Re: cache dead records
On 22.10.09 23:45, net...@royal.net wrote: > We are using bind9 for DNS Cache. > What the problem is, sometime the IP address for a domain is dead, but > Bind won't know, and still responds the dead IP to clients, after that > clients access the sites failed. > So is there a way to do health check for destination IPs before > responding the DNS answers? what should it respond in case of unavailability? NXDOMAIN? or refuse the service? You are trying to resolve problem on bad place. It's almost as bad as translating NXDOMAIN responses to A records pointing to a server where... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cache dead records
On Oct 23, 2009, at 5:45, net...@royal.net wrote: We are using bind9 for DNS Cache. What the problem is, sometime the IP address for a domain is dead, but Bind won't know, and still responds the dead IP to clients, after that clients access the sites failed. So is there a way to do health check for destination IPs before responding the DNS answers? It is not the job of DNS to test system availability. If the systems in question move often, you need to plan ahead by providing the associated RRSets with more appropriate TTLs. AlanC ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
cache dead records
Hello, We are using bind9 for DNS Cache. What the problem is, sometime the IP address for a domain is dead, but Bind won't know, and still responds the dead IP to clients, after that clients access the sites failed. So is there a way to do health check for destination IPs before responding the DNS answers? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: call for testers (Re: ISC BIND 9.7.0b1 is now available)
Backtrace executes successfully on the latest build of OpenSolaris for SPARC (snv_125) with gcc version 3.4.6 # uname -a SunOS nemesis 5.11 snv_125 sun4u sparc SUNW, 5-slot Sun Enterprise E3500 # gcc -v Reading specs from /usr/local/lib/gcc/sparc-sun-solaris2.10/3.4.6/specs Configured with: ../configure --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld --enable-shared --enable-languages=c,c++,f77 Thread model: posix gcc version 3.4.6 Regards, -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of JINMEI Tatuya / Sent: Wednesday, October 21, 2009 8:18 PM To: bind-us...@isc.org Subject: Re: call for testers (Re: ISC BIND 9.7.0b1 is now available) At Wed, 21 Oct 2009 15:50:00 -0700, JINMEI Tatuya wrote: > On success, "backtrace_test" simply exits without any output (I know > it's not a good UI); if something goes wrong it will dump some warning > messages to stderr and exit with a non-0 exit code. If the test fails > on your platform, please report it to bind9-b...@isc.org, including > the OS, its version, and hardware architecture (x86, amd64, sparc, > etc). I've seen a couple of prompt reports (thanks!), and these reports reminded me that I forgot to ask for one more element of the platform: compiler. Please include which compiler you use with your reports. Thanks again, --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: isc.org has signed delegation
On 22-Oct-2009, at 01:16, Loren M. Lang wrote: I just noticed that isc.org has a signed delegation from the .org name servers. I am curious what registrar you went through to get this. .org is doing a limited production release of DNSSEC right now, referred to as "Friends & Family." There are a small number of secured delegations which were arranged directly between the registry and the registrants involved; ISC is one of those registrants. A full production rollout, where you can supply DS records to your registrar, will be coming later. Matt ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers (Re: ISC BIND 9.7.0b1 is now available)
> > Possibly also useful to report success here so that many people aren't > > needlessly repeating the same test. - NetBSD 4.99.62 amd64, gcc 4.1.3 20080202 prerelease (NetBSD nb1 20080202) - NetBSD 5.0.0_PATCH i386, pcc 0.9.9 (HEAD) for i386-unknown-netbsdelf5.0.0. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers
