RE: Upgrading from 9.8.3 to 9.9.4
I just remembered there was also the change to the db file having a default raw format on slaves unless specified. Interesting. I did not notice that when it happened, but now that I look, I see that my slaves indeed have raw format files. Apparently the switch over did not require me to do anything. Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Upgrading from 9.8.3 to 9.9.4
-Original Message- From: Thomas Schulz sch...@adi.com Date: Thursday, January 23, 2014 at 9:50 AM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: RE: Upgrading from 9.8.3 to 9.9.4 I just remembered there was also the change to the db file having a default raw format on slaves unless specified. Interesting. I did not notice that when it happened, but now that I look, I see that my slaves indeed have raw format files. Apparently the switch over did not require me to do anything. For those who are interested, if you search list archives you can see the situations where it caused problems for some. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
I may be confused regarding sub delegated zone
Hello friends, I may sound like novice but have basic question regarding Sub-zone which is an delegated zone. lets say I have zone example.com whose NS are ns1.example.com and then I have delegated sub-zone subdom.example.com whose ns record would be say ns2.example.com. So people who will be querying to A record for subdom.example.com [which @] will first be forwarded to ns1.example.com and then from there ns record of subdom.example.com will be given? Or will it directly be forwarded to n2.example.com? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I may be confused regarding sub delegated zone
A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, Blason R blaso...@gmail.com wrote: Hello friends, I may sound like novice but have basic question regarding Sub-zone which is an delegated zone. lets say I have zone example.com whose NS are ns1.example.com and then I have delegated sub-zone subdom.example.comwhose ns record would be say ns2.example.com. So people who will be querying to A record for subdom.example.com [which @] will first be forwarded to ns1.example.com and then from there ns record of subdom.example.com will be given? Or will it directly be forwarded to n2.example.com? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I may be confused regarding sub delegated zone
Perfect this is what I m thinking. So in some case I observed that subdomain.example.com has ns record specified but no A record associated with it. But if i do query set type=ns to parent ns record it shows something else. Like Set typ=ns Sybdom.example.com Ns5.example.com Set type=a Ns5.example.com No A record Server ns1.example.com Set type=ns Subdom.example.com Ns2.example.com Is this setup correct? On 23 Jan 2014 23:04, Ben Croswell ben.crosw...@gmail.com wrote: A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, Blason R blaso...@gmail.com wrote: Hello friends, I may sound like novice but have basic question regarding Sub-zone which is an delegated zone. lets say I have zone example.com whose NS are ns1.example.com and then I have delegated sub-zone subdom.example.comwhose ns record would be say ns2.example.com. So people who will be querying to A record for subdom.example.com [which @] will first be forwarded to ns1.example.com and then from there ns record of subdom.example.com will be given? Or will it directly be forwarded to n2.example.com? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNSSEC and upgrading/restoring
Are there any recommended practices/config changes needed when upgrading or restoring a bind 9.9.4 server using DNSSEC inline signing and auto maintain? Asking specifically about upgrading a server running on NanoBSD, but this question is really about upgrading or restoring any DNSSEC server with inline signing and auto maintain enabled. Is this as easy as copying everything from /var/named to the NanoBSD build machine and going from there? Or is something else required? Thanks! dn ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I may be confused regarding sub delegated zone
In article mailman.2135.1390499953.20661.bind-us...@lists.isc.org, Blason R blaso...@gmail.com wrote: Perfect this is what I m thinking. So in some case I observed that subdomain.example.com has ns record specified but no A record associated with it. But if i do query set type=ns to parent ns record it shows something else. Like Set typ=ns Sybdom.example.com Ns5.example.com Set type=a Ns5.example.com No A record Server ns1.example.com Set type=ns Subdom.example.com Ns2.example.com Is this setup correct? Resolvers don't usually query for NS records explicitly. They query for the record that the client has requested (e.g. the A record for subdom.example.com). If the server they query doesn't have that record, it sends the NS records for a more specific subdomain in a referral. Then the resolver repeats the process using ne of those servers, and so on. When the resolver gets NS records in a referral, it may need to query for their A records in order to query them (sometimes these A records will be included as glue along with the referral). You can see this in action by using the +trace option to dig. On 23 Jan 2014 23:04, Ben Croswell ben.crosw...@gmail.com wrote: A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, Blason R blaso...@gmail.com wrote: Hello friends, I may sound like novice but have basic question regarding Sub-zone which is an delegated zone. lets say I have zone example.com whose NS are ns1.example.com and then I have delegated sub-zone subdom.example.comwhose ns record would be say ns2.example.com. So people who will be querying to A record for subdom.example.com [which @] will first be forwarded to ns1.example.com and then from there ns record of subdom.example.com will be given? Or will it directly be forwarded to n2.example.com? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Upgrading from 9.8.3 to 9.9.4
