Everything is a Freaking DNS problem - dnsproblem http://127.0.0.1:8080/blog/taxonomy/term/437/0 en Guest Post Season http://127.0.0.1:8080/blog/guest-post-season <p>Apparently December is the month where everybody starts writing guest posts for other blogs.</p> <p>Earlier this month I wrote an article with the title of this blog for Sysadvent ,</p> <p><cite>It's a sysadmin relative of the Perl Advent Calendar: One article for each day of December, ending on the 25th article. With the goals of of sharing, openness, and mentoring, we aim to provide great articles about systems administration topics written by fellow sysadmins<br /> </cite></p> <p>My article is <a href="http://sysadvent.blogspot.com/2010/12/day-8-everything-is-dns-problem.html" rel="nofollow">here</a>, but there's plenty more other articles written about a variety of topics, such as chef, tcpdump , how ls works, cucumber and Devops.</p> <p>On the other side, Matthias over at Agile Web Development and Operations is hosting a series on Devops where lots of Devops Advocates and Evangelists are having their say about Devops ...</p> <p>My entry about the Challenges the Devops Crowd faces was put online <a href="http://www.agileweboperations.com/challenges-for-the-devops-crowd" rel="nofollow">yesterday</a></p> http://127.0.0.1:8080/blog/guest-post-season#comments chef devops dnsproblem opensource puppet sysadvent Sat, 18 Dec 2010 21:23:39 +0000 Kris Buytaert 1025 at http://127.0.0.1:8080/blog IntoDns http://127.0.0.1:8080/blog/intodns <p>So a couple of weeks ago I blogged about <a href="http://www.krisbuytaert.be/blog/category/dnsknife">DNS Knife</a> late last year I ran into an even better tool.</p> <p>Enter <a href="http://IntoDNS.com" rel="nofollow">IntoDNS</a></p> <p>Apparently IntoDNS.com finds more issues like the zone file listing different nameservers from the ones you defined ...etc..</p> <p>So change your bookmarks, browse that page :)</p> http://127.0.0.1:8080/blog/intodns#comments dnsknife dnsproblem eiafdp intodns Fri, 15 Jan 2010 19:00:53 +0000 Kris Buytaert 976 at http://127.0.0.1:8080/blog Changing the title of my Blog http://127.0.0.1:8080/blog/changing-title-my-blog <p>After what <a href="http://googlecode.blogspot.com/2009/12/introducing-google-public-dns-new-dns.html" rel="nofollow">google announced today</a> it's pretty clear who to blame as of now, no it's not <a>Dim0</a> anymore,, it's not a Freaking DNS Problem anymore its just plain old google.</p> <p>Yep Google announced they will be providing a public open DNS server . So rather than claiming that Everything is a Freaking DNS Problem, now everything is a Freaking Google Problem. </p> <p>Google tracking which sites you visits while not using earch, it's a DNS Problem , Google tracking different Google Profiles you have and matching them together indeed, another Fine DNS Proble, Google tracking what different users are working the same computer and mapping them it's a DNS Problem,</p> <p>Face it.. there is no need for a Porn mode in your browser anymore, google will be able to log every query you make .</p> <p>And serve you adds cross profile ..</p> <p>So the best DNS servers to use as of now are located at 127.0.0.1</p> http://127.0.0.1:8080/blog/changing-title-my-blog#comments dnsproblem evil google Thu, 03 Dec 2009 20:39:47 +0000 Kris Buytaert 965 at http://127.0.0.1:8080/blog NoSQL vs MySQL http://127.0.0.1:8080/blog/nosql-vs-mysql <p>No I did NOT post the following <a href="http://www.ruturaj.net/redis-memcached-tokyo-tyrant-mysql-comparison#comment-22565" rel="nofollow">comment</a><br /> <cite><br /> This is ridiculous. You didn't test MySQL, you tested a failing DNS lookup on authentication.</cite></p> <p>resulting in the follow up <a href="http://www.ruturaj.net/myisam-innodb" rel="nofollow">post</a> : </p> <p><cite><br /> My previous post Redis, Memcache, Tokyp Tyrant, MySQL comparison had a flaw as pointed out by this comment. The MySQL was taking a huge time for doing a reverse DNS lookup.