cname of cname of cname not working in bind 9.8.0
Hello, Migrated from v9.4.2 to v9.8.0 and found a strange thing, when i create a cname of a cname of a cname ex. gagagaga.test.com. IN CNAME gagaga.test.com. gagaga.test.com. IN CNAME gaga.test.com. gaga.test.com. IN CNAME ga.test.com. ga.test.com IN A 1.1.1.1 then i nslookup gagagaga on the bind server for example (true for slaves clients too) randomly i have an error message : Non-existent host/domain when i spam nslookup gagagaga sometime it works sometime it does not (ex 8 out of 10 times its ok , 2 times its not, then its 7 not ok out of 10 etc) i had no problem with v9.4.2 and downgraded to v9.7.3 (same configuration) and i have no problem at all with v9.7.3 Natixis Asset Management Mobiliser les expertises pour créer de la valeur ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
priority with A record?
Hi, can i make priority on a A or NS record? Since with round robin if i put the same record record 2 or 3 time, Bind ignore the duplicates Records, means this: wikipedia NS ns2.wikimedia.org. wikipedia NS ns0.wikimedia.org. is the same like this: wikipedia NS ns2.wikimedia.org. wikipedia NS ns0.wikimedia.org. wikipedia NS ns0.wikimedia.org. In this 2 case it will send 50% of traffic to ns2 and 50% to ns0; Is there anyway to enable priority on A or NS record? Thanks. IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: priority with A record?
iharrathi@orange-ftgroup.com wrote: Is there anyway to enable priority on A or NS record? No. Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.7 behavior - lack of response causes
- Original Message From: Mark Andrews ma...@isc.org To: Fr34k freaknet...@yahoo.com Cc: Bindlist bind-us...@isc.org Sent: Mon, April 4, 2011 9:02:35 PM Subject: Re: BIND 9.7 behavior - lack of response causes What do you have lame-ttl set to? I don't. That is, I don't have lame-ttl explicitly listed in my named.conf. In message 361220.19486...@web121407.mail.ne1.yahoo.com, Fr34k writes: Hello, Given: BIND 9.7.2-P2 on Solaris 10. For about an hour, I had a network event where a caching DNS server could not get recursive queries back from authoritative DNS servers on the Internet. Obviously, this is a problem. Moreover, the authority for our most popular hostnames have set very low TTLs (less than a minute), so nothing in cache for the server to call upon during this hour long event. Yuck. A snoop of port 53 traffic at the time shows client PCs requested hostname resolution -- as they would normally do. Now, for the interesting part. From the same snoop of traffic, the caching DNS server did not send ANY resp onse back to these PC clients for these low TTL popular hostnames. Keep in mind that I did snoop until *after* the event started. So, it may be the case that some BIND mechanism was behaving appropriate for queries which it could not act upon. I can appreciate that BIND makes decisi ons with network performance in mind. In my attempts to understand negative caching, Sections 7.1 and 7.2 of RFC 23 08 list Server Failure and Dead / Unreachable Server as (OPTIONAL) utilities. Bind 9.7 ARM says that the server stores negative answers for (default) 3 hours; however, I'm not sure what the expected BIND behavior is. Would some mechanism, such has max-ncache-ttl or clients-per-query, be responsible for this lack of return traffic? Anyone have ideas to share? Thank you. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Deny query to specific domain
Hello, Is there a way in BIND to deny or block query to a specific domain? For example, I don't want anyone within my organization to do query on example.com. Is there any option in named.conf allow to do that? Thanks Linh Khuu ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Deny query to specific domain
Linh Khuu wrote: Is there a way in BIND to deny or block query to a specific domain? For example, I don't want anyone within my organization to do query on example.com. Is there any option in named.conf allow to do that? Yes, either set your server as being authoritative for that domain (define it as a zone etc.), or configure RPZ which is supported in BIND 9.8.0 for example. Regards Eivind Olsen eiv...@aminor.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: priority with A record?
