Everything is a Freaking DNS problem

Apparently December is the month where everybody starts writing guest posts for other blogs.

Earlier this month I wrote an article with the title of this blog for Sysadvent ,

It's a sysadmin relative of the Perl Advent Calendar: One article for each day of December, ending on the 25th article. With the goals of of sharing, openness, and mentoring, we aim to provide great articles about systems administration topics written by fellow sysadmins

My article is here, but there's plenty more other articles written about a variety of topics, such as chef, tcpdump , how ls works, cucumber and Devops.

On the other side, Matthias over at Agile Web Development and Operations is hosting a series on Devops where lots of Devops Advocates and Evangelists are having their say about Devops ...

My entry about the Challenges the Devops Crowd faces was put online yesterday

So a couple of weeks ago I blogged about DNS Knife late last year I ran into an even better tool.

Enter IntoDNS

Apparently IntoDNS.com finds more issues like the zone file listing different nameservers from the ones you defined ...etc..

So change your bookmarks, browse that page :)

After what google announced today it's pretty clear who to blame as of now, no it's not Dim0 anymore,, it's not a Freaking DNS Problem anymore its just plain old google.

Yep Google announced they will be providing a public open DNS server . So rather than claiming that Everything is a Freaking DNS Problem, now everything is a Freaking Google Problem.

Google tracking which sites you visits while not using earch, it's a DNS Problem , Google tracking different Google Profiles you have and matching them together indeed, another Fine DNS Proble, Google tracking what different users are working the same computer and mapping them it's a DNS Problem,

Face it.. there is no need for a Porn mode in your browser anymore, google will be able to log every query you make .

And serve you adds cross profile ..

So the best DNS servers to use as of now are located at 127.0.0.1

No I did NOT post the following comment

This is ridiculous. You didn't test MySQL, you tested a failing DNS lookup on authentication.

resulting in the follow up post :

My previous post Redis, Memcache, Tokyp Tyrant, MySQL comparison had a flaw as pointed out by this comment. The MySQL was taking a huge time for doing a reverse DNS lookup.

But as always ... Everything is just a Freaking dns problem :)

Tom Limoncelli is so wrong , he list DNS problem only as nr 33 on his dumb-things to check list.

And obviously it should be the very First thing you check !

by @botchagalupe
on Virtualization, Open Source tools and DNS Problems

While browsing trough my enormous mailinglist backlog I ran into the following message from Gianluca Cecchi on the DRBD-user mailing list

guess I`ll have to give Lars a T-Shirt when we next meet ;)

From: Gianluca Cecchi
To: drbd-user@lists.linbit.com
Subject: [DRBD-user] notes on 8.3.2
 
 
- drbdadm create-md r0 segfaults when the command "hostname" on the
server contains the fully qualified domain name but you have put only
the hostname part in drbd.conf
Instead, the command "drbdadm dump" correctly gives you a warning in
this case (suggesting how to correct the error you made....):
 
suppose complete hostname is virtfed.domainname.com and you put
virtfed alone in drbd.conf
[root@virtfed ~]# drbdadm dump
WARN: no normal resources defined for this host (virtfed.domainname.com)!?
 
while
[root@virtfed ~]# drbdadm create-md r0
Segmentation fault

Guess I`ll have to give the Linbit crowd a T-Shirt when we next meet ;)

In my latest DNS Problem related post I mentionned that don't know all the answers, I however know about some good tools to help you setup a clean DNS server.

Ages ago via Planet Fedora I ran into an article from Steven Moix about a tool he and his fellow students build for a summer project.

The tool is DNSKnife and it's really interresting.

DNS Knife is a good tool to check if your DNS setup is ok, it checks the parent servers, it checks for if your nameservers are listed on the parent server, checks if all your nameservers are reachable and are authorative .
And so on and so on ...

It warns for Open Relays, if you care for that ..in fact an Open DNS relay also means that you can use it from everywhere eg for tcp over dns.

It warns for misconfigured SOA , such as too short Expire values etc
You know.. the time a secondary dns server will keep it's copy of the zone valid when It can't contact the primary , not the other misinterpretations you folks usually have ..

Off course it isn't always correct. it considers not finding MX records a failur
e , however some domains just don't want a MX record.

DNSKnife actually provides you with an automated alternative to manually verify ing RFC 1912 , well at least partly :)

And therefore, sometimes you need to register domains in different countries.
So how does one proceed, one takes the zone file of the existing domain e.g. .be and creates a symlink for the different countries to the original zonefile e.g .nl and .eu . Afterall, you want to have te same hosts available in every country and you want to keep the hassle down when you update a host.

You tell your registrar, to reg the same domain for the other tld's with the usueal Nameservers , you know . the one that are listed in your original zonefile

So your host file might look like this

        IN      NS      ns1
        IN      NS      ns2

Any idea what the effect is ?

Exactly your zone file tells the world to use ns1.domain.nl for each and every country you create it. So not ns1.domain.be as you intened.

Now some TLD's don't really care, but Frank teached me that .nl DOES check this. To technically I had to give myselve a "Freaking DNS" T-Shirt. Apart from that it is just better practise to keep your setup correct anyhow.

PS. Obviously same goes for .org .net and .com series.

PS2. Yes the title of my blog is Everything is a Freaking DNS problem, doesn't mean I don't make mistakes or that I know all the answers, I just figured it's a big cause of problems :)

Via @frank_be

.se goes down after a dns config issue
We have spoken to a number of industry insiders and what happened is that when updating the data, the script did not add a terminating “.” to the DNS records in the .se zone. That trailing dot is necessary in the settings for DNS to understand that “.se” is the top-level domain. It is a seemingly small detail, but without it, the whole DNS lookup chain broke down.