Re: [bitfolk] Help diagnosing bind9 problem

Hi Michael, Yes, you would need to remove ns.ilovephilosophy.com from your NS list at the apex of your zone, and also from your registrar's NS list if it's there. It should not then receive any DNS queries from clients.[1] What would make your server a "stealth primary" then is the fact that an outside observer would be unable to tell that the primary source of DNS data is your host ns.ilovephilosophy.com: This host name would not appear in either the registrar's nameserver list (obtained from doing a whois lookup, for example) nor in the list of nameserver for the zone. Whether or not you intended to set it up as a stealth primary the allow-transfer directive is still necessary as that is the mechanism by which all your other nameservers get the zone data. If it wasn't there then when BitFolk's servers asked for a zone transfer, yours would tell them to go away. When trying to work out which nameservers receive queries I like using the squish.net dns checker. Go to http://www.squish.net/dnscheck/ put in "ilovephilosophy.com" and "A (host name)", hit "Check", wait a few seconds. You'll then get a list of every possible way this could be resolved. Using "dig +trace -t a ilovephilosophy.com" illustrates the same process from the command line, once. Cheers, Andy [1] BitFolk's Nagios will send the occasional query just to check on things that are required for the secondary DNS service to work. If you intend to firewall off port 53, please leave it open to the monitoring IPs. On Wed, Oct 13, 2010 at 06:00:25PM -0400, Michael Corliss wrote: -- http://bitfolk.com/ -- No-nonsense VPS hosting