Re: Can't transfer two zones using two IP addresses
On Tuesday 31 August 2010 21:44:15 Barry Margolin wrote: Do the transfer sources match the match-clients options of the two views? When a connection arrives, it's first associated with a view using this option. Then when the request turns out to be a zone transfer it further checks it against the allow-transfer option. That is the intellectual leap I was looking for. I added the lines view internal { match-clients { !192.168.2.12; 192.168.2/24; }; ... view external { match-clients { !192.168.2.1; any; }; on the server and things worked swimmingly (I was missing the not clauses before). Danka schoen. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: discrepancy with rndc dumpdb -zones
Hi Gordon, We've not seen this before (and it doesn't sound like anyone else has either). What version of BIND is it? Has it reappeared since? Is this a particularly heavily loaded/busy server? Does it have recursive cache as well as authoritative zones? Kind regards, Cathy Gordon A. Lang wrote: After several successful update delete ... nsupdate sends to the master DNS server, verified with dig, the rndc dumpdb -zones command produced named_dump.db file still showing the deleted records. This was repeatable and persistent (over the half hour time period) until I performed a hard restart of named. Has anyone else seen this sort of thing? Can anyone explain this? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: discrepancy with rndc dumpdb -zones
BIND 9.4-ESV-R2 acting as master and also allowing recursive queries. It was just a disaster recovery exercise, so the load was extremely light. It happened repeatedly at the time, but I could not duplicate the problem on the busy production server. Matus posted that it could be journal data, which is believable, but I did not know the dumpdb was supposed to include history -- I thought it was supposed to be a fully digested and cherent snapshot. I have not had time to revist this, but I still do want to find out more. Thanks. -- Gordon A. Lang - Original Message - From: Cathy Almond cat...@isc.org To: bind-users@lists.isc.org Sent: Wednesday, September 01, 2010 6:52 AM Subject: Re: discrepancy with rndc dumpdb -zones Hi Gordon, We've not seen this before (and it doesn't sound like anyone else has either). What version of BIND is it? Has it reappeared since? Is this a particularly heavily loaded/busy server? Does it have recursive cache as well as authoritative zones? Kind regards, Cathy Gordon A. Lang wrote: After several successful update delete ... nsupdate sends to the master DNS server, verified with dig, the rndc dumpdb -zones command produced named_dump.db file still showing the deleted records. This was repeatable and persistent (over the half hour time period) until I performed a hard restart of named. Has anyone else seen this sort of thing? Can anyone explain this? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 and DLZ
On 08/31/2010 12:10 PM, Scott Haneda wrote: If anyone can point me to a simple tutorial, or explain how they managed to get this up and running on RHEL with a current version of BIND, I would appreciate any and all information that can be shared. I will do my best to follow up with what I learn once this is all done so others can hopefully have an easier time. Hi Scott, I have just made a quick write-up of my use of Bind-DLZ on Centos 5.X. I would welcome any comments. http://itsecureadmin.com/2010/09/bind-dlz-with-mysql/ Thanks, -- Josh Miller, RHCE/VCP Seattle, WA Linux Solutions Provider Website: http://itsecureadmin.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 and DLZ
