DNS with several ip adessess
Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
I do this with views, the internal view has recursion the external does not. I would be interested to hear other ways to do this. On 30/12/13 10.27, Måns Hagström wrote: Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
Use views Abdul Khader Engineer/Network Services/SOM Mobile : 050-153-5461 Extension : 84-5173 On 30/12/2013 1:27 PM, Måns Hagström wrote: Hi, I'm running the same DNS for both my local and global adress-spaces. That is, when I'm on my local net, I want the DNS to reply with my local 192.168.0.1-address, and when users from the 'outside' global net queries my DNS, it shall return the global xxx.xxx.xxx.xxx ip-address. My problem is that I have to allocate both the local and the global address to the same domain-name, giving the result that both my local and global ip-address are exposed for the users. Is it possible to isolate the query so that the local users get the local ip-address and the global gets the global ip-address for the same domain-name? I'm running BIND 9.9.2 BR Mons ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS with several ip adessess
On 2013-12-30 17:38, Abdul Khader wrote: Use views Views +1 http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Error logs in bind resolving
Dear All, In my bind server logs, I am getting too much error logs of below mentioned type. Can anyone pl. explain me why I am getting these logs and how to get rid of those. Although when I am doing dig for the domain (for which I am getting the error), I am getting the valid output. Thanks. Dec 30 15:54:18 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:54:18 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:54:39 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:54:39 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:54:40 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:54:40 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:54:40 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'm.ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:54:41 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:54:41 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'm.ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:54:42 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:54:43 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:54:43 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:54:52 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 120.89.70.10#53 Dec 30 15:54:52 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 216.38.174.11#53 Dec 30 15:54:52 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 120.89.70.11#53 Dec 30 15:54:52 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 216.38.174.10#53 Dec 30 15:54:53 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 120.89.70.11#53 Dec 30 15:54:53 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 216.38.174.11#53 Dec 30 15:54:53 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 120.89.70.10#53 Dec 30 15:54:53 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'w27.b.cap-mii.net//IN': 216.38.174.10#53 Dec 30 15:55:31 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:55:32 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:55:32 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:55:32 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Thanks and Regards, Gaurav Kansal Emp Code - 6274 Mob - 9910118448 Intercom - 7331 Have you enabled IPv6 on something today...? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Enabing RRL in bind
Hi Guys, In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with -enable-rrl option. I was wondering why is it so ? Why not this feature is enabled by default in bind. I tried to find out the same in ARM but didn't get any success. And also if you have a list of feature which needs to explicitly enabled, pl. share the same. Thanks and Regards, Gaurav Kansal Emp Code - 6274 Mob - 9910118448 Intercom - 7331 Have you enabled IPv6 on something today...? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Enabing RRL in bind
