Re: maximum number of FD events (64) received

2010-09-28 Thread JINMEI Tatuya / 神明達哉 
At Mon, 27 Sep 2010 13:27:01 +0400,
Samer Khattab skhat...@gmail.com wrote:

 I'm using Bind as a caching name server and serving around 2000 req per
 second, and recently have the following messages showing up from time to
 time in the general.log.
 
 27-Sep-2010 10:45:47.639 sockmgr 0x2ad7af2f5010: maximum number of FD events
 (64) received
 27-Sep-2010 10:45:47.872 sockmgr 0x2ad7af2f5010: maximum number of FD events
 (64) received
 
 BIND BIND 9.7.1-P2
 RHEL 5.5   kernel 2.6.18-194.11.3.el5
 
 What is the meaning of these messages ? Are they related to the system file
 descriptors ?

These logs are not (directly) related to file descriptors.  They mean
epoll returned more socket events than the implementation normally
expects (which is 64).  This is not necessarily an error because the
remaining events will be returned with the next call to epoll_wait().
However, the event loop should generally runs pretty quickly, so it's
still an unexpected situation.

You may want to check overall stability of the server, e.g., in terms
of the ratio of server failures (SERVFAIL) that your server returns to
the clients, cache memory footprint, cache hit ratio, number of query
drops (if any), etc.   If these are okay and you only see the log
messages occasionally, you can probably ignore them.

Otherwise, if you use multiple threads on a multi-core machine and you
set max-cache-size to some finite value, you may be hit by a recently
found bug in the cache memory management, which can make a caching
server very busy.  (but it's a wild guess: I've personally never seen
this bug trigger the log message in question).  This bug will be fixed
in 9.7.2.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS resolution based on source network

2010-09-28 Thread Matus UHLAR - fantomas 
On 27.09.10 19:38, Kevin Darcy wrote:
 Under certain limited circumstances, it might make more sense to put  
 both/all addresses under the same name, and then use the sortlist  
 mechanism to present those addresses in an order which is suitable for  
 particular clients.

certain? I'd say under most. It's always better to get rrset soertd in
network topological order, but when any of servers fails, it's good to have
backup.

If all servers are reachable, simple sortlist statement will be enough.
If they are not, you need different zones in different views.

 Among other things, this requires that all resolver/nameserver configs  
 be configured with the same sortlist configs, that there is no local  
 randomization or re-sorting of the address list,

I've had such problem some time ago (addresses were re-sorted in numeric
order), the suspect was libc or nss_lwres.

 that there are no negative consequences for the client or the client
 software to connect to the wrong address if the preferred one happens to
 be unavailable.

if there are negative cinsequencies of something like that, you/we need load
balancing, failover switching etc.


-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND on CentOS: Nameservers for two domains

2010-09-28 Thread Kevin Darcy 

This is more of a registry/registrar question than a BIND/DNS question.

About the only _generic_ advice I can give you -- since you obscured the 
domain names and the relevant addresses, so I can't actually check 
anything on my own -- is to query the .eu servers directly for the 
delegation records. It's possible that what you see in their control 
panel doesn't match what's in the actual DNS, and what's in the actual 
DNS *matters*, as opposed to whatever crap displays or doesn't display 
in their control panel. I've seen a lot of breakage in registrar 
control panels over the years, so this wouldn't surprise me in the least.




- Kevin


On 9/27/2010 4:42 AM, Dotan Cohen wrote:

Hello, I am trying to configure a single CentOS 5 machine as a server
for two unrelated websites:
example.eu
example.de

The server has four IP addresses assigned to it:
1.1.1.136
1.1.1.171
1.1.1.172
1.1.1.188

I plan on hosting example.eu on this server with these two IP
addresses for its name servers:
1.1.1.136 - ns1.example.eu
1.1.1.188 - ns2.example.eu

Likewise, I plan on hosting example.de on this server with these two
IP addresses for its name servers:
1.1.1.171 - ns1.example.de
1.1.1.172 - ns2.example.de

