Re: OT: checking subnet delegation?
On 1/4/11 4:32 PM, online-reg wrote: Hi All: I have a /28 that was supposed to be delegated to my NS by my ISP. How can I check that it is correctly delegated? I have the in-addr.arpa zone configured in my NS and it resolves properly when I test it locally, but if I test using a remote service no reverse is found. The subnet is 216.218.227.128/28 it should be delegated to ns.enigmedia.com and ns1.enigmedia.com It is: zarathustra:~ skull$ dig +trace -x 216.218.227.128 ; DiG 9.6.0-APPLE-P2 +trace -x 216.218.227.128 ;; global options: +cmd . 168344 IN NS a.root-servers.net. . 168344 IN NS g.root-servers.net. . 168344 IN NS f.root-servers.net. . 168344 IN NS l.root-servers.net. . 168344 IN NS b.root-servers.net. . 168344 IN NS j.root-servers.net. . 168344 IN NS e.root-servers.net. . 168344 IN NS d.root-servers.net. . 168344 IN NS k.root-servers.net. . 168344 IN NS c.root-servers.net. . 168344 IN NS m.root-servers.net. . 168344 IN NS i.root-servers.net. . 168344 IN NS h.root-servers.net. ;; Received 508 bytes from 2a02:9a8:1:100::ff16#53(2a02:9a8:1:100::ff16) in 2 ms 216.in-addr.arpa. 86400 IN NS U.ARIN.NET. 216.in-addr.arpa. 86400 IN NS DILL.ARIN.NET. 216.in-addr.arpa. 86400 IN NS W.ARIN.NET. 216.in-addr.arpa. 86400 IN NS V.ARIN.NET. 216.in-addr.arpa. 86400 IN NS Y.ARIN.NET. 216.in-addr.arpa. 86400 IN NS T.ARIN.NET. 216.in-addr.arpa. 86400 IN NS X.ARIN.NET. 216.in-addr.arpa. 86400 IN NS Z.ARIN.NET. ;; Received 185 bytes from 192.33.4.12#53(c.root-servers.net) in 107 ms 227.218.216.in-addr.arpa. 86400 IN NS ns4.he.net. 227.218.216.in-addr.arpa. 86400 IN NS ns5.he.net. 227.218.216.in-addr.arpa. 86400 IN NS ns3.he.net. 227.218.216.in-addr.arpa. 86400 IN NS ns2.he.net. 227.218.216.in-addr.arpa. 86400 IN NS ns1.he.net. ;; Received 142 bytes from 192.42.93.32#53(Y.ARIN.NET) in 178 ms 128.227.218.216.in-addr.arpa. 86400 IN CNAME 128.128-143.227.218.216.in-addr.arpa. 128-143.227.218.216.in-addr.arpa. 86400 IN NS ns.enigmedia.com. 128-143.227.218.216.in-addr.arpa. 86400 IN NS ns1.enigmedia.com. ;; Received 120 bytes from 2001:470:200::2#53(ns2.he.net) in 179 ms My zone file is 128-143.227.218.216.in-addr.arpa Not sure if the problem is on my end or if it's not delegated properly? zarathustra:~ skull$ fast-rdns.pl 216.218.227.128/28 # Stepping through 216.218.227.128/28 every 1 IPs 216.218.227.128 128.128-143.227.218.216.in-addr.arpa. 216.218.227.129 129.128-143.227.218.216.in-addr.arpa. 216.218.227.130 130.128-143.227.218.216.in-addr.arpa. 216.218.227.130 mail.searchpartner.pro. 216.218.227.131 131.128-143.227.218.216.in-addr.arpa. 216.218.227.131 ns1.enigmedia.com. 216.218.227.132 132.128-143.227.218.216.in-addr.arpa. 216.218.227.132 webmail.enigmedia.com. 216.218.227.133 133.128-143.227.218.216.in-addr.arpa. 216.218.227.133 133.searchpartner.pro. 216.218.227.134 134.128-143.227.218.216.in-addr.arpa. 216.218.227.134 www.badbeardscoffee.com. 216.218.227.135 135.128-143.227.218.216.in-addr.arpa. 216.218.227.135 www.sweetcitycandy.com. 216.218.227.136 136.128-143.227.218.216.in-addr.arpa. 216.218.227.136 www.metrocandy.com. 216.218.227.137 137.128-143.227.218.216.in-addr.arpa. 216.218.227.137 www.northsouthmusic.org. 216.218.227.138 138.128-143.227.218.216.in-addr.arpa. 216.218.227.138 www.searchpartner.pro. 216.218.227.139 139.128-143.227.218.216.in-addr.arpa. 216.218.227.139 139.searchpartner.pro. 216.218.227.140 140.128-143.227.218.216.in-addr.arpa. 216.218.227.140 www.myngrid.com. 216.218.227.141 141.128-143.227.218.216.in-addr.arpa. 216.218.227.141 www.dogtownbites.com. 216.218.227.142 142.128-143.227.218.216.in-addr.arpa. 216.218.227.142 142.searchpartner.pro. 216.218.227.143 143.128-143.227.218.216.in-addr.arpa. # Took 3 seconds to scan 216.218.227.128/28 with stepsize 1 -- Paranoia is a disease unto itself. And may I add: the person standing next to you may not be who they appear to be, so take precaution. - http://bofhskull.wordpress.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OT: checking subnet delegation?
