Re: problem registering DS records with EDUCAUSE, sanity check please
On Mon, Jul 14, 2014 at 07:14:57PM -0700, Paul B. Henson hen...@acm.org wrote a message of 56 lines which said: I also don't think this is what educause is doing, as I haven't had any trouble entering DS records for published but not activated KSK's in the past, You can also note that it is quite common to publish DS without any matching KSK. It is even documented in RFC 6781, section 4.2.4. For an actual example, see .UK http://dnsviz.net/d/uk/dnssec/ (the yellow path). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Does bind read /etc/hosts?
Dear sir/madam, Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. But someone tells me Bind can access /etc/hosts first. Can you pls tell me how to config Bind to access /etc/hosts fist? Thanks, Guanghua ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
In message bay173-w11d824e324939a1bb89852bb...@phx.gbl, houguanghua writes: Dear sir/madam, Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. But someone tells me Bind can access /etc/hosts first. Can you pls tell me how to config Bind to access /etc/hosts fist? Thanks, Guanghua No. getaddrinfo, gethostbyname etc. however may access /etc/hosts, NIS, mDNS, DNS and other databases. You need to read the documentation that comes with your system for how to control these. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
At Tue, 15 Jul 2014 10:28:30 +, houguanghua wrote: Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. That's right. BIND tools (dig, ...) are DNS tools. Local files aren't part of the DNS. For more information, please see http://serverfault.com/questions/498500/why-does-the-host-command-not-resolve-entries-in-etc-hosts Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.10.0-P2 prefetch problem
I'm having problems querying one particular domain with BIND 9.10.0-P2 if prefetch is enabled. I have been able to duplicate the problem from multiple servers running 9.10.0-P2 with different operating systems but I have not been able to duplicate the problem with any other domains (yet, I'm still trying), The domain that shows the problem is www.securityplusfcuhb.orghttp://www.securityplusfcuhb.org. It is a CNAME that points to a CNAME that points to an A record: ;; QUESTION SECTION: ;www.securityplusfcuhb.org. IN A ;; ANSWER SECTION: www.securityplusfcuhb.org. 86399 IN CNAME securityplusfcuhb.flb.intuit.com. securityplusfcuhb.flb.intuit.com. 30 IN CNAME 03845.olb.prd1.flb.digitalinsight.com. 03845.olb.prd1.flb.digitalinsight.com. 30 IN A 199.102.151.76 As long as no queries are performed at a time that would trigger a prefetch, everything is fine. If a query is performed at a time that does trigger a prefetch, all subsequent queries return NXDOMAIN. dig @localhost a www.securityplusfcuhb.org ; DiG 9.10.0-P2 @localhost a www.securityplusfcuhb.org ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 49996 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.securityplusfcuhb.org. IN A ;; ANSWER SECTION: www.securityplusfcuhb.org. 86187 IN CNAME securityplusfcuhb.flb.intuit.com. ;; AUTHORITY SECTION: flb.intuit.com. 597 IN SOA flbflb-gtm-qydc.intuit.com. hostmaster.flb.intuit.com. 2014022110 10800 3600 604800 86400 Flushing the cache fixes the problem. Disabling prefetch prevents the problem from happening. Tedd ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.10.0-P2 prefetch problem
Tracy, Tedd C. Contractor tedd.c.tr...@ssa.gov wrote: ;; ANSWER SECTION: www.securityplusfcuhb.org. 86399 IN CNAME securityplusfcuhb.flb.intuit.com. securityplusfcuhb.flb.intuit.com. 30 IN CNAME 03845.olb.prd1.flb.digitalinsight.com. 03845.olb.prd1.flb.digitalinsight.com. 30 IN A 199.102.151.76 As long as no queries are performed at a time that would trigger a prefetch, everything is fine. If a query is performed at a time that does trigger a prefetch, all subsequent queries return NXDOMAIN. The problem is one of the name servers responds incorrectly to CNAME queries: ; DiG cname securityplusfcuhb.flb.intuit.com. @flbflb-gtm-lvdc.intuit.com. ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 7806 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;securityplusfcuhb.flb.intuit.com. IN CNAME ;; AUTHORITY SECTION: flb.intuit.com. 600 IN SOA flbflb-gtm-qydc.intuit.com. hostmaster.flb.intuit.com. 2014022110 10800 3600 604800 86400 ;; Query time: 150 msec ;; SERVER: 63.172.232.28#53(63.172.232.28) ;; WHEN: Tue Jul 15 18:06:45 BST 2014 ;; MSG SIZE rcvd: 124 Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Viking, North Utsire, South Utsire, Northeast Forties: Westerly 5 or 6, backing southerly 4 or 5 later. Slight or moderate. Showers, rain later. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Does bind read /etc/hosts?