These are my relevant configuration files:

[r...@centos-55-32-minimal ~]# cat /etc/named.conf
options {
 directory /etc;
 pid-file /var/run/named/named.pid;
 listen-on {
 any;
 };
 };

zone . {
 type hint;
 file /etc/db.cache;
 };

zone example.de {
 type master;
 file /var/named/example.de.hosts;
 };
zone example.eu {
 type master;
 file /var/named/example.eu.hosts;
 };



[r...@centos-55-32-minimal ~]# cat /var/named/example.eu.hosts
$ORIGIN example.eu.
$TTL 86400
example.eu. IN  SOA ns1.example.eu. ns2.example.eu. (
 5; Serial - increment me
 10800
 3600
 604800
 38400 )
IN  NSns1.example.eu.
IN  NSns2.example.eu.
IN  A 1.1.1.136
IN  A 1.1.1.188
wwwIN  A 1.1.1.136
wwwIN  A 1.1.1.188
ns1IN  A 1.1.1.136
ns2IN  A 1.1.1.188



[r...@centos-55-32-minimal ~]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA ns1.example.de. ns2.example.de. (
 5; Serial - increment me
 10800
 3600
 604800
 38400 )
IN  NSns1.example.de.
IN  NSns2.example.de.
IN  A 1.1.1.171
IN  A 1.1.1.172
wwwIN  A 1.1.1.171
wwwIN  A 1.1.1.172
ns1IN  A 1.1.1.171
ns2IN  A 1.1.1.172


In BIND and in the registrar control panel for example.eu I had set
the IP addresses originally to 1.1.1.171 and to 1.1.1.172, however due
to a technical problem with the .de domain I later changed the
configuration to 1.1.1.136 and 1.1.1.188 (because it turns out that
.de domains cannot have the two nameservers on the same C block, and
only the 171 and 172 addresses I can swap for another address).
However, even though the registrar control panel is set to
ns1.example.eu as 1.1.1.136 and ns2.example.eu as 1.1.1.188, I still
see this in whois:

[r...@centos-55-32-minimal ~]# whois example.eu
// snip irrelevant lines
Nameservers:
 ns1.example.eu (1.1.1.171)
 ns2.example.eu (1.1.1.172)

I last made changes to the BIND configuration and to the registrar
control panel on Friday, 2010-9-24 which was three days ago. Therefore
I do not suspect that DNS propagation time is the issue here. Of
course, I also increased the serial line in the zone files when those
files changed. What am I missing, or what might I have done wrong?

Thank you in advance.


   



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Notice regarding BIND 9.7.2

2010-09-28 Thread Fr34k 
I was about to ask again, but figured I had better check isc.org first.

Behold:

http://www.isc.org/software/bind/972-p2

FYI.
Thanks.



- Original Message 
From: Hauke Lampe la...@hauke-lampe.de
To: Larissa Shapiro laris...@isc.org; bind-us...@isc.org
Sent: Mon, September 27, 2010 1:07:39 PM
Subject: Re: Notice regarding BIND 9.7.2



 Were there ... more information on these developments early next week?

I was just about to ask the same question. ;)

I noticed the absence of 9.7.2 on ftp.isc.org, read the announcement here a day 
later and rolled back my 9.7.2rc1 servers to 9.7.1-P2.

It would be good to know the nature of the bug, though. The complete removal of 
9.7.2* from the ftp site left me a bit worried.


Hauke.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND 9.7.2-P2 is now available.

2010-09-28 Thread Mark Andrews 

Introduction

   BIND 9.7.2-P2 is a maintenance release for BIND 9.7.

   This document summarizes changes from BIND 9.7.1 to BIND 9.7.2-P2.
   Please see the CHANGES file in the source code release for a complete
   list of all changes.

Download

   The latest release of BIND 9 software can always be found on our web
   site at http://www.isc.org/software/bind. There you will find
   additional information about each release, source code, and some
   pre-compiled versions for certain operating systems.