On Apr 5, 2011, at 8:23 AM, iharrathi@orange-ftgroup.com wrote: Hi, can i make priority on a A or NS record? Since with round robin if i put the same record record 2 or 3 time, Bind ignore the duplicates Records, means this: wikipedia NS ns2.wikimedia.org. wikipedia NS ns0.wikimedia.org. is the same like this: wikipedia NS ns2.wikimedia.org. wikipedia NS ns0.wikimedia.org. wikipedia NS ns0.wikimedia.org. In this 2 case it will send 50% of traffic to ns2 and 50% to ns0; Is there anyway to enable priority on A or NS record? Well, there's SRV records, but not much supports them, so, no... W Thanks. IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: priority with A record?
On 4/5/2011 8:23 AM, iharrathi@orange-ftgroup.com wrote: Hi, can i make priority on a A or NS record? Since with round robin if i put the same record record 2 or 3 time, Bind ignore the duplicates Records, means this: wikipediaNSns2.wikimedia.org. wikipediaNSns0.wikimedia.org. is the same like this: wikipediaNSns2.wikimedia.org. wikipediaNSns0.wikimedia.org. wikipediaNSns0.wikimedia.org. In this 2 case it will send 50% of traffic to ns2 and 50% to ns0; Is there anyway to enable priority on A or NS record? Thanks. For NS records, there is no way to do this in BIND, and it's completely unnecessary anyway, since every major DNS full-resolver implementation will keep track of how fast nameservers respond -- based on round-trip times, known as RTTs -- and prefer faster-responding nameservers over slower-responding ones. So the load spreads itself automatically, and failures -- which are assessed as really bad performance -- are routed around. For A/ records, there are mechanisms to control the order in which the records are presented. See sortlist and rrset-order (not sure that rrset-order even exists in later versions of BIND, since I've never used it in production). However, these are only practical on tightly-controlled intranets, where all of the BIND-instance configurations can be kept in sync with each other, otherwise one BIND instance may undo the careful address-record ordering that another performs. rrset-order and sortlist are pretty much useless for Internet names, since the vast majority Internet users get their DNS through intermediate resolvers, which will usually randomize or round-robin the responses whenever they are answering from their caches. As another poster pointed out, SRV records provide the capability for the domain owner to implement per-name failover and weighting of targets, in the DNS data itself. But, thusfar the DNS community hasn't had much success getting client-software developers (e.g. browser developers) to adopt SRV record support. Meanwhile, certain network-hardware companies (including among others a certain huge router vendor) rake in big money with their sledgehammer load-balancer device approach to the problem. There are software approaches to network load-balancing as well, but I have no direct experience with those. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Problems With allow-update-forwarding
This weekend my stealth master DNS went off the network for a few hours due to a problem with some fiber. Two of my six slaves seemed to be adversely affected by the master's outage. The expire time on my zones is a week, and we have always believed (and in fact observed) that the zones can stay healthy for days without contact from the stealth master. However, this weekend two of the slaves had problems. Close examination of the configs showed only one difference between these slaves and the other four. These two are configured with allow-update-forwarding for six reverse zones, to allow Windows AD client machines to create their own PTR records. Naturally, it was impossible for these updates to be forwarded when the master was off line. Could this have caused the average lookup times to go from 40ms to over 1000ms for these two servers? It doesn't seem that it could, since it is a totally different sort of operation, but I can only find this difference between these two and the other four. Thanks for your help, Alan Alan V. Shackelford Sr. Systems Software Engineer The Johns Hopkins University and Johns Hopkins Medical Institutions Baltimore, Maryland USA 410-735-4773ashac...@jhmi.edu PGP.sig Description: PGP signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.4.3-P2 doesn't delegate zone!
