To be fair, the name servers weren’t offline, just the two zone files I amended. The effect: none of my services at home were available to anything at home.
The other day, I was working on some procedures for adding a jail to a host and then a jail within that jail. I wanted to document the procedure to make it easier to implement when the time comes.
The first step, create the main jail, I called it jail_within_jail. Blatant self-promotion, I used the mkjail tool.
Doing the right thing, I looked in my zones files for unused IP addresses, added the hostname, bumped the serial value, committed my changes to subversion, and pushed the results to the name servers.
Here is a summary of the diff
# the reverse DNS file - 2021080700 ; serial + 2021081100 ; serial ... +31 PTR jail_within_jail.int.unixathome.org. 32 PTR pg02.int.unixathome.org. 33 PTR bacula-sd-02.int.unixathome.org. 34 PTR pg03.int.unixathome.org. # the forward zone file - 2021080700 ; serial + 2021081100 ; serial ... +jail_within_jail A 10.55.0.31 +
I checked the hostname/IP address to make sure they resolved. They didn’t.
Eventually I noticed errors in my name server logs when things were not resolving. It wasn’t just the new hostname. It was anything in the zone files for my personal domains.
11-Aug-2021 23:40:14.584 exiting 11-Aug-2021 23:40:15.345 dns_rdata_fromtext: zones/0.55.10.in-addr.arpa.db:48: near 'jail_within_jail.int.unixathome.org.': bad name (check-names) 11-Aug-2021 23:40:15.357 zones/int.unixathome.org.db:88: jail_within_jail.int.unixathome.org: bad owner name (check-names) 11-Aug-2021 23:40:15.359 all zones loaded 11-Aug-2021 23:40:15.359 running
Oh.
Searching, my first hit was Plesk no longer allows the creation of non-TXT DNS records containing the underscore (“_”) character
Now I think I know what happened. I knew dashes (“-“) were allowed in hostnames, and just used underscores for some reason. Ooops. I named the jail with underscores, and just carried on to the DNS.
No worries, let’s update the zone files.
OK, commit:
svn: E170013: Commit failed (details follow): svn: E170013: Unable to connect to a repository at URL 'svn+ssh://svnusers@svn.int.unixathome.org/websites/dns-private/trunk' svn: E210002: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. svn: E210002: Network connection closed unexpectedly svn: E170013: Your commit message was left in a temporary file: svn: E170013: '/usr/home/dan/dns-PRIVATE/svn-commit.tmp'
Yeah, that’s because the name servers are broken.
Solution: amend the zone files on the name server, changing jail_with_jail to jail-within-jail, and bumping the serial numbers. Restart named.
Now I can commit, after first bumping the serial numbers again.
Push the stuff to the name server.
Fixed.