Solaris 10 sparc running on T5120 $ uname -a SunOS hosting1 5.10 Generic_137111-04 sun4v sparc SUNW,SPARC-Enterprise-T5120 $ gcc -v Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs Configured with: /sfw10/builds/build/sfw10-patch/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/ccs/bin/as --without-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared Thread model: posix gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) $ ./backtrace_test isc_backtrace_gettrace failed: not implemented $ echo $? 1 Debian 5 sparc running on Sun E250 $ gcc -v Using built-in specs. Target: sparc-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --with-cpu=v8 --with-long-double-128 --enable-checking=release --build=sparc-linux-gnu --host=sparc-linux-gnu --target=sparc-linux-gnu Thread model: posix gcc version 4.3.2 (Debian 4.3.2-1.1) $ uname -a Linux squat 2.6.26-2-sparc64-smp #1 SMP Sun Jun 21 05:58:06 UTC 2009 sparc64 GNU/Linux $ ./backtrace_test isc_backtrace_gettrace failed: not found $ echo $? 1 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.7.0a3 PKCS11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 greg.ra...@ins.com pisze: > Once you have built OpenSSL, run "apps/openssl engine" to confirm that > > PKCS #11 support was compiled in correctly. The output should include the > > line: > > (pkcs11) PKCS #11 engine support > > If the output is correct, run "make install". > > I don’t see that line in my output. Any ideas where to look for my > problem? I know that it is not a 32/64 bit mismatch problem, as all my > libraries are 32-bit. Any help is appreciated. > > Thanks, > > Greg > hello all, i have same problem here. i'm trying to compile openssl on GNU/Linux, using opensc pkcs11 library and it looks ok (it compiles without errors) but first test according to README.pkcs11 shows nothing more than: $ ./apps/openssl engine pkcs11 (pkcs11) pkcs11 engine and while trying to initialize the PKCS #11 engine: $ ./apps/openssl engine pkcs11 -t (pkcs11) pkcs11 engine unable to load module (null) [ unavailable ] Segmentation fault compiling openssl with debugging symbols shows: (pkcs11) pkcs11 engine unable to load module (null) [ unavailable ] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7e796b0 (LWP 8540)] 0x08101505 in err_cmp (a_void=0xb4b78418, b_void=0x81d86c0) at err_def.c:577 577 return((int)(((const ERR_STRING_DATA *)a_void)->error - (gdb) backtrace #0 0x08101505 in err_cmp (a_void=0xb4b78418, b_void=0x81d86c0) at err_def.c:577 #1 0x080ff203 in getrn (lh=0xb74a9fa0, data=0x81d86c0, rhash=0xbfc30e58) at lhash.c:427 #2 0x080fec40 in lh_delete (lh=0xb74a9fa0, data=0x81d86c0) at lhash.c:224 #3 0x08100e07 in int_err_del_item (d=0x81d86c0) at err_def.c:333 #4 0x081012a3 in ERR_unload_strings (lib=128, str=0x81d86c0) at err_def.c:492 #5 0x08149b9a in ERR_unload_CCA4758_strings () at e_4758cca_err.c:138 #6 0x08149e27 in ibm_4758_cca_destroy (e=0xb4fe2f98) at e_4758cca.c:267 #7 0x080e9ac9 in engine_free_util (e=0xb4fe2f98, locked=0) at eng_lib.c:131 #8 0x080ea0f0 in engine_list_remove (e=0xb4fe2f98) at eng_list.c:187 #9 0x080ea406 in ENGINE_remove (e=0xb4fe2f98) at eng_list.c:306 #10 0x080e9e73 in engine_list_cleanup () at eng_list.c:88 #11 0x080e9c3c in engine_cleanup_cb_free (item=0xb5223ffc) at eng_lib.c:183 #12 0x080fe774 in sk_pop_free (st=0xb5217fec, func=0x80e9c2f ) at stack.c:290 #13 0x080e9c78 in ENGINE_cleanup () at eng_lib.c:190 #14 0x0804a706 in main (Argc=3, Argv=0xbfc31528) at openssl.c:370 - -- regards zbigniew jasinski [SYStem OPerator] .: www.dns.pl :. