Operation Cancelled Error
Hi, We deploy BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 and trying to do load test while doing it we got so many erros logs in named.run. What does it mean by lam servers operation canceled? Is it due to network rechability problem or bandwidth problem or anything others which related to bind? Kindly guide me solve it. 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'osnews.com/MX/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'campaignjobs.asia/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'couponbuddy.s3.amazonaws.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'ms-frontend.hse.ru/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'chriss2d.deviantart.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'www.cintegral.cl/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'krisknits.blogspot.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'css3.info/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'aventuras.isladejuegos.es/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'aliner.com/MX/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'uprl.kandk.ru/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'hospiceheart.org.s8a1.psmtp.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'orig-10060.conduit.cotcdn.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'sjc-dns1.ebaydns.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'sisar4k.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'musica.itematika.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'video-6.filmix.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'shop.ebay.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'mediawiki-lb.eqiad.wikimedia.org/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'www.carascorridas.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'technologie.gazeta.pl/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'ns1.kasperskylabs.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.732 lame-servers: info: error (operation canceled) resolving '142.192.186.24.in-addr.arpa/PTR/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.732 lame-servers: info: error (operation canceled) resolving 'geo.tp-cdn.com/A/IN': 8.8.8.8#53 Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenSSL problem: bind98-base FreeBSD port
On 9 Jul 2012, at 20:05, Matthew Pounsett m...@conundrum.com wrote: On 2012/07/08, at 22:25, Barry Margolin wrote: In article mailman. So to answer my earlier question, what file were you talking about copying into the chroot environment for BIND? The shared library. When you link dynamically, all the libraries have to be in $chroot/usr/lib. No, they don't. Shared libraries are picked up at runtime. Chrooting happens after that, once the libraries have already been read. Except that GOST is implemented as an engine which is dynamically loaded after startup. Called lib/engines/libgost.so I seem to remember that early versions of BIND's GOST support could not be disabled by the configure script - my build script hacked BIND's Makefile to disable it rather than put code in the chroot. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can I disable caching without disabling recursion?
Hi , Can I disable cache without disabling recursion? Thanks Regards, Ramesh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
Dear All,
I am running the version of BIND provided by RPM packages with RHEL 6.2.
This is a new server build replacing a previous server. That host was running
an earlier version of BIND and and earlier version of RHEL. The config files
have remained relatively the same, but the CPU utilization of the newer version
is magnitudes of order higher.
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+
COMMAND
30462named 20 0282m 80m 2588 S 43.5 2.1 378:33.05
named
I've seen other posts about missing managed-keys directive and attempted to
add that to my config as a solution. This does not seem to help. Here is my
named.conf (sanitized). I've made sure that recursion is limited to our ACL and
there doesn't seem to be any difference from previous periods in the number of
queries being answered by the server. Any help is much appreciated.
Yours,
Shon
~]# rndc status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
CPUs found: 2
worker threads: 2
number of zones: 84
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 6/0/1000
tcp clients: 0/100
server is up and running
// named.conf - BIND name server configuration file
include /etc/rndc.key;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
// Blackhole requests from these networks
acl bogusnets {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
};
// Trusted networks
acl trusted {
some_trusted_networks;
};
// Trusted name servers
acl nameservers {
some_ips_of_nameservers;
};
// Global config options
options {
directory /var/named;
dump-file data/cache_dump.db;
statistics-file data/named_stats.txt;
managed-keys-directory /var/named/dynamic;
blackhole { bogusnets; };
allow-query { any; };
allow-query-cache { trusted; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
transfer-source 192.168.101.101;
also-notify { nameservers; };
allow-notify { nameservers };
notify explicit;
dnssec-enable no;
dnssec-validation no;
listen-on-v6 { none; };
};
server 192.168.101.101 {
edns no;
};
logging {
channel misc {
filelogs/named.log versions 4 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfers {
filelogs/named.xfers versions 4 size 1m;
print-severity yes;
print-time yes;
};
channel debug {
filelogs/named.debug versions 1 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel ops {
