Re: maximum number of FD events (64) received
At Mon, 27 Sep 2010 13:27:01 +0400, Samer Khattab skhat...@gmail.com wrote: I'm using Bind as a caching name server and serving around 2000 req per second, and recently have the following messages showing up from time to time in the general.log. 27-Sep-2010 10:45:47.639 sockmgr 0x2ad7af2f5010: maximum number of FD events (64) received 27-Sep-2010 10:45:47.872 sockmgr 0x2ad7af2f5010: maximum number of FD events (64) received BIND BIND 9.7.1-P2 RHEL 5.5 kernel 2.6.18-194.11.3.el5 What is the meaning of these messages ? Are they related to the system file descriptors ? These logs are not (directly) related to file descriptors. They mean epoll returned more socket events than the implementation normally expects (which is 64). This is not necessarily an error because the remaining events will be returned with the next call to epoll_wait(). However, the event loop should generally runs pretty quickly, so it's still an unexpected situation. You may want to check overall stability of the server, e.g., in terms of the ratio of server failures (SERVFAIL) that your server returns to the clients, cache memory footprint, cache hit ratio, number of query drops (if any), etc. If these are okay and you only see the log messages occasionally, you can probably ignore them. Otherwise, if you use multiple threads on a multi-core machine and you set max-cache-size to some finite value, you may be hit by a recently found bug in the cache memory management, which can make a caching server very busy. (but it's a wild guess: I've personally never seen this bug trigger the log message in question). This bug will be fixed in 9.7.2. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS resolution based on source network
On 27.09.10 19:38, Kevin Darcy wrote: Under certain limited circumstances, it might make more sense to put both/all addresses under the same name, and then use the sortlist mechanism to present those addresses in an order which is suitable for particular clients. certain? I'd say under most. It's always better to get rrset soertd in network topological order, but when any of servers fails, it's good to have backup. If all servers are reachable, simple sortlist statement will be enough. If they are not, you need different zones in different views. Among other things, this requires that all resolver/nameserver configs be configured with the same sortlist configs, that there is no local randomization or re-sorting of the address list, I've had such problem some time ago (addresses were re-sorted in numeric order), the suspect was libc or nss_lwres. that there are no negative consequences for the client or the client software to connect to the wrong address if the preferred one happens to be unavailable. if there are negative cinsequencies of something like that, you/we need load balancing, failover switching etc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it ! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND on CentOS: Nameservers for two domains
This is more of a registry/registrar question than a BIND/DNS question. About the only _generic_ advice I can give you -- since you obscured the domain names and the relevant addresses, so I can't actually check anything on my own -- is to query the .eu servers directly for the delegation records. It's possible that what you see in their control panel doesn't match what's in the actual DNS, and what's in the actual DNS *matters*, as opposed to whatever crap displays or doesn't display in their control panel. I've seen a lot of breakage in registrar control panels over the years, so this wouldn't surprise me in the least. - Kevin On 9/27/2010 4:42 AM, Dotan Cohen wrote: Hello, I am trying to configure a single CentOS 5 machine as a server for two unrelated websites: example.eu example.de The server has four IP addresses assigned to it: 1.1.1.136 1.1.1.171 1.1.1.172 1.1.1.188 I plan on hosting example.eu on this server with these two IP addresses for its name servers: 1.1.1.136 - ns1.example.eu 1.1.1.188 - ns2.example.eu Likewise, I plan on hosting example.de on this server with these two IP addresses for its name servers: 1.1.1.171 - ns1.example.de 1.1.1.172 - ns2.example.de These are my relevant configuration files: [r...@centos-55-32-minimal ~]# cat /etc/named.conf options { directory /etc; pid-file /var/run/named/named.pid; listen-on { any; }; }; zone . { type hint; file /etc/db.cache; }; zone example.de { type master; file /var/named/example.de.hosts; }; zone example.eu { type master; file /var/named/example.eu.hosts; }; [r...