discuss: Thread: who is responsible for the tldp.org domain name

Quoting Guylhem Aznar ####@####.####

> Bad idea. If it isn't broken, don't touch it. Admins are meant to be
> contacted !  The UNC DNS team is usually very responsive. Just ask
> them to change the IP br.tldp.org is pointing to, and voila.

I concur.  Just say "Dear hostmasters, please replace

br     IN    A       200.140.247.68

...with...

br     IN    A       1.2.3.4

...in the zonefile for tldp.org, at your earliest convenience.  Thank
you."

(Substituting the desired IP for 1.2.3.4.)


> I wouldn't consider using Gandi or any commercial DNS service.

Nor should, I would maintain, any moderately competent Linux user who
has a static IP.  Please note:  This is an observating I'm making about 
people generally; it doesn't have much to do with LDP.  (Even people on
broadband or dialup with dynamic IP will benefit from doing _recursive_
DNS locally.  In fact, they especially benefit from doing so, more than
others.)

> If it's done in-house, yes. But the overhead of managing our own DNS
> servers on gabber is hardly justified IMHO.

Truth to tell, running secondary (slave) nameservice requires really
zero administration and maintenance.  You just define the zone, and it 
automatically tracks what the master does.  There's nothing to
administer.

However, if "gabber" is in the same network as UNC's nameservers, it'd
be pretty foolish to use it as an additional secondary, as it is subject
to the same single points of failure, and thus adds no real redundancy.

I keep having to re-learn:  People who don't understand DNS tend to have
a lot of very peculiar opinions about it!

Quoting Jean-Daniel Dodin ####@####.####

> Rick Moen a écrit :
> 
> > You've been consistently speaking of "br.tldp.org" as a subdomain.  Do
> > you have any reason to think it is a subdomain?  I have so far seen
> > none cited.  
> 
> well... my definition is the same as
> http://en.wikipedia.org/wiki/Subdomain

OK, then, _what is_ your reason for thinking that "br.tldp.org" is a
subdomain?  From everything that I'm seeing, this appears to be an
error, and that FQDN is, instead, a simple host, pointed to by an "A"
record.  Hosts and subdomains are entirely different things.

> > plus you're not having to pay someone
> > else to do it for you.
> 
> it's free!

I believe you mean that it's bundled with your Gandi.net domain
registration.  Not free.  Just something you're already paying for, for
other reasons.  However, even at that, the fact is that DNS services
from shared commercial hosts has a strong tendency to be poor and to
have severe security risks.

> > to your LAN gives you much better security _and_ much better network
> > performance.
> 
> I have no network there

Actually, the less local network infrastructure you have (especially
outbound bandwidth), the more you'd likely benefit from (at least) a
recursive nameserver, often referred to as a caching nameserver.  Why?
Because of the bandwidth it will save you on DNS lookups that would
otherwise have to constantly travel across your Internet link.


Here's a post I wrote about that, about a month or so ago:


To further clarify, server-end DNS is of two types:  Either your server
is publishing DNS data, or it's not (and is merely fetching, providing,
and caching as necessary DNS data published elsewhere).

o  Publishing DNS data is called running an "authoritative nameserver".
o  Handing other folks' DNS data is called running a "recursive nameserver".

If you own a domain, you'll want to have it be served up by minimum two
authoritative nameservers operating on fixed IP addresses somewhere in
the world.  (The RFC-recommended numbers are minimum three, maximum
seven.)

So, folks generally don't need to even consider operating authoritative
nameservice:  Only domain owners do.

On the other hand, _everyone_ has reason to run a recursive (aka
"recursive-resolver") nameserver on the local LAN or local machine.
One reason:  Not doing so throws away siginficant bandwidth and
performance on the traffic overhead and delays resulting from
unnecessary DNS-query transactions across your upstream link.
Another reason:  Security.  ISP nameservers tend to have extremely bad
security (and reliability, and performance).

The smaller your network operation, and the less bandwidth you have to
waste, the greater your advantage from a local recursive nameserver.
Yet, these are the exact people whose reaction to my suggestion is
inevitably "Oh, my computing's too small, simple, and slow to need a
nameserver.  Besides, it's too difficult to do."

Here's how you turn on PowerDNS Recursor on Ubuntu:

$ sudo apt-get install pdns-recursor

That's it.  PowerDNS Recursor is now running and will handle recursive
queries posed to it, and will cache that data, saving bandwidth on
repeat queries (which happen a great deal).

You _do_ need to set the local machine to send its queries there.
A *ix machine's DNS client library is configured via /etc/resolv.conf .
Edit that file to have this one "nameserver" line and no other
"nameserver" lines:

nameserver 127.0.0.1

You also need to make sure your DHCP client software (if any) doesn't
overwrite that namserver line.  There are many ways to do this; the
least complex is to install the "resolvconf" package.  (Just install it;
the DHCP client should then do The Right Thing.)