Re: BIND 9.4.x vs 9.6.x - pid-file check and creation
Mark Andrews wrote: Looking at the publically available parts of SunSolve there are at least bug reports about it. Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with other xxxfs_mkdir() functions. | Open in a new window bug 6253984 http://sunsolve.sun.com/search/document.do?assetkey=1-1-6253984-1 - Sep 10, 2007 FYI this has been fixed in OpenSolaris, alas it has not been fixed in Solaris 9 or 10 and currently there are no plans to do so. Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with other xxxfs_mkdir() functions. | Open in a new window bug 2152581 http://sunsolve.sun.com/search/document.do?assetkey=1-1-2152581-1 - Sep 10, 2007 This is the Solaris 10 reference, its closed (hence no plans to fix). With sufficient justification it could be re-opened. Stace I don't have a copy of the POSIX standard that covers mkdir(2) to see what it has to say about it. Historically however EACCES on search failure, EEXIST if the file/directory exists, then EACCES on parent directory write permissions was the error determination order. Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
my DNS not resolving
BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: xx--begin pastexx iceman:/home/coldje # dig jatec.us ; DiG 9.5.0-P2 jatec.us ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.b iz. 2003490240 900 900 604800 86400 ;; Query time: 28 msec ;; SERVER: 205.171.3.65#53(205.171.3.65) ;; WHEN: Thu Jan 29 11:44:18 2009 ;; MSG SIZE rcvd: 91 xx--end paste-xx I don't think there's a problem with my zone files or my named.conf file. As the domain registrar, my ISP has a place for me to put the IP address for my server with the domain, but that's it.This URL works http://166.70.208.147/moodle/ , but http://www.jatec.us/moodle does not work. How can I get this to resolve? Jeff S. Jeff Cold, Associate Professor IST Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - office (801) 863-8522 - fax (801) 494-4793 - cell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9 query logging
I am trying to configure query logging on bind 9. Currently I have the
following in my configuration file:
logging {
channel warning_log
{
file /var/adm/dns-logs/dns_warnings.log versions 7 size
2G;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log
{
file /var/adm/dns-logs/dns_query.log versions 7 size 2G;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning_log; } ;
category queries { query_log; };
category lame-servers { null; };
category security { null; };
category unmatched { null; };
};
According to the O Reilly book DNS and Bind (4th Edition) and the Bind 9 web
docs the configuration above should log both the requested query and the
response. Currently all I get back is the query:
29-Jan-2009 14:15:00.666 queries: info: client xxx.xxx.xxx.xxx#56766: query:
49.105.135.67.in-addr.arpa IN PTR +
29-Jan-2009 14:15:00.730 queries: info: client xxx.xxx.xxx.xxx#45016: query:
m1.search.yahoo-ht3.akadns.net IN A +ED
29-Jan-2009 14:15:00.821 queries: info: client xxx.xxx.xxx.xxx#48060: query:
liveupdate.symantec.d4p.net IN A +ED
29-Jan-2009 14:15:00.882 queries: info: client xxx.xxx.xxx.xxx#62480: query:
businessweek.112.2o7.net IN A +ED
29-Jan-2009 14:15:00.891 queries: info: client xxx.xxx.xxx.xxx#22652: query:
a973.g.akamai.net IN A +ED
29-Jan-2009 14:15:00.900 queries: info: client xxx.xxx.xxx.xxx#49831: query:
stats.surfaid.ihost.com IN A +ED
29-Jan-2009 14:15:00.924 queries: info: client xxx.xxx.xxx.xxx#5606: query:
www.pic2009.org IN A +ED
29-Jan-2009 14:15:00.936 queries: info: client xxx.xxx.xxx.xxx#51641: query:
www.yopoll.com IN A +ED
29-Jan-2009 14:15:00.946 queries: info: client xxx.xxx.xxx.xxx#6002: query:
174.162.127.222.in-addr.arpa IN PTR +ED
Even when I start bind using the -d option I do not get what I want.
Can someone help me out.