@centos-55-32-minimal ~]# cat /var/named/example.eu.hosts $ORIGIN example.eu. $TTL 86400 example.eu. IN SOA ns1.example.eu. ns2.example.eu. ( 5; Serial - increment me 10800 3600 604800 38400 ) IN NSns1.example.eu. IN NSns2.example.eu. IN A 1.1.1.136 IN A 1.1.1.188 wwwIN A 1.1.1.136 wwwIN A 1.1.1.188 ns1IN A 1.1.1.136 ns2IN A 1.1.1.188 [r...@centos-55-32-minimal ~]# cat /var/named/example.de.hosts $ORIGIN example.de. $TTL 86400 example.de. IN SOA ns1.example.de. ns2.example.de. ( 5; Serial - increment me 10800 3600 604800 38400 ) IN NSns1.example.de. IN NSns2.example.de. IN A 1.1.1.171 IN A 1.1.1.172 wwwIN A 1.1.1.171 wwwIN A 1.1.1.172 ns1IN A 1.1.1.171 ns2IN A 1.1.1.172 In BIND and in the registrar control panel for example.eu I had set the IP addresses originally to 1.1.1.171 and to 1.1.1.172, however due to a technical problem with the .de domain I later changed the configuration to 1.1.1.136 and 1.1.1.188 (because it turns out that .de domains cannot have the two nameservers on the same C block, and only the 171 and 172 addresses I can swap for another address). However, even though the registrar control panel is set to ns1.example.eu as 1.1.1.136 and ns2.example.eu as 1.1.1.188, I still see this in whois: [r...@centos-55-32-minimal ~]# whois example.eu // snip irrelevant lines Nameservers: ns1.example.eu (1.1.1.171) ns2.example.eu (1.1.1.172) I last made changes to the BIND configuration and to the registrar control panel on Friday, 2010-9-24 which was three days ago. Therefore I do not suspect that DNS propagation time is the issue here. Of course, I also increased the serial line in the zone files when those files changed. What am I missing, or what might I have done wrong? Thank you in advance. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Notice regarding BIND 9.7.2
I was about to ask again, but figured I had better check isc.org first. Behold: http://www.isc.org/software/bind/972-p2 FYI. Thanks. - Original Message From: Hauke Lampe la...@hauke-lampe.de To: Larissa Shapiro laris...@isc.org; bind-us...@isc.org Sent: Mon, September 27, 2010 1:07:39 PM Subject: Re: Notice regarding BIND 9.7.2 Were there ... more information on these developments early next week? I was just about to ask the same question. ;) I noticed the absence of 9.7.2 on ftp.isc.org, read the announcement here a day later and rolled back my 9.7.2rc1 servers to 9.7.1-P2. It would be good to know the nature of the bug, though. The complete removal of 9.7.2* from the ftp site left me a bit worried. Hauke. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.7.2-P2 is now available.
Introduction BIND 9.7.2-P2 is a maintenance release for BIND 9.7. This document summarizes changes from BIND 9.7.1 to BIND 9.7.2-P2. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest release of BIND 9 software can always be found on our web site at http://www.isc.org/software/bind. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. New Features * Zones may be dynamically added and removed with the rndc addzone and rndc delzone commands. These dynamically added zones are written to a per-view configuration file. Do not rely on the configuration file name nor contents as this will change in a future release. This is an experimental feature at this time. * Added new filter--on-v4 access control list to select which IPv4 clients have record filtering applied. * A new command rndc secroots was added to dump a combined summary of the currently managed keys combined with statically configured trust anchors. * Added support to load new keys into managed zones without signing immediately with rndc loadkeys. Added support to link keys with dnssec-keygen -S and dnssec-settime -S. Changes * Documentation improvements * ORCHID prefixes were removed from the automatic empty zone list. * Improved handling of GSSAPI security contexts. Specifically, better memory management of cached contexts, limited lifetime of a context to 1 hour, and added a realm command to nsupdate to allow selection of a non-default realm name. * The contributed tool ztk was updated to version 1.0. Security Fixes * If BIND, acting as a DNSSEC validating server, has two or more trust anchors configured in named.conf for the same zone (such as example.com) and the response for a record in that zone from the authoritative server includes a bad signature, the validating server will crash while trying to validate that query. * A flaw where the wrong ACL was applied was fixed. This flaw allowed access to a cache via recursion even though the ACL disallowed it. Bug Fixes * Removed a warning message when running BIND 9 under Windows for when a TCP connection was