Re: multi-master with mysql backend

2011-02-07 Thread pyh
fddi writes: Hello, I would like to configure a multi-master configuration wirh 2 hosts and I have been thinking to mysql as a backend. Is there any official or semi-official support in bind for using mysql as backend ? Any kind of documentation on this ? Try google with "bind dlz". enabl

Re: Querying the SOA timers

2011-02-01 Thread pyh
I once wrote a perl script for nagios plugin and posted it to the list. Just to check both master and slave's serial number to see if they are the same to verify the zone data in every name server is correct. #!/usr/bin/perl use strict; use Net::DNS; use Getopt::Std; my %opts; getopts('hm:s

[OT] does deliveragent must have a PTR RR

2011-01-31 Thread pyh
Hi list, I can't setup a ptr RR for my mailserver's IP. Here the main ISPs who are owned by this garbage state take expensive price for setup a reverse record for a public IP. It's about 30 USD each month for each IP. But some MTAs does require the peer deliveragent has a PTR RR,like AOL's em

dotted hostname is bad IMO

2011-01-31 Thread pyh
given the domain name of "126.com", and given an A RR in its zone is: s1.s2.s3 IN A 11.22.33.44 OK when a dns cache query for s1.s2.s3.126.com the first time, it will follow the logic: #1, s1.s2.s3.126.com has NS RR in cache? (no) #2, s2.s3.126.com has NS RR in cache? (no) #3, s3.126.c

Re: what's a valid domain name?

2011-01-31 Thread pyh
Ben Croswell writes: In that case technically you are creating undelegated subdomains for each router. The dot is a delimiter and can't be part of a hostname. I was thinking you are wrong. Period is somewhat permitted in a hostname. From RFC 952 A "name" (Net, Host, Gateway, or Do

Re: what's a valid domain name?

2011-01-30 Thread pyh
From RFC 1123 One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. p...@mail.nsbeta.info writes: Joseph S D Yao writes:

Re: Good news! Very good!

2011-01-30 Thread pyh
listman, why this user has been always staying here for sending spams? Regards. Juan O writes: Heya,how are you doing recently ? I would like to introduce you a very good company which i knew.Their website is [www.bestseller-offer.com] . ___

Re: what's a valid domain name?

2011-01-29 Thread pyh
Joseph S D Yao writes: The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. There are also some restrictions on the length. Labels must be 63 characters or less.

Re: what's a valid domain name?

2011-01-29 Thread pyh
Mark Andrews writes: Remember domain names are not the same things as hostnames. Hostnames are limited to letter digit hyphen (LDH). Other domain names are not limited and things last SRV records deliberately use labels that are not legal in hostnames to prevent collisions of the two namespace

cache server with authoritative answer

2011-01-28 Thread pyh
The book "Pro DNS and BIND" says: If the caching server obtains its data directly from an authoritative DNS, then it too will respond as authoritative. Ohterwise, if the data is supplied from its cache, the response is nonauthoritative. So this means even for a cache only server it can answer

Re: what's a valid domain name?

2011-01-28 Thread pyh
Barry Margolin writes: In article , p...@mail.nsbeta.info wrote: I googled and found this: It's on the Internet, so it must be true. :) * A domain name can be up to 63 characters long plus a dot plus the characters used to identify the top-level domain (i.e "com", "info", "biz",

what's a valid domain name?