filelogs/named.ops versions 3 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel sys {
syslog daemon;
print-category yes;
};
category xfer-in { xfers; };
category xfer-out { xfers; };
category notify { xfers; };
category database { debug; };
category config { debug; };
category queries { ops; };
category client { ops; };
category resolver { ops; };
category security { sys; misc; };
category default { misc; };
};
// Default zones
zone . {
type hint;
file zones/root/db.root;
};
zone localhost {
type master;
file zones/local/db.local;
};
zone 127.in-addr.arpa {
type master;
file zones/local/db.127;
};
zone 0.in-addr.arpa {
type master;
file zones/local/db.0;
};
zone 255.in-addr.arpa {
type master;
file zones/local/db.255;
};
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND CPU load problems
Dear Mike, I am not being hit with a Denial of Service attack and the query logging doesn't appear to be any different from other hosts in the DNS complex. There are no errors in logs or messages files either. I have not installed a previous version from source. Yours, Shon From: Mike [mailto:ispbuil...@gmail.com] Sent: Tuesday, July 10, 2012 7:52 AM To: Shon Stephens Subject: BIND CPU load problems Have you tried: * installing a previous version of bind from source? * checking to see if you're being hit with a denial of service attack? * turned on query logging to see what bind is doing? -- Looking for (employment|contract) work in the Internet industry, preferrably working remotely. Building / Supporting the net since 2400 baud was the hot thing. Ask for a resume! ispbuil...@gmail.commailto:ispbuil...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND CPU load problems
On 10/07/12 12:56, Shon Stephens wrote: Dear Mike, I am not being hit with a Denial of Service attack and the query logging doesn't appear to be any different from other hosts in the DNS complex. There are no errors in logs or messages files either. I have not installed a previous version from source. Does strace indicate what the bind process is doing? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I disable caching without disabling recursion?
On Jul 10, 2012, at 2:37 AM, rams wrote: Hi , Can I disable cache without disabling recursion? For many of your questions is would be really helpful if you explained *why* you wanting to do X / what you are trying to accomplish… For example, forwarding may be what you want here, but without knowing why / what you are trying to do, it's going to be hard for folk to give you a useful answer… W Thanks Regards, Ramesh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --- Schizophrenia beats being alone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
2012/7/10 Shon Stephens ssteph...@mentora.com:
Dear All,
I am running the version of BIND provided by RPM packages with RHEL
6.2. This is a new server build replacing a previous server. That host was
running an earlier version of BIND and and earlier version of RHEL. The
config files have remained relatively the same, but the CPU utilization of
the newer version is magnitudes of order higher.
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+
COMMAND
30462named 20 0282m 80m 2588 S 43.5 2.1
378:33.05 named
I've seen other posts about missing managed-keys directive and attempted
to add that to my config as a solution. This does not seem to help. Here is
my named.conf (sanitized). I've made sure that recursion is limited to our
ACL and there doesn't seem to be any difference from previous periods in the
number of queries being answered by the server. Any help is much
appreciated.
Yours,
Shon
~]# rndc status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
CPUs found: 2
worker threads: 2
number of zones: 84
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 6/0/1000
tcp clients: 0/100
server is up and running
// named.conf - BIND name server configuration file
include /etc/rndc.key;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
// Blackhole requests from these networks
acl bogusnets {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
};
// Trusted networks
acl trusted {
some_trusted_networks;
};
// Trusted name servers
acl nameservers {
some_ips_of_nameservers;
};
// Global config options
options {
directory /var/named;
dump-file data/cache_dump.db;
statistics-file data/named_stats.txt;
managed-keys-directory /var/named/dynamic;
blackhole { bogusnets; };
allow-query { any; };
allow-query-cache { trusted; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
transfer-source 192.168.101.101;
also-notify { nameservers; };
allow-notify { nameservers };
notify explicit;
dnssec-enable no;
dnssec-validation no;
listen-on-v6 { none; };
};
server 192.168.101.101 {
edns no;
};
logging {
channel misc {
filelogs/named.log versions 4 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfers {
filelogs/named.xfers versions 4 size 1m;
print-severity yes;
print-time yes;
};
channel debug {
filelogs/named.debug versions 1 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel ops {
filelogs/named.ops versions 3 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel sys {
syslog daemon;
print-category yes;
};
category xfer-in { xfers; };
category xfer-out { xfers; };
category notify { xfers; };
category database { debug; };
category config { debug; };
category queries { ops; };
category client { ops; };
category resolver { ops; };
category security { sys; misc; };
category default { misc; };
};
Maybe it's caused by too many logging. Try disable them temporarilly,
or run named with -g argument in foreground, watch if there's
something unusal or appeared repeatedly.