aborted. This is a common occurrence and the warning was extraneous. * Worked around a race condition in the cache database memory handling. Without this fix a DNS cache DB or ADB could incorrectly stay in an over memory state, effectively refusing further caching, which subsequently made a BIND 9 caching server unworkable. * Partially disabled change 2864 because it would cause infinite attempts of RRSIG queries. * BIND did not properly handle non-cacheable negative responses from insecure zones. This caused several non-protocol-compliant zones to become unresolvable. BIND is now more accepting of responses it receives from less strict servers. * A bug, introduced in BIND 9.7.2, caused named to fail to start if a master zone file was unreadable or missing. This has been corrected in 9.7.2-P1. * BIND previously accepted answers from authoritative servers that did not provide a proper response, such as not setting AA bit. BIND was changed to be more strict in what it accepted but this caused operational issues. This new strictness has been backed out in 9.7.2-P1. Thank You Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/supportisc. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2
Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2 Description: There was a flaw where the wrong ACL was applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. CVE: pending CERT: pending Posting date: 2010-09-28 Program Impacted: BIND Versions affected: 9.7.2 through 9.7.2-P1 Severity: low Exploitable: remotely Impact: Unintended availability of cache data. Workaround: Upgrade to BIND 9.7.2-P2. No other workaround is currently known. Risk Assessment: This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view. Acknowledgements: Thank you to Alexandre Simon for finding and testing this issue. For more information on BIND 9.7.2-P2, Release notes can be found at: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html Please address questions or concerns to laris...@isc.org or security-offi...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.4-ESV-R3 is now available.
BIND 9.4-ESV-R3 is now available. BIND 9.4-ESV-R3 is revision 2 of the extended release version for BIND 9.4. It addresses a bug introduced in BIND 9.4-ESV-R1 and is recommend for anyone running BIND 9.4-ESV-R1. BIND 9.4-ESV-R3 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at https://www.isc.org/about/openpgp. A binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip The PGP signature of the binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.sha512.asc Changes since 9.4.0. --- 9.4-ESV-R3 released --- 2925. [bug] Named failed to accept uncachable negative responses from insecure zones. [RT# 21555] 2921. [bug] The resolver could attempt to destroy a fetch context too soon. [RT #19878] 2904. [bug] When using DLV, sub-zones of the zones in the DLV, could be incorrectly marked as insecure instead of secure leading to negative proofs failing. This was a unintended outcome from change 2890. [RT# 21392] 2900. [bug] The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346] 2890. [bug] Handle the introduction of new trusted-keys and DS, DLV RRsets better. [RT #21097] 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877] 2678. [func] Treat DS queries as if minimal-response yes; was set. [RT #20258] 2427. [func] Treat DNSKEY queries as if minimal-response yes; was set. [RT #18528] --- 9.4-ESV-R2 released --- 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] --- 9.4-ESV-R1 released --- 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] --- 9.4-ESV released --- 2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] 2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2797. [bug] Don't decrement the dispatch manager's maxbuffers. [RT #20613] 2790. [bug] Handle DS queries to stub zones. [RT #20440] 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] --- 9.4-ESVb1 released --- 2698. [cleanup] configure --enable-libbind is deprecated. [RT #20090] 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and S_IFREG are defined after including isc/stat.h. [RT #20309] 2690. [bug] win32: fix isc_thread_key_getspecific() prototype. [RT #20315] 2689. [bug] Correctly handle snprintf result. [RT #20306] 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT, to decide to fetch the destination address. [RT #20305] 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly decoded. [RT #20269] 2672. [bug] Don't enable searching in 'host' when doing reverse lookups. [RT #20218] 2525. [experimental] New logging category query-errors to provide detailed
BIND 9.6-ESV-R2 is now available.