On Sep 1, 2010, at 11:26 AM, Josh Miller wrote: On 08/31/2010 12:10 PM, Scott Haneda wrote: If anyone can point me to a simple tutorial, or explain how they managed to get this up and running on RHEL with a current version of BIND, I would appreciate any and all information that can be shared. I will do my best to follow up with what I learn once this is all done so others can hopefully have an easier time. Hi Scott, I have just made a quick write-up of my use of Bind-DLZ on Centos 5.X. I would welcome any comments. http://itsecureadmin.com/2010/09/bind-dlz-with-mysql/ Thanks! I don't think I will have much issue with the configuration, this is a second install as a slave to a master that resides elsewhere. Probably the hardest part will be getting Mysql to replicate across a non local lan, but it should be not that terrible to get working. My issue seems to be the actual install. I am using this rpm: http://people.redhat.com/atkac/bind/bind-9.7.1-2.P2.fc13.src.rpm When I run rpm -i on that it warns me about mysql-devel and posgresql-devel, so I installed mysql-devel and commented out the need for the postgresql-devel from the spec file. Next up I run: rpmbuild -bb /usr/src/redhat/SPECS/bind.spec That command does not complete, and is also installing a chrooted BIND, which I don't want: Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.84489 + umask 022 + cd /usr/src/redhat/BUILD + LANG=C + export LANG + unset DISPLAY + cd /usr/src/redhat/BUILD + rm -rf bind-9.7.1-P2 + /bin/gzip -dc /usr/src/redhat/SOURCES/bind-9.7.1-P2.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd bind-9.7.1-P2 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + echo 'Patch #5 (bind-nonexec.patch):' Patch #5 (bind-nonexec.patch): + patch -p1 -b --suffix .nonexec -s + echo 'Patch #10 (bind-9.5-PIE.patch):' Patch #10 (bind-9.5-PIE.patch): + patch -p1 -b --suffix .PIE -s + echo 'Patch #16 (bind-9.3.2-redhat_doc.patch):' Patch #16 (bind-9.3.2-redhat_doc.patch): + patch -p1 -b --suffix .redhat_doc -s + echo 'Patch #104 (bind-96-dyndb.patch):' Patch #104 (bind-96-dyndb.patch): + patch -p1 -b --suffix .dyndb -s + echo 'Patch #111 (bind97-compat-default-keysdir.patch):' Patch #111 (bind97-compat-default-keysdir.patch): + patch -p1 -b --suffix .compat-default-keysdir -s + echo 'Patch #101 (bind-96-old-api.patch):' Patch #101 (bind-96-old-api.patch): + patch -p1 -b --suffix .old-api -s + mkdir bin/named-sdb + cp -r bin/named/Makefile.in bin/named/Makefile.in.PIE bin/named/bind.keys.h bin/named/bind9.xsl bin/named/bind9.xsl.h bin/named/bindkeys.pl bin/named/builtin.c bin/named/client.c bin/named/config.c bin/named/control.c bin/named/controlconf.c bin/named/convertxsl.pl bin/named/include bin/named/interfacemgr.c bin/named/listenlist.c bin/named/log.c bin/named/logconf.c bin/named/lwaddr.c bin/named/lwdclient.c bin/named/lwderror.c bin/named/lwdgabn.c bin/named/lwdgnba.c bin/named/lwdgrbn.c bin/named/lwdnoop.c bin/named/lwresd.8 bin/named/lwresd.c bin/named/lwresd.docbook bin/named/lwresd.html bin/named/lwsearch.c bin/named/main.c bin/named/main.c.dyndb bin/named/named.8 bin/named/named.8.redhat_doc bin/named/named.conf.5 bin/named/named.conf.docbook bin/named/named.conf.html bin/named/named.docbook bin/named/named.html bin/named/notify.c bin/named/query.c bin/named/server.c bin/named/server.c.compat-default-keysdir bin/named/server.c.dyndb bin/named/sortlist.c bin/named/statscha nnel.c bin/named/tkeyconf.c bin/named/tsigconf.c bin/named/unix bin/named/update.c bin/named/win32 bin/named/xfrout.c bin/named/zoneconf.c bin/named-sdb + echo 'Patch #11 (bind-9.3.2b2-sdbsrc.patch):' Patch #11 (bind-9.3.2b2-sdbsrc.patch): + patch -p1 -b --suffix .sdbsrc -s + cp -fp contrib/sdb/ldap/ldapdb.c contrib/sdb/ldap/ldapdb.h bin/named-sdb + cp -fp contrib/sdb/pgsql/pgsqldb.c contrib/sdb/pgsql/pgsqldb.h bin/named-sdb + cp -fp contrib/sdb/sqlite/sqlitedb.c contrib/sdb/sqlite/sqlitedb.h bin/named-sdb + cp -fp contrib/sdb/dir/dirdb.c contrib/sdb/dir/dirdb.h bin/named-sdb + mkdir -p bin/sdb_tools + cp -fp /usr/src/redhat/SOURCES/ldap2zone.c bin/sdb_tools/ldap2zone.c + cp -fp /usr/src/redhat/SOURCES/bind-9.3.1rc1-sdb_tools-Makefile.in bin/sdb_tools/Makefile.in + cp -fp contrib/sdb/ldap/zone2ldap.1 contrib/sdb/ldap/zone2ldap.c bin/sdb_tools + cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools + cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools + echo 'Patch #12 (bind-9.5-sdb.patch):' Patch #12 (bind-9.5-sdb.patch): + patch -p1 -b --suffix .sdb -s + echo 'Patch #17 (bind-9.3.2b1-fix_sdb_ldap.patch):' Patch #17 (bind-9.3.2b1-fix_sdb_ldap.patch): + patch -p1 -b --suffix .fix_sdb_ldap -s + echo 'Patch #62 (bind-9.5-sdb-sqlite-bld.patch):' Patch #62 (bind-9.5-sdb-sqlite-bld.patch): + patch -p1 -b --suffix .sdb-sqlite-bld -s + echo 'Patch #71 (bind-9.5-overflow.patch):' Patch #71 (bind-9.5-overflow.patch): +