On 04/01/11 15:32, online-reg wrote: Hi All: I have a /28 that was supposed to be delegated to my NS by my ISP. How can I check that it is correctly delegated? I have the in-addr.arpa zone configured in my NS and it resolves properly when I test it locally, but if I test using a remote service no reverse is found. dig +trace -x 216.218.227.128 The subnet is 216.218.227.128/28 it should be delegated to ns.enigmedia.com and ns1.enigmedia.com You'll see that the trace ends in a CNAME to the sub-/24 zone, along with NS records: 128.227.218.216.in-addr.arpa. 86400 IN CNAME 128.128-143.227.218.216.in-addr.arpa. 128-143.227.218.216.in-addr.arpa. 86400 IN NS ns.enigmedia.com. 128-143.227.218.216.in-addr.arpa. 86400 IN NS ns1.enigmedia.com. ...which looks correct to me? Your zone then needs to contain: 128.128-143.227.218.216.in-addr.arpa. IN PTR host128.nnn 129.128-143.227.218.216.in-addr.arpa. IN PTR host129.nnn ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OT: checking subnet delegation?
create slave zone with ptr and master zone is documented with the manual anonymous Le mardi 04 janvier 2011 à 07:32 -0800, online-reg a écrit : Hi All: I have a /28 that was supposed to be delegated to my NS by my ISP. How can I check that it is correctly delegated? I have the in-addr.arpa zone configured in my NS and it resolves properly when I test it locally, but if I test using a remote service no reverse is found. The subnet is 216.218.227.128/28 it should be delegated to ns.enigmedia.com and ns1.enigmedia.com My zone file is 128-143.227.218.216.in-addr.arpa Not sure if the problem is on my end or if it's not delegated properly? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: checking subnet delegation?
Hi All: I have a /28 that was supposed to be delegated to my NS by my ISP. How can I check that it is correctly delegated? I have the in-addr.arpa zone configured in my NS and it resolves properly when I test it locally, but if I test using a remote service no reverse is found. The subnet is 216.218.227.128/28 it should be delegated to ns.enigmedia.com and ns1.enigmedia.com It is: Thanks, Skull! My zone file is 128-143.227.218.216.in-addr.arpa Not sure if the problem is on my end or if it's not delegated properly? zarathustra:~ skull$ fast-rdns.pl 216.218.227.128/28 # Stepping through 216.218.227.128/28 every 1 IPs 216.218.227.128 128.128-143.227.218.216.in-addr.arpa. 216.218.227.129 129.128-143.227.218.216.in-addr.arpa. 216.218.227.130 130.128-143.227.218.216.in-addr.arpa. 216.218.227.130 mail.searchpartner.pro. 216.218.227.131 131.128-143.227.218.216.in-addr.arpa. 216.218.227.131 ns1.enigmedia.com. ... # Took 3 seconds to scan 216.218.227.128/28 with stepsize 1 Great, so it looks like it's set up correctly. I was testing it with a few public reverse-dns lookup tools yesterday, (e.g http://postmaster.aol.com/cgi-bin/plugh/rdns.pl) and no PTRs were being found. At the same time, DIG returned the correct info when I queried my NS directly...I have the feeling my upstream's NS was at fault, because everything's working now :( ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: checking subnet delegation?