BIND 9.6-ESV-R2 is now available. BIND 9.6-ESV-R2 is revision 1 of the extended release version for BIND 9.6. BIND 9.6-ESV-R2 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at https://www.isc.org/about/openpgp. A binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.zip ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip The PGP signature of the binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.zip.asc ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.4-ESV-R2/BIND9.6-ESV-R2.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip.sha512.asc Changes since 9.6-ESV. --- 9.6-ESV-R2 released --- 2939. [func] Check that named successfully skips NSEC3 records that fail to match the NSEC3PARAM record currently in use. [RT# 21868] 2937. [bug] Worked around an apparent race condition in over memory conditions. Without this fix a DNS cache DB or ADB could incorrectly stay in an over memory state, effectively refusing further caching, which subsequently made a BIND 9 caching server unworkable. This fix prevents this problem from happening by polling the state of the memory context, rather than making a copy of the state, which appeared to cause a race. This is a workaround in that it doesn't solve the possible race per se, but several experiments proved this change solves the symptom. Also, the polling overhead hasn't been reported to be an issue. This bug should only affect a caching server that specifies a finite max-cache-size. It's also quite likely that the bug happens only when enabling threads, but it's not confirmed yet. [RT #21818] 2925. [bug] Named failed to accept uncachable negative responses from insecure zones. [RT# 21555] 2921. [bug] The resolver could attempt to destroy a fetch context too soon. [RT #19878] 2900. [bug] The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346] 2890. [bug] Handle the introduction of new trusted-keys and DS, DLV RRsets better. [RT #21097] 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877] --- 9.6-ESV-R1 released --- 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] --- 9.6-ESV released --- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind won't start: /etc/named.conf
I have just installed bind on a CentOS 5 machine but it won't start without /etc/named.conf: [r...@venus etc]# /etc/init.d/named start Locating //etc/named.conf failed: [FAILED] [r...@venus etc]# touch /etc/named.conf [r...@venus etc]# /etc/init.d/named start Starting named:[ OK ] Now, a blank named.conf isn't helpful, but I cannot use the named.conf from another server as a template because it references other files (specifically /etc/db.cache). What is the default named.conf file for CentOS? I have tried to google for it but have not been able to find something that works. Thanks in advance. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind won't start: /etc/named.conf
On Tue, Sep 28, 2010 at 23:49, Imri Zvik im...@inter.net.il wrote: What are you trying to achieve? An empty named.conf file means named will use defaults for everything, and will probably just work out-of-the-box (as a simple resolver) so you should give more information about the goal and problem (including log entries, troubleshooting data etc.). The goal is to for the server to be the second name server for a FQDN. This is the relevant zone file: [r...@venus ~]# cat /var/named/example.de.hosts $ORIGIN example.de. $TTL 86400 example.de. IN SOA example.de. foo.example.de. ( 2010092801; Serial - increment me 10800 3600 604800 38400 ) IN NSns2.example.de. ns2IN A x.x.x.168 This is the non-working named.conf that I pieced together from other working file on other servers: [r...@venus ~# cat /etc/named.conf options { directory /etc; pid-file /var/run/named/named.pid; listen-on { any; }; }; zone . { type hint; file /etc/db.cache; }; zone example.de { type master; file /var/named/example.de.hosts; }; -- Dotan Cohen http://gibberish.co.il http://what-is-what.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is 10.in-addr.arpa not recommended?
