Re: Notify "storms"
In message <91aa34af1001181327q7f5de882vf47052ed39d87...@mail.gmail.com>, Todd writes: > Good day all, > > We've run into a problem with our DNS servers. The way we update our > masters is via a CVS Checkout and reload of the zones modified. > Sometimes though, we need to reload the whole config for big > changs/etc. When that happens, all 6 masters (I know, we're getting > rid of some) send notifies to all 80+ (I know, we're getting rid of > some) slaves for all 1800 zones. This causes all the slaves to verify > all 1800 zones on 6 masters, which then delays the changes we made > from actually getting to the slaves. Right now it's about 2.5 hours > for all slaves to do all zones. > > We would like to make this better. We're trying to figure out what > mechanism might be limiting the rate at which the slave does SOA > checks against the master so it can perform that step quicker. We > have looked at the zone transfer limits on the master/slave, but that > is related to the transfer mechanism, not the SOA query. > > Can anyone help with ideas on this? Are we missing something obvious? serial-query-rate > Cheers, > > Todd. > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Notify "storms"
On Mon, Jan 18, 2010 at 1:27 PM, Todd wrote: > Good day all, > > We've run into a problem with our DNS servers. The way we update our > masters is via a CVS Checkout and reload of the zones modified. > Sometimes though, we need to reload the whole config for big > changs/etc. When that happens, all 6 masters (I know, we're getting > rid of some) send notifies to all 80+ (I know, we're getting rid of > some) slaves for all 1800 zones. This causes all the slaves to verify > all 1800 zones on 6 masters, which then delays the changes we made > from actually getting to the slaves. Right now it's about 2.5 hours > for all slaves to do all zones. > > We would like to make this better. We're trying to figure out what > mechanism might be limiting the rate at which the slave does SOA > checks against the master so it can perform that step quicker. We > have looked at the zone transfer limits on the master/slave, but that > is related to the transfer mechanism, not the SOA query. > > Can anyone help with ideas on this? Are we missing something obvious? Might not be what you are looking for but sounds like some of the ideas presented at infrastructures.org might help. -B ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Notify "storms"
Good day all, We've run into a problem with our DNS servers. The way we update our masters is via a CVS Checkout and reload of the zones modified. Sometimes though, we need to reload the whole config for big changs/etc. When that happens, all 6 masters (I know, we're getting rid of some) send notifies to all 80+ (I know, we're getting rid of some) slaves for all 1800 zones. This causes all the slaves to verify all 1800 zones on 6 masters, which then delays the changes we made from actually getting to the slaves. Right now it's about 2.5 hours for all slaves to do all zones. We would like to make this better. We're trying to figure out what mechanism might be limiting the rate at which the slave does SOA checks against the master so it can perform that step quicker. We have looked at the zone transfer limits on the master/slave, but that is related to the transfer mechanism, not the SOA query. Can anyone help with ideas on this? Are we missing something obvious? Cheers, Todd. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows resolver question...
Thank you! I'm surprised google didn't have anything about this. (Bing didn't either which isn't that surprising.) -Kyle On 1/18/2010 1:39 PM, Abello, Vinny wrote: Although this isn't a BIND question but rather a Windows client question, I'll give you the quick answer anyway because this drove me nuts when I went to Vista. Windows Vista and Windows 7 handles unqualified multi-label name queries differently. If you have a period in any part of a hostname, Windows Vista/7 will not append the domain suffix by default during resolution. You can change this behavior by modifying the Local (or network) group policy setting: Computer Configuration\Administrative Templates\Network\DNS Client\Allow DNS Suffix Appending to Unqualified Multi-Lavel Name Queries Set that to Enabled and you should get the old behavior. -Vinny -Original Message- From: On Behalf Of Kyle McDonald Sent: Monday, January 18, 2010 1:07 PM To: bind-users@lists.isc.org Subject: Windows resolver question... I know it's not strictly related to bind, but Google has failed me... I'm hoping to find some expertise (or at least a pointer,) here. :) I work in an environment where most desktops live in the corp.x.com domain, and I manage 2 other subdomains of x.com ). I'm not positive, but I could swear when I was running Windows XP, that I could ping, telnet, ssh, vnc, etc. to abc.sub from my desktop in corp.x.com without any trouble at all. Now I have Windows7, and nothing works without the fully qualified domain name. I have the (risky) checkbox checked to "Append parent suffixes of the primary DNS suffix," just like I did in WinXP. What's different in Win7? Given the split nature of the x.com domain, I'm wondering if Win7 might be keying off the '.' in abc.sub, and going to the root servers on it's own? If this might be the case, Is there a way to modify this behavior? Anyone know the Windows equivalent of setting ndots to 2? -Kyle ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Windows resolver question...
Although this isn't a BIND question but rather a Windows client question, I'll give you the quick answer anyway because this drove me nuts when I went to Vista. Windows Vista and Windows 7 handles unqualified multi-label name queries differently. If you have a period in any part of a hostname, Windows Vista/7 will not append the domain suffix by default during resolution. You can change this behavior by modifying the Local (or network) group policy setting: Computer Configuration\Administrative Templates\Network\DNS Client\Allow DNS Suffix Appending to Unqualified Multi-Lavel Name Queries Set that to Enabled and you should get the old behavior. -Vinny -Original Message- From: On Behalf Of Kyle McDonald Sent: Monday, January 18, 2010 1:07 PM To: bind-users@lists.isc.org Subject: Windows resolver question... I know it's not strictly related to bind, but Google has failed me... I'm hoping to find some expertise (or at least a pointer,) here. :) I work in an environment where most desktops live in the corp.x.com domain, and I manage 2 other subdomains of x.com ). I'm not positive, but I could swear when I was running Windows XP, that I could ping, telnet, ssh, vnc, etc. to abc.sub from my desktop in corp.x.com without any trouble at all. Now I have Windows7, and nothing works without the fully qualified domain name. I have the (risky) checkbox checked to "Append parent suffixes of the primary DNS suffix," just like I did in WinXP. What's different in Win7? Given the split nature of the x.com domain, I'm wondering if Win7 might be keying off the '.' in abc.sub, and going to the root servers on it's own? If this might be the case, Is there a way to modify this behavior? Anyone know the Windows equivalent of setting ndots to 2? -Kyle ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users smime.p7s Description: S/MIME cryptographic signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Windows resolver question...
I know it's not strictly related to bind, but Google has failed me... I'm hoping to find some expertise (or at least a pointer,) here. :) I work in an environment where most desktops live in the corp.x.com domain, and I manage 2 other subdomains of x.com ). I'm not positive, but I could swear when I was running Windows XP, that I could ping, telnet, ssh, vnc, etc. to abc.sub from my desktop in corp.x.com without any trouble at all. Now I have Windows7, and nothing works without the fully qualified domain name. I have the (risky) checkbox checked to "Append parent suffixes of the primary DNS suffix," just like I did in WinXP. What's different in Win7? Given the split nature of the x.com domain, I'm wondering if Win7 might be keying off the '.' in abc.sub, and going to the root servers on it's own? If this might be the case, Is there a way to modify this behavior? Anyone know the Windows equivalent of setting ndots to 2? -Kyle ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