Support

   Product support information is available on
   http://www.isc.org/services/support for paid support options. Free
   support is provided by our user community via a mailing list.
   Information on all public email lists is available at
   https://lists.isc.org/mailman/listinfo.

New Features

 * Zones may be dynamically added and removed with the rndc addzone
   and rndc delzone commands. These dynamically added zones are
   written to a per-view configuration file. Do not rely on the
   configuration file name nor contents as this will change in a
   future release. This is an experimental feature at this time.
 * Added new filter--on-v4 access control list to select which
   IPv4 clients have  record filtering applied.
 * A new command rndc secroots was added to dump a combined summary
   of the currently managed keys combined with statically configured
   trust anchors.
 * Added support to load new keys into managed zones without signing
   immediately with rndc loadkeys. Added support to link keys with
   dnssec-keygen -S and dnssec-settime -S.

Changes

 * Documentation improvements
 * ORCHID prefixes were removed from the automatic empty zone list.
 * Improved handling of GSSAPI security contexts. Specifically, better
   memory management of cached contexts, limited lifetime of a context
   to 1 hour, and added a realm command to nsupdate to allow
   selection of a non-default realm name.
 * The contributed tool ztk was updated to version 1.0.

Security Fixes

 * If BIND, acting as a DNSSEC validating server, has two or more
   trust anchors configured in named.conf for the same zone (such as
   example.com) and the response for a record in that zone from the
   authoritative server includes a bad signature, the validating
   server will crash while trying to validate that query.
 * A flaw where the wrong ACL was applied was fixed. This flaw allowed
   access to a cache via recursion even though the ACL disallowed it.

Bug Fixes

 * Removed a warning message when running BIND 9 under Windows for
   when a TCP connection was aborted. This is a common occurrence and
   the warning was extraneous.
 * Worked around a race condition in the cache database memory
   handling. Without this fix a DNS cache DB or ADB could incorrectly
   stay in an over memory state, effectively refusing further caching,
   which subsequently made a BIND 9 caching server unworkable.
 * Partially disabled change 2864 because it would cause infinite
   attempts of RRSIG queries.
 * BIND did not properly handle non-cacheable negative responses from
   insecure zones. This caused several non-protocol-compliant zones to
   become unresolvable. BIND is now more accepting of responses it
   receives from less strict servers.
 * A bug, introduced in BIND 9.7.2, caused named to fail to start if a
   master zone file was unreadable or missing. This has been corrected
   in 9.7.2-P1.
 * BIND previously accepted answers from authoritative servers that
   did not provide a proper response, such as not setting AA bit.
   BIND was changed to be more strict in what it accepted but this
   caused operational issues. This new strictness has been backed out
   in 9.7.2-P1.

Thank You

   Thank you to everyone who assisted us in making this release possible.
   If you would like to contribute to ISC to assist us in continuing to
   make quality open source software, please visit our donations page at
   http://www.isc.org/supportisc.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:  +61 2 9871 4742  INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2

2010-09-28 Thread Mark Andrews 

Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2

Description: There was a  flaw where the wrong ACL was applied. This  
flaw could allow access to a cache via recursion even though the ACL  
disallowed it.

CVE:  pending

CERT:  pending

Posting date:  2010-09-28

Program Impacted:  BIND

Versions affected:  9.7.2 through 9.7.2-P1

Severity:  low

Exploitable:  remotely

Impact: Unintended availability of cache data.

Workaround: Upgrade to BIND 9.7.2-P2. No other workaround is currently  
known.

Risk Assessment:  This bug is primarily a risk to operators running  
both authoritative and recursive DNS on the same BIND server in the  
same view.

Acknowledgements: Thank you to Alexandre Simon for finding and  
testing  this issue.

For more information on BIND 9.7.2-P2, Release notes can be found at:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html

Please address questions or concerns to laris...@isc.org or
security-offi...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND 9.4-ESV-R3 is now available.