Another method you can try is simplify your named.conf to track down
where the problem is. If it's not configuration problem, than it's
named maybe problematic.
// Default zones
zone . {
type hint;
file zones/root/db.root;
};
zone localhost {
type master;
file zones/local/db.local;
};
zone 127.in-addr.arpa {
type master;
file zones/local/db.127;
};
zone 0.in-addr.arpa {
type master;
file zones/local/db.0;
};
zone 255.in-addr.arpa {
type master;
file zones/local/db.255;
};
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote:
2012/7/10 Shon Stephens ssteph...@mentora.com:
Dear All,
I am running the version of BIND provided by RPM packages with RHEL
6.2. This is a new server build replacing a previous server. That host was
running an earlier version of BIND and and earlier version of RHEL. The
config files have remained relatively the same, but the CPU utilization of
the newer version is magnitudes of order higher.
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+
COMMAND
30462named 20 0282m 80m 2588 S 43.5 2.1
378:33.05 named
I've seen other posts about missing managed-keys directive and attempted
to add that to my config as a solution. This does not seem to help. Here is
my named.conf (sanitized). I've made sure that recursion is limited to our
ACL and there doesn't seem to be any difference from previous periods in the
number of queries being answered by the server. Any help is much
appreciated.
Yours,
Shon
~]# rndc status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
CPUs found: 2
worker threads: 2
number of zones: 84
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 6/0/1000
tcp clients: 0/100
server is up and running
// named.conf - BIND name server configuration file
include /etc/rndc.key;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
// Blackhole requests from these networks
acl bogusnets {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
};
// Trusted networks
acl trusted {
some_trusted_networks;
};
// Trusted name servers
acl nameservers {
some_ips_of_nameservers;
};
// Global config options
options {
directory /var/named;
dump-file data/cache_dump.db;
statistics-file data/named_stats.txt;
managed-keys-directory /var/named/dynamic;
blackhole { bogusnets; };
allow-query { any; };
allow-query-cache { trusted; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
transfer-source 192.168.101.101;
also-notify { nameservers; };
allow-notify { nameservers };
notify explicit;
dnssec-enable no;
dnssec-validation no;
listen-on-v6 { none; };
};
server 192.168.101.101 {
edns no;
};
logging {
channel misc {
filelogs/named.log versions 4 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfers {
filelogs/named.xfers versions 4 size 1m;
print-severity yes;
print-time yes;
};
channel debug {
filelogs/named.debug versions 1 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel ops {
filelogs/named.ops versions 3 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel sys {
syslog daemon;
print-category yes;
};
category xfer-in { xfers; };
category xfer-out { xfers; };
category notify { xfers; };
category database { debug; };
category config { debug; };
category queries { ops; };
category client { ops; };
category resolver { ops; };
category security { sys; misc; };
category default { misc; };
};
Maybe it's caused by too many logging. Try disable them temporarilly,
or run named with -g argument in foreground, watch if there's
something unusal or appeared repeatedly.
You can also append -d99 parameter to check which activities named perform.
Note that output might be quite large.
Regards, Adam
Another method you can try is simplify your named.conf to track down
where the problem is. If it's not configuration problem, than it's
named maybe problematic.
