhhh no, you're on your own with bind! 

 

That's fine with me!  I'm maintaining bind on my 4 servers right now, and set it up / maintain it on 3 or 4 of my friend's servers as well.  I have complete confidence in my ability to get this set up, if I have enough access to the configs to point out any issues.  Speaking of which, 

Curt, 

named doesn't appear to be listening on port 53 on 70.89.201.10.  I can see http and https, ssh, pop3/pop3/imaps (mailbox access).  I don't see domain (53) or mail delivery (25).  

If named is really running then it's probably not configured to listen on the external interface.  Or there could be other problems.  Could you post your named.conf file, or email it to me?  I'd like to look it over.  If it's been configured to log you might want to follow the log file with tail -f, and then you can watch errors be logged when you restart the nameserver with /etc/init.d/named restart.  But until I see that named.conf file, I can't give you the full command line because I don't know where it's being logged.  

It's also possible the .10 box is running a firewall.  In this case we'll have to open up that port in the firewall.  Assuming it's a vanilla iptables configuration, I can help you there.  

As for mail, I personally use Postfix.  It's an elegant mail server and I highly recommend it.  I am afraid I can't help with qmail, but I can provide a basic main.cf file for postfix that should get you running in no time, if you're interested in making the switch.

----------

## cach0rr0

i should be able to help with qmail. it's been a few years since ive made the switch, but i doubt the basics have changed

far as postfix, i have my stuff posted - it's fairly ancient, and changed since then (ex: this is now tied into openldap), but this is functional nonetheless

https://whitehathouston.com/topics/index.php/WHHMail

----------

## CurtE

Thank you for the help.  These are the areas I really don't have a handle on.

The reason for using qmail were simple:

1.  I had researched this back 3+ years ago and it seemed to be the best option at that time.

2.  Since the .9 box had it on it, I thought it would be easier to setup since I had a template.

3.  With the new found knowledge from this thread, it may be 99% done and we just need to find out what is missing.

If the DNS is not working right, would I be able to access the e-mail server?

I'm sure there is a firewall.  What kind of message would I receive from Thunderbird (or any e-mail client) as an error.

How do I allow the e-mail through the firewall?

To answer that question, you need more info on my connection.

I have Comcast workplace and static IP's, coming into the house thru the Comcast modem(?), then a Linksys router to a 16 port hub.

As I explained to erik, I'm not a novice to the computer world (30+ years in computers) or Gentoo but I do have some areas I lack in Gentoo upper areas.  I had my son setup the original system for the business but I helped when I could.  He's a great kid and learns quickly but he lacks in the teaching skills.  I'm a hands on student and he's a verbal teacher.  Unless I was somewhat knowledgeable on what he was explaining, he lose me fast and than he might as well be talking about black hole theories.  :Smile: 

================

This post made me think so I tried Thunderbird.  With .9 down, I get the same message for both machines which enhances my theory that qmail may be working but I can't access the machine.

----------

## CurtE

Erik,

   This is the /chroot/dns/etc/bind/named.conf

options {

  directory "/var/bind";

  // uncomment the following lines to turn on DNS forwarding,

  // and change the forwarding ip address(es) :

  //forward first;

  //forwarders {

  //  123.123.123.123;

  //  123.123.123.123;

  //};

        listen-on-v6 { none; };

        listen-on port 53 { 127.0.0.1; 70.89.201.10; };

  // to allow only specific hosts to use the DNS server:

  //allow-query {

  //  127.0.0.1;

  //};

  // if you have problems and are behind a firewall:

  // query-source address * port 53;

  pid-file "/var/run/named/named.pid";

};

// Briefly, a zone which has been declared delegation-only will be effectively

// limited to containing NS RRs for subdomains, but no actual data beyond its

// own apex (for example, its SOA RR and apex NS RRset). This can be used to

// filter out "wildcard" or "synthesized" data from NAT boxes or from

// authoritative name servers whose undelegated (in-zone) data is of no

// interest.

// See http://www.isc.org/products/BIND/delegation-only.html for more info

//zone "COM" { type delegation-only; };

//zone "NET" { type delegation-only; };

zone "." IN {

  type hint;

  file "named.ca";

};

zone "localhost" IN {

  type master;

  file "pri/localhost.zone";

  allow-update { none; };

  notify no;

};

zone "127.in-addr.arpa" IN {

  type master;

  file "pri/127.zone";

  allow-update { none; };

  notify no;

};

zone "reunions-with-flair.com" IN {

  type master;

  allow-update { none; };

  file "pri/reunions-with-flair.com.zone";

};

zone "cs-mn.com" IN {

  type master;

  allow-update { none; };

  file "pri/cs-mn.com.zone";

};

zone "blue-moose-gifts.com" IN {

  type master;

  allow-update { none; };

  file "pri/blue-moose-gifts.com.zone";

};

zone "flitezimz.com" IN {

  type master;

  allow-update { none; };

  file "pri/flitezimz.com.zone";

