Re: SERVFAIL debugging
JINMEI Tatuya / 神明達哉 wrote: At Wed, 24 Jun 2009 10:13:51 +0400, Dmitry Rybin kirg...@corbina.net wrote: new experimental feature just for that purpose: Is this feature going to be back ported to 9.4 and 9.5 releases as well? For 9.5, yes. For 9.4, not according to the current plan. named[87071]: 22-Jun-2009 13:18:23.256 query-errors: debug 2: fetch completed at resolver.c:6569 for static.cache.l.google.com/A in 0.041364: SERVFAIL/success [domain:com,referral:1,restart:0,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] Which version of BIND9 is this? To match the line number we need the exact version number. FreeBSD 7.2-STABLE, bind from ports bind96-9.6.1 Okay, then the above log strongly suggests that the cache is full in some unusual way and even recently fetched RR (which is in this case NS for google.com) has been purged before it's actually used. There have been bugs that could cause this symptom, but all known problems should have been solved in 9.6.1. So, I have no specific idea about how exactly that happened. Can you provide the following information? - your complete named.conf - if you enable statistics-channel, its output when you see this trouble - the result of rndc dump when you see this trouble (note: rndc dump purges stale cache entries as a side effect and may hide the cause. It will still help investigate the problem) If you think it's sensitive please contact me offlist. I'll send it offlist, but results may be interested to all other. Bind 9.7 works better, and I didn't see this error. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NS rr configuration: 1*NS + 4xA vs. 4xNS ?
In message 20090629101834.ga31...@fantomas.sk, Matus UHLAR - fantomas writes: Hello, I am planning to change NS records in our and our customers' zones. I'll have four nameservers on different networks, and I'd like to make configuration as easy as possible by using only one NS record for them all. And harder to debug. 1 name to 1 machine is easy to debug. What I currently have is similar to: domain.example.IN NS ns.domain.example. IN NS ns1.domain.example. IN NS ns2.domain.example. IN NS ns.example.com. ns.domain.example. IN A 10.0.0.1 ns1.domain.example. IN A 10.0.0.2 ns2.domain.example. IN A 10.0.0.3 ns.example.com. IN A 192.168.0.1 I would like to change it this way: domain.example.IN NS ns.domain.example. ns.domain.example. IN A 10.0.0.1 IN A 10.0.0.2 IN A 10.0.0.3 IN A 192.168.0.1 That way our customers for which we will configure slaves will only have to add one NS record instead of four (or less, which will currently put load on only some of our servers). customer.example. IN NS ns.customer.example. IN NS ns.domain.example. ns.customer.example. IN A 172.16.0.1 - when bind will access to servers for the customer.example., will it spread the load onto all ip addresses equally, will it send half of queries to ns.customer.example. and half to ns.domain.example. ? (I know this usually only happens for first lookup but anyway) I am also planning to use hidden master so another question is: - will BIND send NOTIFY to all IP addresses of 1 NS record? (multiple A's for one name can be understood as one multihomed host) The rest is not strictly BIND-related, but I hope it may be acceptable in this list. Does anyone know, if: - will registrars who require more nameservers in different subnets accept providing only ns.domain.example. as a NS, or will they require other NS record? - if they require other NS record, will they accept ns.isp.example. with the same set of A records? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NS rr configuration: 1*NS + 4xA vs. 4xNS ?