On 9/27/2010 8:48 PM, donovan jeffrey j wrote: I run a number of internal clients on 10 address space. what i did was break up each Zone into Class B's 10.1.x.x , 10.2.x.x then my forward and reverse files into class C's. Each record 10.1.1.x . 10.1.2.x, 10.1.3.x, . then scale ass needed. providing the means to add forward and reverse to any address within that address space. Ugh, pet peeve. 10/8 is, if one uses obsolete classful terminology instead of CIDR, a Class A, which covers the whole range. Nothing sliced out of 10/8 can be a Class B or a Class C. Correct terminology for what you described would be /16 or /24, respectively. In the old scheme, Class Bs start(ed) at 128.*.*.* and Class Cs start(ed) at 192.*.*.*. Google classful if you don't believe me. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND on CentOS: Nameservers for two domains
On Tue, Sep 28, 2010 at 20:30, Kevin Darcy k...@chrysler.com wrote: About the only _generic_ advice I can give you -- since you obscured the domain names and the relevant addresses, so I can't actually check anything on my own -- is to query the .eu servers directly for the delegation records. It's possible that what you see in their control panel doesn't match what's in the actual DNS, and what's in the actual DNS *matters*, as opposed to whatever crap displays or doesn't display in their control panel. Do you mean to check with dig? whois? Something else? I've seen a lot of breakage in registrar control panels over the years, so this wouldn't surprise me in the least. Really? I've been buying domain names for over 10 years, I've never had an issue like that which you imply. Which registrar? I usually use Fabulous or EuroDNS. Thanks for the info, I will keep my eyes open. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind-9.7.2-P2 install fails
Hello, Trying to upgrade to Bind-9.7.2-P2 on an older Linux system. Can't locate warnings.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20. BEGIN failed--compilation aborted at ./bindkeys.pl line 20. make[2]: *** [bind.keys.h] Error 2 make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/home/src/bind-9.7.2/bin' make: *** [subdirs] Error 1 Ideas are most appreciated. Thanks, Michael... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind-9.7.2-P2 install fails
On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote: Hello, On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote: Le mercredi 29 septembre 2010 02:34, michael a écrit : Hello, Trying to upgrade to Bind-9.7.2-P2 on an older Linux system. Can't locate warnings.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20. BEGIN failed--compilation aborted at ./bindkeys.pl line 20. make[2]: *** [bind.keys.h] Error 2 make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/home/src/bind-9.7.2/bin' make: *** [subdirs] Error 1 Ideas are most appreciated. Thanks, Michael... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users perl 5 .005003 is very older version of perl it s probably buggy try to upgrade perl 5.6 or try after to compile one new perl 5.6 anonymou Thanks for your reply. The current version 9.6.2 which was also an upgrade from numerous older versions through the years went fine. I am hoping not to have to upgrade to a newer perl. Thanks, Michael... -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind-9.7.2-P2 install fails
In message aanlktinsxc4fepygl2jso8p0zngxsuivp32z9jcxx...@mail.gmail.com, mich ael writes: On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote: Hello, On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote: Le mercredi 29 septembre 2010 02:34, michael a =E9crit=A0: Hello, Trying to upgrade to Bind-9.7.2-P2 on an older Linux system. Can't locate warnings.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20. BEGIN failed--compilation aborted at ./bindkeys.pl line 20. make[2]: *** [bind.keys.h] Error 2 make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/home/src/bind-9.7.2/bin' make: *** [subdirs] Error 1 Ideas are most appreciated. Thanks, Michael... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users perl 5 .005003 is very older version of perl it s probably buggy try to upgrade perl 5.6 or try after to compile one new perl 5.6 anonymou Thanks for your reply. =A0The current version 9.6.2 which was also an upgrade from numerous older versions through the years went fine. =A0I am hoping not to have to upgrade to a newer perl. You can tell configure not to do the make clean (--with-make-clean=no) or apply this patch to bind-9.7.2-P2/bin/named/Makefile.in. Mark Index: Makefile.in === RCS file: /proj/cvs/prod/bind9/bin/named/Makefile.in,v retrieving revision 1.111 diff -u -r1.111 Makefile.in --- Makefile.in 20 Jun 2010 23:46:44 - 1.111 +++ Makefile.in 29 Sep 2010 01:29:12 - @@ -143,7 +143,10 @@ rm -f ${MANOBJS} clean distclean maintainer-clean:: - rm -f ${TARGETS} ${OBJS} bind.keys.h + rm -f ${TARGETS} ${OBJS} + +maintainer-clean:: + rm -f bind.keys.h bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl ${PERL} ${srcdir}/convertxsl.pl ${srcdir}/bind9.xsl bind9.xsl.h Thanks, Michael... -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind-9.7.2-P2 install fails
