date:20100730

Re: Dynamically add zones

2010-07-30 Thread Mark Andrews


In message 4c5220c1.7060...@isc.org, Alan Clegg writes:
  Will this functionality be available through an api?
  Or will it just be through rndc ?
 
 Not sure what API we would use beyond rndc.  If you have
 recommendations, please e-mail me directly or give me a phone call
 (+1-919-355-885) and let's talk about it...

rndc just makes libisccc (ISC Command Channel) calls to talk to the
nameserver.  One can use libisccc directly if one wants.  Look at the
rndc code for examples of how to do this.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Dynamically add zones

2010-07-30 Thread Jack Tavares

Thanks. I use the libisccc where possible.

--
Jack Tavares
How many more can we sell with this button?

From: bind-users-bounces+j.tavares=f5@lists.isc.org 
[bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Mark Andrews 
[ma...@isc.org]
Sent: Friday, July 30, 2010 01:53
To: Alan Clegg
Cc: bind-users@lists.isc.org
Subject: Re: Dynamically add zones

In message 4c5220c1.7060...@isc.org, Alan Clegg writes:
  Will this functionality be available through an api?
  Or will it just be through rndc ?

 Not sure what API we would use beyond rndc.  If you have
 recommendations, please e-mail me directly or give me a phone call
 (+1-919-355-885) and let's talk about it...

rndc just makes libisccc (ISC Command Channel) calls to talk to the
nameserver.  One can use libisccc directly if one wants.  Look at the
rndc code for examples of how to do this.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: multi-master and ixfr-from-differences: failed: new serial (2010060900) out of range

2010-07-30 Thread Matus UHLAR - fantomas

On 10.06.10 09:34, Matus UHLAR - fantomas wrote:
 Jun  9 23:11:58 mydb02 named[1427]: general: error: zone ./IN: 
 ixfr-from-differences: failed: new serial (2010060900) out of range 
 [2010060901 - 4157544547]
  
   In message 20100625060415.ga18...@fantomas.sk, Matus UHLAR - fantomas 
   writes:
We get these quite often. Any idea where could be the problem?
  
  On 25.06.10 16:10, Mark Andrews wrote:
   Turn off try-tcp-refresh.

 In message 20100625072717.gc18...@fantomas.sk, Matus UHLAR - fantomas 
 writes:
  Is there better documentation for the try-tcp-refresh option?
  While I have no reason not to trust you, I would like to understand the
  problem itself. Is looksa likt the tcp refresh would transfer the zone
  independently on SOA serial arithmetics.

On 25.06.10 17:49, Mark Andrews wrote:
 With try-tcp-refresh yes; the udp retries fail to the master that
 is behind.  Named does a axfr from that master and you get the message
 you see.

So it blindly tries to create diff for IXFR without comparing serials first.

 The following may also help as it turns on SOA before AXFR for the
 ixfr-from-differences case.  This has not been tested.

I am sorry this patch does not work as expected, I am still receiving the
message. 

 Index: lib/dns/zone.c
 ===
 RCS file: /proj/cvs/prod/bind9/lib/dns/zone.c,v
 retrieving revision 1.540.2.26
 diff -u -r1.540.2.26 zone.c
 --- lib/dns/zone.c2 Jun 2010 01:00:28 -   1.540.2.26
 +++ lib/dns/zone.c25 Jun 2010 07:47:41 -
 @@ -11946,7 +11950,10 @@
   } else if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS)) {
   dns_zone_log(zone, ISC_LOG_DEBUG(1), ixfr-from-differences 
set, requesting AXFR from %s, master);
 - xfrtype = dns_rdatatype_axfr;
 + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR))
 + xfrtype = dns_rdatatype_soa;
 + else
 + xfrtype = dns_rdatatype_axfr;
   } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) {
   dns_zone_log(zone, ISC_LOG_DEBUG(1),
forced reload, requesting AXFR of 

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

trusted.keys

2010-07-30 Thread clemens

Can someone point me to some documentation on what this 'trusted.keys' 
stuff is all about?
-- 
Reg.Clemens
r...@dwf.com


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamically add zones

2010-07-30 Thread Dan Durrer

Do you guys have any hints yet on what it might look like or are you still 
looking for recommendations?


