Re: Recursion Question
Define an explicit forward-zone on the recursive server for private.dns.com In the zone definition, put the addresses of the servers which can answer for private.dns.com. -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@alaska.gov Department of Administration State of Alaska On 12/20/2021 11:05 AM, LeBlanc, Daniel James via bind-users wrote: The Recursive DNS server is unaware of this domain and sends the request to its Forwarding DNS ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Recursion Question
Hello All. I have a recursion via forwarder question. Consider the following scenario: - A client sends a query to an internal recursive DNS server for the following A record: 'a.b.c.private.dns.com' - The Recursive DNS server is unaware of this domain and sends the request to its Forwarding DNS - The Forwarding DNS server has Internet access and begins the recursion process o It successfully determines the NS authoritative for 'private.dns.com' o It is unable to continue the resolution process as it does not have access to the NS authoritative for 'private.dns.com' o It times out and returns a failed response to the Recursive DNS Is it possible to return the information that it has to the Recursive DNS server? And if so, is it possible for the Recursive DNS server to complete the lookup against NS private.dns.com (it has network access)? I have been unable to find any guidance on this and am concerned that this is not a supported scenario. Alternatives under consideration are: - Allow Forwarding DNS access to NS responsible for 'private.dns.com' - Make Recursive DNS aware of zone 'private.dns.com' so that it does not use the Forwarding DNS - ?? (open to suggestions!) Thanks in advance! Daniel J. LeBlanc, P.Eng., MBA, DTME ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nice new logging feature
Am 20.12.21 um 17:53 schrieb Petr Menšík: sure I confused that. I read it wrong way and thought they are present on *BSD but not on Fedora. I know some messages are removed in Fedora builds. I apologize for a confusion. Nobody complained on Fedora builds, that is a good message to me. OP was "I am trying 9.17 at home and I just noticed a very useful new lame-servers log message: 2021-12-16T08:08:20.505Z lame-servers: timed out resolving ’stupiddomain.com/ANY/IN': X.Y.Z.T#53. I haven’t seen this on 9.16" i looked at my Fedora lame-log and answered with "exists in 9.16 here and i doubt Fedora has backports for this" On 12/20/21 17:39, Reindl Harald wrote: Am 20.12.21 um 17:32 schrieb Petr Menšík: Hi Borja, In fact there is ancient patch [1] still applied to Fedora builds, which hides some lame servers warnings. It makes some lame servers category logs as debug only, shown only when -d 1 option is used. I was thinking about removing this change some time ago and replace it with just configuration snippet dropping lame servers message if needed. But no one complained for years. If you think those messages should be available, please fill bug on Red Hat Bugzilla [2], bind component. I have minimized changes to BIND done for Fedora, but this one remained due lack of feedback. I think configuration example to hide lame servers messages might be more appropriate, because it would allow changes without recompilation, just with simple configuration change. Current builds cannot enable without debug level 1 I am afraid. you confused something! Borja don't have that in older named versions and does not use Fedora, i have them on Fedora as you see in my quote and it's not about the messsages as such but about "45.79.19.196#53" at the end of lame-logs maybe because of my logging configuration which is unchanged for years logging { channel default_log { file "data/named.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel transfer_log { file "data/transfer.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel rate_limit_log { file "data/rate_limit.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel lame_servers_log { file "data/lame_servers.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel query_errors_log { file "data/query_errors.