2010-09-28 Thread Mark Andrews 

BIND 9.4-ESV-R3 is now available.

BIND 9.4-ESV-R3 is revision 2 of the extended release version
for BIND 9.4.  It addresses a bug introduced in BIND  9.4-ESV-R1
and is recommend for anyone running BIND 9.4-ESV-R1.


BIND 9.4-ESV-R3 can be downloaded from

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz

The PGP signature of the distribution is at

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp.

A binary kit for Windows XP and Window 2003 is at

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip

The PGP signature of the binary kit for Windows XP and Window 2003 is at

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.asc

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.sha256.asc

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.sha512.asc

Changes since 9.4.0.

--- 9.4-ESV-R3 released ---

2925.   [bug]   Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]

2921.   [bug]   The resolver could attempt to destroy a fetch context
too soon.  [RT #19878]

2904.   [bug]   When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing.  This was
a unintended outcome from change 2890. [RT# 21392]

2900.   [bug]   The placeholder negative caching element was not
properly constructed triggering a INSIST in 
dns_ncache_towire(). [RT #21346]

2890.   [bug]   Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]

2869.   [bug]   Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]

2678.   [func]  Treat DS queries as if minimal-response yes;
was set. [RT #20258]

2427.   [func]  Treat DNSKEY queries as if minimal-response yes;
was set. [RT #18528]

--- 9.4-ESV-R2 released ---

2876.   [bug]   Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]

--- 9.4-ESV-R1 released ---

2852.   [bug]   Handle broken DNSSEC trust chains better. [RT #15619]

--- 9.4-ESV released ---

2831.   [security]  Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]

2828.   [security]  Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]

2827.   [security]  Bogus NXDOMAIN could be cached as if valid. [RT #20712]

2797.   [bug]   Don't decrement the dispatch manager's maxbuffers.
[RT #20613]

2790.   [bug]   Handle DS queries to stub zones. [RT #20440]

2772.   [security]  When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]

--- 9.4-ESVb1 released ---

2698.   [cleanup]   configure --enable-libbind is deprecated. [RT #20090]

2697.   [port]  win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
S_IFREG are defined after including isc/stat.h.
[RT #20309]

2690.   [bug]   win32: fix isc_thread_key_getspecific() prototype.
[RT #20315]

2689.   [bug]   Correctly handle snprintf result. [RT #20306]

2688.   [bug]   Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
to decide to fetch the destination address. [RT #20305]

2681.   [bug]   IPSECKEY RR of gateway type 3 was not correctly
decoded. [RT #20269]

2672.   [bug]   Don't enable searching in 'host' when doing reverse
lookups. [RT #20218]

2525.   [experimental]  New logging category query-errors to provide detailed

BIND 9.6-ESV-R2 is now available.

2010-09-28 Thread Mark Andrews 

BIND 9.6-ESV-R2 is now available.

BIND 9.6-ESV-R2 is revision 1 of the extended release version
for BIND 9.6.  

BIND 9.6-ESV-R2 can be downloaded from

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz

The PGP signature of the distribution is at

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp.

A binary kit for Windows XP and Window 2003 is at

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.zip
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip

The PGP signature of the binary kit for Windows XP and Window 2003 is at

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.zip.asc
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R2/BIND9.6-ESV-R2.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip.asc

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip.sha256.asc

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/BIND9.6-ESV-R2.debug.zip.sha512.asc

Changes since 9.6-ESV.

