Re: Problem on CNAME configuration.
On Mon, Oct 05, 2009 at 04:41:24PM +0200, Cyril Gaudin - Rodacom c.gau...@rodacom.fr wrote a message of 72 lines which said: Maybe squid didn't append domainname in the dns request? squid.conf: # TAG: append_domain # Appends local domain name to hostnames without any dots in # them. append_domain must begin with a period. # # Be warned there are now Internet names with no dots in # them using only top-domain names, so setting this may # cause some Internet sites to become unavailable. # #Example: # append_domain .yourdomain.com # #Default: # none ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Problem on CNAME configuration.
In message 20091005212435.ga26...@laperouse.bortzmeyer.org, Stephane Bortzmey er writes: On Mon, Oct 05, 2009 at 04:41:24PM +0200, Cyril Gaudin - Rodacom c.gau...@rodacom.fr wrote a message of 72 lines which said: Maybe squid didn't append domainname in the dns request? squid.conf: # TAG: append_domain # Appends local domain name to hostnames without any dots in # them. append_domain must begin with a period. # # Be warned there are now Internet names with no dots in # them using only top-domain names, so setting this may # cause some Internet sites to become unavailable. And such names should not be in use. Only heirachical host names should be in use now. Heirachical hostnames contain interior periods. RFC 921 actually said what was supposed to happen. Unfortunately some operators of TLD's failed to pay attention. Just because DNS servers didn't block a record being added that didn't make it correct for them to add it. # #Example: # append_domain .yourdomain.com # #Default: # none ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.5 on Solaris dies silently
Hi all, I have made the observation that named sometimes dies silently when I look at the stats web page. Pretty much full logging is enabled, except query logging, but nothing at all is logged in this situation. How could I possibly debug this? statistics-channels { inet * port 8080 allow { ACL; }; }; Solaris 9 Bind 9.5.2 compiled on Solaris 8 with configure --prefix=/usr --with-openssl=/usr/local/ssl --enable-ipv6 --localstatedir=/var --sysconfdir=/var/named ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.5 on Solaris dies silently
Hi Lars, Lars Hecking píše v út 06. 10. 2009 v 10:22 +0100: Hi all, I have made the observation that named sometimes dies silently when I look at the stats web page. Pretty much full logging is enabled, except query logging, but nothing at all is logged in this situation. How could I possibly debug this? statistics-channels { inet * port 8080 allow { ACL; }; }; Solaris 9 Bind 9.5.2 compiled on Solaris 8 with configure --prefix=/usr --with-openssl=/usr/local/ssl --enable-ipv6 --localstatedir=/var --sysconfdir=/var/named If it is silent death at specific time (look at the stats web page) then why not to truss the daemon? Btw. no core file on the system? Best regards, Milan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.5 on Solaris dies silently
Milan Jurik writes: [...] If it is silent death at specific time (look at the stats web page) then why not to truss the daemon? Btw. no core file on the system? Thank you (and Andrew) for the suggestion. Unfortunately, the problem seems to be intermittent and I cannot reproduce it at will. I've been bombarding the stats server with wget for hours no, and named is still running. No core files. Will keep trying this for a few days. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
slave transfer troubleshooting issue
I have two Debian servers running BIND 9.5.1-p3 (master and slave). I have taken the configs from a production environment that work, just changed IP addresses. I am having problems sorting out why the slave fails to tranfer files from the master. The /var/log/bind/named.log on the master shows that all relevant zones have been loaded. When I check the /var/log/bind/named.log file the slave is only loading the defaults: 06-Oct-2009 12:09:45.358 general: info: zone 0.in-addr.arpa/IN/internal: loaded serial 1 06-Oct-2009 12:09:45.358 general: info: zone 127.in-addr.arpa/IN/internal: loaded serial 1 06-Oct-2009 12:09:45.358 general: info: zone 255.in-addr.arpa/IN/internal: loaded serial 1 06-Oct-2009 12:09:45.362 general: info: zone localhost/IN/internal: loaded serial 2 06-Oct-2009 12:09:45.362 general: info: zone bind/CH/external-chaos: loaded serial 1 06-Oct-2009 12:09:45.366 general: notice: running My named.conf file has an include statement for named.conf.local. I've checked permissions, files and all seems to be okay. I must be missing something simple. What is the best way to debug why the slave does not seem to attempt a transfer of the additional zones from the master? Thank you, Frank ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
New BIND user
Hello everyone, I am using a mix of MS DNS and XP workstations with a DNS software (simple Dns +) I am now looking to move into BIND world under *nix distributions. Would you recommend me reading/using a specific reference ? Book, URL, distribution, tutorial Thank you, your help is appreciated. Martin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: New BIND user
Best place to start in my mind is the O'Reily book DNS and BIND by Cricket. It's where I started and the first thing a person had to read before I started training them back in the day. On Tue, Oct 6, 2009 at 12:47 PM, NéoSynergix | Martin Dubreuil martin.dubre...@neosynergix.com wrote: Hello everyone, I am using a mix of MS DNS and XP workstations with a DNS software (simple Dns +) I am now looking to move into BIND world under *nix distributions. Would you recommend me reading/using a specific reference ? Book, URL, distribution, tutorial… Thank you, your help is appreciated. *Martin* ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: recursion on auth-only server