C
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: my DNS not resolving
On 29-Jan-2009, at 13:49, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: [...] ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 Your domain doesn't appear to have been registered yet (or, perhaps, is registered but is simply not yet in the .us zone): ; DiG 9.5.0-P1 jatec.us @K.GTLD.BIZ ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 17247 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.biz. 2003490289 900 900 604800 86400 ;; Query time: 20 msec ;; SERVER: 156.154.72.65#53(156.154.72.65) ;; WHEN: Thu Jan 29 14:48:05 2009 ;; MSG SIZE rcvd: 91 When did you register the domain? How often does .us update their zone? Matt PGP.sig Description: This is a digitally signed message part ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Disable cache in bind 9.6
В Пнд, 26/01/2009 в 16:16 -0800, JINMEI Tatuya / 神明達哉 пишет: http://www.jinmei.org/patch/bind9-lrucache.diff (should be cleanly applicable to 9.6). and let me know if it mitigates the problem? Oh, great work. I'll try tomorrow. Other recommendations: - I previously suggested using a separate cache-only view and forward all recursive queries to that view. Have you tried that? If you have, didn't it work as I hoped? Yes, I try it. But I can't set ttl to 0. It didn't work. Recursive query fails, and authoritative query back to clients with ttl 0 :( I increase memory on servers 2x QUAD CORE XEON up to 12Gb. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 38634 bind11 40 3003M 2952M RUN2 159:28 46.44% named ~50 views, max-cache-size for most views 64M; bind uptime (after kernel: pid 667 (named), uid 53: exited on signal 11) - 2 days and 6 hours. built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/dev/random' '--d isable-openssl-version-check' '--without-openssl' '--with-libxml2=/usr/local' '--without-idn' '--enable-largefile' '--enable-threads' '--prefix=/usr/local' ' --mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=x86_64-portbld-freebsd7.1' 'build_alias=x86_64-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-st rict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe' rndc status: version: 9.6.0-P1 CPUs found: 8 worker threads: 8 On another server in same configuration bind works 2 days and die without core kernel: pid 682 (named), uid 53: exited on signal 11 Max memory per process - 12GB. May be FreeBSD x64 can't work more then X Gb per process? # cat /boot/loader.conf kern.maxdsiz=17179869184 # 16gb kern.dfldsiz=17179869184 # 16gb kern.maxssiz=134217728# 128MB - BIND 9.7 will have a new option attach-cache exactly for such an extraordinary operational environment as yours: it allows multiple views to share a single cache to save memory. I'll try to test 9.7 on one of the heavy load servers and post results to you. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: referral doubt
At Thu, 29 Jan 2009 15:39:01 +, Luis Silva luisfilsi...@gmail.com wrote: I have a question related with the contacting external servers. If my server receives an referral answer from an external server with 3 NS records but just 1 A additional record, what is the normal behaviour? is the server supposed to resolve all 3 nameservers or continues with the iterative process contacting the server that have the additional A record. I don't know what's normal, but BIND9 should continue with the process with the server that has an address (while trying to resolve addresses of other NSes). For example: Trying to resolve www.testing.server.com When contacting server.com nameserver I receive in the answer 3 NS and 1 A Additional record: testing.server.com NS ns1.testing.server.com testing.server.com NS ns2.testing.server.com testing.server.com NS ns3.testing.server.com ns1.testing.server.com A 192.123.123.23 In this case BIND9 should immediately send a subsequent query to 192.123.123.23. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: my DNS not resolving
$ whois jatec.us --snip-- Domain Status: inactive Name Server: ICEMAN.JATEC.US --snip-- Domain Registration Date:Fri Oct 03 21:05:39 GMT 2008 Domain Expiration Date: Fri Oct 02 23:59:59 GMT 2009 Domain Last Updated Date:Sun Nov 23 06:34:22 GMT 2008 --snip-- Check with your registrar. Your domain has not expired, but some registrars will set your domain to inactive status if you don't have at least two name servers listed. -rich On Jan 29, 2009, at 12:49 PM, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: xx--begin pastexx iceman:/home/coldje # dig jatec.us ; DiG 9.5.0-P2 jatec.us ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.b iz. 2003490240 900 900 604800 86400 ;; Query time: 28 msec ;; SERVER: 205.171.3.65#53(205.171.3.65) ;; WHEN: Thu Jan 29 11:44:18 2009 ;; MSG SIZE rcvd: 91 xx--end paste-xx I don't think there's a problem with my zone files or my named.conf file. As the domain registrar, my ISP has a place for me to put the IP address for my server with the domain, but that's it.This URL works http://166.70.208.147/moodle/ , but http://www.jatec.us/moodle does not work. How can I get this to resolve? Jeff S. Jeff Cold, Associate Professor IST Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - office (801) 863-8522 - fax (801) 494-4793 - cell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9 query logging
At Thu, 29 Jan 2009 14:33:31 -0500,
cod3fr3ak rvc.pobox+unixli...@gmail.com wrote:
channel query_log
{
file /var/adm/dns-logs/dns_query.log versions 7 size 2G;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
According to the O Reilly book DNS and Bind (4th Edition) and the Bind 9 web
docs the configuration above should log both the requested query and the
response. Currently all I get back is the query:
What exactly do you mean by 'BIND 9 web doc', and which specific part
of it are you referring to? Whatever the docs or books say, the fact
is that BIND9 doesn't log replies.
