query reply servfail

2009-08-20 Thread BBB Kee 
Hi

We are using solaris x86 bind-9.5.1-P3.  I tried that
when rndc flushname www.hsbc.com.hk. and dig a
www.hsbc.com.hk. a few times, sometimes our
nameserver reply servfail.  It shouldn't be the memory
problem as the daemon just started.  Any clue of it?

# /usr/local/sbin/rndc flushname www.hsbc.com.hk.
# /usr/local/bin/dig a www.hsbc.com.hk.

;  DiG 9.5.1-P3  a www.hsbc.com.hk.
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 1374
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;www.hsbc.com.hk.   IN  A

;; ANSWER SECTION:
www.hsbc.com.hk.20  IN  A   203.112.92.11

;; AUTHORITY SECTION:
www.hsbc.com.hk.900 IN  NS  mtyprdgss01.hsbc.com.hk.
www.hsbc.com.hk.900 IN  NS  tkoprdgss02.hsbc.com.hk.
www.hsbc.com.hk.900 IN  NS  tkoprdgss01.hsbc.com.hk.

;; ADDITIONAL SECTION:
mtyprdgss01.hsbc.com.hk. 17 IN  A   203.112.94.241
tkoprdgss01.hsbc.com.hk. 577IN  A   203.112.92.241
tkoprdgss02.hsbc.com.hk. 73 IN  A   203.112.92.244

;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 20 13:57:56 2009
;; MSG SIZE  rcvd: 175

# /usr/local/sbin/rndc flushname www.hsbc.com.hk.
# /usr/local/bin/dig a www.hsbc.com.hk.

;  DiG 9.5.1-P3  a www.hsbc.com.hk.
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 1042
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.hsbc.com.hk.   IN  A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 20 13:57:57 2009
;; MSG SIZE  rcvd: 33
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

lookup cnames

2009-08-20 Thread James M 
[r...@mandy4 ccadns]# rpm -qa|grep bind
bind-utils-9.3.2-7.4.20060mlcs4
bind-9.3.2-7.4.20060mlcs4

I've tried but cannot find an option to return cname records for a given host.
I did find dig and host command options that allows entering a cname
with the result being the host that owns that cname.
I need the opposite - enter host and return all the cnames for that host.
Is there a way using dig or host? or something else (besides axfr and grep)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: lookup cnames

2009-08-20 Thread Kevin Darcy 

James M wrote:

[r...@mandy4 ccadns]# rpm -qa|grep bind
bind-utils-9.3.2-7.4.20060mlcs4
bind-9.3.2-7.4.20060mlcs4

I've tried but cannot find an option to return cname records for a given host.
I did find dig and host command options that allows entering a cname
with the result being the host that owns that cname.
I need the opposite - enter host and return all the cnames for that host.
Is there a way using dig or host? or something else (besides axfr and grep)
___
  
No, the protocol does not support a general all CNAMEs pointing to a 
given name lookup function.


Even if it did, it would only work for CNAMEs in the zone(s) for which 
the target server was authoritative. There's no way to know whether some 
arbitrary admin has put a CNAME at some hierarchy level in some 
arbitrary zone, pointing to one of your Internet-advertised names (or 
even a non-Internet-advertised one, for that matter).


- Kevin

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

out of memory handling during *XFR

2009-08-20 Thread Paul Wouters 

Hi,

May I suggest an improvement in the handling of bind's out of memory
handling when performing *XFR's?

I am talking about these: failed while receiving responses: out of memory

Currently, bind drops the AXFR, and I assume the memory of the failed
partial *XFR'd zone, and tries again. On dedicated name servers, where
memory does not spontaniously appears from no where, this just starts
a loop of endless *XFR requests, peaking out a lot of bandwidth.

Bind could check to see if it got more free memory at the start of the
run then it had at the previously failed run.

Bind could do an exponential back off for the *XFR's.

Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reverse delegation - refused on my DNS

2009-08-20 Thread Mark Andrews 

In message 001201ca21de$6eea36e0$4cbea4...@monnerie@is.it-management.at, Mi
chael Monnerie writes:
 I'm still searching for the error.
 Also, sorry for the strangeness of the mail format, I used a webmail for =
 the last mails. This time it's Outlook, don't know if it's really any =
 better... at least not for correctly indenting old mail texts :-(
 
  Because you don't serve 164.69.212.in-addr.arpa and you
  tried to access the cache. You should slave
  164.69.212.in-addr.arpa so you have the CNAMEs locally.
  This will also make the above dig directed at your server
  work as the answer will come from the zone rather than
  the cache.
 
 I did that now, helps :-))
 =20
  Note: the lookups are working remotely because interative
  resolvers ask for 57.48-28.164.69.212.in-addr.arpa rather
  that 57.164.69.212.in-addr.arpa as generated by the above
  dig.
 
 Ah, I get the point. I always tested from a remote side with
 dig @dns1.zmi.at -x 212.69.164.57
 but that didn't work as this is not an open resolver. Slaving the zone =
 as you suggested enables even these lookups to work now. I think it's =
 good, as it helps remote sites to debug DNS when hunting an error.
 
 A plain
 dig -x 212.69.164.57
 also works, so, do I have an issue or is everything OK with my =
 configuration?
 
 Thanks for all your help, to all three of you!
 mfg zmi
 

All three servers are now answering which is good.

drugs:marka 10:11 {371} % dig +nssearch 48-28.164.69.212.in-addr.arpa
SOA ns4.zmi.at. hostmaster.ns4.zmi.at. 42 172800 14400 3628800 60 from server 
power4u.zmi.at in 2270 ms.
SOA ns4.zmi.at. hostmaster.ns4.zmi.at. 42 172800 14400 3628800 60 from server 
dns1.zmi.at in 1534 ms.
SOA ns4.zmi.at. hostmaster.ns4.zmi.at. 42 172800 14400 3628800 60 from server 
dns2.zmi.at in 357 ms.
drugs:marka 10:12 {372} % 

You do however have a delegation mismatch.

48-28.164.69.212.in-addr.arpa. 86400 IN NS  dns1.zmi.at.
48-28.164.69.212.in-addr.arpa. 86400 IN NS  dns2.zmi.at.
;; Received 91 bytes from 82.98.222.6#53(dns2.serico.de) in 717 ms

48-28.164.69.212.in-addr.arpa. 3600 IN  NS  power4u.zmi.at.
48-28.164.69.212.in-addr.arpa. 3600 IN  NS  dns2.zmi.at.
48-28.164.69.212.in-addr.arpa. 3600 IN  NS  dns1.zmi.at.
;; Received 161 bytes from 212.69.162.197#53(dns1.zmi.at) in 999 ms

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users