Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread John Miller
On 03/04/2013 03:26 PM, Verne Britton wrote: my test server (its up and down a lot) is at yournameserver with these two test zones ... what I want to be able to do is: 1. serve the A records as authoritative Looks like it's working in that regard: jm@workstation:~$ dig +norecurse @yournamese

Re: Resolver behavior on expired TTLs

2013-02-21 Thread John Miller
Thanks, Matus. Much appreciated--a SERVFAIL is much better than an NXDOMAIN in this scenario. John On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote: On 21.02.13 10:38, John Miller wrote: Here's something I hadn't put much thought into until recently--it's never been a

Resolver behavior on expired TTLs

2013-02-21 Thread John Miller
Hello everyone, Here's something I hadn't put much thought into until recently--it's never been a problem--how do resolvers behave when they receive a request for an expired entry in the cache, but cannot contact the authoritative nameserver? I'd imagine they return a SERVFAIL, but I could s

Re: Cannot create A record issue

2013-02-20 Thread John Miller
Just to cover all the bases, you're doing your lookup directly against your server, correct? Easy to accidentally query a different nameserver and not see what you're expecting. Otherwise I'd second Warren's suggestion to double-check your serial number. John On 02/20/2013 12:40 PM, Jsillim

Re: Change in statistics format

2012-11-15 Thread John Miller
ges. John On 11/15/2012 12:22 PM, Evan Hunt wrote: On Thu, Nov 15, 2012 at 11:44:12AM -0500, John Miller wrote: Hello everyone, When did BIND 9 switch over from the older The new stats counters were added in 9.5.0. They're in all currently- supported releases; the old format is fully depr

Re: Change in statistics format

2012-11-15 Thread John Miller
Thank you! Just downloaded a copy, and looks pretty straightforward. John On 11/15/2012 12:13 PM, Jan-Piet Mens wrote: Thanks, Phil. Those were my thoughts as well. For the present, I'll write my own monitoring plugin to parse the XML data. If you need some inspiration, I wrote a bit of C c

Re: Change in statistics format

2012-11-15 Thread John Miller
work for us. John On 11/15/2012 11:58 AM, Carsten Strotmann wrote: Hello John, John Miller writes: Hello everyone, When did BIND 9 switch over from the older +++ Statistics Dump +++ (timestamp) success # referral # nxrrset # nxdomain # recursion # failure # --- Statistics Dump --- (time

Re: Change in statistics format

2012-11-15 Thread John Miller
Thanks, Phil. Those were my thoughts as well. For the present, I'll write my own monitoring plugin to parse the XML data. John On 11/15/2012 11:47 AM, Phil Mayers wrote: On 15/11/12 16:44, John Miller wrote: Hello everyone, When did BIND 9 switch over from the older I think tha

Change in statistics format

2012-11-15 Thread John Miller
ormat, and wanted to be sure I had my ducks in a row. -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: User wanting to use a .local domain to host DNS

2012-11-14 Thread John Miller
Thanks for the catch--guess I was writing a little too quickly this morning. .localhost is reserved; .localdomain isn't. John On 11/14/2012 11:17 AM, SM wrote: At 07:15 14-11-2012, John Miller wrote: It doesn't look like .local is officially reserved (http://tools.ietf.org/ht

Re: User wanting to use a .local domain to host DNS

2012-11-14 Thread John Miller
Hey there Hal, It doesn't look like .local is officially reserved (http://tools.ietf.org/html/rfc2606), but .localdomain definitely is. John John Miller Systems Engineer Brandeis University 781-736-4619 johnm...@brandeis.edu On 11/14/2012 10:02 AM, King, Harold Clyde (Hal) wrote: I&#x

Re: Spotty Lookups on One of Our Networks

2012-10-31 Thread John Miller
7 ms > > Barry Margolin writes: > > I'm not sure what you mean by that sentence about getting authoritative > > DNSs from X when it sbould be from Y. Can you post the actual dig? > > > > BTW, @servername doesn't mean much when using +trace, since +trace > &

Re: Spotty Lookups on One of Our Networks

2012-10-30 Thread John Miller
Hi Martin, Just to clarify, how many domain names are doing this for you? Are they all remote domains, or are some of them okstate.edu domains? John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu On 10/30/2012 04:10 PM, Martin McCormick wrote: I don&#