2011-01-28 Thread pyh
I googled and found this: * A domain name can be up to 63 characters long plus a dot plus the characters used to identify the top-level domain (i.e "com", "info", "biz", etc. * Valid characters in a domain name include letters, numbers and hyphens "-". The domain name must start and end

Re: root hints

2011-01-28 Thread pyh
Joseph S D Yao writes: Just because we don't need to, doesn't mean that it's a good practtice not to. And it's so easy to create one on a system where DNS is already set up. dig ns . > root.hints I disagree with this. Few files mean few risk for admin. How about the case when someone

Re: IXFR and AXFR

2011-01-27 Thread pyh
Mark Andrews writes: The master will return a AXFR style IXFR whenever it doesn't have the requested axfr stream. Do you mean whenever it doesn't have the requested IXFR stream? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https:/

IXFR and AXFR

2011-01-27 Thread pyh
At what time the slave executes AXFR and at what time it executes IXFR from the master? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Remove my mail id from list

2011-01-26 Thread pyh
R Juneja writes: Hi , Please remove my mail ID from the list. Unsubscribe yourself from here: https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-use

Re: rndc confusion

2011-01-26 Thread pyh
The keyname and keyvalue in named.conf, rndc.key and rndc.conf have to be the same. For me I don't have the rndc.key file,but have the left two. Surely the keyname/keyvalue in these files should be the same. Regards. donovan jeffrey j writes: Greetings it has been a while since I have wor

Re: bind Bind or BIND?

2011-01-26 Thread pyh
Mark Andrews writes: In message <20110127020201.861a52d...@mail.nsbeta.info>, p...@mail.nsbeta.info writes: When talk to others, I never describe it clearly for naming bind. is it "bind" or "Bind" or "BIND"? is bind an abbreviation word? BIND stands for Berkley Internet Name Domai

bind Bind or BIND?

2011-01-26 Thread pyh
When talk to others, I never describe it clearly for naming bind. is it "bind" or "Bind" or "BIND"? is bind an abbreviation word? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: root hints

2011-01-26 Thread pyh
Chris Thompson writes: The relevant CHANGES file entry for BIND 9 would seem to be 701. [func] Root hints are now fully optional. Class IN views use compiled-in hints by default, as before. Non-IN views with no root hints now provide authoritative

root hints

2011-01-25 Thread pyh
Hello, From what version of bind we won't include the root hints file in named.conf? Since the bind server has been including it inherently. Thanks in advance. Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/m

NS Cache

2011-01-25 Thread pyh
I'm reading the document "Secure DNS Deployment Guide" got from the URL a poster gave in the list. The document said: When a user types the URL www.example.com into a Web browser, the browser program contacts a type of resolver called a stub resolver that then contacts a local name server

Re: dns best practices

2011-01-25 Thread pyh
Casey Deccio writes: On Sun, Jan 23, 2011 at 10:30 PM, wrote: Is there a document for dns & bind best practices? I googled but found nothing valueable. NIST SP 800-81 Rev. 1: http://csrc.nist.gov/publications/nistpubs/800-81r1/sp-800-81r1.pdf Thanks. looks great, will learn from it.

Re: Forward using CNAME record

2011-01-25 Thread pyh
Gary Wallis writes: Do not confuse your "forwarding" with HTTP rewriting. One is just about DNS records (CNAME, A or otherwise.) The other happens on the server side (see Apache rewrite engine docs.) This is nothing about rewrite, but webserver's virtual host stuff. Regards. ___

lost records in a view

2011-01-24 Thread pyh
Hello, Given I have 3 views, va,vb and vc, vc is the default (matches any client). There are three records in va and vc: s1.example.com. IN A 11.22.33.44 s2.example.com. IN A 22.33.44.55 s3.example.com. IN A 33.44.55.66 But there is a record lost in vb, say it's s2.example.com. I

dns best practices

2011-01-23 Thread pyh
Is there a document for dns & bind best practices? I googled but found nothing valueable. Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.8.0b1 Released Today

2011-01-21 Thread pyh
Sue Graves writes: New Features 9.8.0 * BIND now supports a new zone type, static-stub. This allows the administrator of a recursive nameserver to force queries for a particular zone to go to IP addresses of the administrator's choosing, on a per zone basis, both globally or per view. I.e. i