On 30/12/2013 22:17, Gaurav Kansal wrote: Hi Guys, In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with “—ENABLE-RRL” option. I was wondering why is it so ? Because it can be detrimental to existing sites if configured wrongly, its something not all sites would need, greater than 50% of resolvers are caching, not authoritative, therefore currently it's an extra option, it's also new, in 5 years time maybe it will be a default, but to do so now would be wrong. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Enabing RRL in bind
From: Gaurav Kansal gaurav.kan...@nic.in In bind 9.9.4, Reponse-Rate Limit doesn?t work until you configure bind with ??enable-rrl? option. I was wondering why is it so ? Why not this feature is enabled by default in bind. I tried to find out the same in ARM but didn?t get any success. BIND 9.9.4 provides support for Response Rate Limiting (RRL). However it is not enabled by default when building BIND. The reason for this is that BIND 9.9 is an Extended Support Version of BIND and per our policy on mangement of ESVs, we do not introduce any new features or functionality to a stable ESV version. https://kb.isc.org/article/AA-01058/0 Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Enabing RRL in bind
I wrote on 12/30/2013 11:17:58 AM: BIND 9.9.4 provides support for Response Rate Limiting (RRL). However it is not enabled by default when building BIND. The reason for this is that BIND 9.9 is an Extended Support Version of BIND and per our policy on mangement of ESVs, we do not introduce any new features or functionality to a stable ESV version. https://kb.isc.org/article/AA-01058/0 For more information on Extended Support Versions see https://www.isc.org/downloads/software-support-policy/ Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error logs in bind resolving
On Dec 30, 2013, at 2:29 AM, Gaurav Kansal gaurav.kan...@nic.in wrote: Dear All, In my bind server logs, I am getting too much error logs of below mentioned type. Can anyone pl. explain me why I am getting these logs and how to get rid of those. Although when I am doing dig for the domain (for which I am getting the error), I am getting the valid output. Thanks. Dec 30 15:54:18 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 I see an incorrect negative response. Could this be the problem? Here is the end of a dig trace: geoadnxs.com. 172800 IN NS 01.auth.nym1.appnexus.net. geoadnxs.com. 172800 IN NS 01.auth.nym2.appnexus.net. geoadnxs.com. 172800 IN NS 01.auth.lax1.appnexus.net. geoadnxs.com. 172800 IN NS 01.auth.ams1.appnexus.net. ;; Received 222 bytes from 192.33.14.30#53(192.33.14.30) in 123 ms sin1.geoadnxs.com. 86400 IN NS ns2.apac.gslb-ns.net. sin1.geoadnxs.com. 86400 IN NS ns1.apac.gslb-ns.net. ;; Received 122 bytes from 68.67.133.169#53(68.67.133.169) in 67 ms geoadnxs.com. 30 IN SOA ns1.gslb.com. support.appnexus.net. 1 86400 30 86400 30 ;; Received 103 bytes from 64.208.141.10#53(64.208.141.10) in 187 ms ___ My resolving name server complains as follows: Dec 30 10:19:45 ubuntu named[1299]: DNS format error from 64.208.141.10#53 resolving ib.sin1.geoadnxs.com/ for client ::1#60014: invalid response Dec 30 10:19:45 ubuntu named[1299]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 10:19:45 ubuntu named[1299]: DNS format error from 64.208.141.11#53 resolving ib.sin1.geoadnxs.com/ for client ::1#60014: invalid response Dec 30 10:19:45 ubuntu named[1299]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 ___ I believe the problem is that when asked for an record, the load balancer gives an otherwise-proper-looking negative response that claims to be from the wrong zone. Regards, Chris Buxton ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Enabing RRL in bind
On Mon, Dec 30, 2013 at 05:47:13PM +0530, Gaurav Kansal wrote: In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with -enable-rrl option. I was wondering why is it so ? Why not this feature is enabled by default in bind. RRL was added to the BIND 9.9 branch late, in release 9.9.3. Ordinarily, it's our policy only to add new features in 9.x.0 releases. We felt that this feature was important enough to make an exception to our usual rule, but since code changes of that size always introduce a risk of destabilization, we decided to make it a compile-time option: those who want RRL can get it; those who don't can skip it. RRL will be enabled by default in 9.10.0. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Error logs in bind resolving