Dan Durrer
No-IP 




On Jul 30, 2010, at 10:44 AM, Evan Hunt wrote:

 Note that the syntax for this set of tools (dynamic zone creation) is a
 bit in flux and may be completely changed between 9.7.2 and 9.7.3.
 
 For that matter, I expect it to change significantly before the final
 release of 9.7.2.
 
 -- 
 Evan Hunt -- e...@isc.org
 Internet Systems Consortium, Inc.
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamically add zones

2010-07-30 Thread Evan Hunt

 Note that the syntax for this set of tools (dynamic zone creation) is a
 bit in flux and may be completely changed between 9.7.2 and 9.7.3.

For that matter, I expect it to change significantly before the final
release of 9.7.2.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: trusted.keys

2010-07-30 Thread Matthew Horsfall

On 07/30/2010 12:54 PM, clem...@dwf.com wrote:
 Can someone point me to some documentation on what this 'trusted.keys' 
 stuff is all about?

Is this sufficient?

http://www.isc.org/files/arm96.html#id2566007

With an example at:

http://www.isc.org/community/blog/201007/using-root-dnssec-key-bind-9-resolvers

-- 
Matthew Horsfall
Developer
Dynamic Network Services Inc.
http://www.dyn.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamically add zones

2010-07-30 Thread Dan Durrer

Still not getting this to work just right,  refused queries to newly added 
zones.

If I config the zone as a master or as a slave it adds with a success from rndc.
 
Logs show sending notfies as master or completed zone transfer and zone system 
file creation if slave.

Query to the newly added zone comes back as refused.  

If I run reconfig it will start answering queries, but I'm guessing that is 
because its just re-reading the include from new-zone-file.   Am I missing 
something here?

Dan




On Jul 29, 2010, at 5:33 PM, Dan Durrer wrote:

 Alan,
 
 So is managed.zone.list and zone.list  named differently on purpose or is 
 that a typo? 
 
 Dan
 
 On Jul 29, 2010, at 5:23 PM, Alan Clegg acl...@isc.org wrote:
 
 On 7/29/2010 7:19 PM, Dan Durrer wrote:
 Alan,
 
 I was playing around with your example.  I can get it to add the zone
 ( that is no rndc errors or syslog messages).
 
 I see it send notifies for the new zone in my log.
 
 29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN:
 sending notifies (serial 12)
 
 I also added the global option  new-zone-file my_new_zones.dat and
 I see that file being populated with the new zones statements I've
 added via rndc.
 
 The server however responds with a REFUSED for this zone or any
 others done via addzone.
 
 If i take the zone option statement in my_new_zones.dat and apply
 them to named.conf and reconfig it resolves just fine.  Anyone else
 experiencing this?
 
 include the my_new_zones.dat into your named.conf... my entire
 named.conf on the sample system reads:
 
 SNIP
 options {
   directory /etc/namedb;
   dnssec-enable yes;
   dnssec-validation yes;
   new-zone-file /etc/namedb/managed.zone.list;
   key-directory /etc/namedb/keys;
 };
 
 include /etc/namedb/zone.list;
 SNIP
 
 Note that the syntax for this set of tools (dynamic zone creation) is a
 bit in flux and may be completely changed between 9.7.2 and 9.7.3. The
 functionality will be there, but it might be a bit different in
 implementation.. (beware!)
 
 AlanC
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamically add zones

RE: Dynamically add zones

Re: multi-master and ixfr-from-differences: failed: new serial (2010060900) out of range

trusted.keys

Re: Dynamically add zones

Re: Dynamically add zones

Re: trusted.keys

Re: Dynamically add zones

8 matches

Site Navigation

Mail list logo

Footer information