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; category default {default_log;}; category resolver {default_log;}; category security {default_log;}; category xfer-in {transfer_log;}; category xfer-out {transfer_log;}; category config {default_log;}; category queries {default_log;}; category notify {default_log;}; category database {default_log;}; category rate-limit {rate_limit_log;}; category lame-servers {lame_servers_log;}; category query-errors {query_errors_log;}; }; On 12/16/21 13:15, Reindl Harald wrote: Am 16.12.21 um 10:02 schrieb Borja Marcos: Hi, I am trying 9.17 at home and I just noticed a very useful new lame-servers log message: 2021-12-16T08:08:20.505Z lame-servers: timed out resolving ’stupiddomain.com/ANY/IN': X.Y.Z.T#53 I haven’t seen this on 9.16. Are there any plans to include it? bind-9.16.23-1.fc34.x86_64 16-Dec-2021 13:08:10.598 lame-servers: connection refused resolving 'ns2.serverion.eu/A/IN': 94.228.210.122#53 16-Dec-2021 13:11:29.269 lame-servers: host unreachable resolving '250.84.141.45.in-addr.arpa/PTR/IN': 45.79.19.196#53 16-Dec-2021 13:11:31.804 lame-servers: host unreachable resolving '250.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 16-Dec-2021 13:12:10.567 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 198.58.118.167#53 16-Dec-2021 13:12:13.903 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.18.44#53 16-Dec-2021 13:12:14.034 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 16-Dec-2021 13:12:15.773 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.23.183#53 16-Dec-2021 13:12:15.938 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 16-Dec-2021 13:12:46.937 lame-servers: connection refused resolving 'mx4.itronic.at/A/IN': 85.124.85.125#53 16-Dec-2021 13:13:41.202 lame-servers: host unreachable resolving '70.84.141.45.in-addr.arpa/PTR/IN': 72.14.185.43#53 16-Dec-2021 13:13:45.334 lame-servers: host unreachable resolving '70.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53
Re: Nice new logging feature
Oh, Hi Reindl, sure I confused that. I read it wrong way and thought they are present on *BSD but not on Fedora. I know some messages are removed in Fedora builds. I apologize for a confusion. Nobody complained on Fedora builds, that is a good message to me. Thanks! Merry Christmas folks. On 12/20/21 17:39, Reindl Harald wrote: > > > Am 20.12.21 um 17:32 schrieb Petr Menšík: >> Hi Borja, >> >> In fact there is ancient patch [1] still applied to Fedora builds, which >> hides some lame servers warnings. It makes some lame servers category >> logs as debug only, shown only when -d 1 option is used. >> >> I was thinking about removing this change some time ago and replace it >> with just configuration snippet dropping lame servers message if needed. >> But no one complained for years. If you think those messages should be >> available, please fill bug on Red Hat Bugzilla [2], bind component. >> >> I have minimized changes to BIND done for Fedora, but this one remained >> due lack of feedback. I think configuration example to hide lame servers >> messages might be more appropriate, because it would allow changes >> without recompilation, just with simple configuration change. Current >> builds cannot enable without debug level 1 I am afraid. > > you confused something! > > Borja don't have that in older named versions and does not use Fedora, > i have them on Fedora as you see in my quote and it's not about the > messsages as such but about "45.79.19.196#53" at the end of lame-logs > > maybe because of my logging configuration which is unchanged for years > > logging > { > channel default_log > { > file "data/named.log" versions 0 size 1m; > severity dynamic; > print-time yes; > print-category yes; > }; > channel transfer_log > { > file "data/transfer.log" versions 0 size 1m; > severity dynamic; > print-time yes; > print-category yes; > }; > channel rate_limit_log > { > file "data/rate_limit.log" versions 0 size 1m; > severity dynamic; > print-time yes; > print-category yes; > }; > channel lame_servers_log > { > file "data/lame_servers.log" versions 0 size 1m; > severity dynamic; > print-time yes; > print-category yes; > }; > channel query_errors_log > { > file "data/query_errors.log" versions 0 size 1m; > severity dynamic; > print-time yes; > print-category yes; > }; > category default {default_log;}; > category resolver {default_log;}; > category security {default_log;}; > category xfer-in {transfer_log;}; > category xfer-out {transfer_log;}; > category config {default_log;}; > category queries {default_log;}; > category notify {default_log;}; > category database {default_log;}; > category rate-limit {rate_limit_log;}; > category lame-servers {lame_servers_log;}; > category query-errors {query_errors_log;}; > }; > >> On 12/16/21 13:15, Reindl Harald wrote: >>> >>> >>> Am 16.12.21 um 10:02 schrieb Borja Marcos: Hi, I am trying 9.17 at home and I just noticed a very useful new lame-servers log message: 2021-12-16T08:08:20.505Z lame-servers: timed out resolving ’stupiddomain.com/ANY/IN': X.Y.Z.T#53 I haven’t seen this on 9.16. Are there any plans to include it? >>> >>> bind-9.16.23-1.fc34.x86_64 >>> >>> 16-Dec-2021 13:08:10.598 lame-servers: connection refused resolving >>> 'ns2.serverion.eu/A/IN': 94.228.210.122#53 >>> 16-Dec-2021 13:11:29.269 lame-servers: host unreachable resolving >>> '250.84.141.45.in-addr.arpa/PTR/IN': 45.79.19.196#53 >>> 16-Dec-2021 13:11:31.804 lame-servers: host unreachable resolving >>> '250.