Re: Reverse address entries
On Fri, 2013-06-28 at 13:57 -0400, Novosielski, Ryan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > The short answer is "some software once cared." Does it still now, I'm > not sure. But we do it. SMTP does, IRC does signature.asc Description: This is a digitally signed message part ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Reverse address entries
I want to thank everyone for their input. It sounds like they do need the reverse address entries in specific circumstances so I'm going to recommend that they add them. Thank you. From: Leonard Mills [mailto:l...@yahoo.com] Sent: Friday, June 28, 2013 2:52 PM To: Ward, Mike S; bind-users@lists.isc.org Subject: Re: Reverse address entries At about Friday, June 28, 2013 10:54 AM Ward, Mike S" mailto:mw...@ssfcu.org>> wrote: >Hello all, is there any reason to setup reverse address entries >for a zone? It very much depends on the reasons for the forward entries. For example: Commercial backup software for Microsoft servers require forward-reverse-forward matching. They won't move bytes unless a lookup returns an IP, the reverse lookupo returns a name and a forward lookup for that name matches. Commercial and open source email handlers are often configured (some as a default) to refuse or quarantine messages from inbound sessions using non-matching host==>IP==>host entries. If it's for a local experimental lab, it might be a waste of your time to even create the reverse zones. Hth, Len == This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
At about Friday, June 28, 2013 10:54 AM Ward, Mike S" wrote: >Hello all, is there any reason to setup reverse address entries >for a zone? It very much depends on the reasons for the forward entries. For example: Commercial backup software for Microsoft servers require forward-reverse-forward matching. They won't move bytes unless a lookup returns an IP, the reverse lookupo returns a name and a forward lookup for that name matches. Commercial and open source email handlers are often configured (some as a default) to refuse or quarantine messages from inbound sessions using non-matching host==>IP==>host entries. If it's for a local experimental lab, it might be a waste of your time to even create the reverse zones. Hth, Len ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
On Fri, 28 Jun 2013 13:57:44 -0400 "Novosielski, Ryan" wrote: > The short answer is "some software once cared." Does it still now, I'm > not sure. But we do it. Some still does Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
On Fri, 2013-06-28 at 17:54 +, Ward, Mike S wrote: > Hello all, is there any reason to setup reverse address entries for a > zone? I have asked some of the admins here and the consensus from them > is that only A records are necessary. Is this true? (IPv4 hat on) I've taught my staff to plan using the reverse zone file. One can easily see which addresses have been used and which are free (sort the zone numerically!). Far more useful than putting names and addresses into a spreadsheet... which I suspect.. never mind... Having a correctly configured (ie complete) reverse is very useful. Mail and other services use the information. If you just have an IP address, a 'dig -x IP' will give a human understandable name. Can't think of any sane reason not to properly configure the reverse zone.. -- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" wrote: > Hello all, is there any reason to setup reverse address entries for a zone? Certainly. Various software performs what's called a double-reverse lookup to confirm that the A and PTR records match. > I have asked some of the admins here and the consensus from them is that only > A records are necessary. Is this true? I suppose that depends on how wide (or limited) one's view of "necessary" is. Many mail systems choose not to grant much trust towards IPs without good DNS. Java's SSL on some platform performs a double-reverse check and declines to proceed if there is a mismatch. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The short answer is "some software once cared." Does it still now, I'm not sure. But we do it. On 06/28/2013 01:56 PM, Ward, Mike S wrote: > Hello all, is there any reason to setup reverse address entries for > a zone? I have asked some of the admins here and the consensus from > them is that only A records are necessary. Is this true? > > == This email, and any files transmitted > with it, is confidential and intended solely for the use of the > individual or entity to which it is addressed. If you have received > this email in error, please notify the system manager. This message > contains confidential information and is intended only for the > individual named. If you are not the named addressee, you should > not disseminate, distribute or copy this e-mail. Please notify the > sender immediately by e-mail if you have received this message by > mistake and delete this e-mail from your system. If you are not the > intended recipient, you are notified that disclosing, copying, > distributing or taking any action in reliance on the contents of > this information is strictly prohibited. > ___ Please visit > https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlHNzpQACgkQmb+gadEcsb7TKwCdGrPXaINNgAPMpULWGLICkqv5 6T8An3h/74KkINWd7bxPH1Y/6pMJQDjx =LppK -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Reverse address entries
Hello all, is there any reason to setup reverse address entries for a zone? I have asked some of the admins here and the consensus from them is that only A records are necessary. Is this true? == This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: sockmgr 1005a1080: unexpected POLL timeout
> >I have a recent build of BIND 9.9.3-P1 and after bringing up the service > >on a > >Solaris 10 server I begin to see many log entries like so : > > > >28-Jun-2013 15:41:17.636 sockmgr 1005a1080: unexpected POLL timeout > > > >I don't know what this is and am mildly concerned. Is this evidence > of a > >config > >problem or a compile problem or ? Really I have not seen this before > and > >there > >are roughly 5000 such entries in my log thus far today. > > > >Dennis > > just as a data point i setup a couple new 9.9.3-P1 boxes last night that > get around 30,000 qps combined and with rolling logs the last million > lines or so don't show any trace of "POLL" on centos 6.4 with bind > compiled from latest isc.org src. the only "option" i have is enable-ssl. > > not much help i know, but it does seem solaris/compile specific. maybe > something like this can help: > > http://comp.protocols.dns.bind.narkive.com/fijjEh47/workaround-solaris-s-ke > rnel-bug > I was looking at that and thinking that my problems on Solaris 10 should not be related to a kernel bug from dark history on Solaris 8. This problem may be related to this : STD_CDEFINES=-D_TS_ERRNO -D_POSIX_PTHREAD_SEMANTICS -D_LARGEFILE64_SOURCE -DDIG_SIGCHASE=1 -DISC_SOCKET_USE_POLLWATCH=1 I think, and this is a guess, the issue is in "ISC_SOCKET_USE_POLLWATCH". I will do a rebuild without that defined and see what happens. Nothing beats trial and error :-\ Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: sockmgr 1005a1080: unexpected POLL timeout
-Original Message- From: Dennis Clarke Date: Friday, June 28, 2013 11:43 AM To: "bind-users@lists.isc.org" Subject: sockmgr 1005a1080: unexpected POLL timeout > >I have a recent build of BIND 9.9.3-P1 and after bringing up the service >on a >Solaris 10 server I begin to see many log entries like so : > >28-Jun-2013 15:41:17.636 sockmgr 1005a1080: unexpected POLL timeout > >I don't know what this is and am mildly concerned. Is this evidence of a >config >problem or a compile problem or ? Really I have not seen this before and >there >are roughly 5000 such entries in my log thus far today. > >Dennis just as a data point i setup a couple new 9.9.3-P1 boxes last night that get around 30,000 qps combined and with rolling logs the last million lines or so don't show any trace of "POLL" on centos 6.4 with bind compiled from latest isc.org src. the only "option" i have is enable-ssl. not much help i know, but it does seem solaris/compile specific. maybe something like this can help: http://comp.protocols.dns.bind.narkive.com/fijjEh47/workaround-solaris-s-ke rnel-bug ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
sockmgr 1005a1080: unexpected POLL timeout
I have a recent build of BIND 9.9.3-P1 and after bringing up the service on a Solaris 10 server I begin to see many log entries like so : 28-Jun-2013 15:41:17.636 sockmgr 1005a1080: unexpected POLL timeout I don't know what this is and am mildly concerned. Is this evidence of a config problem or a compile problem or ? Really I have not seen this before and there are roughly 5000 such entries in my log thus far today. Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
