Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 9 submissions in the queue.
Journal by kolie

Hey Soylent community,

I’m thrilled to announce that we’ve successfully migrated our DNS to PDNS! This marks the final step in our infrastructure overhaul. Today, I pushed the big red button and turned off all the old systems. We are now operating 100% on the new infrastructure.

This transition brings us into uncharted territory, but so far, everything seems to be working perfectly. The new setup promises enhanced performance and reliability, and I’m optimistic about the improvements it will bring.

Thank you all for your patience and support throughout this process. Your feedback has been invaluable. If you have any questions or notice anything unusual, please let me know in the comments or on IRC.

Here’s to a smoother, faster, and more reliable SoylentNews!

 

Reply to: Re:Couple problems here

    (Score: 3, Informative) by kolie on Sunday November 10, @12:45AM

    by kolie (2622) Subscriber Badge on Sunday November 10, @12:45AM (#1381015)

    UDP listening works fine, the issue is dsnsviz is exclusively homed on HE v6, and our v6 is routed via cogent currently. Welcome to the world of peering disputes.

    What happened was, And you can look back in the history of DNSviz going far back, DNSSEC was ina quasi weird states. We were operating with two NS records pointing to the same server helium, And then running linode as 5 secondaries. There seems to be records in the actual zone file, And while they exist they might have not been marked for publication or being sent out I'm not entirely certain at this point what the pre-position was. I just know when we turned it on, we had a bunch of records there was several DNS key values and the one when I started enabling DNSEC in our side officially was not the one being used to sign keys there was now a third signature other than the one that was previously unused in the old bind install. I enable DNSSEC at the registrar because it wasn't according to anything I had, And then disabled it and then removed all the keys. I manually wiped all DNSSEC anything in the zone completely and cycled PDNS, and just did a from scratch implementation. Total time once I identified the cluster was about 15 minutes, ten to clean up five to fix the domains and roll out new zones.

    We have an actual secondary now turned on as well, And I think they got different information initially which amplified the issue. The current master was a secondary for helium. The second secondary referenced the first one I setup, because that would be its long-term configuration.

    I come from AD and we have a mantra, but it actually applies everywhere and very APT here

    "It is DNS. It is always DNS."

Post Comment

Edit Comment You are not logged in. You can log in now using the convenient form below, or Create an Account, or post as Anonymous Coward.

Public Terminal

Anonymous Coward [ Create an Account ]

Use the Preview Button! Check those URLs!


Logged-in users aren't forced to preview their comments. Create an Account!

Allowed HTML
<b|i|p|br|a|ol|ul|li|dl|dt|dd|em|strong|tt|blockquote|div|ecode|quote|sup|sub|abbr|sarc|sarcasm|user|spoiler|del>

URLs
<URL:http://example.com/> will auto-link a URL

Important Stuff

  • Please try to keep posts on topic.
  • Try to reply to other people's comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
  • If you want replies to your comments sent to you, consider logging in or creating an account.

If you are having a problem with accounts or comment posting, please yell for help.