At Mon, 27 Sep 2010 13:27:01 +0400,
Samer Khattab wrote:
> I'm using Bind as a caching name server and serving around 2000 req per
> second, and recently have the following messages showing up from time to
> time in the general.log.
>
> 27-Sep-2010 10:45:47.639 sockmgr 0x2ad7af2f5010: maximum nu
On 28/09/10 2:08, Chris Buxton wrote:
> On Sep 27, 2010, at 4:43 PM, Sten Carlsen wrote:
>
>> Well, it depends on your clients. If they don't like .0 or .255, you
>> would have to have a rather large amount of ranges.
>>
>> E.g. range 10.1.1.1 10.1.1.254; range 10.1.2.1 10.1.2.254; ..
>>
>> I
On Sep 27, 2010, at 4:03 PM, Christopher Cain wrote:
> Hi all.
>
> I am setting up a new appliance-based DNS solution that will contain a fair
> number of separately managed Windows DNS slave servers (in addition to the
> DNS appliances that will handle the .
>
> Currently there are just over
On Sep 27, 2010, at 4:43 PM, Sten Carlsen wrote:
> Well, it depends on your clients. If they don't like .0 or .255, you would
> have to have a rather large amount of ranges.
>
> E.g. range 10.1.1.1 10.1.1.254; range 10.1.2.1 10.1.2.254; ..
>
> If OTOH you don't have any of those clients, ot
Well, it depends on your clients. If they don't like .0 or .255, you
would have to have a rather large amount of ranges.
E.g. range 10.1.1.1 10.1.1.254; range 10.1.2.1 10.1.2.254; ..
If OTOH you don't have any of those clients, other factors like hashing
algorithms and sizes come into play.
Under certain limited circumstances, it might make more sense to put
both/all addresses under the same name, and then use the "sortlist"
mechanism to present those addresses in an order which is suitable for
particular clients.
Among other things, this requires that all resolver/nameserver con
> Date: Mon, 27 Sep 2010 09:46:44 -0500
> From: Jerry Kemp
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
> IMHO, the primary benefit of chrooting is security.
>
> another, less painful option, again IMHO, is to run BIND in a jail if
> you are using BSD, or a zone if you are on Sola
On 9/27/2010 7:46 AM, Jerry Kemp wrote:
IMHO, the primary benefit of chrooting is security.
another, less painful option, again IMHO, is to run BIND in a jail if
you are using BSD,
The default configuration in FreeBSD is to run it chroot'ed. Given that
it's very unlikely that the chroot will
On Sep 27, 2010, at 3:55 PM, Sten Carlsen wrote:
> While a single zone is perfectly fine from a standards point of view, "some"
> clients might be served addresses they don't like 10.x.x.0 and 10.x.x.255.
>
> Just a reminder that this could be a reason if something appears weird.
Don't co
On Sep 27, 2010, at 6:55 PM, Sten Carlsen wrote:
> While a single zone is perfectly fine from a standards point of view, "some"
> clients might be served addresses they don't like 10.x.x.0 and 10.x.x.255.
>
But that would be DHCP config, no?
> Just a reminder that this could be a reason if s
While a single zone is perfectly fine from a standards point of view,
"some" clients might be served addresses they don't like 10.x.x.0 and
10.x.x.255.
Just a reminder that this could be a reason if something appears weird.
On 27/09/10 23:07, Chris Buxton wrote:
> On Sep 27, 2010, at 1:03 PM, Ch
Hopefully you understand that when you turn recursion off, that means
you can only answer from zones that you actually *host* (i.e. for which
you are "master" or "slave").
But you have no "master" or "slave" zones defined in the "mynetwork" view.
Therefore it is not possible for that view to d
On Sep 27, 2010, at 1:03 PM, Christopher Cain wrote:
> Hi all.
>
> I am setting up a new appliance-based DNS solution that will contain a fair
> number of separately managed Windows DNS slave servers (in addition to the
> DNS appliances that will handle the .
>
> Currently there are just over
Hi all.
I am setting up a new appliance-based DNS solution that will contain a fair
number of separately managed Windows DNS slave servers (in addition to the
DNS appliances that will handle the .
Currently there are just over 8000 host records that resolve to IP's in the
10.x.x.x space. I am wr
On Sep 27, 2010, at 9:00 AM, Thomas Elsgaard wrote:
Hello
Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?
Here is an example
A machine in network 10.3.0.0/16 is contacting DNS to lookup
"test.gl", DNS returns ->
> Were there "... more information on these developments early next week"?