};

logging {

       channel default_syslog {

           file "/var/log/named/named.log" versions 3 size 5M;

           severity debug;

           print-time yes;

           print-severity yes;

           print-category yes;

         };

         category default { default_syslog; };

};

----------

## doctork

Assuming that you have set /etc/conf.d/named to use CHROOT, and that you have all the specified zone files in /chroot/dns/var/bind/pri, you should be good to go.  I've never used the CHROOT features myself, but I have been using named since the Dark Ages starting with version 4.3.  I'm even older than you, CurtE -- I put in 37 years in the business ending with my retirement at the end of last year.   :Very Happy: 

--

doc

----------

## CurtE

netstat :53 results 

tcp        0      0 70.89.201.10:53       0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     

udp       0      0 70.89.201.10:53       0.0.0.0:*                          

udp       0      0 127.0.0.1:53            0.0.0.0:*

Since I'm not sure what it should say, I don't know if somethings missing.

----------

## doctork

 *CurtE wrote:*   

> netstat :53 results 
> 
> tcp        0      0 70.89.201.10:53       0.0.0.0:*               LISTEN     
> 
> tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
> ...

 

That looks good.  However, you must have a firewall blocking DNS queries to 70.89.201.10 from the internet.  I can ping that address from here, but DNS queries fail.

```
$ ping -c2 70.89.201.10

PING 70.89.201.10 (70.89.201.10) 56(84) bytes of data.

64 bytes from 70.89.201.10: icmp_seq=1 ttl=49 time=38.2 ms

64 bytes from 70.89.201.10: icmp_seq=2 ttl=49 time=41.0 ms

--- 70.89.201.10 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 38.218/39.655/41.093/1.451 ms

----------------------------------------

$ host www.reunions-with-flair.com. 70.89.201.10

;; connection timed out; no servers could be reached

```

Are you sure your ISP isn't blocking DNS queries?

--

doc

----------

## CurtE

I don't think so, but my unit may be doing it.

How/what do I need to do to bypass my firewall?

----------

## doctork

 *CurtE wrote:*   

> I don't think so, but my unit may be doing it.
> 
> How/what do I need to do to bypass my firewall?

 

If the problem is on your network, the likely culprit would be the Linksys router.  I don't know anything about said device.  I also found I can access your system using POP3 and HTTP, but not SMTP.  That makes me more suspicious of Comcast as the blocker -- ISPs don't really like users running their own e-mail and dns servers.  I'd bug their customer service, if I were you.

--

doc

----------

## CurtE

Before the other computer had problems, I had no problem running my own e-mail server.  Since my account is a Workplace account, I think Comcast expects that.  A home account would be a different story.  I'll call my son with this question and report back.

----------

## doctork

I should have asked -- can you query your server from inside your network? Try something like:

```
host -v www.reunions-with-flair.com. localhost
```

If that doesn't give you the answer you expect, then your problem is your named configuration or zone files.

--

doc

----------

## CurtE

It replies:

Trying "reunions-with-flair.com"

Received 41 bytes from 127.0.0.1#53 in 0 ms

Trying "reunions-with-flair.com"

Using domain server:

Name: localhost

Address: 127.0.0.1#53

Aliases: 

Host reunions-with-flair.com not found: 2(SERVFAIL)

Received 41 bytes from 127.0.0.1#53 in 0 ms

As I said, I can post results but you may have to explain it to me.   :Wink: 

----------

## doctork

I didn't see any glaring problem in your named.conf.  A problem in the zone file?

Anything of interest in the log file (/chroot/dns/var/log/named/named.log)?

--

doc

----------

## CurtE

Log is empty.  No clues there.

----------

## doctork

Check /var/log/messages as well to see if something happened before the chroot.

--

doc

----------

## CurtE

No word from my son, out of town.

I did find out that the modem had the firewall disabled.

Also, I found this on the modem:

My web site address is 70.89.201.10 but in the modem I have these addresses:

DNS PRI 68.xx.xx.xxx

DNS SEC 68.xx.xx.xxx

Is this Comcast way of having me run my DNS thru the modem?

----------

## cach0rr0

that's their DNS servers yes

but you can configure your workstations and whatnot on the internal network to use any name servers you like (at least in my area, Comcast doesn't prevent you from querying external DNS servers directly)

The segregation in purpose of your own BIND instance and the Comcast instance needs to be clear. 

Your BIND instance is for the purpose of letting other hosts on the internet know where things are situated for your domain. 

The DNS server configured on your router is pushed out to your laptops and desktops and whatnot, for the purpose of resolving hosts for web browsing and that sort of thing. 

That's an overly simplified explanation, but should be sufficient for now. Basically, to make it clearer, your laptop may be configured to use Comcast's DNS servers, but this has no bearing on your configuration of BIND. For now, ignore it. 