// Default zones
zone . {
type hint;
file zones/root/db.root;
};
zone localhost {
type master;
file zones/local/db.local;
};
zone 127.in-addr.arpa {
type master;
file zones/local/db.127;
};
check-names via command line
Is there a way to check names via the command line (like with a named-checkzone type tool.) I need to validate zone info BEFORE trying to load, log frag: 10-Jul-2012 11:36:02.199 general: zone growXeg.com/IN/external: loading master file master/external/g/growXeg.com: bad name (check-names) 10-Jul-2012 11:38:01.815 general: dns_rdata_fromtext: master/external/g/growXeg.com:3: near 'uk.hostmas...@telxxity.com.': bad name (check-names) (X added for some privacy.) Thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check-names via command line
On Jul 10 2012, Gary Wallis wrote: Is there a way to check names via the command line (like with a named-checkzone type tool.) I need to validate zone info BEFORE trying to load, log frag: 10-Jul-2012 11:36:02.199 general: zone growXeg.com/IN/external: loading master file master/external/g/growXeg.com: bad name (check-names) 10-Jul-2012 11:38:01.815 general: dns_rdata_fromtext: master/external/g/growXeg.com:3: near 'uk.hostmas...@telxxity.com.': bad name (check-names) (X added for some privacy.) Check out the -k option of named-checkzone. It defaults to warn anyway, but you may want to use fail. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Basic scope question
If I have domain-name-servers configured globally and a different set configured on a subnet DHCP pool, which takes precedence for the client? My understanding is the more specific, or the subnet DHCP pool, but could someone please confirm? Thanks. gary ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Basic scope question
Gary wrote on 07/10/2012 11:27:24 AM: If I have domain-name-servers configured globally and a different set configured on a subnet DHCP pool, which takes precedence for the client? My understanding is the more specific, or the subnet DHCP pool, but could someone please confirm? Thanks. The client will only query the DNS servers they are told about, either statically (/etc/resolv.conf) or by your DHCP server. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check-names via command line
On Jul 10 2012, I wrote: On Jul 10 2012, Gary Wallis wrote: Is there a way to check names via the command line (like with a named-checkzone type tool.) [...] Check out the -k option of named-checkzone. It defaults to warn anyway, but you may want to use fail. Well, I have to take that back. As far as I can see the -k option of named-checkzone has no effect at all, despite the man page, at least with BIND 9.8.3-P1. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
try ntp restart!!
July 1, because of leap time, named cpu high!!
2012. 7. 10. 23:32 Adam Tkac at...@redhat.com 작성:
On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote:
2012/7/10 Shon Stephens ssteph...@mentora.com:
Dear All,
I am running the version of BIND provided by RPM packages with RHEL
6.2. This is a new server build replacing a previous server. That host was
running an earlier version of BIND and and earlier version of RHEL. The
config files have remained relatively the same, but the CPU utilization of
the newer version is magnitudes of order higher.
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+
COMMAND
30462named 20 0282m 80m 2588 S 43.5 2.1
378:33.05 named
I've seen other posts about missing managed-keys directive and attempted
to add that to my config as a solution. This does not seem to help. Here is
my named.conf (sanitized). I've made sure that recursion is limited to our
ACL and there doesn't seem to be any difference from previous periods in the
number of queries being answered by the server. Any help is much
appreciated.
Yours,
Shon
~]# rndc status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
CPUs found: 2
worker threads: 2
number of zones: 84
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 6/0/1000
tcp clients: 0/100
server is up and running
// named.conf - BIND name server configuration file
include /etc/rndc.key;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
// Blackhole requests from these networks
acl bogusnets {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
};
// Trusted networks
acl trusted {
some_trusted_networks;
};
// Trusted name servers
acl nameservers {
some_ips_of_nameservers;
};
// Global config options
options {
directory /var/named;
dump-file data/cache_dump.db;
statistics-file data/named_stats.txt;
managed-keys-directory /var/named/dynamic;
blackhole { bogusnets; };
allow-query { any; };
allow-query-cache { trusted; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
transfer-source 192.168.101.101;
also-notify { nameservers; };
allow-notify { nameservers };
notify explicit;
dnssec-enable no;
dnssec-validation no;
listen-on-v6 { none; };
};
server 192.168.101.101 {
edns no;
};
logging {
channel misc {
filelogs/named.log versions 4 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfers {
filelogs/named.xfers versions 4 size 1m;
print-severity yes;
print-time yes;
};
channel debug {
filelogs/named.debug versions 1 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel ops {
filelogs/named.ops versions 3 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel sys {
syslog daemon;
print-category yes;
};
category xfer-in { xfers; };
category xfer-out { xfers; };
category notify { xfers; };
category database { debug; };
category config { debug; };
category queries { ops; };
category client { ops; };
category resolver { ops; };
category security { sys; misc; };
category default { misc; };
};
Maybe it's caused by too many logging. Try disable them temporarilly,
or run named with -g argument in foreground, watch if there's
something unusal or appeared repeatedly.
