about alt-transfer-source
Can somebody explain how many retries must pass, before IP-address from alt-transfer-source option will be used? Thank you. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Reverse Classless not working
Hi, I have a problem with my DNS server configured as RFC2317 stated. The reverse of the zone 128/28.22.206.193.IN-ADDR.ARPA is not working, when I try to resolve it doesn't work: nslookup 193.206.22.134 Server:127.0.0.1 Address:127.0.0.1#53 ** server can't find 134.22.206.193.in-addr.arpa: NXDOMAIN for the zone 96/27.22.206.193.IN-ADDR.ARPA no problem, it works! How can I fix it??? The two zone is the following: zone 128/28.22.206.193.IN-ADDR.ARPA { type master; file /etc/bind/plab.reverse; allow-query { any;}; notify yes; }; zone 96/27.22.206.193.IN-ADDR.ARPA { type master; file /etc/bind/db.reverse; allow-query { any;}; notify yes; }; Thanks. Ios77 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about alt-transfer-source
On 09/07/2009 10:22, Peter Andreev wrote: Can somebody explain how many retries must pass, before IP-address from alt-transfer-source option will be used? Thank you. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Hi Peter, Looking at the ARM alt-transfer-source is only used in a view if use-alt-transfer-source is set to yes. Are you using views? Stace ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Master is unreachable (cached)
Hi, I've moved our primary nameserver from windows server 2008 to windows server 2003, hoping that the problems with listening to TCP queries will go away. Then I'll see what I can do to reproduce if I get the time. My question is: When a slave server deems that a master is unreachable, how/when will it (re)try to establish contact. Can I set a timeout or so somewhere? I have this log file snippet, where you can see 1) a notify that is up to date 2) several retry limit for master xxx exceeded as well as a failed to connect: timed out (time frame of ~10 min) 3) several skipping zone transfer as master xxx is unreachable (cached) Note that this is almost 2 DAYS later. So, it seems like the server is experiencing problems which makes it believe that the master is unreachable. It might have been, I don't know - I was reconfiguring from server 2008 to server 2003, but had very little downtime as I moved the IP when the new master was ready. Almost 2 days later the slave writes unreachable (cached) which I assume indicates that it *believes* the master is unreachable because this information is cached. I would like it to re-check, as the master was actually online. Any ideas or hints? Best regards, Jan Hansen The log file: -- 1) Things are working -- 06-jul-2009 16:17:06.419 notify: info: client 213.173.250.146#26635: received notify for zone 'xn--vikkels-w1a.dk' 06-jul-2009 16:17:06.419 general: info: zone xn--vikkels-w1a.dk/IN: notify from 213.173.250.146#26635: zone is up to date -- 2) multiple retry limit exceeded -- 07-jul-2009 17:27:29.060 general: info: zone univision.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:27:29.060 general: info: zone univision.dk/IN: Transfer started. 07-jul-2009 17:27:50.138 xfer-in: error: transfer of 'univision.dk/IN' from 213.173.250.146#53: failed to connect: timed out 07-jul-2009 17:27:50.138 xfer-in: info: transfer of 'univision.dk/IN' from 213.173.250.146#53: Transfer completed: 0 messages, 0 records, 0 bytes, 21.078 secs (0 bytes/sec) 07-jul-2009 17:28:01.528 general: info: zone effektiv.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:29:32.450 general: info: zone aotransport.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:29:40.216 general: info: zone kjmc.se/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:30:10.950 general: info: zone telepriser.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:33:33.669 general: info: zone iankerandersen.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:33:49.013 general: info: zone tiku.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:33:55.810 general: info: zone sdvr.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:34:01.544 general: info: zone egrupper.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:36:40.716 general: info: zone kkr-net.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:36:43.794 general: info: zone mend.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) 07-jul-2009 17:37:26.591 general: info: zone fitdk.dk/IN: refresh: retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0) -- 3) two days later, master is unreachable (cached) -- 09-jul-2009 11:54:29.685 notify: info: client 213.173.250.146#65090: received notify for zone 'nhl-data.dk' 09-jul-2009 11:54:29.701 general: info: zone nhl-data.dk/IN: refresh: skipping zone transfer as master 213.173.250.146#53 (source 0.0.0.0#0) is unreachable (cached) 09-jul-2009 12:44:36.685 general: info: zone nhl-data.dk/IN: refresh: skipping zone transfer as master 213.173.250.146#53 (source 0.0.0.0#0) is unreachable (cached) 09-jul-2009 13:31:35.685 general: info: zone nhl-data.dk/IN: refresh: skipping zone transfer as master 213.173.250.146#53 (source 0.0.0.0#0) is unreachable (cached) 09-jul-2009 13:32:29.810 notify: notice: client 213.173.250.146#46455: received notify for zone 'cityklinikken.dk': not authoritative 09-jul-2009 13:33:09.498 general: info: received control channel command 'reconfig' 09-jul-2009 13:33:09.498 general: info: loading configuration from