--- 9.6-ESV-R2 released ---

2939.   [func]  Check that named successfully skips NSEC3 records
that fail to match the NSEC3PARAM record currently
in use. [RT# 21868]

2937.   [bug]   Worked around an apparent race condition in over
memory conditions.  Without this fix a DNS cache DB or
ADB could incorrectly stay in an over memory state,
effectively refusing further caching, which
subsequently made a BIND 9 caching server unworkable.
This fix prevents this problem from happening by
polling the state of the memory context, rather than
making a copy of the state, which appeared to cause
a race.  This is a workaround in that it doesn't
solve the possible race per se, but several experiments
proved this change solves the symptom.  Also, the
polling overhead hasn't been reported to be an issue.
This bug should only affect a caching server that
specifies a finite max-cache-size.  It's also quite
likely that the bug happens only when enabling threads,
but it's not confirmed yet. [RT #21818]

2925.   [bug]   Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]

2921.   [bug]   The resolver could attempt to destroy a fetch context
too soon.  [RT #19878]

2900.   [bug]   The placeholder negative caching element was not
properly constructed triggering a INSIST in 
dns_ncache_towire(). [RT #21346]

2890.   [bug]   Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]

2869.   [bug]   Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]

--- 9.6-ESV-R1 released ---

2876.   [bug]   Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]

--- 9.6-ESV released ---
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:  +61 2 9871 4742  INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind won't start: /etc/named.conf

2010-09-28 Thread Dotan Cohen 
I have just installed bind on a CentOS 5 machine but it won't start
without /etc/named.conf:

[r...@venus etc]# /etc/init.d/named start
Locating //etc/named.conf failed:
   [FAILED]
[r...@venus etc]# touch /etc/named.conf
[r...@venus etc]# /etc/init.d/named start
Starting named:[  OK  ]

Now, a blank named.conf isn't helpful, but I cannot use the named.conf
from another server as a template because it references other files
(specifically /etc/db.cache). What is the default named.conf file
for CentOS? I have tried to google for it but have not been able to
find something that works.

Thanks in advance.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind won't start: /etc/named.conf

2010-09-28 Thread Dotan Cohen 
On Tue, Sep 28, 2010 at 23:49, Imri Zvik im...@inter.net.il wrote:
 What are you trying to achieve? An empty named.conf file means named will
 use defaults for everything, and will probably just work out-of-the-box (as
 a simple resolver) so you should give more information about the goal and
 problem (including log entries, troubleshooting data etc.).


The goal is to for the server to be the second name server for a FQDN.
This is the relevant zone file:

[r...@venus ~]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010092801; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.example.de.
ns2IN  A x.x.x.168



This is the non-working named.conf that I pieced together from other
working file on other servers:

[r...@venus ~# cat /etc/named.conf
options {
directory /etc;
pid-file /var/run/named/named.pid;
listen-on {
any;
};
};

zone . {
type hint;
file /etc/db.cache;
};

zone example.de {
type master;
file /var/named/example.de.hosts;
};


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Is 10.in-addr.arpa not recommended?

2010-09-28 Thread Kevin Darcy 

On 9/27/2010 8:48 PM, donovan jeffrey j wrote:


I run a number of internal clients on 10 address space. what i did was break up 
each Zone into Class B's 10.1.x.x , 10.2.x.x then my forward and reverse files 
into class C's. Each record 10.1.1.x . 10.1.2.x, 10.1.3.x, . then scale ass 
needed. providing the means to add forward and reverse to any address within 
that address space.

   
Ugh, pet peeve. 10/8 is, if one uses obsolete classful terminology 
instead of CIDR, a Class A, which covers the whole range. Nothing 
sliced out of 10/8 can be a Class B or a Class C. Correct 
terminology for what you described would be /16 or /24, respectively. In 
the old scheme, Class Bs start(ed) at 128.*.*.* and Class Cs 
start(ed) at 192.*.*.*. Google classful if you don't believe me.




- Kevin



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND on CentOS: Nameservers for two domains

2010-09-28 Thread Dotan Cohen 
On Tue, Sep 28, 2010 at 20:30, Kevin Darcy k...@chrysler.com wrote:
 About the only _generic_ advice I can give you -- since you obscured the
 domain names and the relevant addresses, so I can't actually check anything
 on my own -- is to query the .eu servers directly for the delegation
 records. It's possible that what you see in their control panel doesn't
 match what's in the actual DNS, and what's in the actual DNS *matters*, as
 opposed to whatever crap displays or doesn't display in their control
 panel.