The confusion can come in because some UNIX variants (notably HP-UX) nslookup was modified to honor /etc/nsswitch.conf so it DOES check /etc/hosts if files precedes dns. However, in most things (e.g. Linux, Solaris) nslookup (and the newer host command) do not look at /etc/hosts regardless of nsswitch.conf setting. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Niall O'Reilly Sent: Tuesday, July 15, 2014 6:57 AM To: houguanghua Cc: bind-users@lists.isc.org Subject: Re: Does bind read /etc/hosts? At Tue, 15 Jul 2014 10:28:30 +, houguanghua wrote: Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. That's right. BIND tools (dig, ...) are DNS tools. Local files aren't part of the DNS. For more information, please see http://serverfault.com/questions/498500/why-does-the-host-command-not-resolve-entries-in-etc-hosts Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer __ CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: problem registering DS records with EDUCAUSE, sanity check please
From: Stephane Bortzmeyer Sent: Tuesday, July 15, 2014 12:43 AM You can also note that it is quite common to publish DS without any matching KSK. It is even documented in RFC 6781, section 4.2.4. For an actual example, see .UK http://dnsviz.net/d/uk/dnssec/ (the yellow path). Interesting, my understanding was that if there was a dangling DS record in the parent that did not match a published DNSKEY in the child a validating client might consider the zone bogus and refuse to resolve it. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.10.0-P2 prefetch problem
The nameservers for securityplusfcuhb.flb.intuit.com are broken. dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com ns - NXDOMAIN dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com a - CNAME dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com - NODATA dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com cname - NXDOMAIN A properly functioning, RFC 1034 [1] compliant, nameserver will return CNAME to all these queries as there is a CNAME record in the zone at that name. intuit.com need to complain to their nameserver vendor to get it fixed. They also need to complain that the EDNS handling [2] is broken as they the servers fail to correctly handle EDNS versions other than 0 and they fail to correctly handle unknown EDNS options. dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com a +edns=1 - fails to respond. The correct answer is BADVERS. dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com a +ednsopt=200 - incorrectly returns unknown EDNS options. Mark [1] http://tools.ietf.org/html/rfc1034 [2] http://tools.ietf.org/html/rfc6891 In message f80b214c2304c641b917b47051d743c4201b6cc...@hq-mb-08.ba.ad.ssa.gov, Tracy, Tedd C. Contractor writes: I'm having problems querying one particular domain with BIND 9.10.0-P2 if p= refetch is enabled. I have been able to duplicate the problem from multiple= servers running 9.10.0-P2 with different operating systems but I have not = been able to duplicate the problem with any other domains (yet, I'm still t= rying), The domain that shows the problem is www.securityplusfcuhb.orghttp://www.s= ecurityplusfcuhb.org. It is a CNAME that points to a CNAME that points to = an A record: ;; QUESTION SECTION: ;www.securityplusfcuhb.org. IN A ;; ANSWER SECTION: www.securityplusfcuhb.org. 86399 IN CNAME securityplusfcuhb.flb.intui= t.com. securityplusfcuhb.flb.intuit.com. 30 IN CNAME 03845.olb.prd1.flb.digitali= nsight.com. 03845.olb.prd1.flb.digitalinsight.com. 30 IN A 199.102.151.76 As long as no queries are performed at a time that would trigger a prefetch= , everything is fine. If a query is performed at a time that does trigger a= prefetch, all subsequent queries return NXDOMAIN. dig @localhost a www.securityplusfcuhb.org ; DiG 9.10.0-P2 @localhost a www.securityplusfcuhb.org ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 49996 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.securityplusfcuhb.org. IN A ;; ANSWER SECTION: www.securityplusfcuhb.org. 86187 IN CNAME securityplusfcuhb.flb.intui= t.com. ;; AUTHORITY SECTION: flb.intuit.com. 597 IN SOA flbflb-gtm-qydc.intuit.com.