Re: Reverse Classless not working
Thanks a lot. So this zone don't work because of missing delegation. My ISP is inserting the delegation. How can I check it? Simple nslookup 193.206.22.134 on my DNS server and it has to work or I can do furthemore check? Regards, Ivan Chris Hills ha scritto: On 09/07/09 11:59, Ivan Dallaserra wrote: Hi, I have a problem with my DNS server configured as RFC2317 stated. The reverse of the zone 128/28.22.206.193.IN-ADDR.ARPA is not working, when I try to resolve it doesn't work: Hi Ivan It appears that the parent zone has not yet been updated to include the delegation. If it is not done within 48 hours you need to contact your provider. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Truncated, retrying in TCP on Reverse lookup
The SERVFAIL/timeout is probably because the original poster's firewall is misconfigured and doesn't allow TCP DNS transactions. - Kevin Fr34k wrote: Hello, As I understand it, there are so many PTRs for that IP address, that DNS will change protocol from UDP to TCP. So, the message you are getting is informational because of this protocol change. See the long list of PTRs below. There should be one and only one PTR for that IP. Making an SMTP connection to that IP address results in that host saying that it calls itself minserv.co.za Therefore, there should be only on PTR for that IP address with that hostname. Note that none of the 15 PTRs match this hostname, which is even more silly. HTH $ host 196.7.126.38 ;; Truncated, retrying in TCP mode. 38.126.7.196.in-addr.arpa domain name pointer www.adventureservices.co.za http://www.adventureservices.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.penoc.org.za. 38.126.7.196.in-addr.arpa domain name pointer mail.travelsense.net. 38.126.7.196.in-addr.arpa domain name pointer mail.mantlemapper.com. 38.126.7.196.in-addr.arpa domain name pointer mail.quintessentia.net. 38.126.7.196.in-addr.arpa domain name pointer mail.datanetsolutions.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.spatialdimension.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.spatialwebserver.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.spatialwebserver.com. 38.126.7.196.in-addr.arpa domain name pointer mail.adventureservices.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.explorationservices.co.za. 38.126.7.196.in-addr.arpa domain name pointer spa004-1.cust-gw.za.mtnbusiness.net. 38.126.7.196.in-addr.arpa domain name pointer www.thewash.co.za http://www.thewash.co.za. 38.126.7.196.in-addr.arpa domain name pointer www.gisstaff.co.za http://www.gisstaff.co.za. 38.126.7.196.in-addr.arpa domain name pointer www.cheaprentalcars.co.za http://www.cheaprentalcars.co.za. telnet 196.7.126.38 25 Trying 196.7.126.38... Connected to 196.7.126.38. Escape character is '^]'. 220 minserv.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 9 Jul 2009 14:45:58 +0200 rset q250 2.0.0 Resetting uit 221 2.0.0 minserv.co.za Service closing transmission channel Connection closed by foreign host. *From:* Erisan Nyamutenha erisan.nyamute...@uct.ac.za *To:* bind-users-requ...@lists.isc.org *Cc:* bind-us...@isc.org *Sent:* Thursday, July 9, 2009 3:34:09 AM *Subject:* Truncated, retrying in TCP on Reverse lookup Hi All In order for my email server to accept mail from an external source, it does a reverse lookup on the source. I have email coming from a sender whose ip address maps to several hostnames i.e there PTR records pointing to the same IP. when I try to reverse lookup with my own DNS I get the following ;;Truncated, retrying in TCP mode then eventually I get a time out or server can't find 38.126.7.196.in-addr.arpa: SERVFAIL. What could this be? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Truncated, retrying in TCP on Reverse lookup
Yeah, and what Kevin said :) Another example for why friends don't let friends use more than one PTR per IP address. - Original Message From: Kevin Darcy k...@chrysler.com To: bind-us...@isc.org Sent: Thursday, July 9, 2009 12:35:54 PM Subject: Re: Truncated, retrying in TCP on Reverse lookup The SERVFAIL/timeout is probably because the original poster's firewall is misconfigured and doesn't allow TCP DNS transactions. - Kevin Fr34k wrote: Hello, As I understand it, there are so many PTRs for that IP address, that DNS will change protocol from UDP to TCP. So, the message you are getting is informational because of this protocol change. See the long list of PTRs below. There should be one and only one PTR for that IP. Making an SMTP connection to that IP address results in that host saying that it calls itself minserv.co.za Therefore, there should be only on PTR for that IP address with that hostname. Note that none of the 15 PTRs match this hostname, which is even more silly. HTH $ host 196.7.126.38 ;; Truncated, retrying in TCP mode. 38.126.7.196.in-addr.arpa domain name pointer www.adventureservices.co.za http://www.adventureservices.