You can also append -d99 parameter to check which activities named perform.
Note that output might be quite large.
Regards, Adam
Another method you can try is simplify your named.conf to track down
where the problem is. If it's not configuration problem, than it's
named maybe problematic.
// Default zones
zone . {
type hint;
file zones/root/db.root;
};
zone localhost {
type master;
file zones/local/db.local;
};
zone 127.in-addr.arpa {
type master;
file zones/local/db.127;
};
zone 0.in-addr.arpa {
type master;
file
RE: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
Dear All,
Yes, this was the solutions. Another engineer here fixed it this morning.
Read about the issue while on vacation, came back this morning and saw my
emails...
Thanks again,
Shon
-Original Message-
From: bind-users-bounces+sstephens=mentora@lists.isc.org
[mailto:bind-users-bounces+sstephens=mentora@lists.isc.org] On Behalf Of ??
Sent: Tuesday, July 10, 2012 12:54 PM
To: Adam Tkac
Cc: bind-users@lists.isc.org
Subject: Re: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
try ntp restart!!
July 1, because of leap time, named cpu high!!
2012. 7. 10. 23:32 Adam Tkac at...@redhat.com 작성:
On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote:
2012/7/10 Shon Stephens ssteph...@mentora.com:
Dear All,
I am running the version of BIND provided by RPM packages with
RHEL 6.2. This is a new server build replacing a previous server.
That host was running an earlier version of BIND and and earlier
version of RHEL. The config files have remained relatively the same,
but the CPU utilization of the newer version is magnitudes of order higher.
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+
COMMAND
30462named 20 0282m 80m 2588 S 43.5 2.1
378:33.05 named
I've seen other posts about missing managed-keys directive and
attempted to add that to my config as a solution. This does not seem
to help. Here is my named.conf (sanitized). I've made sure that
recursion is limited to our ACL and there doesn't seem to be any
difference from previous periods in the number of queries being
answered by the server. Any help is much appreciated.
Yours,
Shon
~]# rndc status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
CPUs found: 2
worker threads: 2
number of zones: 84
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 6/0/1000
tcp clients: 0/100
server is up and running
// named.conf - BIND name server configuration file
include /etc/rndc.key;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
// Blackhole requests from these networks
acl bogusnets {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
};
// Trusted networks
acl trusted {
some_trusted_networks;
};
// Trusted name servers
acl nameservers {
some_ips_of_nameservers;
};
// Global config options
options {
directory /var/named;
dump-file data/cache_dump.db;
statistics-file data/named_stats.txt;
managed-keys-directory /var/named/dynamic;
blackhole { bogusnets; };
allow-query { any; };
allow-query-cache { trusted; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
transfer-source 192.168.101.101;
also-notify { nameservers; };
allow-notify { nameservers };
notify explicit;
dnssec-enable no;
dnssec-validation no;
listen-on-v6 { none; };
};
server 192.168.101.101 {
edns no;
};
logging {
channel misc {
filelogs/named.log versions 4 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel xfers {
filelogs/named.xfers versions 4 size 1m;
print-severity yes;
print-time yes;
};
channel debug {
filelogs/named.debug versions 1 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel ops {
filelogs/named.ops versions 3 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel sys {
syslog daemon;
print-category yes;
};
category xfer-in { xfers; };
category xfer-out { xfers; };
category notify { xfers; };
category database { debug; };
category config { debug; };
category queries { ops; };
category client { ops; };
category resolver { ops; };
category security { sys; misc; };
category default { misc; };
};
Maybe it's caused by too many logging. Try disable them temporarilly,
or run named with -g argument in foreground, watch if there's
something unusal or appeared repeatedly.
You can also append -d99 parameter to check which activities named perform.