On 30.06.09 01:08, Mark Andrews wrote: In message 20090629101834.ga31...@fantomas.sk, Matus UHLAR - fantomas writes: I am planning to change NS records in our and our customers' zones. I'll have four nameservers on different networks, and I'd like to make configuration as easy as possible by using only one NS record for them all. And harder to debug. 1 name to 1 machine is easy to debug. running either of them behind a L3 switch makes it hard to debug again, so I wouldn't take that as an issue. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Using dig for checking domain registration
I have been using the below command to determine if a domain is registered. I use this for an internal audit of what clients have come and gone, and what DNS records I need to clean up. dig example.com NS +trace -4 @4.2.2.1 | grep -i ns1.example.com I run it also with ns2.example.com in the grep to make certain my primary and secondary are listed. My current trouble is that I am getting intermittent failures if the domain is not a tld of .com, .net, .org. $dig customtruckgraphics.us NS +trace -4 @4.2.2.1 +short NS F.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS M.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS G.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS E.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS D.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS L.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS C.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS K.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS I.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS J.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS A.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS B.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS H.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. dig: couldn't get address for 'J.GTLD.BIZ': not found Can someone explain to me what is happening here, and also, provide a suggestion on how to best test for the conditions I am after? -- Scott * If you contact me off list replace talklists@ with scott@ * ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dk dkim with dkimproxy
I get a weird error [swilt...@localhost ~]$ host -t txt mail._domainkey.fakessh.eu. bitsy.mit.edu. Using domain server: Name: bitsy.mit.edu. Address: 18.72.0.3#53 Aliases: Host mail._domainkey.fakessh.eu not found: 3(NXDOMAIN) [swilt...@localhost ~]$ [swilt...@localhost ~]$ host -t txt mail._domainkey.renelacroute.fr. bitsy.mit.edu. Using domain server: Name: bitsy.mit.edu. Address: 18.72.0.3#53 Aliases: mail._domainkey.renelacroute.fr descriptive text v=DKIM1\;t=s\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9HIrVMndj/1F6YXlOae/1CukcWClnD2iJ9zslFaM2vAEwNJNfJkq/0aVdTCNF/EVZi3x51FKg8wjGFWNbPW3eFaVt8ZjX0wBPFviKFeVDd2VCDwgKgk9xw0AW31kok8OX2Inikid+lPiEffoqZ2j2QOgnUJ7WnFfbKbNsm+MPLQIDAQAB [swilt...@localhost ~]$ the 2 areas are located on the same machine one telnet fakessh.eu 2525 its ok its not NXDOMAIN Le lundi 29 juin 2009 21:52, fake...@fakessh.eu a écrit : i dkimproxy update to the latest version which is in beta my secondary dns is not to me he plays tricks Le lundi 29 juin 2009 05:12, Byung-Hee HWANG a écrit : fake...@fakessh.eu fake...@fakessh.eu writes: that right now [swilt...@your-ab6cd29f8e ~]$ host -t txt fakessh.eu._domainkey.fakessh.eu. fakessh.eu._domainkey.fakessh.eu descriptive text v=DKIM1\; t=s\;k=rsa\;p=MIG[...] OK, your check seems good. Then you check try again with external public DNS (eg, bitsy.mit.edu) ;; $ host -t txt fakessh.eu._domainkey.fakessh.eu. bitsy.mit.edu. Sincerely, ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dk dkim with dkimproxy
problem solved. I had forgotten it. at the end of the statement Le lundi 29 juin 2009 22:27, fake...@fakessh.eu a écrit : I get a weird error [swilt...@localhost ~]$ host -t txt mail._domainkey.fakessh.eu. bitsy.mit.edu. Using domain server: Name: bitsy.mit.edu. Address: 18.72.0.3#53 Aliases: Host mail._domainkey.fakessh.eu not found: 3(NXDOMAIN) [swilt...@localhost ~]$ [swilt...@localhost ~]$ host -t txt mail._domainkey.renelacroute.fr. bitsy.mit.edu. Using domain server: Name: bitsy.mit.edu. Address: 18.72.0.3#53 Aliases: mail._domainkey.renelacroute.fr descriptive text v=DKIM1\;t=s\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9HIrVMndj/1F 6YXlOae/1CukcWClnD2iJ9zslFaM2vAEwNJNfJkq/0aVdTCNF/EVZi3x51FKg8wjGFWNbPW3eFaV t8ZjX0wBPFviKFeVDd2VCDwgKgk9xw0AW31kok8OX2Inikid+lPiEffoqZ2j2QOgnUJ7WnFfbKbN sm+MPLQIDAQAB [swilt...@localhost ~]$ the 2 areas are located on the same machine one telnet fakessh.eu 2525 its ok its not NXDOMAIN Le lundi 29 juin 2009 21:52, fake...@fakessh.eu a écrit : i dkimproxy update to the latest version which is in beta my secondary dns is not to me he plays tricks Le lundi 29 juin 2009 05:12, Byung-Hee HWANG a écrit : fake...@fakessh.eu fake...@fakessh.eu writes: that right now [swilt...@your-ab6cd29f8e ~]$ host -t txt fakessh.eu._domainkey.fakessh.eu. fakessh.eu._domainkey.fakessh.eu descriptive text v=DKIM1\; t=s\;k=rsa\;p=MIG[...] OK, your check seems good. Then you check try again with external public DNS (eg, bitsy.mit.edu) ;; $ host -t txt fakessh.eu._domainkey.fakessh.eu. bitsy.mit.edu. Sincerely, ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NS rr configuration: 1*NS + 4xA vs. 4xNS ?