= hostmaster.flb.intuit.com. 2014022110 10800 3600 604800 86400 Flushing the cache fixes the problem. Disabling prefetch prevents the probl= em from happening. Tedd --_000_F80B214C2304C641B917B47051D743C4201B6CCDE4HQMB08baadssa_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40headmeta http-equiv=3DContent-Type content= =3Dtext/html; charset=3Dus-asciimeta name=3DGenerator content=3DMicros= oft Word 14 (filtered medium)style!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:Calibri,sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Calibri,sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:Calibri,sans-serif;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --/style!--[if gte mso 9]xml o:shapedefaults v:ext=3Dedit spidmax=3D1026 / /xml![endif]--!--[if gte mso 9]xml o:shapelayout v:ext=3Dedit o:idmap v:ext=3Dedit data=3D1 / /o:shapelayout/xml![endif]--/headbody lang=3DEN-US link=3Dblue vli= nk=3Dpurplediv class=3DWordSection1p class=3DMsoNormalI#8217;m having= problems querying one particular domain with BIND 9.10.0-P2 if prefetch is= enabled. I have been able to duplicate the problem from
Can someone please translate entries from query.log file?
Hi All, Can someone please tell me exactly what the two entries below from query.log file mean? 15-Jul-2014 16:24:27.042 queries: XX / 206.117.120.2/foothillfiretraining.org/SOA/IN 15-Jul-2014 16:24:34.100 queries: XX / 206.117.120.84/129.118.117.206.in-addr.arpa/PTR/IN I'm running BIND 8.2.4 on Solaris 8 root@bmw:/export/home/dns # in.named -v in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004 Generic Patch-5.8-July 2004 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: problem registering DS records with EDUCAUSE, sanity check please
In message 070d01cfa067$ad9b1050$08d130f0$@acm.org, Paul B. Henson writes: From: Stephane Bortzmeyer Sent: Tuesday, July 15, 2014 12:43 AM You can also note that it is quite common to publish DS without any matching KSK. It is even documented in RFC 6781, section 4.2.4. For an actual example, see .UK http://dnsviz.net/d/uk/dnssec/ (the yellow path). Interesting, my understanding was that if there was a dangling DS record in the parent that did not match a published DNSKEY in the child a validating client might consider the zone bogus and refuse to resolve it. There has to a working combination of DS/DNSKEY/RRSIG for each DNSSEC algorithm listed in the DS RRset. DS records without a matching DNSKEY or matching RRSIG cause validators to do more work. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can someone please translate entries from query.log file?
Looks like finding who is authoritative foothillfiretraining.org and then doing a reverse lookup on an address. From: Samad Agha [mailto:samad.agha2...@gmail.com] Sent: Tuesday, July 15, 2014 04:33 PM To: DNS BIND bind-us...@isc.org; bind-users@lists.isc.org bind-users@lists.isc.org Subject: Can someone please translate entries from query.log file? Hi All, Can someone please tell me exactly what the two entries below from query.log file mean? 15-Jul-2014 16:24:27.042 queries: XX /206.117.120.2/foothillfiretraining.org/SOA/INhttp://206.117.120.2/foothillfiretraining.org/SOA/IN 15-Jul-2014 16:24:34.100 queries: XX /206.117.120.84/129.118.117.206.in-addr.arpa/PTR/INhttp://206.117.120.84/129.118.117.206.in-addr.arpa/PTR/IN I'm running BIND 8.2.4 on Solaris 8 root@bmw:/export/home/dns # in.named -v in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004 Generic Patch-5.8-July 2004 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can someone please translate entries from query.log file?