Note that output might be quite
RE: Basic scope question
No, have that part. Was just wondering which domain-name-servers parm, global or in DHCP address pool, has precedence. Thanks. -Original Message- From: wbr...@e1b.org [mailto:wbr...@e1b.org] Sent: Tuesday, July 10, 2012 11:46 AM To: Bennett, Gary L. Cc: bind-users@lists.isc.org Subject: Re: Basic scope question Gary wrote on 07/10/2012 11:27:24 AM: If I have domain-name-servers configured globally and a different set configured on a subnet DHCP pool, which takes precedence for the client? My understanding is the more specific, or the subnet DHCP pool, but could someone please confirm? Thanks. The client will only query the DNS servers they are told about, either statically (/etc/resolv.conf) or by your DHCP server. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check-names via command line
On 7/10/2012 13:08, Chris Thompson wrote: On Jul 10 2012, I wrote: On Jul 10 2012, Gary Wallis wrote: Is there a way to check names via the command line (like with a named-checkzone type tool.) [...] Check out the -k option of named-checkzone. It defaults to warn anyway, but you may want to use fail. Well, I have to take that back. As far as I can see the -k option of named-checkzone has no effect at all, despite the man page, at least with BIND 9.8.3-P1. Thank you. Maybe this will be fixed? It would be great to have named-checkzone be an authoritative tool as far as zone: Syntax, rules and other error checking goes. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Basic scope question
On 10/07/12 18:07, Bennett, Gary L. wrote: No, have that part. Was just wondering which domain-name-servers parm, global or in DHCP address pool, has precedence. Thanks. The more specific specific over-rides the global one. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Loaded zone files query
Does anyone know of a simple way to discover how many zone files bind has successfully loaded after the daemon starts? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Loaded zone files query
rndc status Is this a trick question? From: Kirk Hoganson kirkhogan...@gmail.com To: bind-users@lists.isc.org Sent: Tuesday, July 10, 2012 3:22 PM Subject: Loaded zone files query Does anyone know of a simple way to discover how many zone files bind has successfully loaded after the daemon starts? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Loaded zone files query
Actually, that gives the number of zones its supposed to be serving. if say a zone hasn't been transfered yet, it'll still show in status, (and will authoritivly answer nosuch* for it). As best as I can tell number of zones: X x=number of zones listed in named.conf + any automatically added zones not quite what he's asking for, but I've not been able to find a better answer either. On Tue, 10 Jul 2012, Fr34k wrote: rndc status Is this a trick question? From: Kirk Hoganson kirkhogan...@gmail.com To: bind-users@lists.isc.org Sent: Tuesday, July 10, 2012 3:22 PM Subject: Loaded zone files query Does anyone know of a simple way to discover how many zone files bind has successfully loaded after the daemon starts? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Loaded zone files query
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2012-07-10 at 13:22 -0600, Kirk Hoganson wrote: Does anyone know of a simple way to discover how many zone files bind has successfully loaded after the daemon starts? cd /var/log rm -f named.temp* grep 'named' messages | \ csplit --prefix=named.temp - '/named.*starting BIND/' /dev/null f=$(ls -1 named.temp* | tail -1) grep 'zone.*loaded serial' $f | wc -l rm -f named.temp* -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk/8ho4ACgkQL6j7milTFsHHRQCdGJGLBpyPQkQYaQh6zxsd7zO1 qMkAnAvd76dFQM48foc6nJSunR3jMFnZ =i2k4 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Loaded zone files query
That assumes its Linux and is being logged to local /var/log/messages. For other *nix the log location and name is apt to be different. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Carl Byington Sent: Tuesday, July 10, 2012 3:47 PM To: bind-users@lists.isc.org Subject: Re: Loaded zone files query -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2012-07-10 at 13:22 -0600, Kirk Hoganson wrote: Does anyone know of a simple way to discover how many zone files bind has successfully loaded after the daemon starts? cd /var/log rm -f named.temp* grep 'named' messages | \ csplit --prefix=named.temp - '/named.*starting BIND/' /dev/null f=$(ls -1 named.temp* | tail -1) grep 'zone.*loaded serial' $f | wc -l rm -f named.temp* -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk/8ho4ACgkQL6j7milTFsHHRQCdGJGLBpyPQkQYaQh6zxsd7zO1 qMkAnAvd76dFQM48foc6nJSunR3jMFnZ =i2k4 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check-names via command line
Well, I have to take that back. As far as I can see the -k option of named-checkzone has no effect at all, despite the man page, at least with BIND 9.8.3-P1. Thank you. Maybe this will be fixed? It would be great to have named-checkzone be an authoritative tool as far as zone: Syntax, rules and other error checking goes. It works for me. What errors are you trying to check for that named-checkzone -k isn't finding? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Loaded zone files query