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJK4C+CAAoJEH26UYiRhe/gMQUP/3hJON0UCkdOnRL8SEeVl5Tg IZ4tUXbvD60XIh+GBBerLBBehUJmct8YeGzZVZJ4RVH7pmRunvOl+nPuQz91KMzx QNzd0SNFAT2IGZas+a3lnTXvONG/Ymd7eZtCQ8NZPeStE8TIy9GOhA9M4sAKjJ+v wWGJaDmTh6v9fgHrX5KKGBExTymO9RdGK9tVZibengS6RluZtC+t7V0n8anzarZv mfVQ9YHZfVrg5SbKD4B2NJBRmBr3KKKB2LQ1dJU17pFxRfxkozGdBZtBktZLOKR9 vO74r440osRFRA/ytv8sfoRandE9rh6H/4BMDDJWu+m1d8DKWXVfItba3s8ByMRS j+8Rw1Hdl4XAKdxxHrViLifXCFIGWHLUobQ0hTqFLzX5T9AtcMpKdDqtdpLliah4 Swejr8W7JNzIzaOunxc3Nr4hyktHf5WoHkH+Nm8Pvia2pvzKrOkOUMfbWCU6eKbR Pj88pbNu4Jt5oPSfP7j1+v8Yl/gW6u99AUVdUCiGtP1wy2/dY/DrwNtoRN3hDlvw ZWda1HduzIxzn0J6Q00k78SGTclPTycxAsirvr7XSvE/ZLcWIW5MOJ8PCWbmiQlc YxAVzNOnCyz25Le03lePjsaVcGOS0NXpYE/l4r61230gps/uM9yuipcGAFB7zRvf mBPiLWRdcuFlvtvnqGyX =ejpa -END PGP SIGNATURE- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers (Re: ISC BIND 9.7.0b1 is now available)
JINMEI, we're not using sparc for our bind installations, but this is a feedback on your 'call for testers' (bind compilation went successfully on both compilers): solaris 10 sparc, sun studio 12u1 compiler: $ uname -a SunOS chuck 5.10 Generic_141414-10 sun4u sparc SUNW,Sun-Fire-V440 $ cc -V cc: Sun C 5.10 SunOS_sparc 2009/06/03 [tests]$ ./backtrace_test isc_backtrace_gettrace failed: not implemented [tests]$ echo $? 1 solaris 10 sparc, sun gcc compiler: $ gcc -v Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs Configured with: /sfw10/builds/build/sfw10-patch/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/ccs/bin/as --without-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared Thread model: posix gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) [tests]$ ./backtrace_test isc_backtrace_gettrace failed: not implemented ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers (Re: ISC BIND 9.7.0b1 is now available)
~/bind-9.7.0b1/bin/tests# uname -rna FreeBSD hostname 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue Aug 11 20:18:22 UTC 2009 r...@hostname:/usr/obj/usr/src/sys/GENERIC amd64 [10:09] ttyp0/0 {861}~/bind-9.7.0b1/bin/tests# gcc --version gcc (GCC) 4.2.1 20070719 [FreeBSD] Copyright (C) 2007 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ~/bind-9.7.0b1/bin/tests# uname -rna FreeBSD hostname 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #1: Fri Aug 7 09:47:09 CEST 2009 r...@hostname:/usr/obj/usr/src/sys/GENERIC i386 [10:12] ttyp0/0 r...@hostname{1585}~/bind-9.7.0b1/bin/tests# gcc --version gcc (GCC) 4.2.1 20070719 [FreeBSD] Copyright (C) 2007 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers (Re: ISC BIND 9.7.0b1 is now available)
At Wed, 21 Oct 2009 20:19:59 -0400, Dave Knight wrote: > > > If the test fails > > on your platform, please report it to bind9-b...@isc.org, including > > the OS, its version, and hardware architecture (x86, amd64, sparc, > > etc). > Possibly also useful to report success here so that many people aren't > needlessly repeating the same test. Yes, that's indeed helpful as we actually plan to take an "opt-in" approach, that is, enabling it only for those known to work. This is a list of platforms I've confirmed to work correctly: - FreeBSD 6.1-RELEASE i386, gcc (GCC) 3.4.4 [FreeBSD] 20050518 - FreeBSD 7.0-RC1 amd64, gcc (GCC) 4.2.1 20070719 [FreeBSD] - FreeBSD 8.0-RC1 ia64, gcc (GCC) 4.2.1 20070719 [FreeBSD] - Linux 2.6.25 i686, gcc (Debian 4.3.2-1.1) 4.3.2 - Linux 2.6.18-6-amd64, gcc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) - SunOS 5.10 i86pc(amd64), Sun C 5.7 2005/01/07 - SunOS 5.10 i86pc(amd64), gcc (GCC) 3.4.2 (producing 32-bit code) In general, I expect it should work on - most x86/amd64/IA64 + gcc platforms (regardless of OS) - most Linux variants (assuming the compiler is gcc, regardless of machine arch) So, if it does NOT work on a platform that matches the above condition, it's good to know. Likewise, if it DOES works on a platform that doesn't match the condition, it's also a good input. Other results, which are actually expected but not yet confirmed, are also appreciated. Thanks once again, --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users