Re: Need help on DNS reporter
What's more open source than a one line shell script? It is too simple to spend the time packaging it for rh linux. Try running this against your query logs to see if it does what you want then tweak it as needed. If all else fails look at DNSTOP. Simple single purpose tool that may fit your need, depending on what your need is. Don't know if is is packaged specificly for linux but building from source is easy. Sent from Garminfone by T-Mobile. babu dheen babudh...@yahoo.co.in wrote: Hi, Actually i am looking for open source software which can be installed on redhat linux BIND server to geneerate report from the DNS logs. Regards Papdheen M --- On Sun, 20/3/11, Warren Kumari war...@kumari.net wrote: From: Warren Kumari war...@kumari.net Subject: Re: Need help on DNS reporter To: babu dheen babudh...@yahoo.co.in Cc: terry te...@list.dnsbed.com, bind-users@lists.isc.org Date: Sunday, 20 March, 2011, 8:10 PM Enable query logging, then: cat queries.log | grep 'query: example.com' | awk '{print $6}' | sed 's/#.*//' | sort -n | uniq -c | sort -rn | head -100 | more or something similar? W On Mar 20, 2011, at 10:09 AM, babu dheen wrote: Hi, I am getting below status on this command.. Only internal DNS servers are allowed to query our gateway DNS server as client. number of zones: 12 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: 1/1000 tcp clients: 0/100 server is up and running --- On Sun, 20/3/11, terry te...@list.dnsbed.com wrote: From: terry te...@list.dnsbed.com Subject: Re: Need help on DNS reporter To: babu dheen babudh...@yahoo.co.in Cc: bind-users@lists.isc.org Date: Sunday, 20 March, 2011, 12:42 PM How will rndc status take something good for you? 2011/3/20 babu dheen babudh...@yahoo.co.in Hi, Can anyone let me know is there any open source software available to generate report for DNS service based on DNS BIND query logs. We have BIND DNS running RHEL 5.0. Would like to generate report based on its logs so that we can identify list of clients quering external domains and its query count. Many clients in our company infected with malware which thus send unnecessary query to remote external domain (non available domain). So if we have any software which can generate the report from DNS BIND logs, will be very helpful. Regards Babu ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- www.DNSbed.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS problem with Mac OS X 10.6 and later
Remember that with the Mac you also are using Bonjour for host name resolution. With your Leopard machines you may be looking for XYZ.local and not finding it and quoting rather than going thru your search list. Sent from Garminfone by T-Mobile. Banana Flex flex.ban...@bluewin.ch wrote: hello list, Our setup: - a MAN network with thousand of Mac computers running Mac OS X 10.4, 10.5 and 10.6 - two linux servers running dhcp-3.1.3ESV and bind-9.5.0P2, redundant as a cooperation, this is the main DHCP/DNS servers for the MAN - a multitude of servers running Mac OS X Server (10.4, 10.5, 10.6) for our clients, not centralized, connected to the MAN - 13 DNS zones - HSRP network by Cisco with circa 20 loop of a 23-bit range address (ex. : 10.29.32.1/23, 10.29.36.1/23, 10.29.52.1/23, .../23), that is the MAN Each clients computers are connected to the centralized DHCP/DNS Linux server's and are registered in the zone with the DynamicDNS function. We use the DHCP Client ID (option 61) of the service to redirect and register the client computer into the good domain The linux servers are in the main domain city.educational, at the first level, it's IP addresses is 10.28.25.50 and 10.28.25.51 All others zones are in the form: department.city.educational All clients machines are in DHCP. Servers are in DHCP with a statically assigned address The problem: On 10.5 computers, all are still okay, you can found all records using the host command and ping them: $ hostname 002378.department.city.educational $ host 002378 002378.department.city.educational has address 10.29.76.13 $ host 10.29.76.13 13.76.29.10.in-addr.arpa domain name pointer 002378.department.city.educational. $ ping -c3 002378 PING 002378.department.city.educational (10.29.76.13): 56 data bytes 64 bytes from 10.29.76.13: icmp_seq=0 ttl=64 time=0.547 ms 64 bytes from 10.29.76.13: icmp_seq=1 ttl=64 time=0.512 ms 64 bytes from 10.29.76.13: icmp_seq=2 ttl=64 time=0.482 ms --- 002378.department.city.educational ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.482/0.514/0.547/0.027 ms $ cat /etc/resolv.conf domain department.city.educational search department.city.educational city.educational department.city.educational nameserver 10.28.25.50 nameserver 10.28.25.51 on 10.6 computers, you can host but the ping does not work $ host 002378 002378.department.city.educational has address 10.29.76.13 $ ping 002378 ping: cannot resolve 002378: Unknown host This mean that you can not resolve 002378 without his FQDN Graphically example is the Connect to Server window form the Finder with the short name of the server resulting in a failed connection. On a 10.6, a printer like 500265 (FQDN = 500265.department.city.educational) does not print if you not utilize the FQDN. On 10.4 and 10.5 all this work If you setup your 10.6 clients statically with the DNS, example with the following command line: networksetup -setsearchdomains Ethernet department.city.educational city.educational the problem disappaers and all is okay If you read the /etc/resolv.conf from a 10.4, 10.5 or 10.6 clients, all lines are the same ! in DHCP setup or statically setup, on a linux box is the same result ! I think Mac OS X 10.6 not interpret correctly the domain search from a DHCP server because all others systems work well Please let me know if anyone in the list have the same problem or a workaround Help are welcome Thank you for reading Banana ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OT: Propagation of my NS records?
There is a lot of assumed magic with DNS. It would be nice if things were possible but they aren't. Think for a moment. 'I changed the IPOD address but my registrar isn't picking it up!' Well, how do you expect them to if you don't tell them? They don't have a crystal ball to read your mind or intentions. No magic involved. They can only do what you tell them. Not even the newest magic incantation, DNSSEC, can provide that magic. Sorry for the top posting. But, Sent from Garminfone by T-Mobile. online-reg online-...@enigmedia.com wrote: Hi All: I think this is a little OT, but I’m wondering why changes to my NS records aren’t propagating when my NS is authoritative for my domain? enigmedia.com is registered at NetSol and delegated to my NS: ns.enigmedia.com (running on bind9/fedora) ns1.enigmedia.com (running on bind9/Freebsd) Global TTL is 3h and TTL for the “NS1” record is 1200, but after changing the IP address of ns1 more than 24 hrs ago, it is not being picked up by NetSol’s servers. NetSol is returning the old record: 209.159.154.165, while my zone file has 216.218.228.131. I’ve seen this issue reported over the years, and the recommendation seems to be “complain to NetSol”. Just wondering if something in my zone config is wrong, or if this is normal for changes to NS records? NetSol is just ignoring my TTLs and caching the old IP for as long as it wants?___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users