Re: transparent DNS load-balancing with a Cisco ACE

2012-10-25 Thread John Miller
/25/2012 11:53 AM, Phil Mayers wrote: On 25/10/12 15:54, John Miller wrote: Is BIND associating each request with a particular socket, then? It would certainly make sense if that were the case. This was something I didn't fully realize. Yes. Something else I didn't fully realize w

Re: transparent DNS load-balancing with a Cisco ACE

2012-10-19 Thread John Miller
Thanks Daniel. Good to hear of someone using NAT for DNS traffic. My fears of it are mostly performance-based--every DNS query takes up a new entry in the ACE's NAT table. In our case, that's thousands of queries per second that the ACE has to keep in memory. I've shown it to be a slight (2

Re: transparent DNS load-balancing with a Cisco ACE

2012-10-19 Thread John Miller
IMO, the only boxes which should have IPs in both public and private netblocks should be your firewall/NAT routing boxes. That's how we usually have our servers set up--the load balancer gets the public IPs, the servers get the private IPs, and we use NAT to translate between the two. Here

transparent DNS load-balancing with a Cisco ACE

2012-10-19 Thread John Miller
raffic? Not tying up NAT tables seems like the way to go, but lack of probes is a deal-breaker on this end. -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to un

Re: issues with BIND since a change of server

2012-10-04 Thread John Miller
Hi Thomas, Since this is Ubuntu, what does /var/log/syslog have to say about the matter? Do you have any specific configuration for rndc controls, or are you primarily using the stock Ubuntu named.conf.local and named.conf.options? John On 10/04/2012 11:27 AM, Thomas Manson wrote: Hi,

Re: using 127.0.0.1 in resolv.conf

2012-07-24 Thread John Miller
On 07/24/2012 05:10 PM, Mark Andrews wrote: No. It was a kernel bug. The kernel wouldn't let you un-bind the socket. When you sent to 127.0.0.1 the local address was set to 127.0.0.1 then when you sent to some other address 127.0.0.1 was used as the source address which doesn't work. Modern r

Re: using 127.0.0.1 in resolv.conf

2012-07-24 Thread John Miller
Thanks, Kevin. It sounds like if there was a bug in the resolver when using 127.0.0.1, it's long since been resolved. For the reason of portability alone, 127.0.0.1's a good choice, and what we've been doing. I hadn't considered the NIC offloading issue, but I suppose it _could_ happen. Th

using 127.0.0.1 in resolv.conf

2012-07-23 Thread John Miller
e to a bug report and/or changelog for this? A quick Google search for 'bind resolver source address bug' didn't yield much. John -- John Miller Systems Engineer Brandeis University 781-736-4619 johnm...@brandeis.edu ___ Please visit h

Re: Moving DNS out of non-cooperative provider

2012-06-25 Thread John Miller
ong shot! John On Mon, Jun 18, 2012 at 11:22 PM, Mark Andrews wrote: > > In message <4fdf631a.4060...@brandeis.edu>, John Miller writes: > > Hi Alexander, > > > > We've actually run into this before. Once upon a time, RCN cable used > > to run some sl

Re: Moving DNS out of non-cooperative provider

2012-06-19 Thread John Miller
eople's domains), so I've contacted them again. Hopefully the cease-and-desist won't be necessary. John On 06/19/2012 06:45 AM, Tony Finch wrote: Mark Andrews wrote: In message<4fdf631a.4060...@brandeis.edu>, John Miller writes: We've actually run into this bef

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread John Miller
Hi Alexander, We've actually run into this before. Once upon a time, RCN cable used to run some slave servers for us, but we've long since moved away from them, including zone transfers. We yanked them from our registrar a long time ago, and life was good. For whatever reason, RCN's still

Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?

2012-05-03 Thread John Miller
Hi Samad, It's entirely possible to roll out a parallel BIND installation. We're doing something similar at Brandeis right now--a mix of BIND and PowerDNS servers. I take it that your current BIND setup is purely authoritative? Or is it also handling recursive requests? John On 05/03/20

<    1   2