Thanks. There's the named.conf option of zone-statistics yes; With that enabled, rndc stats will dump all kinds of neat per zone query statistics Not sure what that looks like with incomplete transferred zones mentioned below. Perhaps OP can explore and tweak to taste. From: David Dowdle Subject: Re: Loaded zone files query Actually, that gives the number of zones its supposed to be serving. if say a zone hasn't been transfered yet, it'll still show in status, (and will authoritivly answer nosuch* for it). As best as I can tell number of zones: X x=number of zones listed in named.conf + any automatically added zones not quite what he's asking for, but I've not been able to find a better answer either. On Tue, 10 Jul 2012, Fr34k wrote: rndc status Is this a trick question? From: Kirk Hoganson To: bind-users@lists.isc.org Sent: Tuesday, July 10, 2012 3:22 PM Subject: Loaded zone files query Does anyone know of a simple way to discover how many zone files bind has successfully loaded after the daemon starts? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check-names via command line
On 7/10/2012 17:04, Evan Hunt wrote: Well, I have to take that back. As far as I can see the -k option of named-checkzone has no effect at all, despite the man page, at least with BIND 9.8.3-P1. Thank you. Maybe this will be fixed? It would be great to have named-checkzone be an authoritative tool as far as zone: Syntax, rules and other error checking goes. It works for me. What errors are you trying to check for that named-checkzone -k isn't finding? Solved, version issue, named-checkzone works great thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Basic scope question
For future reference this sort of question is more approptiate to dhcp-us...@isc.org. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Operation Cancelled Error
On Jul 10, 2012, at 2:25 AM, Ben wrote: Hi, We deploy BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 and trying to do load test while doing it we got so many erros logs in named.run. I must admit to being a little confused… It *looks* to me like you are forwarding all queries to 8.8.8.8? (If so, I'm a little confused by the load test bit). You will almost certainly get rate limited with this setup (assuming you have more than one or two users behind this server… W What does it mean by lam servers operation canceled? Is it due to network rechability problem or bandwidth problem or anything others which related to bind? Kindly guide me solve it. 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'osnews.com/MX/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'campaignjobs.asia/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'couponbuddy.s3.amazonaws.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'ms-frontend.hse.ru/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'chriss2d.deviantart.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'www.cintegral.cl/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'krisknits.blogspot.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'css3.info/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'aventuras.isladejuegos.es/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'aliner.com/MX/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'uprl.kandk.ru/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'hospiceheart.org.s8a1.psmtp.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.730 lame-servers: info: error (operation canceled) resolving 'orig-10060.conduit.cotcdn.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'sjc-dns1.ebaydns.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'sisar4k.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'musica.itematika.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'video-6.filmix.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'shop.ebay.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'mediawiki-lb.eqiad.wikimedia.org/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'www.carascorridas.com/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'technologie.gazeta.pl/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'ns1.kasperskylabs.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.732 lame-servers: info: error (operation canceled) resolving '142.192.186.24.in-addr.arpa/PTR/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.732 lame-servers: info: error (operation canceled) resolving 'geo.tp-cdn.com/A/IN': 8.8.8.8#53 Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Outside of a dog, a book is your best friend, and inside of a dog, it's too dark to read ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Basic scope question
Mea culpa. I belong to both lists and had meant to post to dhcp-users. Thanks. From: Mark Andrews [ma...@isc.org] Sent: Tuesday, July 10, 2012 8:43 PM To: Bennett, Gary L. Cc: bind-users@lists.isc.org Subject: Re: Basic scope question For future reference this sort of question is more approptiate to dhcp-us...@isc.org. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
What is the deal on missing Authority Section and additional section from google's DNS servers?