Re: BIND9 and DLZ
On 09/01/2010 03:26 PM, Scott Haneda wrote: You should add the contents of `/usr/share/aclocal/libtool.m4' to `aclocal.m4'. + aclocal -I m4 --force configure.in:2772: warning: underquoted definition of NOM_PATH_FILE run info '(automake)Extending aclocal' or see http://sources.redhat.com/automake/automake.html#Extending-aclocal contrib/dlz/config.dlz.in:38: warning: underquoted definition of DLZ_ADD_DRIVER + autoconf -f configure.in:287: error: possibly undefined macro: AC_C_FLEXIBLE_ARRAY_MEMBER If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. error: Bad exit status from /var/tmp/rpm-tmp.45014 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.45014 (%build) It looks like this version of Bind is expecting a newer version of autoconf and expects new macros defined, like AC_C_FLEXIBLE_ARRAY_MEMBER, which was introduced in autoconf 2.61. (re: http://git.savannah.gnu.org/cgit/autoconf.git/tree/NEWS) I was able to get past this error by commenting out this macro in the configure.in file within the archive. ie: 1. pushd /usr/src/redhat/SOURCES/ 2. tar xzvf bind-9.7.1-P2.tar.gz 3. vi bind-9.7.1-P2/configure.in 4. Comment out line 285 with a # 5. remove old archive: rm -rf bind-9.7.1-P2.tar.gz 6. archive the new version: tar czvf bind-9.7.1-P2.tar.gz bind-9.7.1-P2 7. re-run rpmbuild command After this, I successfully created the RPMs. Thanks, -- Josh Miller, RHCE/VCP Seattle, WA Linux Solutions Provider Website: http://itsecureadmin.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't transfer two zones using two IP addresses
In message 201009010237.26909.scott.simp...@computer.org, Scott Simpson write s: On Tuesday 31 August 2010 21:44:15 Barry Margolin wrote: Do the transfer sources match the match-clients options of the two views? When a connection arrives, it's first associated with a view using this option. Then when the request turns out to be a zone transfer it further checks it against the allow-transfer option. That is the intellectual leap I was looking for. I added the lines view internal { match-clients { !192.168.2.12; 192.168.2/24; }; ... view external { match-clients { !192.168.2.1; any; }; on the server and things worked swimmingly (I was missing the not clauses before). Danka schoen. Don't forget notify source and to do the same sort of thing on the slave. This is in the FAQ. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't transfer two zones using two IP addresses
In article mailman.487.1283316491.15649.bind-us...@lists.isc.org, Mike Ragusa mrag...@gmail.com wrote: What does your ifconfig -a output look like? Are you sure the External AXFR queries are coming form 192.168.2.12? He said he checked with tcpdump and it showed the correct source addresses. My guess was the answer, he forgot about match-clients. On Wed, Sep 1, 2010 at 12:38 AM, Scott Simpson scott.simp...@computer.orgwrote: I'm trying to transfer my two zones internal and external from master to slave using two IP addresses and it isn't working. On my master I have: view internal { allow-transfer { 192.168.2.1; }; ... view external { allow-transfer { 192.168.2.12; }; ... My slave has two IP addresses 192.168.2.1 and 192.168.2.12 (I used a secondary IP address on the card). On the slave I have view internal { transfer-source 192.168.2.1; ... view external { transfer-source 192.168.2.12; ... When I try to transfer the domain external, I get a permission denied on the master. I know that the slave is using the correct transfer-source IP address because I did a tcpdump and it shows the correct address for the two transfers. Interestingly, if I switch the internal and external stanzas on the master, I get external only and not internal. What gives? Thanks. Scott ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users