A. Stop using nslookup. It's a really horrible DNS troubleshooting tool. Learn to use dig. B. Do a zone transfer (via dig) of the united-networks.ru zone from the primary master, to verify that the correct delegation record, and associated glue, are contained within named's in-core database of the zone C. The domain.united-networks.ru A record (between the delegation NS record and the srvmain glue record) in the parent zone is completely useless, since it's not required glue and would be covered up by any A record -- or even the absence of an A record -- at the apex of the child zone. I would delete that A record from the parent zone -- its only function is to use up space and engender confusion. D. Your SOA query of the child zone from its master returned no NS records in the Authority Section, which is rather odd. How are the NS records configured in the child zone? Do they match the delegation record from the parent zone? - Kevin On 4/2/2011 1:05 PM, Яцко Эллад Геннадьевич wrote: Dear Phil! What did you mean saying: Are you sure you've reloaded the zone? Did you mean do I rndc reload united-networks.ru in internal - Yes! I don't remember, did I change serial every time I changed zone-file. But now I did all the things required. I changed serial, I reloaded zone, I even restarted named its own! :-) There is the following effect (from viewpoint of 172.16.77.11): C:\Program Files\Far2nslookup srvmain.domain.united-networks.ru. 172.16.77.1 ╤хЁтхЁ: srvgate-msk.runoguy.ru Address: 172.16.77.1 ╚ь : srvmain.domain.united-networks.ru Address: 172.16.77.2 C:\Program Files\Far2 NAMED knows its address itself: 19611.924018 172.16.77.11 - 172.16.77.1 DNS Standard query PTR 1.77.16.172.in-addr.arpa 19611.924375 172.16.77.1 - 172.16.77.11 DNS Standard query response PTR srvgate-msk.runoguy.ru 19611.926342 172.16.77.11 - 172.16.77.1 DNS Standard query A srvmain.domain.united-networks.ru 19611.926516 172.16.77.1 - 172.16.77.11 DNS Standard query response A 172.16.77.2 19611.927755 172.16.77.11 - 172.16.77.1 DNS Standard query srvmain.domain.united-networks.ru 19611.927895 172.16.77.1 - 172.16.77.11 DNS Standard query response But the next is courious: C:\Program Files\Far2nslookup domain.united-networks.ru. 172.16.77.1 ╤хЁтхЁ: srvgate-msk.runoguy.ru Address: 172.16.77.1 ╚ь : domain.united-networks.ru C:\Program Files\Far2 And: 19664.732793 172.16.77.11 - 172.16.77.1 DNS Standard query PTR 1.77.16.172.in-addr.arpa 19664.733079 172.16.77.1 - 172.16.77.11 DNS Standard query response PTR srvgate-msk.runoguy.ru 19664.739041 172.16.77.11 - 172.16.77.1 DNS Standard query A domain.united-networks.ru 19664.739441 172.16.77.1 - 172.16.77.11 DNS Standard query response 19664.741088 172.16.77.11 - 172.16.77.1 DNS Standard query domain.united-networks.ru 19664.741265 172.16.77.1 - 172.16.77.11 DNS Standard query response Andwhen I tried to look up existing hostname from domain.united-networks.ru: C:\Program Files\Far2nslookup main.domain.united-networks.ru. 172.16.77.1 ╤хЁтхЁ: srvgate-msk.runoguy.ru Address: 172.16.77.1 *** srvgate-msk.runoguy.ru cannot find main.domain.united-networks.ru.: Non-existent domain C:\Program Files\Far2 ↑ I see in thsark's output the following: 19167.908192 172.16.77.11 - 172.16.77.1 DNS Standard query PTR 1.77.16.172.in-addr.arpa 19167.908505 172.16.77.1 - 172.16.77.11 DNS Standard query response PTR srvgate-msk.runoguy.ru 19167.910291 172.16.77.11 - 172.16.77.1 DNS Standard query A main.domain.united-networks.ru 19167.910439 172.16.77.1 - 172.16.77.11 DNS Standard query response, No such name 19167.911593 172.16.77.11 - 172.16.77.1 DNS Standard query main.domain.united-networks.ru 19167.911837 172.16.77.1 - 172.16.77.11 DNS Standard query response, No such name I couldn't see that 172.16.77.1 (srvgate-msk) asks for main 172.16.77.2 (srvmain - recursion allowed) Here is output of command that you requested: /etc/namedb dig +norec @localhost domain.united-networks.ru. soa ; DiG 9.4.3-P2 +norec @localhost domain.united-networks.ru. soa ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 7449 ;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;domain.united-networks.ru. IN SOA ;; AUTHORITY SECTION: united-networks.ru. 3600IN SOAns1.united-networks.ru. root.united-networks.ru. 2011040213 900 600 86400 3600 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Apr 2 20:32:49 2011 ;; MSG SIZE rcvd: 88 /etc/namedb At the same time: /etc/namedb dig +norec @172.16.77.2
Re: cname of cname of cname not working in bind 9.8.0
then i nslookup gagagaga on the bind server for example (true for slaves clients too) randomly i have an error message : Non-existent host/domain when i spam nslookup gagagaga sometime it works sometime it does not (ex 8 out of 10 times its ok , 2 times its not, then its 7 not ok out of 10 etc) We've gotten a similar report from someone else, but so far I haven't been able to reproduce it. Could you please send this report to bind9-b...@isc.org with output from named -V, the OS and version you're running it on, a complete copy of named.conf (remove or obscure keys if you wish) and the zone file that exhibits the problem, and the exact command you're using to trigger this? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.8.0 in 2008 R2 x64 server