<br /> </cite></p> <p>But as always ... Everything is just a Freaking dns problem :)</p> http://127.0.0.1:8080/blog/nosql-vs-mysql#comments dns dnsproblem mysql nosql Mon, 23 Nov 2009 20:17:52 +0000 Kris Buytaert 962 at http://127.0.0.1:8080/blog Tom Limoncelli is wrong http://127.0.0.1:8080/blog/tom-limoncelli-wrong <p><a href="http://everythingsysadmin.com/2009/11/a-list-of-dumb-things-to-check.html" rel="nofollow">Tom Limoncelli</a> is so wrong , he list DNS problem only as nr 33 on his <a href="http://whatexit.org/tal/mywritings/dumb-things-to-check.html" rel="nofollow">dumb-things to check</a> list.</p> <p>And obviously it should be the very First thing you check !</p> http://127.0.0.1:8080/blog/tom-limoncelli-wrong#comments dnsproblem Wed, 18 Nov 2009 20:09:30 +0000 Kris Buytaert 961 at http://127.0.0.1:8080/blog Got Interviewed http://127.0.0.1:8080/blog/got-interviewed <p>by <a href="http://www.johnmwillis.com/devopsdays/devopsdays-09-interview-with-kris-buytaert/">@botchagalupe</a><br /> on Virtualization, Open Source tools and DNS Problems</p> <p><embed src="http://blip.tv/play/AYGuxQoC" type="application/xshockwave-flash" width="480" height="390" allowscriptaccess="always" allowfullscreen="true"></embed></p> http://127.0.0.1:8080/blog/got-interviewed#comments dnsproblem drupal ha heartbeat linux-ha mysql pacemaker puppet virtualization xen Wed, 18 Nov 2009 20:05:47 +0000 Kris Buytaert 960 at http://127.0.0.1:8080/blog Yet Another DNS Issue http://127.0.0.1:8080/blog/yet-another-dns-issue <p>While browsing trough my enormous mailinglist backlog I ran into the following message from Gianluca Cecchi on the DRBD-user mailing list</p> <p>guess I`ll have to give Lars a T-Shirt when we next meet ;)</p> <p><div class="geshifilter"><pre class="text geshifilter-text" style="font-family:monospace;"><ol><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">From: Gianluca Cecchi</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">To: drbd-user@lists.linbit.com</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">Subject: [DRBD-user] notes on 8.3.2</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">&nbsp;</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">&nbsp;</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">- drbdadm create-md r0 segfaults when the command &quot;hostname&quot; on the</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">server contains the fully qualified domain name but you have put only</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">the hostname part in drbd.conf</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">Instead, the command &quot;drbdadm dump&quot; correctly gives you a warning in</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">this case (suggesting how to correct the error you made....):</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">&nbsp;</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">suppose complete hostname is virtfed.domainname.com and you put</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">virtfed alone in drbd.conf</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">[root@virtfed ~]# drbdadm dump</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">WARN: no normal resources defined for this host (virtfed.domainname.com)!?</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">&nbsp;</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">while</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">[root@virtfed ~]# drbdadm create-md r0</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal">Segmentation fault</div></li></ol></pre></div></p> <p>Guess I`ll have to give the Linbit crowd a T-Shirt when we next meet ;)</p> http://127.0.0.1:8080/blog/yet-another-dns-issue#comments dnsproblem drbd ha linux-cluster Thu, 12 Nov 2009 21:01:43 +0000 Kris Buytaert 958 at http://127.0.0.1:8080/blog DNS Tools http://127.0.0.1:8080/blog/dns-tools <p>In my latest DNS Problem related post I mentionned that don't know all the answers, I however know about some good tools to help you setup a clean DNS server.</p> <p>Ages ago via <a href="http://planet.fedoraproject.org/" rel="nofollow">Planet Fedora</a> I ran into an article from <a href="http://www.alphatek.info/2008/11/29/dnsknifecom-meet-the-online-dig/" rel="nofollow">Steven Moix</a> about a tool he and his fellow students build for a summer project.