Do you mean to check with dig? whois? Something else?


 I've seen a lot of breakage in registrar control panels over the
 years, so this wouldn't surprise me in the least.


Really? I've been buying domain names for over 10 years, I've never
had an issue like that which you imply. Which registrar? I usually use
Fabulous or EuroDNS. Thanks for the info, I will keep my eyes open.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind-9.7.2-P2 install fails

2010-09-28 Thread michael 
Hello,

Trying to upgrade to Bind-9.7.2-P2 on an older Linux system.

Can't locate warnings.pm in @INC (@INC contains:
/usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503
/usr/lib/perl5/site_perl/5.005/i386-linux
/usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20.
BEGIN failed--compilation aborted at ./bindkeys.pl line 20.
make[2]: *** [bind.keys.h] Error 2
make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named'
make[1]: *** [subdirs] Error 1
make[1]: Leaving directory `/home/src/bind-9.7.2/bin'
make: *** [subdirs] Error 1

Ideas are most appreciated.

Thanks,

Michael...
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-9.7.2-P2 install fails

2010-09-28 Thread michael 
On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote:
 Hello,

 On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote:
 Le mercredi 29 septembre 2010 02:34, michael a écrit :
 Hello,

 Trying to upgrade to Bind-9.7.2-P2 on an older Linux system.

 Can't locate warnings.pm in @INC (@INC contains:
 /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503
 /usr/lib/perl5/site_perl/5.005/i386-linux
 /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20.
 BEGIN failed--compilation aborted at ./bindkeys.pl line 20.
 make[2]: *** [bind.keys.h] Error 2
 make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named'
 make[1]: *** [subdirs] Error 1
 make[1]: Leaving directory `/home/src/bind-9.7.2/bin'
 make: *** [subdirs] Error 1

 Ideas are most appreciated.

 Thanks,

 Michael...
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

 perl 5 .005003 is very older version of perl
 it s probably buggy
 try to upgrade perl 5.6 or try after to compile one new perl 5.6

 anonymou


 Thanks for your reply.  The current version 9.6.2 which was also an
 upgrade from numerous older versions through the years went fine.  I
 am hoping not to have to upgrade to a newer perl.

 Thanks,

 Michael...


 --
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-9.7.2-P2 install fails

2010-09-28 Thread Mark Andrews 

In message aanlktinsxc4fepygl2jso8p0zngxsuivp32z9jcxx...@mail.gmail.com, mich
ael writes:
 On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote:
  Hello,
 
  On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote:
  Le mercredi 29 septembre 2010 02:34, michael a =E9crit=A0:
  Hello,
 
  Trying to upgrade to Bind-9.7.2-P2 on an older Linux system.
 
  Can't locate warnings.pm in @INC (@INC contains:
  /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503
  /usr/lib/perl5/site_perl/5.005/i386-linux
  /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20.
  BEGIN failed--compilation aborted at ./bindkeys.pl line 20.
  make[2]: *** [bind.keys.h] Error 2
  make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named'
  make[1]: *** [subdirs] Error 1
  make[1]: Leaving directory `/home/src/bind-9.7.2/bin'
  make: *** [subdirs] Error 1
 
  Ideas are most appreciated.
 
  Thanks,
 
  Michael...
  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users
 
  perl 5 .005003 is very older version of perl
  it s probably buggy
  try to upgrade perl 5.6 or try after to compile one new perl 5.6
 
  anonymou
 
 
  Thanks for your reply. =A0The current version 9.6.2 which was also an
  upgrade from numerous older versions through the years went fine. =A0I
  am hoping not to have to upgrade to a newer perl.

You can tell configure not to do the make clean (--with-make-clean=no)
or apply this patch to bind-9.7.2-P2/bin/named/Makefile.in.