Re: get a domain's dns records

2011-01-21 Thread pyh
Dave Knight writes: I guess the tool just always assumes that there's probably a www worthy asking about But how does the site know I have a sub domain test.nsbeta.info and its name servers? I didn't think that I have got this sub domain be public. Regards. ___

get a domain's dns records

2011-01-20 Thread pyh
I'm jsut curious, how does "who.is" know the dns records in my domain (nsbeta.info)? The page shows some of my RRs exactly: http://who.is/dns/nsbeta.info/ Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailma

Re: when one view doesn't have the zone

2011-01-20 Thread pyh
Mark Andrews writes: In message <20110121030937.da19e2c...@mail.nsbeta.info>, p...@mail.nsbeta.info w rites: In fact I want to the clients that match view_b to fall into the default view, say it's view_c. You need view_b to have a copy of view_c's zone. See the archives for how to do th

Re: when one view doesn't have the zone

2011-01-20 Thread pyh
Mark Andrews writes: In message <20110121024745.bcd2e2c...@mail.nsbeta.info>, p...@mail.nsbeta.info w rites: Hello, My named.conf looks as: -- view "view_a" { match-clients { IP_ADDR_A; }; zone "test.com" { type master;

when one view doesn't have the zone

2011-01-20 Thread pyh
Hello, My named.conf looks as: -- view "view_a" { match-clients { IP_ADDR_A; }; zone "test.com" { type master; file "test.com.a.db"; }; }; view "view_b" { match-clients { IP_ADDR_B; }; # doesn't have test.com z

query cache denied

2011-01-19 Thread pyh
I saw lots of this info in bind's log: Jan 20 05:25:43 ns2 named[6538]: client 69.10.140.146#33135: query (cache) 's2.xxrz.game.yy.com.cdn20.com/A/IN' denied Jan 20 05:26:47 ns2 named[6538]: client 200.31.4.71#41137: query (cache) 's3.xxrz.game.yy.com.cdn20.com/A/IN' denied I'm using bind-

Re: why queries rejected?

2011-01-18 Thread pyh
My zone is game.yy.com, and there are so many "auth queries rejected" in named.stats which was generated by "rndc stats". Could you show me some way to debug it? Thanks. [game.yy.com] 671834 auth queries rejected 3003 recursive queries rejected 685192 q

Re: why queries rejected?

2011-01-18 Thread pyh
You haven't provided enough information for us to know. Have you bothered checking logs? Nothing special in logs from what I checked. Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-user

why queries rejected?

2011-01-17 Thread pyh
Hi, I saw this piece from named.stats: [XXX.com] 812922 auth queries rejected 116 recursive queries rejected 4 transfer requests rejected 80 update requests rejected 922732 queries resulted in successful answer

query with TSIG key

2011-01-17 Thread pyh
Hi, How to query for a A or CNAME record with TSIG key? I want to test the different rrdate for a domain name in different views. Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: help with rndc fail

2011-01-14 Thread pyh
I don't know what's the problem. Just copied the config files to another host and run bind master on it, everything works fine, including the zone transfer for multi-views. Thanks. p...@mail.nsbeta.info writes: And, the named version is: # named -v BIND 9.6.1-P2 I'm pretty sure t

Re: queryperf for stress test

2011-01-14 Thread pyh
ju wusuo writes: run queryperf on the same server and got a not bad number at around 60,000 qps, however, the cpu and memory are far from used up, what else could be the limiting factors for getting higher qps numbers? rebuild bind and enable the threads? __

Re: help with rndc fail

2011-01-14 Thread pyh
RNDC is only allowed from localhost, so the only place these would work would be from a command shell on the server that is the master. You did not specify where you were running rndc. Hello, I'm running it in master. Here is the -V output: # rndc -V status create memory context create

Re: help with rndc fail

2011-01-14 Thread pyh
RNDC is only allowed from localhost, so the only place these would work would be from a command shell on the server that is the master. You did not specify where you were running rndc. I run it on master. Here is the -V output: # rndc -V status create memory context create socket manage