I'm moving one of our DNS servers (Win 2003 R2, v9.7.0) to a new 2008 R2 x64 server. After installing v9.8.0 I copied the /etc directory subdirectories, the named user has full rights in relevant directories and log on as a service rights... still I get the following error in eventviewer when trying to start the service: none:0: open: C:\Windows\system32\dns\etc\named.conf: file not found Any ideas? The named.conf file IS there, and the directories/datafiles are identical to our old, working server. Tested with administator as the user as well, same problem. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone File IP address/Hostname
Mistake #1: looking up something using a shortname. Apparently rac2.local is not in your stub resolver's local search list. Always use fully-qualified domain names (FQDNs) for client lookups, and educate your users to do so also. Using FQDNs is the most efficient, least ambiguous, and easiest-to-troubleshoot form of resource lookup from DNS. Mistake #2: trying to troubleshoot DNS using nslookup. With its default output format, nslookup is hiding all of its disgusting suffixing behavior from your eyes, thus leaving you in the dark as to what the problem is. Consider using a real DNS troubleshooting tool like dig, which doesn't do suffixing garbage (it looks up exactly what you ask it to look up, nothing more, nothing less), and with its default output format, shows you the full DNS response from the nameserver Mistake #3: the connection timed out error from nslookup implies that one of the names it tried to look up (either rac2-scan appended with some arbitrary suffix from your searchlist, or rac2-scan as a *root* name), ended up in a part of the namespace that your DNS infrastructure can't resolve at all. Most likely you have no direct connectivity to the Internet, yet you have neglected to set up your own internal root zone. So, your DNS infrastructure tries to go out and talk to the Internet root nameservers, and beats its head bloody on your firewalls and/or your routers and/or whatever, futilely trying to get response. Hence the timeout. I'm surprised your firewall guys haven't complained to you yet about all of the log noise you've been generating. Mistake #4: from the logs below, it appears that you have no A or records associated with the targets of certain NS records -- with a first label of apple -- in each of several zones. Either change the targets of those NS records to a fully-qualified name (instead of just apple), or supply the A/ records of apple.zone in each of those zone files so that they are internally complete. This appears to be another symptom of shortname-itis. Please learn the contexts in which shortnames work, and the contexts in which they do not, or where extra work is required to make them work. The safest thing is to always use FQDNs, as suggested above. - Kevin On 4/1/2011 9:09 AM, Tony MacDoodle wrote: I think it's something with one of the zone files, here is what I get nslookup rac-scan Server: xxx.xxx.xxx.xxx Address:xxx.xxx.xxx.xxx#53 Name: rac-scan.rac.local Address: xxx.xxx.xxx.xxx Name: rac-scan.rac.local Address: xxx.xxx.xxx.xxx Name: rac-scan.rac.local Address: xxx.xxx.xxx.xxx root:jabba:~# nslookup rac2-scan ;; connection timed out; no servers could be reached /var/adm/messages Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.info http://daemon.info] shutting down Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.notice] stopping command channel on 127.0.0.1#953 Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.info http://daemon.info] no longer listening on 127.0.0.1#53 Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.info http://daemon.info] no longer listening on xxx.xxx.xxx.24#53 Apr 1 09:05:16 apple named[1695]: [ID 873579 daemon.notice] exiting Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.notice] starting BIND 9.6.1-P3 -4 Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.notice] built with --prefix=/usr --with-libtool --bindir=/usr/sbin --sbindir=/usr/sbin --libdir=/usr/lib/dns --sysconfdir=/etc --localstatedir=/var --with-openssl=/usr/sfw --enable-threads=yes --enable-devpoll=yes --enable-fixed-rrset --disable-openssl-version-check -DNS_RUN_PID_DIR=0 Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.info http://daemon.info] found 8 CPUs, using 8 worker threads Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.info http://daemon.info] using up to 4096 sockets Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.info http://daemon.info] loading