Matus UHLAR - fantomas wrote: I have moved authoritative server to new IP address. I have changed the DNS name pointing to it so the NS would point to the new IP. Now I looked at the traffic and it seems that there are ~4 of 1000 recursive requests sent to it. Are there any known resolvers that can iterate through NS hierarchy, or iterative DNS servers that send resursive requests anywhere? On 02.10.09 18:50, Peter Dambier wrote: I know you can use bind as your local resolver. It does query from the root down until it finds what it is looking for - when you don't use forwarders. I know that too but this particular server isn't designed to be used as recursive and I don't want it to be. dnscache which is part of djbdns does always query from the root down. It never uses forwarders. I don't know for sure if the Authoritative Answer Only bit is set but I guess no. It's RD (recursion desired) flag and my question is if any nameserver is known by sending queries with this flag set. I don't care if they do recursion themselves, but if anyone asks this server with RD flag set, the answer will be venemous. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Query Refused problem
On 01.10.09 19:10, Sven Eschenberg wrote: Funny enough, I did not have any allow-query at all, but adding allow-query {any;} did indeed change the behavior. But allow-query-cache obviously defaults to localhost, localnets and was triggering the behavior that confused me. Matus UHLAR - fantomas schrieb: OK, again: did you have any other allows ? Which means allow-recursion, allow-query-cache On 02.10.09 11:18, Sven Eschenberg wrote: recursion yes; - does this fall into the same category by any chanc? I used it in some views ecplicitly. no. I really wander how could using allow-query help anything, since it defaults to any;. I thought there's something misconfigured on your server... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SIBLING GLUE address records (A or AAAA)
On Mon, Oct 5, 2009 at 3:59 PM, Sergio Ramirez srami...@seciu.edu.uy mailto:srami...@seciu.edu.uy wrote: example.xx NS ns1.example.xx example.xx NS ns2.example.xx ns1.example.xx A 11.22.33.44 ns2.example.xx A 11.22.33.55 otherexample.xx NS ns3.example.xx otherexample.xx NS ns4.example.xx the bind report these messages: ns3.example.xx has no SIBLING GLUE address records (A or ) ns4.example.xx has no SIBLING GLUE address records (A or ) because the glue records are not configured in the zone .xx, for ns3.example.xx and ns4.example.xx Are these glue records requiered ? Ben Croswell escribió: Since the parent .xx is delegating to the second-level domains, if you do glue for all four DNS servers you are preventing a remote DNS server from having to go to the servers for example.xx to get the A records for the DNS servers for otherexample.xx. On 05.10.09 18:30, Sergio Ramirez wrote: But the problem is if the administrator of zone example.xx decides to change the ip address of the ns3.example.xx and ns4.example.xx, the glue records will be wrong. otoh, if the administrator of example.xx decides to remove ns3 and ns4, otherexample.xx won't be able to resolve. Imho, the sibling glue records are bad, just because of your example. They should not be put in domain - only example.xx maintainer should be allowed to put glue records for example.xx into the .xx zone and only when they are used for .xx zone. And imho, domains should not be registered on servers that do not have their glue records in the proper zone, .xx or other. That would spare servers from many useless lookups. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave transfer troubleshooting issue
On 06.10.09 12:20, Frank Pikelner wrote: I have two Debian servers running BIND 9.5.1-p3 (master and slave). I have taken the configs from a production environment that work, just changed IP addresses. I am having problems sorting out why the slave fails to tranfer files from the master. The /var/log/bind/named.log on the master shows that all relevant zones have been loaded. When I check the /var/log/bind/named.log file the slave is only loading the defaults: 06-Oct-2009 12:09:45.358 general: info: zone 0.in-addr.arpa/IN/internal: loaded serial 1 06-Oct-2009 12:09:45.358 general: info: zone 127.in-addr.arpa/IN/internal: loaded serial 1 06-Oct-2009 12:09:45.358 general: info: zone 255.in-addr.arpa/IN/internal: loaded serial 1 06-Oct-2009 12:09:45.362 general: info: zone localhost/IN/internal: loaded serial 2 06-Oct-2009 12:09:45.362 general: info: zone bind/CH/external-chaos: loaded serial 1 06-Oct-2009 12:09:45.366 general: notice: running My named.conf file has an include statement for named.conf.local. I've checked permissions, files and all seems to be okay. I must be missing something simple. What is the best way to debug why the slave does not seem to attempt a transfer of the additional zones from the master? It seems you did not configure bind to have any slave zones. do you have any slave zone statements on the second server? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: recursion on auth-only server
In article mailman.674.1254859742.14796.bind-us...@lists.isc.org, Matus UHLAR - fantomas uh...@fantomas.sk wrote: It's RD (recursion desired) flag and my question is if any nameserver is known by sending queries with this flag set. I don't care if they do recursion themselves, but if anyone asks this server with RD flag set, the answer will be venemous. Nameservers should only set the RD flag in the queries they send if they're configured to use forwarders. It should never be sent when they're following the delegation chain themselves. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: recursion on auth-only server
Once upon a time, Matus UHLAR - fantomas uh...@fantomas.sk said: I don't care if they do recursion themselves, but if anyone asks this server with RD flag set, the answer will be venemous. You should realize that anybody trying to debug possible DNS issues might issue queries directly to your server with tools like dig, which requests recursion by default. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users