Reverse lookup failing when arpa.dlv.isc.org appeared
I'll be reporting this to bind-bugs, but I thought I would mention it here in case others can confirm the effect. Our two main ecursive nameservers used DNSSEC validation via dlv.isc.org. In the past we have had suspicions that there are glitches when new entries appear in the DLV zone. For example, we got reports that users were temporarily unable to access CERN web sites on the morning that cz went into dlv.isc.org. So I have been waiting with some trepidation for arpa to go in, although I held out the hope that any bugs of this sort would have been fixed by BIND 9.6.2, which we are now using. Well, it seems that they haven't. arpa went into dlv.isc.org this morning, and by the time I noticed that, one of the nameservers was giving SERVFAILs for many reverse lookups until I did an rndc flushname arpa on it. The other seemed OK, but I suspect it had been giving such SERVFAILs earlier. Of course, in an ideal world I would have taken cache dumps, etc, but these are operationally significant servers and it was more important to get reverse lookup working again asap. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone Statistics in Bind9.7.0
At Wed, 10 Mar 2010 14:45:48 +0100, Dangl, Thomas thomas.t.da...@siemens.com wrote: in Bind 9.6.2 the zone statistics looked like that: Now with Bind9.7.0 it only covers zone name4.3.2.1.e164.arpa/IN/name rdataclassIN/rdataclass serial8/serial /zone Is there some way to get the full scope of counters that came with the Bind9.6.2? I tried activating zone-statistics in each zone statement, but that didnt change anything. I didn't see any difference in the code that can possibly affect this point between 9.6 and the head branch (which I believe is identical to 9.7.0 on this point). Are you sure you specify zone-statistics yes; in the options statement? --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
TSIG fails intermittently but dig works
Hi, I have two servers each running bind 9.7.0. I have TSIG setup on the servers. I upgraded the hardware on the primary server. The IPs and the config remained the same. I upgrade BIND from 9.4.3-P3 to 9.7.0 at the same time on the primary. Prior to the hardware/BIND upgrade TSIG worked good. The new primary is running on a sun T5120 with Solaris 10. The older secondary is running on a sun v250 with Solaris 8. Now it fails on some zones and works on others. If I use dig to do a zone transfer all zones transfer ok. Here is the syntax I use: dig -y st-dns-key:key_omitted @142.163.211.10 ips.com-- this works only with dig, named will not transfer. dig -y st-dns-key:key_omitted @142.163.211.10 zazu.com -- this works with dig and named will transfer. Logs from secondary trying to transfer the zones ___ Here is a zone that works: 25-Mar-2010 12:25:23.058 general: info: zone zazu.ca/IN: Transfer started. 25-Mar-2010 12:25:23.065 xfer-in: info: transfer of 'zazu.ca/IN' from 142.163.211.10#53: connected using 142.163.20.10#56583 25-Mar-2010 12:25:23.105 general: info: zone zazu.ca/IN: transferred serial 2007052406: TSIG 'st-dns-key' 25-Mar-2010 12:25:23.106 xfer-in: info: transfer of 'zazu.ca/IN' from 142.163.211.10#53: Transfer completed: 1 messages, 14 records, 482 bytes, 0.040 secs (12050 bytes/sec) This zone will not transfer 25-Mar-2010 12:23:28.029 notify: info: client 142.163.211.10#37594: received notify for zone 'ips.com': TSIG 'st-dns-key' 25-Mar-2010 12:23:28.041 general: info: zone ips.com/IN: refresh: failure trying master 142.163.211.10#53 (source 0.0.0.0#0): tsig verify failure Both servers are using ntp and are the time is synced up. I have thousands of zones most of them will transfer to the secondary. I have tried many things with no luck(my secondary was running an older version of bind so I upgraded it) Any help would be appreciated. Greg Kuechle Sorry about the notice appended to the email NOTICE: This confidential e-mail message is only for the intended recipient(s). If you are not the intended recipient, be advised that disclosing, copying, distributing, or any other use of this message, is strictly prohibited. In such case, please destroy this message and notify the sender.___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: TSIG fails intermittently but dig works
In message off7240f74.a2c76455-on062576f1.0068f1ea-062576f1.006c5...@sasktel.s k.ca, Greg Kuechle writes: Hi, I have two servers each running bind 9.7.0. I have TSIG setup on the servers. I upgraded the hardware on the primary server. The IPs and the config remained the same. I upgrade BIND from 9.4.3-P3 to 9.7.0 at the same time on the primary. Prior to the hardware/BIND upgrade TSIG worked good. The new primary is running on a sun T5120 with Solaris 10. The older secondary is running on a sun v250 with Solaris 8. Now it fails on some zones and works on others. If I use dig to do a zone transfer all zones transfer ok. Here is the syntax I use: dig -y st-dns-key:key_omitted @142.163.211.10 ips.com-- this works only with dig, named will not transfer. dig -y st-dns-key:key_omitted @142.163.211.10 zazu.com -- this works with dig and named will transfer. Logs from secondary trying to transfer the zones ___ Here is a zone that works: 25-Mar-2010 12:25:23.058 general: info: zone zazu.ca/IN: Transfer started. 25-Mar-2010 12:25:23.065 xfer-in: info: transfer of 'zazu.ca/IN' from 142.163.211.10#53: connected using 142.163.20.10#56583 25-Mar-2010 12:25:23.105 general: info: zone zazu.ca/IN: transferred serial 2007052406: TSIG 'st-dns-key' 25-Mar-2010 12:25:23.106 xfer-in: info: transfer of 'zazu.ca/IN' from 142.163.211.10#53: Transfer completed: 1 messages, 14 records, 482 bytes, 0.040 secs (12050 bytes/sec) This zone will not transfer 25-Mar-2010 12:23:28.029 notify: info: client 142.163.211.10#37594: received notify for zone 'ips.com': TSIG 'st-dns-key' 25-Mar-2010 12:23:28.041 general: info: zone ips.com/IN: refresh: failure trying master 142.163.211.10#53 (source 0.0.0.0#0): tsig verify failure Both servers are using ntp and are the time is synced up. I have thousands of zones most of them will transfer to the secondary. I have tried many things with no luck(my secondary was running an older version of bind so I upgraded it) Any help would be appreciated. Greg Kuechle Ensure that you have installed all patches from Sun. This sounds like a bug in cool threads. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How can I improve the startup speed of named
I have 40+ domains, how to improve the startup speed of named。 The first startup took more than 3 hours. named version:bind-9.7.0-P1 To build with --enable-threads Cent OS 5.4(64Bit) Intel(R) Xeon(R) CPU E5405 @ 2.00GHz(4*2 cores) Memory: 16G -- ShanyiWan 2010-03-26 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