BTW, next version(s) of BIND9 (at least 9.7, perhaps next minor
versions of current releases) will have the ability to log query
errors, which include logs about responses indicating an error (such
as NXDOMAINs or SERVFAILs). So, if you're particularly interested in
such unusual responses, you'll probably be happy with that.
We previously discussed in this mailing list whether we want to have
the ability of logging any responses. Opinions varied: some said that
would be great, others said don't complicate the implementation any
more, and let packet capture tools do the job. I see the point of
both sides, and at the moment we're simply keeping the current
behavior (i.e, not logging responses).
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.4.x vs 9.6.x - pid-file check and creation
In message 4981c105.8080...@sun.com, Stacey Jonathan Marshall writes: Mark Andrews wrote: Looking at the publically available parts of SunSolve there are at least bug reports about it. Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with othe r xxxfs_mkdir() functions. | Open in a new window bug 6253984 http://sunsolve.sun.com/search/document.do?assetkey=1-1-6253984-1 - Sep 10, 2007 FYI this has been fixed in OpenSolaris, alas it has not been fixed in Solaris 9 or 10 and currently there are no plans to do so. Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with othe r xxxfs_mkdir() functions. | Open in a new window bug 2152581 http://sunsolve.sun.com/search/document.do?assetkey=1-1-2152581-1 - Sep 10, 2007 This is the Solaris 10 reference, its closed (hence no plans to fix). With sufficient justification it could be re-opened. The problem isn't that you can't work around it. The problem is that every application that calls mkdir(2) or mkdir will eventually discovery it the hard way by having something break that shouldn't. The net cost involved will far exceed the cost to fix. I would argue that it already has past that point. I programed for the expected error behaviour and did not get it. Error behavior that goes back to the initial creation of the open(2) system call. That the error heirarchy on all file system system calls is access, existance, write. I learn't about this well before POSIX was even thought about. I called mkdir(2) knowing that I would effectively get the stat(2) call for free. Now I need to call stat(2) then call mkdir(2) on ENOENT to work around this bug. Every programer in the world that has worked with mkdir(2) should know what I knew. We don't do looking for gotcha's in really on system calls. We just program for the known interface. I would ask that Sun re-think this decision not to fix the bug. Mark Stace I don't have a copy of the POSIX standard that covers mkdir(2) to see what it has to say about it. Historically however EACCES on search failure, EEXIST if the file/directory exists, then EACCES on parent directory write permissions was the error determination order. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
where is libbind???
configure: error: 'libbind' is no longer part of the BIND 9 distribution. It is available from http://www.isc.org as a separate download. % I'm unable to locate libbind on www.isc.org. Can someone point at the tarball? Thanks! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Disable cache in bind 9.6
В Пнд, 26/01/2009 в 16:16 -0800, JINMEI Tatuya / 神明達哉 пишет: http://www.jinmei.org/patch/bind9-lrucache.diff (should be cleanly applicable to 9.6). and let me know if it mitigates the problem? On 29.01.09 22:50, Dmitry Rybin wrote: Oh, great work. I'll try tomorrow. Other recommendations: - I previously suggested using a separate cache-only view and forward all recursive queries to that view. Have you tried that? If you have, didn't it work as I hoped? Yes, I try it. But I can't set ttl to 0. It didn't work. Recursive query fails, and authoritative query back to clients with ttl 0 :( Yes, that is what Setting TTL to 0 means. ~50 views, can't you really lower the views count? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
