[TriLUG] Slides from last night's DNS Presentation

[Aaron S. Joyner]

Matt Pusateri wrote:

>...
>First let me thank you for an excellent presentation (on short notice
>too, and hecklers aside).  Maybe in the future we will get luck enough
>to do a advance DNS, where we have more time to explore TSIG and
>DNSSEC.
>  
>
Since there was certainly more material than I could cover in 2 hours, 
with everyone keeping up to speed, there was some talk of having a DNS 
class, where we could cover those more advanced topics in detail.  It's 
being considered for November's class, the Saturday after the November 
meeting.  More to follow on that, if it comes to fruition.

>I have a follow up, due to us running out of time.
>
>It might be worth explaining what lame servers are as those new to DNS
>will most likely see them in their DNS logs and might wonder what they
>are.
>  
>
A lame server, comes from a lame delegation.  It's not (usually) the 
fault of the server being blamed, but of the zone that points to it.  
Consider this scenario:
- You run the zone, example.com
- You configure your zone file to have 3 NS records, ns1.example.com, 
ns2.example.com, and ns3.example.com
- You point these 3 NS records at 3 different servers, 1.2.3.2, 1.2.3.3, 
and 1.2.3.4
- You configure 1.2.3.2 and 1.2.3.3, but forget to configure 1.2.3.4

At this point, 1.2.3.4 is a "lame server", because if you ask it for 
example.com, it will give a non-authoritative response, if any.  The 
more common scenario (and this is a real example from TriLUG's recent 
history), is where that "lame server" *USED* to be a valid DNS server, 
but has since been reformatted or reworked, and is no longer 
configured.  We had old NS records left over from when certain 
individuals used to be backup slave servers for the trilug.org domain.  
This caused some confusion, and if you search you can probably find a 
history of it on the list.

Sorry for being slow in the response.  :)

Aaron S. Joyner