Hi All: I have a /28 that was supposed to be delegated to my NS by my ISP. How can I check that it is correctly delegated? I have the in-addr.arpa zone configured in my NS and it resolves properly when I test it locally, but if I test using a remote service no reverse is found. dig +trace -x 216.218.227.128 The subnet is 216.218.227.128/28 it should be delegated to ns.enigmedia.com and ns1.enigmedia.com You'll see that the trace ends in a CNAME to the sub-/24 zone, along with NS records: 128.227.218.216.in-addr.arpa. 86400 IN CNAME 128.128-143.227.218.216.in-addr.arpa. 128-143.227.218.216.in-addr.arpa. 86400 IN NS ns.enigmedia.com. 128-143.227.218.216.in-addr.arpa. 86400 IN NS ns1.enigmedia.com. ...which looks correct to me? Thanks for the proper query syntax, Phil! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: checking subnet delegation?
Le mardi 04 janvier 2011 à 08:33 -0800, online-reg a écrit : Hi All: I have a /28 that was supposed to be delegated to my NS by my ISP. How can I check that it is correctly delegated? I have the in-addr.arpa zone configured in my NS and it resolves properly when I test it locally, but if I test using a remote service no reverse is found. The subnet is 216.218.227.128/28 it should be delegated to ns.enigmedia.com and ns1.enigmedia.com It is: Thanks, Skull! My zone file is 128-143.227.218.216.in-addr.arpa Not sure if the problem is on my end or if it's not delegated properly? zarathustra:~ skull$ fast-rdns.pl 216.218.227.128/28 # Stepping through 216.218.227.128/28 every 1 IPs 216.218.227.128 128.128-143.227.218.216.in-addr.arpa. 216.218.227.129 129.128-143.227.218.216.in-addr.arpa. 216.218.227.130 130.128-143.227.218.216.in-addr.arpa. 216.218.227.130 mail.searchpartner.pro. 216.218.227.131 131.128-143.227.218.216.in-addr.arpa. 216.218.227.131 ns1.enigmedia.com. ... # Took 3 seconds to scan 216.218.227.128/28 with stepsize 1 Great, so it looks like it's set up correctly. I was testing it with a few public reverse-dns lookup tools yesterday, (e.g http://postmaster.aol.com/cgi-bin/plugh/rdns.pl) and no PTRs were being found. At the same time, DIG returned the correct info when I queried my NS directly...I have the feeling my upstream's NS was at fault, because everything's working now :( the ptr is same defined in the slave zone with the correct serial ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Controlling many DNS servers using rndc
What is the best approach to control 100s of DNS servers using rndc ? All these servers run BIND 9.3.x and are unix hosts. I was thinking about a script which does a ssh to each of these hosts in sequence and execute 'rndc command'. But I was looking for much more efficient/parallel way to do this.. thoughts? Blr ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Controlling many DNS servers using rndc
On Tue, Jan 04, 2011 at 02:58:13PM -0800, blrmaani wrote: What is the best approach to control 100s of DNS servers using rndc ? All these servers run BIND 9.3.x and are unix hosts. I was thinking about a script which does a ssh to each of these hosts in sequence and execute 'rndc command'. But I was looking for much more efficient/parallel way to do this.. thoughts? Either of these should work for you. http://outflux.net/unix/software/gsh http://guichaz.free.fr/gsh/ - Nate Itkin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Controlling many DNS servers using rndc
What is the best approach to control 100s of DNS servers using rndc ? All these servers run BIND 9.3.x and are unix hosts. I was thinking about a script which does a ssh to each of these hosts in sequence and execute 'rndc command'. But I was looking for much more efficient/parallel way to do this.. Depends, really. rndc itself can work remotely, but that might not be an option in all networks. Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: bind slave not get DNS update
I don't have NS record for both of the slaves (windows DNS slave and Linux DNS
slave). I use also-notify and it works for Windows DNS slave. But not for
BIND/Linux.
also-notify {
B.B.B.B;# public IP of first
DNS slave(windows DNS)
C.C.C.C;# public IP of second
DNS slave(Linux BIND DNS)
};
Thanks,
Steve
-Original Message-
From: bind-users-bounces+stevez=airg@lists.isc.org
[mailto:bind-users-bounces+stevez=airg@lists.isc.org] On Behalf Of Robert
Spangler
Sent: Tuesday, January 04, 2011 5:29 PM
To: bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
On Tuesday 04 January 2011 19:43, Steve Zeng wrote:
We have a BIND DNS master and Windows DNS slave running for a while. I
recently configured a second DNS slave running on Linux/Centos. When I
stop/start the second DNS slave. It gets all zone files correctly. However,
it does not get update when I make a zone file modification and increased
the sn on the master. The odd thing is, I don't see any xfer-out log in the
master(I do see the xfer-out log for the windows DNS slave, though).