Hello Mark, Thanks for the reply! I will try in a few hours --with-make-clean=no Thanks, Michael... On Tue, Sep 28, 2010 at 6:47 PM, Mark Andrews ma...@isc.org wrote: In message aanlktinsxc4fepygl2jso8p0zngxsuivp32z9jcxx...@mail.gmail.com, mich ael writes: On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote: Hello, On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote: Le mercredi 29 septembre 2010 02:34, michael a =E9crit=A0: Hello, Trying to upgrade to Bind-9.7.2-P2 on an older Linux system. Can't locate warnings.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20. BEGIN failed--compilation aborted at ./bindkeys.pl line 20. make[2]: *** [bind.keys.h] Error 2 make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/home/src/bind-9.7.2/bin' make: *** [subdirs] Error 1 Ideas are most appreciated. Thanks, Michael... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users perl 5 .005003 is very older version of perl it s probably buggy try to upgrade perl 5.6 or try after to compile one new perl 5.6 anonymou Thanks for your reply. =A0The current version 9.6.2 which was also an upgrade from numerous older versions through the years went fine. =A0I am hoping not to have to upgrade to a newer perl. You can tell configure not to do the make clean (--with-make-clean=no) or apply this patch to bind-9.7.2-P2/bin/named/Makefile.in. Mark Index: Makefile.in === RCS file: /proj/cvs/prod/bind9/bin/named/Makefile.in,v retrieving revision 1.111 diff -u -r1.111 Makefile.in --- Makefile.in 20 Jun 2010 23:46:44 - 1.111 +++ Makefile.in 29 Sep 2010 01:29:12 - @@ -143,7 +143,10 @@ rm -f ${MANOBJS} clean distclean maintainer-clean:: - rm -f ${TARGETS} ${OBJS} bind.keys.h + rm -f ${TARGETS} ${OBJS} + +maintainer-clean:: + rm -f bind.keys.h bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl ${PERL} ${srcdir}/convertxsl.pl ${srcdir}/bind9.xsl bind9.xsl.h Thanks, Michael... -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind-9.7.2-P2 install fails
Hello Mark, On Tue, Sep 28, 2010 at 6:53 PM, michael mteic...@gmail.com wrote: Hello Mark, Thanks for the reply! I will try in a few hours --with-make-clean=no Thanks, Michael... Success! Thanks for the answer as well as many years of a great product!! Michael... On Tue, Sep 28, 2010 at 6:47 PM, Mark Andrews ma...@isc.org wrote: In message aanlktinsxc4fepygl2jso8p0zngxsuivp32z9jcxx...@mail.gmail.com, mich ael writes: On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote: Hello, On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote: Le mercredi 29 septembre 2010 02:34, michael a =E9crit=A0: Hello, Trying to upgrade to Bind-9.7.2-P2 on an older Linux system. Can't locate warnings.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20. BEGIN failed--compilation aborted at ./bindkeys.pl line 20. make[2]: *** [bind.keys.h] Error 2 make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/home/src/bind-9.7.2/bin' make: *** [subdirs] Error 1 Ideas are most appreciated. Thanks, Michael... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users perl 5 .005003 is very older version of perl it s probably buggy try to upgrade perl 5.6 or try after to compile one new perl 5.6 anonymou Thanks for your reply. =A0The current version 9.6.2 which was also an upgrade from numerous older versions through the years went fine. =A0I am hoping not to have to upgrade to a newer perl. You can tell configure not to do the make clean (--with-make-clean=no) or apply this patch to bind-9.7.2-P2/bin/named/Makefile.in. Mark Index: Makefile.in === RCS file: /proj/cvs/prod/bind9/bin/named/Makefile.in,v retrieving revision 1.111 diff -u -r1.111 Makefile.in --- Makefile.in 20 Jun 2010 23:46:44 - 1.111 +++ Makefile.in 29 Sep 2010 01:29:12 - @@ -143,7 +143,10 @@ rm -f ${MANOBJS} clean distclean maintainer-clean:: - rm -f ${TARGETS} ${OBJS} bind.keys.h + rm -f ${TARGETS} ${OBJS} + +maintainer-clean:: + rm -f bind.keys.h bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl ${PERL} ${srcdir}/convertxsl.pl ${srcdir}/bind9.xsl bind9.xsl.h Thanks, Michael... -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Round robin DNS query response
Hi everyone... I am rather new to the world of DNS so I¹m hoping to get some of your expertise... Is there a way to make BIND respond DNS query in sequence? For example, if I assign 2 IP addresses to an A record, is it possible to have it respond like... Client 1 for www.example.com - 192.168.1.1 Client 2 for www.example.com - 192.168.1.2 Client 3 for www.example.com - 192.168.1.3 ...and so on. I know companies use load balancer for this function, but my customer in this case don¹t really want to make additional investment :P Thanks, SW ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users