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.penoc.org.za. 38.126.7.196.in-addr.arpa domain name pointer mail.travelsense.net. 38.126.7.196.in-addr.arpa domain name pointer mail.mantlemapper.com. 38.126.7.196.in-addr.arpa domain name pointer mail.quintessentia.net. 38.126.7.196.in-addr.arpa domain name pointer mail.datanetsolutions.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.spatialdimension.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.spatialwebserver.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.spatialwebserver.com. 38.126.7.196.in-addr.arpa domain name pointer mail.adventureservices.co.za. 38.126.7.196.in-addr.arpa domain name pointer mail.explorationservices.co.za. 38.126.7.196.in-addr.arpa domain name pointer spa004-1.cust-gw.za.mtnbusiness.net. 38.126.7.196.in-addr.arpa domain name pointer www.thewash.co.za http://www.thewash.co.za. 38.126.7.196.in-addr.arpa domain name pointer www.gisstaff.co.za http://www.gisstaff.co.za. 38.126.7.196.in-addr.arpa domain name pointer www.cheaprentalcars.co.za http://www.cheaprentalcars.co.za. telnet 196.7.126.38 25 Trying 196.7.126.38... Connected to 196.7.126.38. Escape character is '^]'. 220 minserv.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 9 Jul 2009 14:45:58 +0200 rset q250 2.0.0 Resetting uit 221 2.0.0 minserv.co.za Service closing transmission channel Connection closed by foreign host. *From:* Erisan Nyamutenha erisan.nyamute...@uct.ac.za *To:* bind-users-requ...@lists.isc.org *Cc:* bind-us...@isc.org *Sent:* Thursday, July 9, 2009 3:34:09 AM *Subject:* Truncated, retrying in TCP on Reverse lookup Hi All In order for my email server to accept mail from an external source, it does a reverse lookup on the source. I have email coming from a sender whose ip address maps to several hostnames i.e there PTR records pointing to the same IP. when I try to reverse lookup with my own DNS I get the following ;;Truncated, retrying in TCP mode then eventually I get a time out or server can't find 38.126.7.196.in-addr.arpa: SERVFAIL. What could this be? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.6.1 under perform after running for a couple of hours
At Wed, 08 Jul 2009 21:24:17 +0300, Imri Zvik im...@inter.net.il wrote: After a couple of hours, performance of bind 9.6.1 suddenly drops. While the server remains responsive, the response time increases, the rate of the failed queries increases, and CPU/load average usage increases. Restarting named solves the problem. [snip] It is important to state that we just upgraded from 9.4.3-P2. I have no idea with confidence about this kind of problem that 9.6.1 has but 9.4.3-P2 doesn't. But one usual suspect in such a symptom is memory management problems for a caching server. Can you show your named.conf to see if there's anything that may matter in this sense? How much memory did named use when you saw the problem? If you enable statistics-channels can you show its output when this occurs? --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Classless not working
In message h34s5b$q9...@ger.gmane.org, Chris Hills writes: On 09/07/09 14:13, Ivan Dallaserra wrote: Thanks a lot. So this zone don't work because of missing delegation. My ISP is inserting the delegation. How can I check it? Simple nslookup 193.206.22.134 on my DNS server and it has to work or I can do furthemore check? Regards, Ivan Hi Ivan It is working now, so the delegation has been completed. You can check using `dig +trace 134.22.206.193.in-addr.arpa. in ptr` Regards, Chris You should make your servers stealth slaves for 22.206.193.in-addr.arpa if you have not already done so. That way you will continue to have reverse resolution work internally when your external link is down. e.g. zone 22.206.193.in-addr.arpa { type slave; file /etc/bind/22.206.193.in-addr.arpa; masters { 193.206.141.38; 193.206.141.42; 2001:760::::aa; 2001:760::::ba; }; notify no; }; Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Classless not working
On Fri, Jul 10, 2009 at 09:44:51AM +1000, Mark Andrews wrote: You should make your servers stealth slaves for 22.206.193.in-addr.arpa And the parent server should be a slave for the delegated zone. RFC 2317 section 5.1 http://www.dns.net/dnsrd/rfc/rfc2317.html Justin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about alt-transfer-source
In message f45e198a0907090445wa7ee541of499df42519c5...@mail.gmail.com, Peter Andreev writes: Hello, Stacey I'm not using views. Now I'm tring to solve next problem: I have two slave servers, both have same IP-address on loopback interfaces, this IP-address specified in masters' allow-transfer lists, and in transfer-source option of my servers. Due to routing only one server receives zone updates, while the other one logging retries limit exceeded. Don't initiate transactions from a anycast address. It doesn't work reliably. Let you slaves choose a source address other than the anycast address for the zone transfers. If you need to authenticate use TSIG. If you want to cross transfer have the slaves listen on a non anycast address and use those in the masters clauses. Mark Thus I try to find out how second server can load zones from first using one source IP-address and, if first server goes malfunction, load zones from masters with another source IP-address. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users