Mark

Index: Makefile.in
===
RCS file: /proj/cvs/prod/bind9/bin/named/Makefile.in,v
retrieving revision 1.111
diff -u -r1.111 Makefile.in
--- Makefile.in 20 Jun 2010 23:46:44 -  1.111
+++ Makefile.in 29 Sep 2010 01:29:12 -
@@ -143,7 +143,10 @@
rm -f ${MANOBJS}
 
 clean distclean maintainer-clean::
-   rm -f ${TARGETS} ${OBJS} bind.keys.h
+   rm -f ${TARGETS} ${OBJS}
+
+maintainer-clean::
+   rm -f bind.keys.h
 
 bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
${PERL} ${srcdir}/convertxsl.pl  ${srcdir}/bind9.xsl  bind9.xsl.h
 
  Thanks,
 
  Michael...
 
 
  --
  gpg --keyserver pgp.mit.edu --recv-key 092164A7
 
  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users
 
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-9.7.2-P2 install fails

2010-09-28 Thread michael 
Hello Mark,

Thanks for the reply!

I will try in a few hours --with-make-clean=no

Thanks,

Michael...

On Tue, Sep 28, 2010 at 6:47 PM, Mark Andrews ma...@isc.org wrote:

 In message aanlktinsxc4fepygl2jso8p0zngxsuivp32z9jcxx...@mail.gmail.com, 
 mich
 ael writes:
 On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote:
  Hello,
 
  On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote:
  Le mercredi 29 septembre 2010 02:34, michael a =E9crit=A0:
  Hello,
 
  Trying to upgrade to Bind-9.7.2-P2 on an older Linux system.
 
  Can't locate warnings.pm in @INC (@INC contains:
  /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503
  /usr/lib/perl5/site_perl/5.005/i386-linux
  /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20.
  BEGIN failed--compilation aborted at ./bindkeys.pl line 20.
  make[2]: *** [bind.keys.h] Error 2
  make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named'
  make[1]: *** [subdirs] Error 1
  make[1]: Leaving directory `/home/src/bind-9.7.2/bin'
  make: *** [subdirs] Error 1
 
  Ideas are most appreciated.
 
  Thanks,
 
  Michael...
  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users
 
  perl 5 .005003 is very older version of perl
  it s probably buggy
  try to upgrade perl 5.6 or try after to compile one new perl 5.6
 
  anonymou
 
 
  Thanks for your reply. =A0The current version 9.6.2 which was also an
  upgrade from numerous older versions through the years went fine. =A0I
  am hoping not to have to upgrade to a newer perl.

 You can tell configure not to do the make clean (--with-make-clean=no)
 or apply this patch to bind-9.7.2-P2/bin/named/Makefile.in.

 Mark

 Index: Makefile.in
 ===
 RCS file: /proj/cvs/prod/bind9/bin/named/Makefile.in,v
 retrieving revision 1.111
 diff -u -r1.111 Makefile.in
 --- Makefile.in 20 Jun 2010 23:46:44 -      1.111
 +++ Makefile.in 29 Sep 2010 01:29:12 -
 @@ -143,7 +143,10 @@
        rm -f ${MANOBJS}

  clean distclean maintainer-clean::
 -       rm -f ${TARGETS} ${OBJS} bind.keys.h
 +       rm -f ${TARGETS} ${OBJS}
 +
 +maintainer-clean::
 +       rm -f bind.keys.h

  bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
        ${PERL} ${srcdir}/convertxsl.pl  ${srcdir}/bind9.xsl  bind9.xsl.h
 
  Thanks,
 
  Michael...
 
 
  --
  gpg --keyserver pgp.mit.edu --recv-key 092164A7
 
  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users
 
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
 --
 Mark Andrews, ISC
 1 Seymour St., Dundas Valley, NSW 2117, Australia
 PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-9.7.2-P2 install fails

2010-09-28 Thread michael 
Hello Mark,

On Tue, Sep 28, 2010 at 6:53 PM, michael mteic...@gmail.com wrote:
 Hello Mark,

 Thanks for the reply!

