Re: Dynamically add zones
In message 4c5220c1.7060...@isc.org, Alan Clegg writes: Will this functionality be available through an api? Or will it just be through rndc ? Not sure what API we would use beyond rndc. If you have recommendations, please e-mail me directly or give me a phone call (+1-919-355-885) and let's talk about it... rndc just makes libisccc (ISC Command Channel) calls to talk to the nameserver. One can use libisccc directly if one wants. Look at the rndc code for examples of how to do this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Dynamically add zones
Thanks. I use the libisccc where possible. -- Jack Tavares How many more can we sell with this button? From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Mark Andrews [ma...@isc.org] Sent: Friday, July 30, 2010 01:53 To: Alan Clegg Cc: bind-users@lists.isc.org Subject: Re: Dynamically add zones In message 4c5220c1.7060...@isc.org, Alan Clegg writes: Will this functionality be available through an api? Or will it just be through rndc ? Not sure what API we would use beyond rndc. If you have recommendations, please e-mail me directly or give me a phone call (+1-919-355-885) and let's talk about it... rndc just makes libisccc (ISC Command Channel) calls to talk to the nameserver. One can use libisccc directly if one wants. Look at the rndc code for examples of how to do this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: multi-master and ixfr-from-differences: failed: new serial (2010060900) out of range
On 10.06.10 09:34, Matus UHLAR - fantomas wrote: Jun 9 23:11:58 mydb02 named[1427]: general: error: zone ./IN: ixfr-from-differences: failed: new serial (2010060900) out of range [2010060901 - 4157544547] In message 20100625060415.ga18...@fantomas.sk, Matus UHLAR - fantomas writes: We get these quite often. Any idea where could be the problem? On 25.06.10 16:10, Mark Andrews wrote: Turn off try-tcp-refresh. In message 20100625072717.gc18...@fantomas.sk, Matus UHLAR - fantomas writes: Is there better documentation for the try-tcp-refresh option? While I have no reason not to trust you, I would like to understand the problem itself. Is looksa likt the tcp refresh would transfer the zone independently on SOA serial arithmetics. On 25.06.10 17:49, Mark Andrews wrote: With try-tcp-refresh yes; the udp retries fail to the master that is behind. Named does a axfr from that master and you get the message you see. So it blindly tries to create diff for IXFR without comparing serials first. The following may also help as it turns on SOA before AXFR for the ixfr-from-differences case. This has not been tested. I am sorry this patch does not work as expected, I am still receiving the message. Index: lib/dns/zone.c === RCS file: /proj/cvs/prod/bind9/lib/dns/zone.c,v retrieving revision 1.540.2.26 diff -u -r1.540.2.26 zone.c --- lib/dns/zone.c2 Jun 2010 01:00:28 - 1.540.2.26 +++ lib/dns/zone.c25 Jun 2010 07:47:41 - @@ -11946,7 +11950,10 @@ } else if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS)) { dns_zone_log(zone, ISC_LOG_DEBUG(1), ixfr-from-differences set, requesting AXFR from %s, master); - xfrtype = dns_rdatatype_axfr; + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR)) + xfrtype = dns_rdatatype_soa; + else + xfrtype = dns_rdatatype_axfr; } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) { dns_zone_log(zone, ISC_LOG_DEBUG(1), forced reload, requesting AXFR of -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
trusted.keys
Can someone point me to some documentation on what this 'trusted.keys' stuff is all about? -- Reg.Clemens r...@dwf.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Do you guys have any hints yet on what it might look like or are you still looking for recommendations? Dan Durrer No-IP On Jul 30, 2010, at 10:44 AM, Evan Hunt wrote: Note that the syntax for this set of tools (dynamic zone creation) is a bit in flux and may be completely changed between 9.7.2 and 9.7.3. For that matter, I expect it to change significantly before the final release of 9.7.2. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Note that the syntax for this set of tools (dynamic zone creation) is a bit in flux and may be completely changed between 9.7.2 and 9.7.3. For that matter, I expect it to change significantly before the final release of 9.7.2. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trusted.keys
On 07/30/2010 12:54 PM, clem...@dwf.com wrote: Can someone point me to some documentation on what this 'trusted.keys' stuff is all about? Is this sufficient? http://www.isc.org/files/arm96.html#id2566007 With an example at: http://www.isc.org/community/blog/201007/using-root-dnssec-key-bind-9-resolvers -- Matthew Horsfall Developer Dynamic Network Services Inc. http://www.dyn.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Still not getting this to work just right, refused queries to newly added zones. If I config the zone as a master or as a slave it adds with a success from rndc. Logs show sending notfies as master or completed zone transfer and zone system file creation if slave. Query to the newly added zone comes back as refused. If I run reconfig it will start answering queries, but I'm guessing that is because its just re-reading the include from new-zone-file. Am I missing something here? Dan On Jul 29, 2010, at 5:33 PM, Dan Durrer wrote: Alan, So is managed.zone.list and zone.list named differently on purpose or is that a typo? Dan On Jul 29, 2010, at 5:23 PM, Alan Clegg acl...@isc.org wrote: On 7/29/2010 7:19 PM, Dan Durrer wrote: Alan, I was playing around with your example. I can get it to add the zone ( that is no rndc errors or syslog messages). I see it send notifies for the new zone in my log. 29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN: sending notifies (serial 12) I also added the global option new-zone-file my_new_zones.dat and I see that file being populated with the new zones statements I've added via rndc. The server however responds with a REFUSED for this zone or any others done via addzone. If i take the zone option statement in my_new_zones.dat and apply them to named.conf and reconfig it resolves just fine. Anyone else experiencing this? include the my_new_zones.dat into your named.conf... my entire named.conf on the sample system reads: SNIP options { directory /etc/namedb; dnssec-enable yes; dnssec-validation yes; new-zone-file /etc/namedb/managed.zone.list; key-directory /etc/namedb/keys; }; include /etc/namedb/zone.list; SNIP Note that the syntax for this set of tools (dynamic zone creation) is a bit in flux and may be completely changed between 9.7.2 and 9.7.3. The functionality will be there, but it might be a bit different in implementation.. (beware!) AlanC ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users