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 >>> 16-Dec-2021 13:12:10.567 lame-servers: host unreachable resolving >>> '166.84.141.45.in-addr.arpa/PTR/IN': 198.58.118.167#53 >>> 16-Dec-2021 13:12:13.903 lame-servers: host unreachable resolving >>> '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.18.44#53 >>> 16-Dec-2021 13:12:14.034 lame-servers: host unreachable resolving >>> '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 >>> 16-Dec-2021 13:12:15.773 lame-servers: host unreachable resolving >>> '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.23.183#53 >>> 16-Dec-2021 13:12:15.938 lame-servers: host unreachable resolving >>> '166.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 >>> 16-Dec-2021 13:12:46.937 lame-servers: connection refused resolving >>> 'mx4.itronic.at/A/IN': 85.124.85.125#53 >>> 16-Dec-2021 13:13:41.202 lame-servers: host unreachable resolving >>> '70.84.141.45.in-addr.arpa/PTR/IN': 72.14.185.43#53 >>> 16-Dec-2021 13:13:45.334 lame-servers: host unreachable resolving >>> '70.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 >>> 16-Dec-2021 13:13:46.953 lame-servers: REFUSED unexpected RCODE >>> resolving
Re: Nice new logging feature
Am 20.12.21 um 17:32 schrieb Petr Menšík: Hi Borja, In fact there is ancient patch [1] still applied to Fedora builds, which hides some lame servers warnings. It makes some lame servers category logs as debug only, shown only when -d 1 option is used. I was thinking about removing this change some time ago and replace it with just configuration snippet dropping lame servers message if needed. But no one complained for years. If you think those messages should be available, please fill bug on Red Hat Bugzilla [2], bind component. I have minimized changes to BIND done for Fedora, but this one remained due lack of feedback. I think configuration example to hide lame servers messages might be more appropriate, because it would allow changes without recompilation, just with simple configuration change. Current builds cannot enable without debug level 1 I am afraid. you confused something! Borja don't have that in older named versions and does not use Fedora, i have them on Fedora as you see in my quote and it's not about the messsages as such but about "45.79.19.196#53" at the end of lame-logs maybe because of my logging configuration which is unchanged for years logging { channel default_log { file "data/named.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel transfer_log { file "data/transfer.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel rate_limit_log { file "data/rate_limit.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel lame_servers_log { file "data/lame_servers.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; channel query_errors_log { file "data/query_errors.log" versions 0 size 1m; severity dynamic; print-time yes; print-category yes; }; category default {default_log;}; category resolver {default_log;}; category security {default_log;}; category xfer-in {transfer_log;}; category xfer-out {transfer_log;}; category config {default_log;}; category queries {default_log;}; category notify {default_log;}; category database {default_log;}; category rate-limit {rate_limit_log;}; category lame-servers {lame_servers_log;}; category query-errors {query_errors_log;}; }; On 12/16/21 13:15, Reindl Harald wrote: Am 16.12.21 um 10:02 schrieb Borja Marcos: Hi, I am trying 9.17 at home and I just noticed a very useful new lame-servers log message: 2021-12-16T08:08:20.505Z lame-servers: timed out resolving ’stupiddomain.com/ANY/IN': X.Y.Z.T#53 I haven’t seen this on 9.16. Are there any plans to include it? bind-9.16.23-1.fc34.x86_64 16-Dec-2021 13:08:10.598 lame-servers: connection refused resolving 'ns2.serverion.eu/A/IN': 94.228.210.122#53 16-Dec-2021 13:11:29.269 lame-servers: host unreachable resolving '250.84.141.45.in-addr.arpa/PTR/IN': 45.79.19.196#53 16-Dec-2021 13:11:31.804 lame-servers: host unreachable resolving '250.