Where are we at with the .9 box and getting it a)booted, b)with functional apache

----------

## doctork

I believe those DNS addresses are for the Comcast servers they expect you to query for DNS services.  I don't think they have anything to do with your problems.  The fact that you can't query your server from inside your network  definitely says you have configuration and/or zone file problems.

--

doc

----------

## CurtE

The .9 box and I are going to Erik's tomorrow to see if we can get it to boot on it's own.  I'll keep you posted in the other thread tomorrow.  :Smile: 

Okay, let's take 50 steps back and see if I forgot something at square one.

When I initially setup /etc/conf.d/net, do I need to set up:

dns_domain_lo

nis_domain_lo

dns_server_eth0

etc. (I just found these in /etc/conf.d/net.example)

Also, one of the zone records looks like this:

```
$ORIGIN .

$TTL 604800 ; 1 week

reunions-with-flair.com   IN SOA  csmn1.reunions-with-flair.com admin.reunions-with-flair.com (

        2009081401 ; serial

        7200       ; refresh (2 hours)

        1800       ; retry (30 minutes)

        604800     ; expire (1 week)

        7200       ; minimum (2 hours)

        )

      NS  csmn1.cs-mn.com

      NS  csmn2.cs-mn.com

      A       70.89.201.10

      MX  10 smtp.cs-mn.com

        ; change later to mail on csmn2

      MX  20 smtp.cs-mn.com

$ORIGIN reunions-with-flair.com.

www     CNAME   @
```

Last edited by CurtE on Mon Aug 17, 2009 6:55 am; edited 1 time in total

----------

## doctork

 *CurtE wrote:*   

> 
> 
> When I initially setup /etc/conf.d/net, do I need to set up:
> 
> dns_domain_lo
> ...

 

No, as far as I know, the only things you want to set in /etc/conf.d/named are "CHROOT" and "CPU".

 *Quote:*   

> 
> 
> Also, one of the zone records looks like this:
> 
> $ORIGIN .
> ...

 

By "zone record" do you mean one file?  Each of your domains needs a zone file in /chroot/dns/var/bind/pri with the name you specified in your /chroot/dns/etc/bind/named.conf file. 

The zone file format is something of a pain in the ass.  Two very important things to remember:

1. Anything starting in the first column of a record is a name.  If the first column is blank or an '@' character the name of the zone is substituted.  In other words, do not put the "NS" , "MX", "A", etc. in the first column of a record.

2. Any name that is not terminated by a '.' character has the zone name appended to it.  Thus this record:

       NS  csmn1.cs-mn.com

really means

      NS  csmn1.cs-mn.com.reunions-with-flair.com.

in the "reunions-with-flair.com" zone file.

--

doc

----------

## CurtE

Well, I thought I'd run this thru "name-checkzone" before and it was fine but I must have changed it afterwards.

```
$ORIGIN .

$TTL 604800 ; 1 week

reunions-with-flair.com   IN SOA  csmn1.reunions-with-flair.com. admin.reunions-with-flair.com. (

        2009081401 ; serial

        7200       ; refresh (2 hours)

        1800       ; retry (30 minutes)

        604800     ; expire (1 week)

        7200       ; minimum (2 hours)

        )

      NS  csmn1.cs-mn.com.

      NS  csmn2.cs-mn.com.

      A       70.89.201.10

      MX  10 smtp.cs-mn.com.

                        ; change later to mail on csmn2

      MX  20 smtp.cs-mn.com.

$ORIGIN reunions-with-flair.com.

www     CNAME   @

```

/chroot/dns/etc/bind/pri/reunions-with-flair.zone:3: SOA record not at top of zone (reunions-with-flair.com)

zone ./IN: loading from master file /chroot/dns/etc/bind/pri/reunions-with-flair.zone failed: not at top of zone

Unfortunately, I'm not seeing the cause.  I checked on-line but it was clear as mud for the errors.  Better for the format of zone explanation tho.

----------

## doctork

My rule number 1 in the previous post was incorrect.  If the first column in a record is blank, the most recently defined name is used.  This allows you to, for example, define multiple addresses for a given name:

```

node1     A    1.2.3.4

               A     1.2.3.6
```

This would give "node1" the two IP addresses shown.

I should have also added a third rule -- don't forget to change the SOA serial number when you change the zone file.

I would get rid of both $ORIGIN statements and add a '.' to the "reunions-with-flair.com" in your SOA record.

Also, I doubt that you want a 1 week $TTL.  That means it would be valid for my DNS servers (or anyone elses) to cache your addresses for up to a week before checking with your server to see if things had changed.  A more typical value might be an hour or two or even less.

----------

## erik258

I think we got the named stuff sorted out (as well as .9; details should eventually show up on the other thread).  But there'll still be a lot to do with setting up these systems.

----------

## CurtE

Yes, the zone problem was my typing error.  I had .com added in one section but not the other.  I'm going to close this thread also, I think the original idea has been solved.  There are other issues but they should go into a different thread.

----------