In message 20090629200938.ga6...@fantomas.sk, Matus UHLAR - fantomas writes: On 30.06.09 01:08, Mark Andrews wrote: In message 20090629101834.ga31...@fantomas.sk, Matus UHLAR - fantomas wri tes: I am planning to change NS records in our and our customers' zones. I'll have four nameservers on different networks, and I'd like to make configuration as easy as possible by using only one NS record for them al l. And harder to debug. 1 name to 1 machine is easy to debug. running either of them behind a L3 switch makes it hard to debug again, so I wouldn't take that as an issue. A L3 switch is still one virtual machine with one routing entry and one path from the customer to the L3 switch. There is no need to play this silly game. It just make things harder. Some machines will make assumptions that all the address refer to one machine and that some operations shouldn't be retried because they won't get a different response. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using dig for checking domain registration
On Jun 29, 2009, at 5:08 PM, Mark Andrews wrote: In message 76610622-42ba-4ed3-b945-14f6c6796...@newgeo.com, Scott Haneda writ es: I have been using the below command to determine if a domain is registered. I use this for an internal audit of what clients have come and gone, and what DNS records I need to clean up. dig example.com NS +trace -4 @4.2.2.1 | grep -i ns1.example.com I run it also with ns2.example.com in the grep to make certain my primary and secondary are listed. My current trouble is that I am getting intermittent failures if the domain is not a tld of .com, .net, .org. $dig customtruckgraphics.us NS +trace -4 @4.2.2.1 +short NS F.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS M.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS G.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS E.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS D.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS L.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS C.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS K.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS I.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS J.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS A.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS B.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS H.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. dig: couldn't get address for 'J.GTLD.BIZ': not found J.GTLD.BIZ only has a IPv6 addresses. Can someone explain to me what is happening here, and also, provide a suggestion on how to best test for the conditions I am after? You need to run a version of dig with this bug fix or just re-try. 2517. [bug] dig +trace with -4 or -6 failed when it chose a nameserver address of the excluded address. [RT #18843] Which should read. 2517. [bug] dig +trace with -4 or -6 failed when it chose a nameserver address of the excluded address type. [RT #18843] Alternatively do dig ns parent.zone, then dig +norec ns child.zone @parent-server. Hi Mark, thanks for the reply. I do not understand your last suggestion. If the domain in question is customtruckgraphics.us, can you show me an example of how to do this? As to the versions, I would not be onjectionable to updating, how do I tell which version of dig is on the machine, as well as where to find the version that addresses the two bugs listed above? I can not rebuild named entirely, as it was enough trouble getting DLZ working on RHEL. I would just need to fish out dig, and build that separate. Thank you. -- Scott * If you contact me off list replace talklists@ with scott@ * ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using dig for checking domain registration