Hi All, I manage an ISP that runs BIND 9.6-ESV-R7-P1 (to be fair it was running 9.6-ESV-R6 until an hour ago but I'm not that dumb to post the location of an unpatched nameserver to the mailing list) One of our customers reported that she was having problems with her mailserver not sending mail to comcast.com users. When she switched to using Google's open DNS servers or opendns's servers, the problem went away. No other customer reported this and I see no problem with our own mailservers. In looking at the output of my own servers, I see data in authority and additional sections. In looking at data from the output of those dns servers, I do not. Since only comcast.com was affected, and they have a very large amount of additional data in the response, I am theorizing that her firewall thinks the DNS response query packet is too large and is trashing it. Either that or there's a network layer problem that is trashing UDP packets. I can't seem to find an option to turn off additional data. How does Google and OpenDNS do it? WHY do they do it? Dig's that show what I mean follow: C:\digdig @8.8.8.8 -t MX comcast.com ; DiG 9.3.2 @8.8.8.8 -t MX comcast.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 556 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;comcast.com. IN MX ;; ANSWER SECTION: comcast.com.533 IN MX 5 mx1.comcast.com. comcast.com.533 IN MX 5 mx4.comcast.com. comcast.com.533 IN MX 5 mx3.comcast.com. ;; Query time: 109 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Jul 10 18:18:43 2012 ;; MSG SIZE rcvd: 89 C:\dig C:\digdig @resolver1.opendns.com -t MX comcast.com ; DiG 9.3.2 @resolver1.opendns.com -t MX comcast.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 21 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;comcast.com. IN MX ;; ANSWER SECTION: comcast.com.567 IN MX 5 mx1.comcast.com. comcast.com.567 IN MX 5 mx4.comcast.com. comcast.com.567 IN MX 5 mx3.comcast.com. ;; Query time: 93 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Tue Jul 10 18:20:24 2012 ;; MSG SIZE rcvd: 89 C:\dig C:\dig C:\digdig @dns1.ipinc.net -t MX comcast.com ; DiG 9.3.2 @dns1.ipinc.net -t MX comcast.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 315 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 13 ;; QUESTION SECTION: ;comcast.com. IN MX ;; ANSWER SECTION: comcast.com.600 IN MX 5 mx4.comcast.com. comcast.com.600 IN MX 5 mx1.comcast.com. comcast.com.600 IN MX 5 mx3.comcast.com. ;; AUTHORITY SECTION: comcast.com.1712IN NS dns104.comcast.net. comcast.com.1712IN NS dns102.comcast.net. comcast.com.1712IN NS dns101.comcast.net. comcast.com.1712IN NS dns103.comcast.net. comcast.com.1712IN NS dns105.comcast.net. ;; ADDITIONAL SECTION: mx1.comcast.com.3600IN A 76.96.32.244 mx3.comcast.com.1712IN A 69.241.43.117 mx4.comcast.com.1712IN A 69.241.43.118 dns101.comcast.net. 1680IN A 68.87.29.164 dns101.comcast.net. 1680IN 2001:558:1002:a:68:87:29:164 dns102.comcast.net. 1680IN A 68.87.85.132 dns102.comcast.net. 1680IN 2001:558:1004:7:68:87:85:132 dns103.comcast.net. 1680IN A 68.87.76.228 dns103.comcast.net. 1680IN 2001:558:1014:c:68:87:76:228 dns104.comcast.net. 1680IN A 68.87.68.244 dns104.comcast.net. 1680IN 2001:558:100a:5:68:87:68:244 dns105.comcast.net. 1680IN A 68.87.72.244 dns105.comcast.net. 1680IN 2001:558:100e:5:68:87:72:244 ;; Query time: 156 msec ;; SERVER: 65.75.192.10#53(65.75.192.10) ;; WHEN: Tue Jul 10 18:17:24 2012 ;; MSG SIZE rcvd: 473 C:\dig ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is the deal on missing Authority Section and additional section from google's DNS servers?
-Original Message- From: Ted Mittelstaedt t...@ipinc.net Date: Tuesday, July 10, 2012 6:24 PM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: What is the deal on missing Authority Section and additional section from google's DNS servers? I can't seem to find an option to turn off additional data. How does Google and OpenDNS do it? WHY do they do it? have you tried minimal-responses yes;? it can increase name server performance, but can also increase client workload (e.g. lead to additional queries). some might also feel it's best to be conservative in what you send. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
