DNS
(New page: DNS is provided through bind on demeter. We control the zones for ugcs.caltech.edu, and the reverse zones for 131.215.176.64-127. We also have control of ugcs.net and ugcs.org, although ...) |
(→Updates) |
||
| (3 intermediate revisions by one user not shown) | |||
| Line 3: | Line 3: | ||
==Updates== | ==Updates== | ||
You should never directly edit the files in /etc/bind. Instead, edit the configurator stuff. generate_bind_db and generate_bind_rnds.py take care of generating the files, and then cfengine puts them in place. Static parts are in inputs/db.ugcs.caltech.edu.input. There aren't any static parts for the reverse dns. | You should never directly edit the files in /etc/bind. Instead, edit the configurator stuff. generate_bind_db and generate_bind_rnds.py take care of generating the files, and then cfengine puts them in place. Static parts are in inputs/db.ugcs.caltech.edu.input. There aren't any static parts for the reverse dns. | ||
| + | |||
| + | '''BIG NOTE''' | ||
| + | Using cfengine to update forward DNS '''DOES NOT WORK'''. Our dynamic updates (that do to.ugcs, etc) increment the zone serial number, so the new file you put in place will have an "old" zone number and things will stop working for a while. | ||
If you update the forward dns and regenerate it, the script will make a good zone number so it will get picked up by Caltech's name servers (which are slaves for our domains). In order for reverse dns to be updated, you need to email hostmaster@caltech.edu and ask them to refresh their copy of it. | If you update the forward dns and regenerate it, the script will make a good zone number so it will get picked up by Caltech's name servers (which are slaves for our domains). In order for reverse dns to be updated, you need to email hostmaster@caltech.edu and ask them to refresh their copy of it. | ||
| Line 9: | Line 12: | ||
==Nsupdate== | ==Nsupdate== | ||
| − | You can use nsupdate for on-the-fly updates. The key file is in /etc/bind on demeter. See 'man nsupdate' for instructions. | + | You can use nsupdate for on-the-fly updates. The key file is in /etc/bind on demeter. See 'man nsupdate' for instructions. The only note I have is that you need to use FQDN's (with a . on the end) with nsupdate. |
| + | |||
| + | ==to and mortal round-robins== | ||
| + | The hostnames "to.ugcs.caltech.edu" and "mortals.ugcs.caltech.edu" are updated by scripts on demeter to point to the machine in the class with the lowest possible load. They are simple shell scripts with entries in /etc/cron.d to run them every 15 minutes. See /usr/local/sbin/update-(to,mortal) | ||
[[Category:Sysadmin_Documentation]] | [[Category:Sysadmin_Documentation]] | ||
Latest revision as of 08:43, 8 February 2010
DNS is provided through bind on demeter. We control the zones for ugcs.caltech.edu, and the reverse zones for 131.215.176.64-127. We also have control of ugcs.net and ugcs.org, although we don't do anything with those yet.
Updates
You should never directly edit the files in /etc/bind. Instead, edit the configurator stuff. generate_bind_db and generate_bind_rnds.py take care of generating the files, and then cfengine puts them in place. Static parts are in inputs/db.ugcs.caltech.edu.input. There aren't any static parts for the reverse dns.
BIG NOTE Using cfengine to update forward DNS DOES NOT WORK. Our dynamic updates (that do to.ugcs, etc) increment the zone serial number, so the new file you put in place will have an "old" zone number and things will stop working for a while.
If you update the forward dns and regenerate it, the script will make a good zone number so it will get picked up by Caltech's name servers (which are slaves for our domains). In order for reverse dns to be updated, you need to email hostmaster@caltech.edu and ask them to refresh their copy of it.
If nsupdate has been used, you have to be careful about pushing new versions of db.ugcs.caltech.edu, because bind will have a journal file etc. You should use rndc freeze to flush the journal, put the new version in place, and then restart bind for changes to be picked up correctly. However, you shouldn't have to worry about this- cfengine does it automatically for you, and you should always use configurator/cfengine.
Nsupdate
You can use nsupdate for on-the-fly updates. The key file is in /etc/bind on demeter. See 'man nsupdate' for instructions. The only note I have is that you need to use FQDN's (with a . on the end) with nsupdate.
to and mortal round-robins
The hostnames "to.ugcs.caltech.edu" and "mortals.ugcs.caltech.edu" are updated by scripts on demeter to point to the machine in the class with the lowest possible load. They are simple shell scripts with entries in /etc/cron.d to run them every 15 minutes. See /usr/local/sbin/update-(to,mortal)