Truly, you need to upgrade. The latest BIND 9 should still build and run on Solaris 8 though that hasn't been tested in years. You will need to install a C99 or later based compiler. As to your question you have the query source address, the query name, the query type and the query class seperated by / characters. Mark In message caoqzdmojqegfyc_ag6l-lwflcujszti8ipf_qus+dpqmpkn...@mail.gmail.com , Samad Agha writes: Hi All, Can someone please tell me exactly what the two entries below from query.log file mean? 15-Jul-2014 16:24:27.042 queries: XX / 206.117.120.2/foothillfiretraining.org/SOA/IN 15-Jul-2014 16:24:34.100 queries: XX / 206.117.120.84/129.118.117.206.in-addr.arpa/PTR/IN I'm running BIND 8.2.4 on Solaris 8 root@bmw:/export/home/dns # in.named -v in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004 Generic Patch-5.8-July 2004 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Does bind read /etc/hosts?
Sorry for what I said isn't very clear. I did know when the /etc/hosts is accessed in the OS. What I want to know is whether the named access the hosts file. The /etc/hosts file isn't in the client's system, but in the system of Local DNS server where the 'named' task runs. For example: In the /etc/hosts file of Local DNS server(LDNS), one line exists as follows: 10.10.10.1 www.google.com A client querys this LDNS to get the IP of 'www.google.com' (the client may use dig,nslookup command. No host line is configured in /etc/hosts of this client ), what IP will be returned to the client? Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature. Thanks, Guanghua To: houguang...@hotmail.com CC: bind-us...@isc.org From: ma...@isc.org Subject: Re: Does bind read /etc/hosts? Date: Tue, 15 Jul 2014 20:38:12 +1000 In message bay173-w11d824e324939a1bb89852bb...@phx.gbl, houguanghua writes: Dear sir/madam, Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. But someone tells me Bind can access /etc/hosts first. Can you pls tell me how to config Bind to access /etc/hosts fist? Thanks, Guanghua No. getaddrinfo, gethostbyname etc. however may access /etc/hosts, NIS, mDNS, DNS and other databases. You need to read the documentation that comes with your system for how to control these. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
In message bay173-w26f0d751d9e56ffda14b15bb...@phx.gbl, houguanghua writes: Sorry for what I said isn't very clear. I did know when the /etc/hosts is accessed in the OS. What I want to know is whether the named access the hosts file. And I gave you a clear, unequivicable No. Named does not read /etc/hosts. Mark The /etc/hosts file isn't in the client's system, but in the system of Local DNS server where the 'named' task runs. For example: In the /etc/hosts file of Local DNS server(LDNS), one line exists as follows: 10.10.10.1 www.google.com A client querys this LDNS to get the IP of 'www.google.com' (the client may use dig,nslookup command. No host line is configured in /etc/hosts of this client ), what IP will be returned to the client? Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature. Thanks, Guanghua To: houguang...@hotmail.com CC: bind-us...@isc.org From: ma...@isc.org Subject: Re: Does bind read /etc/hosts? Date: Tue, 15 Jul 2014 20:38:12 +1000 In message bay173-w11d824e324939a1bb89852bb...@phx.gbl, houguanghua writes: Dear sir/madam, Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. But someone tells me Bind can access /etc/hosts first. Can you pls tell me how to config Bind to access /etc/hosts fist? Thanks, Guanghua No. getaddrinfo, gethostbyname etc. however may access /etc/hosts, NIS, mDNS, DNS and other databases. You need to read the documentation that comes with your system for how to control these. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Does bind read /etc/hosts?