Re: help with rndc fail

2011-01-14 Thread pyh
And, the named version is: # named -v BIND 9.6.1-P2 I'm pretty sure the secret in both named.conf and rndc.conf are the same. Thanks. p...@mail.nsbeta.info writes: Hello gurus, my rndc related commands in bind master with multi-views run fail,but in slave it's running correctly.

help with rndc fail

2011-01-14 Thread pyh
Hello gurus, my rndc related commands in bind master with multi-views run fail,but in slave it's running correctly. # rndc status rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorize

nsupdate to all servers

2011-01-14 Thread pyh
Hello, My bind servers are hosting with many zones, and many views. Due to the complication, I won't run the master/slave with TSIG keys for replication. I want to run nsupdate to all servers separately for the records update. Is this a good idea? Thanks Regards. _

Re: only the response has aa flag can be cached?

2011-01-11 Thread pyh
These triggered the release of 9.7.2-P1 when we were rejecting these after tightening the response processing to treat glue to answer responses as referrals to address the issue of named return glue records from the parent zones rather than the actual answers in the child zones. Sorry I'm not

Re: check the master/slave status

2011-01-09 Thread pyh
p...@mail.nsbeta.info writes: I wrote a nagios plugin for monitoring the status of master/slave DNS. Just to check if their serial number is the same. The script shows below,thanks for all your directions. #!/usr/bin/perl use strict; use Net::DNS; use Getopt::Std; my %opts; getopts('hm:

Re: check the master/slave status

2011-01-09 Thread pyh
I wrote a nagios plugin for monitoring the status of master/slave DNS. Just to check if their serial number is the same. The script shows below,thanks for all your directions. #!/usr/bin/perl use strict; use Net::DNS; use Getopt::Std; my %opts; getopts('hm:s:z:', \%opts); if ($opts{'h'}) {

Re: check the master/slave status

2011-01-07 Thread pyh
Niall O'Reilly writes: If your zones are properly delegated, and your servers accessible from the public Internet, then the web-based remote-checking tools available at www.zonecheck.fr or dnscheck.iis.se are excellent. Either of these will give you some ideas a

check the master/slave status

2011-01-07 Thread pyh
Hello, I just want to write a script for checking master and slave to make sure they have been always syncing the data correctly. What's the idea for doing it? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mai

Re: Confused about /24 in-addr.arpa NS delegation debug problem

2011-01-06 Thread pyh
Phil Mayers writes: Delegation nameservers above differ from nameservers in-zone below 147.95.81.in-addr.arpa. 86400 IN NS ns2.callingcloud.net. 147.95.81.in-addr.arpa. 86400 IN NS ns1.callingcloud.net. ;; Received 96 bytes from 207.218.247.135#53(ns1.theplanet.com)

only the response has aa flag can be cached?

2011-01-04 Thread pyh
Hello, I'm not sure about, is it true that only the response which has included the "aa" in flags can be cached by client DNS Cache? For example, for my domain, there are two queries below, the result for the first query won't be cached, but the second will be cached, am I right? $ dig mail

enable a dynamic zone

2011-01-04 Thread pyh
Hello, When adding a statement of something like: allow-update { 127.0.0.1; }; to the zone configuration, this zone will become a dynamic zone, is it? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/li

Re: transfer with views

2011-01-01 Thread pyh
Alan Clegg writes: If it were me and I had no other choice than to use views, I'd get into the system and re-wire everything using BIND 9.7.2 and write a set of scripts that used "rndc addzone" and "rndc delzone" to control the master and all of the slaves, configure TSIG keys to manage zone

transfer with views

2011-01-01 Thread pyh
Two bind servers, one master, one slave. There are three views at each. The config is shown below. But why the first two veiws can get transfered, the third can't be transfer? Thanks in advance. - master: options { directory "/usr/local/named/var/named"; };