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 16-Dec-2021 13:12:10.567 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 198.58.118.167#53 16-Dec-2021 13:12:13.903 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.18.44#53 16-Dec-2021 13:12:14.034 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 16-Dec-2021 13:12:15.773 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.23.183#53 16-Dec-2021 13:12:15.938 lame-servers: host unreachable resolving '166.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 16-Dec-2021 13:12:46.937 lame-servers: connection refused resolving 'mx4.itronic.at/A/IN': 85.124.85.125#53 16-Dec-2021 13:13:41.202 lame-servers: host unreachable resolving '70.84.141.45.in-addr.arpa/PTR/IN': 72.14.185.43#53 16-Dec-2021 13:13:45.334 lame-servers: host unreachable resolving '70.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 16-Dec-2021 13:13:46.953 lame-servers: REFUSED unexpected RCODE resolving '_.93.226.171.in-addr.arpa/A/IN': 203.113.131.1#53 16-Dec-2021 13:13:47.315 lame-servers: FORMERR resolving '_.93.226.171.in-addr.arpa/A/IN': 203.113.188.2#53 16-Dec-2021 13:13:47.601 lame-servers: REFUSED unexpected RCODE resolving '110.93.226.171.in-addr.arpa/PTR/IN': 203.113.131.1#53 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org
Re: Nice new logging feature
Hi Borja, In fact there is ancient patch [1] still applied to Fedora builds, which hides some lame servers warnings. It makes some lame servers category logs as debug only, shown only when -d 1 option is used. I was thinking about removing this change some time ago and replace it with just configuration snippet dropping lame servers message if needed. But no one complained for years. If you think those messages should be available, please fill bug on Red Hat Bugzilla [2], bind component. I have minimized changes to BIND done for Fedora, but this one remained due lack of feedback. I think configuration example to hide lame servers messages might be more appropriate, because it would allow changes without recompilation, just with simple configuration change. Current builds cannot enable without debug level 1 I am afraid. Cheers, Petr 1. https://src.fedoraproject.org/rpms/bind/blob/rawhide/f/bind97-rh645544.patch 2. https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora On 12/16/21 13:15, Reindl Harald wrote: > > > Am 16.12.21 um 10:02 schrieb Borja Marcos: >> >> Hi, >> >> I am trying 9.17 at home and I just noticed a very useful new >> lame-servers log message: >> >> 2021-12-16T08:08:20.505Z lame-servers: timed out resolving >> ’stupiddomain.com/ANY/IN': X.Y.Z.T#53 >> >> I haven’t seen this on 9.16. Are there any plans to include it? > > bind-9.16.23-1.fc34.x86_64 > > 16-Dec-2021 13:08:10.598 lame-servers: connection refused resolving > 'ns2.serverion.eu/A/IN': 94.228.210.122#53 > 16-Dec-2021 13:11:29.269 lame-servers: host unreachable resolving > '250.84.141.45.in-addr.arpa/PTR/IN': 45.79.19.196#53 > 16-Dec-2021 13:11:31.804 lame-servers: host unreachable resolving > '250.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 > 16-Dec-2021 13:12:10.567 lame-servers: host unreachable resolving > '166.84.141.45.in-addr.arpa/PTR/IN': 198.58.118.167#53 > 16-Dec-2021 13:12:13.903 lame-servers: host unreachable resolving > '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.18.44#53 > 16-Dec-2021 13:12:14.034 lame-servers: host unreachable resolving > '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 > 16-Dec-2021 13:12:15.773 lame-servers: host unreachable resolving > '166.84.141.45.in-addr.arpa/PTR/IN': 45.33.23.183#53 > 16-Dec-2021 13:12:15.938 lame-servers: host unreachable resolving > '166.84.141.45.in-addr.arpa/PTR/IN': 96.126.123.244#53 > 16-Dec-2021 13:12:46.937 lame-servers: connection refused resolving > 'mx4.itronic.at/A/IN': 85.124.85.125#53 > 16-Dec-2021 13:13:41.202 lame-servers: host unreachable resolving > '70.84.141.45.in-addr.arpa/PTR/IN': 72.14.185.43#53 > 16-Dec-2021 13:13:45.334 lame-servers: host unreachable resolving > '70.84.141.45.in-addr.arpa/PTR/IN': 45.33.2.79#53 > 16-Dec-2021 13:13:46.953 lame-servers: REFUSED unexpected RCODE > resolving '_.93.226.171.in-addr.arpa/A/IN': 203.113.131.1#53 > 16-Dec-2021 13:13:47.315 lame-servers: FORMERR resolving > '_.93.226.171.in-addr.arpa/A/IN': 203.113.188.2#53 > 16-Dec-2021 13:13:47.601 lame-servers: REFUSED unexpected RCODE > resolving '110.93.226.171.in-addr.arpa/PTR/IN': 203.113.131.1#53 > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users