Thanks a lot. To: houguang...@hotmail.com CC: bind-us...@isc.org From: ma...@isc.org Subject: Re: Does bind read /etc/hosts? Date: Wed, 16 Jul 2014 11:33:00 +1000 In message bay173-w26f0d751d9e56ffda14b15bb...@phx.gbl, houguanghua writes: Sorry for what I said isn't very clear. I did know when the /etc/hosts is accessed in the OS. What I want to know is whether the named access the hosts file. And I gave you a clear, unequivicable No. Named does not read /etc/hosts. Mark The /etc/hosts file isn't in the client's system, but in the system of Local DNS server where the 'named' task runs. For example: In the /etc/hosts file of Local DNS server(LDNS), one line exists as follows: 10.10.10.1 www.google.com A client querys this LDNS to get the IP of 'www.google.com' (the client may use dig,nslookup command. No host line is configured in /etc/hosts of this client ), what IP will be returned to the client? Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature. Thanks, Guanghua To: houguang...@hotmail.com CC: bind-us...@isc.org From: ma...@isc.org Subject: Re: Does bind read /etc/hosts? Date: Tue, 15 Jul 2014 20:38:12 +1000 In message bay173-w11d824e324939a1bb89852bb...@phx.gbl, houguanghua writes: Dear sir/madam, Before Bind consults authority NS, does it access /etc/hosts? In my testing, it does not even seem to access /etc/hosts. But someone tells me Bind can access /etc/hosts first. Can you pls tell me how to config Bind to access /etc/hosts fist? Thanks, Guanghua No. getaddrinfo, gethostbyname etc. however may access /etc/hosts, NIS, mDNS, DNS and other databases. You need to read the documentation that comes with your system for how to control these. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
What I want to know is whether the named access the hosts file. I wonder if the OP is actually asking for a way to have BIND return specific values for specific host names, without having them looked up in the real DNS. Guanghua, can you tell us the result you wish to achieve? From your example, it looks as if you are trying to get BIND to return a value of your choice, rather than the value that would normally be returned by a DNS lookup. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
Am 16.07.2014 03:27, schrieb houguanghua: Sorry for what I said isn't very clear you wheer clear I did know when the /etc/hosts is accessed in the OS agreed What I want to know is whether the named access the hosts file The /etc/hosts file isn't in the client's system, for bind applies the same as for bind-utils (dig, nslookup...) anything else would be strange and unpredictable behavior but in the system of Local DNS server where the 'named' task runs. For example: In the /etc/hosts file of Local DNS server(LDNS), one line exists as follows: 10.10.10.1 www.google.com bind don't care about that A client querys this LDNS to get the IP of 'www.google.com' (the client may use dig,nslookup command. No host line is configured in /etc/hosts of this client ), what IP will be returned to the client? the one of the DNS system Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature wrong tool - dnsmasq can but on the other hand has no bind-like zonefiles signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
In message 53c5e714.5080...@thelounge.net, Reindl Harald writes: Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature wrong tool - dnsmasq can but on the other hand has no bind-like zonefiles Neither dnsmasq nor named read /etc/hosts. Both can be used to override data from outside. They just have different configuration methods. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
On Wed, Jul 16, 2014 at 9:55 AM, Mark Andrews ma...@isc.org wrote: In message 53c5e714.5080...@thelounge.net, Reindl Harald writes: Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature wrong tool - dnsmasq can but on the other hand has no bind-like zonefiles Neither dnsmasq nor named read /etc/hosts. From dnsmasq man page: ... It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts So dnsmasq does read /etc/hosts. Or did you mean something else? -- Fajar ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
Am 16.07.2014 04:55, schrieb Mark Andrews: In message 53c5e714.5080...@thelounge.net, Reindl Harald writes: Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the client? maybe some special configuration in named can support this feature wrong tool - dnsmasq can but on the other hand has no bind-like zonefiles Neither dnsmasq nor named read /etc/hosts. Both can be used to override data from outside. They just have different configuration methods surely, otherwise --no-hosts or the config param to disable that would not make sense, using it with ATS in production [root@localhost:~]$ dnsmasq --help | grep no-hosts -h, --no-hosts Do NOT load /etc/hosts file. -H, --addn-hosts=file Additional hosts file. Read the specified file as well as /etc/hosts. If -h is given, read only the specified file. This option may be repeated for more than one additional hosts file. If a directory is given, then read all the files contained in that directory. [root@localhost:~]$ cat /etc/dnsmasq.conf resolv-file=/etc/resolv.conf.dnsmasq strict-order user=nobody group=nobody interface=lo no-dhcp-interface=lo bind-interfaces no-hosts addn-hosts=/etc/hosts.dnsmasq local-ttl=3600 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Does bind read /etc/hosts?
Ok, I stand corrected. That said both named and dnsmasq as well as other products can override data from outside. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users