On Jan 23, 2014, at 9:54 AM, Mike Hoskins (michoski) micho...@cisco.com wrote: -Original Message- From: Thomas Schulz sch...@adi.com Date: Thursday, January 23, 2014 at 9:50 AM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: RE: Upgrading from 9.8.3 to 9.9.4 I just remembered there was also the change to the db file having a default raw format on slaves unless specified. Interesting. I did not notice that when it happened, but now that I look, I see that my slaves indeed have raw format files. Apparently the switch over did not require me to do anything. For those who are interested, if you search list archives you can see the situations where it caused problems for some. I will inject here that the change in format of the zone file on local disk only causes problems if you do thing that you are not supposed to do on slave servers (like looking at or modifying the locally stored zone data). If you replace any poking or prodding of the local text file with: dig @localhost +axfr +onesoa zone life returns to normal and will remain so forever 8-) [And it even does really cool things like normalize the format of the data into single lines that are really cake to parse unless you use +multi and then you get exactly the same format that you had in the text files] AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I may be confused regarding sub delegated zone
It's hard to see exactly what the problem is since you didn't use a real domain that we can look at, or even if the example matches what you're really seeing. But, continuing the bad example further... if the situation is more like: set type=ns sybdom.example.com symdom.example.com nameserver = ns.symdom.example.com set type=a ns.symdom.example.com ** server can't find ns.symdom.example.com: NXDOMAIN and set type=ns subdom.example.com subdom.example.com nameserver = ns2.example.com set type=a ns2.example.com Name:ns2.example.com Address: x.x.x.y Would mean, you didn't add a glue in example.com on what the address for ns.sybdom.example.com is. The first needs a glue record because it can't query ns.sybdom.example.com to get is A record, without an A record. While the first works because it is already in contact with the nameserver for the others its been making. (which is made possible because the .com server provided the glue record for ns1.example.com, which you had to provide when you set up the domain with your registrarbut didn't need to provide if your authority nameservers were in a different domain.) Something like this might result... $ORIGIN example.com. ns1A x.x.x.x ns2A x.x.x.y $ORIGIN subdom.example.com. @ NSns2.example.com. $ORIGIN sybdom.example.com. @ NSns.symdom.example.com. ns A x.x.x.z $ORIGIN szbdom.example.com. @ NSns1.example.net. Scary things happen when the subdomain is delegated, and they give you ns1 IP1, ns2 IP2and then something happens and the flip things aroundso that ns1 is on IP2 and ns2 is on IP1when you ask it what the A is for ns1, it gives you the IP of what you thought ns2 was or worse...the IP that used to be ns1, has a completely different name and the old name no longer exists in their subdomain. Which appears to be the case for what real delegated subdomain of mine that I was had first Also when things are working, the answer to NS is from the delegated nameserver not the parent. Because I first tried: set type=ns math.ksu.edu Non-authoritative answer: math.ksu.edunameserver = ns-2.ksu.edu. math.ksu.edunameserver = ns.math.ksu.edu. math.ksu.edunameserver = ns-1.ksu.edu. Authoritative answers can be found from: ns-1.ksu.eduinternet address = 129.130.254.21 ns-2.ksu.eduinternet address = 129.130.139.151 set type=a ns.math.ksu.edu Name:ns.math.ksu.edu Address: 129.130.106.2 But, then I looked at my zone file, and I have: $ORIGIN math.ksu.edu. @ NS gw.math.ksu.edu. NS ns-3.ksu.edu. NS ns-2.ksu.edu. NS ns-1.ksu.edu. gw A 129.130.106.1 Don't know if I want to change it or notrecall having tried to fix entries like this before, which caused problems Like maybe ns.math.ksu.edu is his master server, but their firewall only allows it to be accessed from their subnet. And, gw is my way in. The slave zone record on my side has IPs for both gw and ns, would have dig deeper to see where the updates are actually coming from On 01/23/14 11:58, Blason R wrote: Perfect this is what I m thinking. So in some case I observed that subdomain.example.com http://subdomain.example.com has ns record specified but no A record associated with it. But if i do query set type=ns to parent ns record it shows something else. Like Set typ=ns Sybdom.example.com http://Sybdom.example.com Ns5.example.com http://Ns5.example.com Set type=a Ns5.example.com http://Ns5.example.com No A record Server ns1.example.com http://ns1.example.com Set type=ns Subdom.example.com http://Subdom.example.com Ns2.example.com http://Ns2.example.com Is this setup correct? On 23 Jan 2014 23:04, Ben Croswell ben.crosw...@gmail.com mailto:ben.crosw...@gmail.com wrote: A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, Blason R blaso...@gmail.com mailto:blaso...@gmail.com wrote: Hello friends, I may sound like novice but have basic question regarding Sub-zone which is an delegated zone. lets say I have zone example.com http://example.com whose NS are ns1.example.com http://ns1.example.com and then I have delegated sub-zone subdom.example.com http://subdom.example.com whose ns record would be say ns2.example.com http://ns2.example.com. So people who will be querying to A record for subdom.example.com http://subdom.example.com [which @] will first be forwarded to ns1.example.com
Using nsupdate to insert/delete record in the RPZ zone file
Hi there, Is that possible to use the bind-util “nsupdate” to insert a new record into the zone file of response policy zone ? I got “NOTZONE” reply from the bind. I tried by using the following commands but still got “NOTZONE” status code replied from Bind. Have anyone ever tried to build a RPZ with dynamic updating mechanism? Thanks! #nsupdate debug yes server 127.0.0.1 zone rpz update add test.thingsto.me. 60 A 127.0.0.1 send -- Pika Aman Sent with Sparrow (http://www.sparrowmailapp.com/?sig) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using nsupdate to insert/delete record in the RPZ zone file
I think you need to change the line .. update add test.thingsto.me. 60 A 127.0.0.1 ... to ... update add test.thingsto.me.rpz A 127.0.0.1 On Thu, Jan 23, 2014 at 6:20 PM, Pika.Aman a...@thingsto.me wrote: Hi there, Is that possible to use the bind-util nsupdate to insert a new record into the zone file of response policy zone ? I got NOTZONE reply from the bind. I tried by using the following commands but still got NOTZONE status code replied from Bind. Have anyone ever tried to build a RPZ with dynamic updating mechanism? Thanks! #nsupdate debug yes server 127.0.0.1 zone rpz update add test.thingsto.me. 60 A 127.0.0.1 send -- Pika Aman Sent with Sparrow http://www.sparrowmailapp.com/?sig ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