Hi Chris, Thanks for your response. I am getting the error message for lot of domains. Log of error entries are attached. Is it possible to configure bind so that error message should not be generated in logs file. Regards, Gaurav Kansal -Original Message- From: Chris Buxton [mailto:cli...@buxtonfamily.us] Sent: Monday, December 30, 2013 11:53 PM To: Gaurav Kansal Cc: BIND Users Subject: Re: Error logs in bind resolving On Dec 30, 2013, at 2:29 AM, Gaurav Kansal mailto:gaurav.kan...@nic.in gaurav.kan...@nic.in wrote: Dear All, In my bind server logs, I am getting too much error logs of below mentioned type. Can anyone pl. explain me why I am getting these logs and how to get rid of those. Although when I am doing dig for the domain (for which I am getting the error), I am getting the valid output. Thanks. Dec 30 15:54:18 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 I see an incorrect negative response. Could this be the problem? Here is the end of a dig trace: geoadnxs.com. 172800 IN NS 01.auth.nym1.appnexus.net. geoadnxs.com. 172800 IN NS 01.auth.nym2.appnexus.net. geoadnxs.com. 172800 IN NS 01.auth.lax1.appnexus.net. geoadnxs.com. 172800 IN NS 01.auth.ams1.appnexus.net. ;; Received 222 bytes from 192.33.14.30#53(192.33.14.30) in 123 ms sin1.geoadnxs.com.86400IN NS ns2.apac.gslb-ns.net. sin1.geoadnxs.com.86400IN NS ns1.apac.gslb-ns.net. ;; Received 122 bytes from 68.67.133.169#53(68.67.133.169) in 67 ms geoadnxs.com. 30 IN SOA ns1.gslb.com. support.appnexus.net. 1 86400 30 86400 30 ;; Received 103 bytes from 64.208.141.10#53(64.208.141.10) in 187 ms ___ My resolving name server complains as follows: Dec 30 10:19:45 ubuntu named[1299]: DNS format error from 64.208.141.10#53 resolving ib.sin1.geoadnxs.com/ for client ::1#60014: invalid response Dec 30 10:19:45 ubuntu named[1299]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 10:19:45 ubuntu named[1299]: DNS format error from 64.208.141.11#53 resolving ib.sin1.geoadnxs.com/ for client ::1#60014: invalid response Dec 30 10:19:45 ubuntu named[1299]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 ___ I believe the problem is that when asked for an record, the load balancer gives an otherwise-proper-looking negative response that claims to be from the wrong zone. Regards, Chris Buxton Dec 30 15:56:22 IPV6-NKN-DNS named[13123]: error (unexpected RCODE REFUSED) resolving 'stats.norton.com//IN': 63.245.192.31#53 Dec 30 15:56:22 IPV6-NKN-DNS named[13123]: error (unexpected RCODE REFUSED) resolving 'stats.norton.com//IN': 63.245.196.31#53 Dec 30 15:56:23 IPV6-NKN-DNS named[13123]: error (unexpected RCODE REFUSED) resolving 'stats.norton.com//IN': 63.245.200.31#53 Dec 30 15:56:59 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'www.makemytrip.com//IN': 115.114.52.7#53 Dec 30 15:56:59 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'www.makemytrip.com//IN': 180.179.112.7#53 Dec 30 15:57:05 IPV6-NKN-DNS named[13123]: error (unexpected RCODE REFUSED) resolving 'stats.norton.com//IN': 63.245.192.31#53 Dec 30 15:57:05 IPV6-NKN-DNS named[13123]: error (unexpected RCODE REFUSED) resolving 'stats.norton.com//IN': 63.245.200.31#53 Dec 30 15:57:06 IPV6-NKN-DNS named[13123]: error (unexpected RCODE REFUSED) resolving 'stats.norton.com//IN': 63.245.196.31#53 Dec 30 15:57:37 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'dewpoint-eg.com//IN': 204.13.160.143#53 Dec 30 15:57:38 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'dewpoint-eg.com//IN': 204.13.161.145#53 Dec 30 15:57:51 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'cf-protected-www.epapersland.com.cdn.cloudflare.net//IN': 173.245.59.113#53 Dec 30 15:57:52 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'cf-protected-www.epapersland.com.cdn.cloudflare.net//IN': 173.245.58.121#53 Dec 30 15:57:52 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.10#53 Dec 30 15:57:53 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'ib.sin1.geoadnxs.com//IN': 64.208.141.11#53 Dec 30 15:57:59 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'cf-protected-www.epapersland.com.cdn.cloudflare.net//IN': 2400:cb00:2049:1::adf5:3a79#53 Dec 30 15:58:10 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'lr-bid.display.provenpixel.com//IN': 174.129.198.73#53 Dec 30 15:58:10 IPV6-NKN-DNS named[13123]: error (FORMERR) resolving 'lr-bid.display.provenpixel.com//IN': 174.129.12.214#53 Dec 30