In message ba25c9bb-29d5-4771-bcad-4f6a34f69...@newgeo.com, Scott Haneda writ es: On Jun 29, 2009, at 5:08 PM, Mark Andrews wrote: In message 76610622-42ba-4ed3-b945-14f6c6796...@newgeo.com, Scott Haneda writ es: I have been using the below command to determine if a domain is registered. I use this for an internal audit of what clients have come and gone, and what DNS records I need to clean up. dig example.com NS +trace -4 @4.2.2.1 | grep -i ns1.example.com I run it also with ns2.example.com in the grep to make certain my primary and secondary are listed. My current trouble is that I am getting intermittent failures if the domain is not a tld of .com, .net, .org. $dig customtruckgraphics.us NS +trace -4 @4.2.2.1 +short NS F.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS M.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS G.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS E.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS D.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS L.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS C.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS K.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS I.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS J.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS A.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS B.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. NS H.ROOT-SERVERS.NET. from server 4.2.2.1 in 19 ms. dig: couldn't get address for 'J.GTLD.BIZ': not found J.GTLD.BIZ only has a IPv6 addresses. Can someone explain to me what is happening here, and also, provide a suggestion on how to best test for the conditions I am after? You need to run a version of dig with this bug fix or just re-try. 2517. [bug] dig +trace with -4 or -6 failed when it chose a nameserver address of the excluded address. [RT #18843] Which should read. 2517. [bug] dig +trace with -4 or -6 failed when it chose a nameserver address of the excluded address type. [RT #18843] Alternatively do dig ns parent.zone, then dig +norec ns child.zone @parent-server. Hi Mark, thanks for the reply. I do not understand your last suggestion. If the domain in question is customtruckgraphics.us, can you show me an example of how to do this? % dig ns us ; DiG 9.3.6-P1 ns us ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 38654 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 6 ;; QUESTION SECTION: ;us.IN NS ;; ANSWER SECTION: us. 518400 IN NS a.gtld.biz. us. 518400 IN NS i.gtld.biz. us. 518400 IN NS c.gtld.biz. us. 518400 IN NS b.gtld.biz. us. 518400 IN NS j.gtld.biz. us. 518400 IN NS k.gtld.biz. ;; ADDITIONAL SECTION: a.gtld.biz. 516703 IN A 209.173.53.162 b.gtld.biz. 516685 IN A 209.173.57.162 c.gtld.biz. 516677 IN A 209.173.60.65 i.gtld.biz. 516687 IN A 156.154.96.126 k.gtld.biz. 516672 IN A 156.154.72.65 j.gtld.biz. 516601 IN 2001:503:a124:::::ff7e ;; Query time: 438 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jun 30 10:32:37 2009 ;; MSG SIZE rcvd: 232 % dig +norec customtruckgraphics.us ns @a.gtld.biz ; DiG 9.3.6-P1 +norec customtruckgraphics.us ns @a.gtld.biz ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 22320 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;customtruckgraphics.us.IN NS ;; AUTHORITY SECTION: customtruckgraphics.us. 7200IN NS NS1.OCTANEDNS.COM. customtruckgraphics.us. 7200IN NS NS2.OCTANEDNS.COM. ;; Query time: 242 msec ;; SERVER: 209.173.53.162#53(209.173.53.162) ;; WHEN: Tue Jun 30 10:33:22 2009 ;; MSG SIZE rcvd: 89 % As to the versions, I would not be onjectionable to updating, how do I tell which version of dig is on the machine, Look in the comments. I used dig from 9.3.6-P1 to make the above queries. as well as where to find the version that addresses the two bugs listed above? One bug actually. The ISC web site. I can not rebuild named entirely, as it was enough trouble getting DLZ working on RHEL. I would just need to fish out dig, and build that separate. I suspect you will find it easier to just fully upgrade. You may need to go find test rpms. I'm not a Linux guy but I'm sure they shouldn't be hard to find or
Re: domain name length
yes - you can do that. and even assign the same NS or other if you want. a domain can be very large to the human eye. I'm not sure how many characters - but more then 200 I think. Go crazy. regards joe baptista On Mon, Jun 29, 2009 at 9:28 PM, Dan Letkeman danletke...@gmail.com wrote: Hello, Are there any issues with have domains like location.domain.com so all of my hosts will be host.location.domain.com ? Currently we have everything under domain.com and it is getting to be very messy. Dan. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using dig for checking domain registration