configuration from '/etc/named.conf' Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.info http://daemon.info] using default UDP/IPv4 port range: [1024, 65535] Apr 1 09:05:16 apple named[1715]: [ID 873579 daemon.info http://daemon.info] using default UDP/IPv6 port range: [1024, 65535] Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.info http://daemon.info] no IPv6 interfaces found Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.info http://daemon.info] listening on IPv4 interface lo0, 127.0.0.1#53 Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.info http://daemon.info] listening on IPv4 interface vnet0:1, xxx.xxx.xxx.24#53 Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.info http://daemon.info] automatic empty zone: 0.IN-ADDR.ARPA Apr 1 09:05:17 apple named[1715]: [ID 873579 daemon.info
Re: 9.8.0 in 2008 R2 x64 server
On Tue, 5 Apr 2011, Jukka Pakkanen wrote: I'm moving one of our DNS servers (Win 2003 R2, v9.7.0) to a new 2008 R2 x64 server. After installing v9.8.0 I copied the /etc directory subdirectories, the named user has full rights in relevant directories and log on as a service rights... still I get the following error in eventviewer when trying to start the service: none:0: open: C:\Windows\system32\dns\etc\named.conf: file not found Any ideas? The named.conf file IS there, and the directories/datafiles are identical to our old, working server. Tested with administator as the user as well, same problem. Start a command shell as that user and try to more the file? -Dan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
mix dns with ou without dnssec
hello bind guru I realized that you could mix dns seconday with or without dnssec is possible the script of the isc answers simply a warning to be validated -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.8.0 in 2008 R2 x64 server
In message alpine.bsf.2.00.1104052216180.2...@bikeshed.isc.org, Dan Mahoney w rites: On Tue, 5 Apr 2011, Jukka Pakkanen wrote: I'm moving one of our DNS servers (Win 2003 R2, v9.7.0) to a new 2008 R2 x6 4 server. After installing v9.8.0 I copied the /etc directory subdirectories, the named user has full rights in relevant directories and log on as a service rights... still I get the following error in eventviewer when trying to sta rt the service: none:0: open: C:\Windows\system32\dns\etc\named.conf: file not found Any ideas? The named.conf file IS there, and the directories/datafiles are identical to our old, working server. Tested with administator as the us er as well, same problem. Windows Vista and Windows 2008 maps system32 filenames to a different location that I can't remember off the top of my head. I would uninstall named and then re-install it in C:\Program Files\ISC\BIND9 or similar to avoid the mapping. The location of the configuration files are stored in the registry so everything should work if you do this. Start a command shell as that user and try to more the file? -Dan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.8.0 in 2008 R2 x64 server
On 4/5/2011 8:05 PM, Mark Andrews wrote: In message alpine.bsf.2.00.1104052216180.2...@bikeshed.isc.org, Dan Mahoney w rites: On Tue, 5 Apr 2011, Jukka Pakkanen wrote: I'm moving one of our DNS servers (Win 2003 R2, v9.7.0) to a new 2008 R2 x6 4 server. After installing v9.8.0 I copied the /etc directory subdirectories, the named user has full rights in relevant directories and log on as a service rights... still I get the following error in eventviewer when trying to sta rt the service: none:0: open: C:\Windows\system32\dns\etc\named.conf: file not found Any ideas? The named.conf file IS there, and the directories/datafiles are identical to our old, working server. Tested with administator as the us er as well, same problem. Windows Vista and Windows 2008 maps system32 filenames to a different location that I can't remember off the top of my head. I would uninstall named and then re-install it in C:\Program Files\ISC\BIND9 or similar to avoid the mapping. The location of the configuration files are stored in the registry so everything should work if you do this. I install my named to use d:/named/etc and avoid putting anything in system directories. It's a bad idea. You also need to make sure that you define the directory option in named.conf to point to this directory: options { directory d:\named\etc; notify no; recursion yes; } The BINDInstall installer should take care of this. I had made changes to the installer to avoid using system32/etc for just this reason though I don't think it's made it into the cvs head. You can run BINDInstall and click the Uninstall button to uninstall it there and then click on the Install button to put it in the right place. I put my named binaries in d:/named/bin, it's safer that way. Danny Start a command shell as that user and try to more the file? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users