Re: bind replication

2010-12-31 Thread pyh
Not a how-to, but it is covered in the BIND FAQ on the ISC website.. http://www.isc.org/software/bind/faq Then look at the entry for: My slave server for both an internal and an external view has both views transferred from the same master view - how to resolve? Thanks. If I

Re: bind replication

2010-12-31 Thread pyh
Alan Clegg writes: Done carefully (which will be the case in all circumstances), doing zone transfers within views of many zones is no more "likely to get broken" than doing it with external mechanisms. So going with bind's zone-transfer is there a howto document for this purpose? Thank

Re: bind replication

2010-12-31 Thread pyh
Jack Tavares writes: If you wished to sync zone files in this manner, with dynamic zones, you would need to freeze the zones on the sending side, which forces a write of the data that is in the journal file to the zone file, freeze the zones on the receiving side then copy the files over

Re: bind replication

2010-12-31 Thread pyh
Ben Croswell writes: It seems like you are making the process more complex, instead of just letting BIND do it's job. No. because I have many zones, and each zone has some views. So the standard zone-transfer will most likely get broken due to the complexity. Thanks. __

Re: bind replication

2010-12-31 Thread pyh
Torinthiel writes: If you know which zone has changed, than you can do "rndc reload zonename". If you don't, than "rndc reload" reloads all zones. You could also try "rndc reconfig", but I think it will only load new zonesm the ones just added in configuration, not never wersions of old zone

Re: bind replication

2010-12-31 Thread pyh
Anand Buddhdev writes: On 31/12/2010 05:33, p...@mail.nsbeta.info wrote: Hi, Is it a right way to run rsync for bind's zone files replication? If we have dozons of zones, each zone has more than one view, under this case setup the master/slave with standard zone-traff is the hard way IMO. Than

bind replication

2010-12-30 Thread pyh
Hi, Is it a right way to run rsync for bind's zone files replication? If we have dozons of zones, each zone has more than one view, under this case setup the master/slave with standard zone-traff is the hard way IMO. Thanks. ___ bind-users mailing

Re: Question on ADDITIONAL SECTION

2010-12-30 Thread pyh
Because the 2nd response also included Authority Section, the additional data are the addresses of the authoritative servers. Thanks. But why the second has an "AUTHORITY SECTION" included? but the first doesn't? Regards. ___ bind-users maili

Re: ignoring incorrect nameservers in authority section

2010-12-30 Thread pyh
Because it's contrary to itself. You've specified norecurse, which means that if nameserver believes it has authorative data it should return it, if it doesn't it should return a referral (and no answer beside it). But the server returns answer (which means it believes it has authorative da

Question on ADDITIONAL SECTION

2010-12-30 Thread pyh
$ dig www.cnn.com @202.96.128.166 ; <<>> DiG 9.4.2-P2 <<>> www.cnn.com @202.96.128.166 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65353 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.cnn.com.

Re: ignoring incorrect nameservers in authority section

2010-12-30 Thread pyh
Sunil Shetye writes: Case 2: Lame Server Reply === $ dig +norecurse @a.iana-servers.net. example.org. ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.org. IN A ;; ANSWER SE

Re: ignoring incorrect nameservers in authority section

2010-12-30 Thread pyh
Sunil Shetye writes: Quoting from p...@mail.nsbeta.info's mail on Thu, Dec 30, 2010: What's the difference between these two flags in the response of dig? < ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ra : recursion available The nameserver is ready to ask other n

Re: ignoring incorrect nameservers in authority section

2010-12-29 Thread pyh
What's the difference between these two flags in the response of dig? < ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 --- ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 Thanks in advance. Sunil Shetye writes: Quoting from David Sparro's mail on T

Fwd: performance on the big query traffic

2010-12-26 Thread pyh
Hello, May I ask this question to the list? Currently one of our domains has been getting more than 100 million DNS query traffic each day. The domain is hosting on the registration provider. If we run the DNS by ourselves with Bind, can two Bind hosts handle this size of query traffic? Wh