Googling around and search BIND maillist archive does not get much clue
either... any hint is greatly appreciated..
Is there an NS record in the zone files for the newly added DNS server? If
not then you are going to have to add either a Notify statement in the master
config for the new server or add it as an NS record to the zone file. This
is how the Master knows who to inform of changes.
--
Regards
Robert
Linux
The adventure of a life time.
Linux User #296285
Get Counted
http://counter.li.org/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: bind slave not get DNS update
Steve,
If you run rndc transfer from Linux bind, what do you see?
--
Paul Ooi
On 05-Jan-2011, at 9:50 AM, Steve Zeng wrote:
I don't have NS record for both of the slaves (windows DNS slave and Linux
DNS slave). I use also-notify and it works for Windows DNS slave. But not
for BIND/Linux.
also-notify {
B.B.B.B;# public IP of first
DNS slave(windows DNS)
C.C.C.C;# public IP of second
DNS slave(Linux BIND DNS)
};
Thanks,
Steve
-Original Message-
From: bind-users-bounces+stevez=airg@lists.isc.org
[mailto:bind-users-bounces+stevez=airg@lists.isc.org] On Behalf Of Robert
Spangler
Sent: Tuesday, January 04, 2011 5:29 PM
To: bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
On Tuesday 04 January 2011 19:43, Steve Zeng wrote:
We have a BIND DNS master and Windows DNS slave running for a while. I
recently configured a second DNS slave running on Linux/Centos. When I
stop/start the second DNS slave. It gets all zone files correctly. However,
it does not get update when I make a zone file modification and increased
the sn on the master. The odd thing is, I don't see any xfer-out log in the
master(I do see the xfer-out log for the windows DNS slave, though).
Googling around and search BIND maillist archive does not get much clue
either... any hint is greatly appreciated..
Is there an NS record in the zone files for the newly added DNS server? If
not then you are going to have to add either a Notify statement in the master
config for the new server or add it as an NS record to the zone file. This
is how the Master knows who to inform of changes.
--
Regards
Robert
Linux
The adventure of a life time.
Linux User #296285
Get Counted
http://counter.li.org/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
only the response has aa flag can be cached?
Hello, I'm not sure about, is it true that only the response which has included the aa in flags can be cached by client DNS Cache? For example, for my domain, there are two queries below, the result for the first query won't be cached, but the second will be cached, am I right? $ dig mail.nsbeta.info ns @ns34.domaincontrol.com ; DiG 9.4.2-P2 mail.nsbeta.info ns @ns34.domaincontrol.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 12892 ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mail.nsbeta.info. IN NS ;; ANSWER SECTION: mail.nsbeta.info. 1800IN NS dwdns2.nsbeta.info. mail.nsbeta.info. 1800IN NS dwdns1.nsbeta.info. ;; ADDITIONAL SECTION: dwdns2.nsbeta.info. 3600IN A 219.129.239.5 dwdns1.nsbeta.info. 3600IN A 120.132.133.48 -- $ dig mail.nsbeta.info ns @dwdns2.nsbeta.info ; DiG 9.4.2-P2 mail.nsbeta.info ns @dwdns2.nsbeta.info ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 28561 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mail.nsbeta.info. IN NS ;; ANSWER SECTION: mail.nsbeta.info. 3600IN NS dwdns1.nsbeta.info. mail.nsbeta.info. 3600IN NS dwdns2.nsbeta.info. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: enable a dynamic zone
Hi,
Nope. Dynamic zone require keys exchange for zone transfer.
--
Paul Ooi
On 05-Jan-2011, at 11:01 AM, p...@mail.nsbeta.info wrote:
Hello,
When adding a statement of something like:
allow-update { 127.0.0.1; };
to the zone configuration, this zone will become a dynamic zone, is it?
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
