ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
mLine 10:
Line 10: − + − + − + − +
no edit summary
= Authoritative DNS servers =
= Authoritative DNS servers =
The authoritative DNS servers run on karl-tpa.allstarlink.org and smithers-fnt.allstarlink.org with the backend in the distributed database. These servers may be administered via 'pdnsutil' on the cli or via the gui at http://karl-tpa.allstarlink.org:9191 or http://smithers-fnt.allstarlink.org:9191 over the VPN or via the bastion hosts.
The authoritative DNS server runs on caustic-sea.allstarlink.org with the backend in the distributed database.
DNSSEC is enabled on all domains and trust is expanded to all sub servers.
DNSSEC was enabled on all domains and trust is expanded to all sub servers. This is currently broken.
Secondary DNS is very important as provided by ns[1-4].keekles.org and ns6.gandi.net. This is very important as if the database is hard down in FNT and TPA, the primary DNS will be offline. With the secondary servers online DNS will continue to work, and NMS requires DNS for the allstarlink.org zone.
Secondary DNS is very important as provided several DNS servers. This is very important as if the database is hard down in SEA, the primary DNS will be offline. With the secondary servers online DNS will continue to work, and NMS requires DNS for the allstarlink.org zone.
= regsvcs.allstarlink.org =
= regsvcs.allstarlink.org =
This Zone is served by the registration servers, and is pulled directly from the database. There is no secondary on these zones, just the three primary servers on the registration servers.
This Zone is served by the registration servers, and is pulled directly from the database. There is no secondary on these zones, just the primary DNS servers on the registration servers.
The redundancy of registration is handled by a TTL of 120 seconds on all the records. We've added another field in the 'records' table 'UnixSeconds' which is NULL by default, but updated by the heartbeat health check scripts on the servers. If the heartbeat script detects the DB or connectivity down at a site, it will shut down that server and stop updating the DNS UnixSeconds.
The redundancy of registration is handled by a TTL of 120 seconds on all the records. We've added another field in the 'records' table 'UnixSeconds' which is NULL by default, but updated by the heartbeat health check scripts on the servers. If the heartbeat script detects the DB or connectivity down at a site, it will shut down that server and stop updating the DNS UnixSeconds.