Dear Ripe, We are here in Internet Egypt a LIR to RIPE NCC reg ID : eg.ie . We currently have two DNS servers : brainy1.ie-eg.com and brainy2.ie-eg.com We want to add a new DNS server brainy4.ie-eg.com We want to know if there is any thing that we should do with ripe in order to have this new DNS server registered and be able to add domain names to it ? Please advise us with the necessary procedures that should be taken. Best Regards, Abdelhamid Osman Network Manager Internet Egypt
The RIPE NCC only handles (parts of) the inaddr.arpa tree. You can manage the part of the inaddr.arpa corresponding to the addresses that have been delegated to your LIR using the process described in: * http://www.ripe.net/ripencc/mem-services/registration/reverse/index.html For forward domains, you need to talk to the registrar of those domains. Cheers, Joao Damas ISC On Sunday, September 7, 2003, at 10:54 AM, Abdelhamid Osman wrote:
Dear Ripe, We are here in Internet Egypt a LIR to RIPE NCC reg ID : eg.ie . We currently have two DNS servers : brainy1.ie-eg.com and brainy2.ie-eg.com We want to add a new DNS server brainy4.ie-eg.com
We want to know if there is any thing that we should do with ripe in order to have this new DNS server registered and be able to add domain names to it ?
Please advise us with the necessary procedures that should be taken.
Best Regards,
Abdelhamid Osman Network Manager Internet Egypt
We currently have two DNS servers : brainy1.ie-eg.com and brainy2.ie-eg.com We want to add a new DNS server brainy4.ie-eg.com
it would be even brainier if you read rfc 2182 section 3, and put at least one server at a tolpologically and geographically diverse location. randy
We currently have two DNS servers : brainy1.ie-eg.com and brainy2.ie-eg.com We want to add a new DNS server brainy4.ie-eg.com
it would be even brainier if you read rfc 2182 section 3, and put at least one server at a tolpologically and geographically diverse location.
A pointer to a best current practice document is always helpful. RFC 2182 is getting old, I guess I'd also recommend that recursion is disabled on the servers. A "dig version.bind txt chaos @brainy1.ie-eg.com" returns 8.2.3-REL-IDNS. If this is an unpatched version you might want to read http://www.isc.org/products/BIND/bind-security.html. I still wonder why so many DNS operators don't pay attention to RFC 2182. Lots of domains have all their nameservers in a single AS. The worst example for what can go wrong I've seen so far was the trouble of web.de (a large freemailer in Germany) back in the last summer: They were multihomed but had both nameservers only connected via AS517. The KPNQwest network went suddenly down and both servers were unreachable. IIRC web.de somehow managed to get an "emergency rebuild" of the .de zone from DENIC. Did they learn something from this sad event? Nope: Both servers are again connected via a single AS. Joerg
A pointer to a best current practice document is always helpful. RFC 2182 is getting old
yep. so am i :-).
I guess I'd also recommend that recursion is disabled on the servers.
this was not appropriate for 2182 because the document was not addressing heavily loaded, root, or other servers where it is clear this is clearly needed.
I still wonder why so many DNS operators don't pay attention to RFC 2182.
because they do not associate that not paying attention to a moldy rfc was the reason microsoft.com was off the air for almost a day? randy
participants (4)
-
Abdelhamid Osman -
Joao Luis Silva Damas -
Joerg Schumacher -
Randy Bush