How can I setup my DNS when my ISP DNS crashes

Running bind 9.1.2 with an internal and an external zone.

Frequently, now days, my ISP's servers crash and my two local
dns servers then fail to provide external name resolution during
those lapses. My WWW/FTP servers remain visible to the outside,
because I switched to Netsol for my domain's external DNS.
However, I am now blind internally and end up having to go to
tracert.com(/etc/hosts) for manual name resolution...

Question, I do have a "." zone and db.root defined, but no joy.
How do I get bind to feed its cache from the internet root
servers, when my ISP forwarders are down???

TIA
tonyb


--
__ __ _ I N C. http://www.sysdev.org
/ __|\\// __|| \ __ __ / (E-Mail Removed)
\__ \ \/\__ \||)|/ O_)\/ / \/ System Tools / Utilities
|___/ || ___/|_ /\___|\_/ WIntel / Linux Device Drivers

Joaco wrote:
> Running bind 9.1.2 with an internal and an external zone.
>
> Frequently, now days, my ISP's servers crash and my two local
> dns servers then fail to provide external name resolution during
> those lapses. My WWW/FTP servers remain visible to the outside,
> because I switched to Netsol for my domain's external DNS.
> However, I am now blind internally and end up having to go to
> tracert.com(/etc/hosts) for manual name resolution...
>
> Question, I do have a "." zone and db.root defined, but no joy.
> How do I get bind to feed its cache from the internet root
> servers, when my ISP forwarders are down???
>
> TIA
> tonyb
>
>
Red Hat supplies a caching dns server config rpm. I'd go install that,
or just unpack the files out of it if your using another distro, and use
them stock or as a guide for your own config.
HTH
Neil

--
Neil Horman
Red Hat, Inc., http://people.redhat.com/nhorman
gpg keyid: 1024D / 0x92A74FA1, http://www.keyserver.net

"Joaco" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Running bind 9.1.2 with an internal and an external zone.
>
> Frequently, now days, my ISP's servers crash and my two local
> dns servers then fail to provide external name resolution during
> those lapses. My WWW/FTP servers remain visible to the outside,
> because I switched to Netsol for my domain's external DNS.
> However, I am now blind internally and end up having to go to
> tracert.com(/etc/hosts) for manual name resolution...
>
> Question, I do have a "." zone and db.root defined, but no joy.
> How do I get bind to feed its cache from the internet root
> servers, when my ISP forwarders are down???

You can read entries out ofthe db.root file and stick them in to the
bind.conf file as forwarders.

Or you can just use root servers full time.

Whats wrong with letting them use root servers at all times ?
The only thing is that if the isp is disconnect from the internet, you cant
get DNS lookups for the ISP to check their status pages to see how they are
going at fixing their problem. Not that the status pages ever record 100%
failure things - they more often tell you about leaves removed from the
gutters of the building the pop is in.


( you could 'secondary' the ISP's dns pages on your local system, if the
isp's dns server lets you )





>
> TIA
> tonyb
>
>
> --
> __ __ _ I N C. http://www.sysdev.org
> / __|\\// __|| \ __ __ / (E-Mail Removed)
> \__ \ \/\__ \||)|/ O_)\/ / \/ System Tools / Utilities
> |___/ || ___/|_ /\___|\_/ WIntel / Linux Device Drivers
>

> How do I get bind to feed its cache from the internet root
> servers, when my ISP forwarders are down???

If you really want to get sophisticated,

you could write a script to check that the DNS servers are working.

if the script detects failure,

swap over the bind.conf file and send bind a SIGHUP signal to tell it to
reload its configuration,
and then dns is using the root servers.


When the script detects the ISP dns servers are back up, swap over conf
files and reconfigure it back.


But this seems a bit drastic, why not just add more forwarders.

On Mon, 15 Dec 2003 20:38:32 -0800, Joaco <(E-Mail Removed)> wrote:
> Running bind 9.1.2 with an internal and an external zone.
>
> Frequently, now days, my ISP's servers crash and my two local
> dns servers then fail to provide external name resolution during
> those lapses. My WWW/FTP servers remain visible to the outside,
> because I switched to Netsol for my domain's external DNS.
> However, I am now blind internally and end up having to go to
> tracert.com(/etc/hosts) for manual name resolution...
>
> Question, I do have a "." zone and db.root defined, but no joy.
> How do I get bind to feed its cache from the internet root
> servers, when my ISP forwarders are down???

What do you have in your named.conf for anything related to forward (do
you have 'forward only')?

I do not use forwarders because when I first got DSL, Ameritech's DNS was
sluggish at times, which was my reason for doing my own caching DNS. If
you do not rely on unreliable servers, you will not be affected by them.
However, you have to occasionally keep your db.root file up to date
(assuming db.root is same as root.hints in SuSE):

cp db.root db.root.old
dig @server . ns > db.root (where server is any root server in db.root)

I do not know how often a name I access might be in my ISP's cache or
whether they would need to fetch it from the root servers. But fetching a
name once and having it in my local cache has got to be quicker than
'forward first' every name request to my ISP.

--
David Efflandt - All spam ignored http://www.de-srv.com/

David Efflandt wrote:

> On Mon, 15 Dec 2003 20:38:32 -0800, Joaco <(E-Mail Removed)> wrote:
>> Running bind 9.1.2 with an internal and an external zone.
>>
>> Frequently, now days, my ISP's servers crash and my two local
>> dns servers then fail to provide external name resolution during
>> those lapses. My WWW/FTP servers remain visible to the outside,
>> because I switched to Netsol for my domain's external DNS.
>> However, I am now blind internally and end up having to go to
>> tracert.com(/etc/hosts) for manual name resolution...
>>
>> Question, I do have a "." zone and db.root defined, but no joy.
>> How do I get bind to feed its cache from the internet root
>> servers, when my ISP forwarders are down???
>
> What do you have in your named.conf for anything related to forward (do
> you have 'forward only')?
>
> I do not use forwarders because when I first got DSL, Ameritech's DNS was
> sluggish at times, which was my reason for doing my own caching DNS. If
> you do not rely on unreliable servers, you will not be affected by them.
> However, you have to occasionally keep your db.root file up to date
> (assuming db.root is same as root.hints in SuSE):
>
> cp db.root db.root.old
> dig @server . ns > db.root (where server is any root server in db.root)
>
> I do not know how often a name I access might be in my ISP's cache or
> whether they would need to fetch it from the root servers. But fetching a
> name once and having it in my local cache has got to be quicker than
> 'forward first' every name request to my ISP.
>

Why? You seem to be implying here, that no caching occurs if the result is
returned via 'forward first'. Well, if that's how it works, then why is
this setup often referred to as a "caching DNS server" ?

I think that, unless your ISP's DNS server is fairly unreliable, name
lookups will generally be faster with forward because there's a good chance
it will already be cached there, and after it is fetched, it'd be cached at
your local host( or am I totally confused here? ).

George
--
#
#...