In message 8e6e793d-9326-47f3-aeef-c3e072b32...@newgeo.com, Scott Haneda writ es: Comments interspersed below... On Jun 29, 2009, at 5:42 PM, Mark Andrews wrote: Hi Mark, thanks for the reply. I do not understand your last suggestion. If the domain in question is customtruckgraphics.us, can you show me an example of how to do this? % dig ns us ; DiG 9.3.6-P1 ns us ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 38654 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 6 ;; QUESTION SECTION: ;us.IN NS ;; ANSWER SECTION: us. 518400 IN NS a.gtld.biz. us. 518400 IN NS i.gtld.biz. us. 518400 IN NS c.gtld.biz. us. 518400 IN NS b.gtld.biz. us. 518400 IN NS j.gtld.biz. us. 518400 IN NS k.gtld.biz. ;; ADDITIONAL SECTION: a.gtld.biz. 516703 IN A 209.173.53.162 b.gtld.biz. 516685 IN A 209.173.57.162 c.gtld.biz. 516677 IN A 209.173.60.65 i.gtld.biz. 516687 IN A 156.154.96.126 k.gtld.biz. 516672 IN A 156.154.72.65 j.gtld.biz. 516601 IN 2001:503:a124::::ff ff:ff7e ;; Query time: 438 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jun 30 10:32:37 2009 ;; MSG SIZE rcvd: 232 % dig +norec customtruckgraphics.us ns @a.gtld.biz ; DiG 9.3.6-P1 +norec customtruckgraphics.us ns @a.gtld.biz ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 22320 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;customtruckgraphics.us.IN NS ;; AUTHORITY SECTION: customtruckgraphics.us. 7200IN NS NS1.OCTANEDNS.COM. customtruckgraphics.us. 7200IN NS NS2.OCTANEDNS.COM. ;; Query time: 242 msec ;; SERVER: 209.173.53.162#53(209.173.53.162) ;; WHEN: Tue Jun 30 10:33:22 2009 ;; MSG SIZE rcvd: 89 So, the idea is to `dig ns us` and fish out any? of the NS's in the result set, store that NS, and feed it to dig again, with `dig +norec customtruckgraphics.us ns @a.gtld.biz` where `a.gtld.biz` is the result I stored? Yes. That's effectively all dig +trace does except it starts at the root and does it for each level and takes advantage of the referral. I can not rebuild named entirely, as it was enough trouble getting DLZ working on RHEL. I would just need to fish out dig, and build that separate. I suspect you will find it easier to just fully upgrade. You may need to go find test rpms. I'm not a Linux guy but I'm sure they shouldn't be hard to find or for that matter convert a existing source on. I wish I could, the bind that they are running is the only one I could find to get to work with DLZ, and it was core dumping all over the place. I barely know linux, and would rather not touch it. If it is possible to just build dig on rhel, I could go that route. Though I am not understanding the versions, you were using 9.3.6 and I am using DiG 9.6.0-P1-RedHat-9.6.0-2.P1 Since I am more current than you, I would estimate that the one bug is fixed if it is in your version, of course, that is not the case: dig customtruckgraphics.us NS +trace -4 or -6 @4.2.2.1 +short dig: can't find IPv6 networking. Is this bug is a regression? No. I just used a older version as that is what ships with the OS. I have newer versions installed and I use them when I need to. named is always running a current version. I am giving it a go to build it on RHEL now, and just pull dig out. Thanks for any other help. -- Scott * If you contact me off list replace talklists@ with scott@ * -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NS rr configuration: 1*NS + 4xA vs. 4xNS ?
In message 20090629200938.ga6...@fantomas.sk, Matus UHLAR - fantomas writes: On 30.06.09 01:08, Mark Andrews wrote: In message 20090629101834.ga31...@fantomas.sk, Matus UHLAR - fantomas wri tes: I am planning to change NS records in our and our customers' zones. I'll have four nameservers on different networks, and I'd like to make configuration as easy as possible by using only one NS record for them al l. And harder to debug. 1 name to 1 machine is easy to debug. running either of them behind a L3 switch makes it hard to debug again, so I wouldn't take that as an issue. On 30.06.09 10:01, Mark Andrews wrote: A L3 switch is still one virtual machine with one routing entry and one path from the customer to the L3 switch. the difficulty of debugging the case when one IP directs to L3 switch with more real machines behind is bigger than the difficvulty of debugging case where one A points to more real IPs... There is no need to play this silly game. It just make things harder. Some machines will make assumptions that all the address refer to one machine and that some operations shouldn't be retried because they won't get a different response. This is just what I wanted to know. Is there any evidenve that any DNS resolvers have such behaviour? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users