 I will try in a few hours --with-make-clean=no

 Thanks,

 Michael...

Success!

Thanks for the answer as well as many years of a great product!!

Michael...



 On Tue, Sep 28, 2010 at 6:47 PM, Mark Andrews ma...@isc.org wrote:

 In message aanlktinsxc4fepygl2jso8p0zngxsuivp32z9jcxx...@mail.gmail.com, 
 mich
 ael writes:
 On Tue, Sep 28, 2010 at 6:10 PM, michael mteic...@gmail.com wrote:
  Hello,
 
  On Tue, Sep 28, 2010 at 6:01 PM, fakessh fake...@fakessh.eu wrote:
  Le mercredi 29 septembre 2010 02:34, michael a =E9crit=A0:
  Hello,
 
  Trying to upgrade to Bind-9.7.2-P2 on an older Linux system.
 
  Can't locate warnings.pm in @INC (@INC contains:
  /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503
  /usr/lib/perl5/site_perl/5.005/i386-linux
  /usr/lib/perl5/site_perl/5.005 .) at ./bindkeys.pl line 20.
  BEGIN failed--compilation aborted at ./bindkeys.pl line 20.
  make[2]: *** [bind.keys.h] Error 2
  make[2]: Leaving directory `/home/src/bind-9.7.2/bin/named'
  make[1]: *** [subdirs] Error 1
  make[1]: Leaving directory `/home/src/bind-9.7.2/bin'
  make: *** [subdirs] Error 1
 
  Ideas are most appreciated.
 
  Thanks,
 
  Michael...
  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users
 
  perl 5 .005003 is very older version of perl
  it s probably buggy
  try to upgrade perl 5.6 or try after to compile one new perl 5.6
 
  anonymou
 
 
  Thanks for your reply. =A0The current version 9.6.2 which was also an
  upgrade from numerous older versions through the years went fine. =A0I
  am hoping not to have to upgrade to a newer perl.

 You can tell configure not to do the make clean (--with-make-clean=no)
 or apply this patch to bind-9.7.2-P2/bin/named/Makefile.in.

 Mark

 Index: Makefile.in
 ===
 RCS file: /proj/cvs/prod/bind9/bin/named/Makefile.in,v
 retrieving revision 1.111
 diff -u -r1.111 Makefile.in
 --- Makefile.in 20 Jun 2010 23:46:44 -      1.111
 +++ Makefile.in 29 Sep 2010 01:29:12 -
 @@ -143,7 +143,10 @@
        rm -f ${MANOBJS}

  clean distclean maintainer-clean::
 -       rm -f ${TARGETS} ${OBJS} bind.keys.h
 +       rm -f ${TARGETS} ${OBJS}
 +
 +maintainer-clean::
 +       rm -f bind.keys.h

  bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
        ${PERL} ${srcdir}/convertxsl.pl  ${srcdir}/bind9.xsl  bind9.xsl.h
 
  Thanks,
 
  Michael...
 
 
  --
  gpg --keyserver pgp.mit.edu --recv-key 092164A7
 
  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users
 
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
 --
 Mark Andrews, ISC
 1 Seymour St., Dundas Valley, NSW 2117, Australia
 PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Round robin DNS query response

2010-09-28 Thread SW 
Hi everyone...

I am rather new to the world of DNS so I¹m hoping to get some of your
expertise...

Is there a way to make BIND respond DNS query in sequence?  For example, if
I assign 2 IP addresses to an A record, is it possible to have it respond
like...

Client 1 for www.example.com - 192.168.1.1
Client 2 for www.example.com - 192.168.1.2
Client 3 for www.example.com - 192.168.1.3
...and so on.

I know companies use load balancer for this function, but my customer in
this case don¹t really want to make additional investment  :P


Thanks,
SW
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users