</p> <p>The tool is <a href="http://www.dnsknife.com/" rel="nofollow">DNSKnife</a> and it's really interresting.</p> <p>DNS Knife is a good tool to check if your DNS setup is ok, it checks the parent servers, it checks for if your nameservers are listed on the parent server, checks if all your nameservers are reachable and are authorative .<br /> And so on and so on ...</p> <p>It warns for Open Relays, if you care for that ..in fact an Open DNS relay also means that you can use it from everywhere eg for tcp over dns.</p> <p>It warns for misconfigured SOA , such as too short Expire values etc<br /> You know.. the time a secondary dns server will keep it's copy of the zone valid when It can't contact the primary , not the other misinterpretations you folks usually have .. </p> <p>Off course it isn't always correct. it considers not finding MX records a failur<br /> e , however some domains just don't want a MX record.</p> <p>DNSKnife actually provides you with an automated alternative to manually verify ing RFC 1912 , well at least partly :)</p> http://127.0.0.1:8080/blog/dns-tools#comments dns dnsknife dnsproblem everything Wed, 28 Oct 2009 20:52:08 +0000 Kris Buytaert 953 at http://127.0.0.1:8080/blog Apparently there are Borders http://127.0.0.1:8080/blog/apparently-there-are-borders <p>And therefore, sometimes you need to register domains in different countries.<br /> So how does one proceed, one takes the zone file of the existing domain e.g. .be and creates a symlink for the different countries to the original zonefile e.g .nl and .eu . Afterall, you want to have te same hosts available in every country and you want to keep the hassle down when you update a host.</p> <p>You tell your registrar, to reg the same domain for the other tld's with the usueal Nameservers , you know . the one that are listed in your original zonefile</p> <p>So your host file might look like this<br /> <div class="geshifilter"><pre class="text geshifilter-text" style="font-family:monospace;"><ol><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal"> IN NS ns1</div></li><li style="font-family: monospace; font-weight: normal;"><div style="font-family: monospace; font-weight: normal; font-style: normal"> IN NS ns2</div></li></ol></pre></div></p> <p>Any idea what the effect is ?</p> <p>Exactly your zone file tells the world to use ns1.domain.nl for each and every country you create it. So not ns1.domain.be as you intened.</p> <p>Now some TLD's don't really care, but <a href="http://frank.be/" rel="nofollow">Frank</a> teached me that .nl DOES check this. To technically I had to give myselve a "Freaking DNS" T-Shirt. Apart from that it is just better practise to keep your setup correct anyhow.</p> <p>PS. Obviously same goes for .org .net and .com series.</p> <p>PS2. Yes the title of my blog is Everything is a Freaking DNS problem, doesn't mean I don't make mistakes or that I know all the answers, I just figured it's a big cause of problems :)</p> http://127.0.0.1:8080/blog/apparently-there-are-borders#comments dnsproblem inuits.be inuits.eu inuits.nl zonefiles Thu, 22 Oct 2009 18:22:55 +0000 Kris Buytaert 952 at http://127.0.0.1:8080/blog Everything is a Swedish dot Problem http://127.0.0.1:8080/blog/everything-swedish-dot-problem <p>Via <a href="http://twitter.com/frank_be/" rel="nofollow">@frank_be</a></p> <p><a href="http://smalltalk.frank.be/een-puntje-vergeten-kan-ernstige-gevolgen-heb" rel="nofollow">.se goes down after a dns config issue</a><br /> <cite>We have spoken to a number of industry insiders and what happened is that when updating the data, the script did not add a terminating “.” to the DNS records in the .se zone. That trailing dot is necessary in the settings for DNS to understand that “.se” is the top-level domain. It is a seemingly small detail, but without it, the whole DNS lookup chain broke down.</cite></p> http://127.0.0.1:8080/blog/everything-swedish-dot-problem#comments dnsproblem dot sweden Tue, 13 Oct 2009 12:25:45 +0000 Kris Buytaert 948 at http://127.0.0.1:8080/blog