Re: Doubts about BIND
On Jun 2, 2009, at 3:02 PM, Eduardo JĂșnior wrote: Hi, I have some doubts about BIND and can't find documentation about: References are welcome =) 1. The Named read the file named.conf and store all it in the main memory? The same is done to files zones? Or is there another way? You probably know this but: http://www.google.com/search?q=bind-dlz //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: two NS servers on a single host
On May 13, 2009, at 7:29 AM, Jeff Lightner wrote: It is network redundancy only in so far the DOS attack doesn't cause your CPU and memory to get slammed. I would block the block the ip under attack upstream so no cpu or memory issues. I didn't claim anything other then there can be in fact value in having one computer on more then one network. This was in response to your comment This would be completely useless which I disagree with. //Brad If you're doing redundancy you really ought to do the whole thing by getting another server and putting IT on the other network. Then you don't have a single point of failure (unless they're both in the same data center). If you really want to do two different IPs on one host you could probably use views to accomplish this but that would be all within a single BIND setup so your theoretical DOS attack would probably cause both views to have issues. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley Giesbrecht Sent: Wednesday, May 13, 2009 10:22 AM To: Stephane Bortzmeyer Cc: bind-users@lists.isc.org Subject: Re: two NS servers on a single host On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: two NS servers on a single host
Jeff, my apologies. I read the quoting levels wrong. On May 13, 2009, at 8:01 AM, Bradley Giesbrecht wrote: On May 13, 2009, at 7:29 AM, Jeff Lightner wrote: It is network redundancy only in so far the DOS attack doesn't cause your CPU and memory to get slammed. I would block the block the ip under attack upstream so no cpu or memory issues. I didn't claim anything other then there can be in fact value in having one computer on more then one network. This was in response to your comment This would be completely useless which I disagree with. //Brad If you're doing redundancy you really ought to do the whole thing by getting another server and putting IT on the other network. Then you don't have a single point of failure (unless they're both in the same data center). If you really want to do two different IPs on one host you could probably use views to accomplish this but that would be all within a single BIND setup so your theoretical DOS attack would probably cause both views to have issues. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley Giesbrecht Sent: Wednesday, May 13, 2009 10:22 AM To: Stephane Bortzmeyer Cc: bind-users@lists.isc.org Subject: Re: two NS servers on a single host On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RHEL and named with DLZ
On Mar 9, 2009, at 2:40 AM, Adam Tkac wrote: On Thu, Mar 05, 2009 at 09:47:07PM -0800, Scott Haneda wrote: Hello, I am trying to get named with DLZ on RHEL. My build line is below, I can start named, and I have base configured it so that it will return a lookup for `dig example.com @localhost +norec` which returns a custom IP I put in to make sure it is really working. So far, I know named is working. I added in dlz Mysql zone { ... } rndc and restarting named all work fine, no errors that I can see. But in a successful build on OS X, I was getting a line in the log for named that said 'Mysql zone' using driver mysql I do not get that on RHEL, and I am not getting answers back for my test zones I have in the database. MySql is running, I know that much. Any suggestions? BIND in RHEL5 is based on 9.3 series and DLZ stuff has been merged in 9.4 development cycle. It is impossible to get DLZ working with bind package that is shipped in RHEL5. Could I ask you why you can't use SDB, please? Regards, Adam -- Adam Tkac, Red Hat, Inc. Adam, I believe I used you srpm for bind. people.redhat.com/atkac or soemthing like it. If that's you, thank you. I didn't confirm this by trying it, but I read in numerous places that the current RHEL5 bind didn't work with mysql. Can anyone that the current RHEL bind-sdb does work with mysql? If I go to isc.org the most prominant download links I find are for BIND 9.6.0-P1. I didn't find at isc.org where they state which version is recommended. Does anyone know where to find this information? Thank you, Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users