I was just about to ask the same question. ;)
I noticed the absence of 9.7.2 on ftp.isc.org, read the announcement here a day
later and rolled back my 9.7.2rc1 servers to 9.7.1-P2.
It would be good to know the nature o
Hello,
Were there "... more information on these developments early next week"?
My apologies if I missed them.
Thank you.
- Original Message
From: Larissa Shapiro
To: bind-us...@isc.org
Sent: Sun, September 19, 2010 5:54:15 PM
Subject: Notice regarding BIND 9.7.2
Dear User Communi
A small correction:
The packets captured below were between one of the DCs and the DNS server not a
client.
Also, I am getting this as well when I run nsupdate -g and try to add an A
record:
dns_tkey_negotiategss: TKEY is unacceptable
_
N
IMHO, the primary benefit of chrooting is security.
another, less painful option, again IMHO, is to run BIND in a jail if
you are using BSD, or a zone if you are on Solaris, or a Solaris based
distro.
Jerry
On 09/24/10 16:46, Scott Haneda wrote:
> On Sep 24, 2010, at 12:51 PM, Tony Finch wrote
Thanks Sergey,
I want to know one more thing, if you can help me.
Will this error cause timeouts ? does it have impact on performance ?
On Mon, Sep 27, 2010 at 3:42 PM, Sergey V. Lobanov wrote:
> Reconfigure Bind thus:
>
> STD_CDEFINES='-DISC_SOCKET_MAXEVENTS=256' ./configure --your-options
>
Are you sure? ;-P
I can't seem to get things working. It looks like the Windows machines are not
happy with the TKEY the DCs are giving them. I can kinit a user account from
the AD on the DNS server so our krb5.conf appears correct. I am getting errors
when I run kinit -k -t /etc/krb5.keytab sa
Reconfigure Bind thus:
STD_CDEFINES='-DISC_SOCKET_MAXEVENTS=256' ./configure --your-options
then recompile
On 09/27/2010 01:27 PM, Samer Khattab wrote:
Hi all,
I'm using Bind as a caching name server and serving around 2000 req
per second, and recently have the following messages showing up
> Yes, by using "view". I do it so all my internal machines are
> XXX.maplepark.com, using the private network addresses while the external
> world gets my public addresses. The internal machines are still able to get
> the external addresses by specifying the server address to be the external
>
> Yes, by using "view". I do it so all my internal machines are
> XXX.maplepark.com, using the private network addresses while the external
> world gets my public addresses. The internal machines are still able to get
> the external addresses by specifying the server address to be the external
>
On Mon, 27 Sep 2010, Thomas Elsgaard wrote:
Hello
Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?
Here is an example
A machine in network 10.3.0.0/16 is contacting DNS to lookup
"test.gl", DNS returns -> 10.0.0.2
Yes - It's called "views". There are many good examples of BIND Views
on the internet and in the documentation.
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Thomas Elsgaard
Sent: M
Hello
Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?
Here is an example
A machine in network 10.3.0.0/16 is contacting DNS to lookup
"test.gl", DNS returns -> 10.0.0.2
A machine in network 10.5.0.0/16 is contacting
On 27/09/10 09:45, David S. wrote:
Hi Pil,
"In that case, don't you want "recursion on" in view "mynetwork"?"
I won't recursion in my network, so recursion is no.
Sorry, I don't understand. Perhaps someone else can help you.
___
bind-users mailing li
Hi all,
I'm using Bind as a caching name server and serving around 2000 req per
second, and recently have the following messages showing up from time to
time in the general.log.
27-Sep-2010 10:45:47.639 sockmgr 0x2ad7af2f5010: maximum number of FD events
(64) received
27-Sep-2010 10:45:47.872 so
Hi Pil,
"In that case, don't you want "recursion on" in view "mynetwork"? "
I won't recursion in my network, so recursion is no.
-
--
Best regards,
David
http://blog.pnyet.web.id
On 09/27/2010 03:32 PM, Phil Mayers wrote:
> In that case, don't you want "recursion on" in view "mynetwork"?
_
Hello, I am trying to configure a single CentOS 5 machine as a server
for two unrelated websites:
example.eu
example.de
The server has four IP addresses assigned to it:
1.1.1.136
1.1.1.171
1.1.1.172
1.1.1.188
I plan on hosting example.eu on this server with these two IP
addresses for its name ser
On 09/27/2010 09:25 AM, David S. wrote:
I want to build name server for ISP:
Please don't email me directly; replying to the list is the correct
thing to do.
view "mynetwork" allow "trusted" to lookup domain / host in internet.
In that case, don't you want "recursion on" in view "mynetwo
On 09/26/2010 10:57 PM, David S. wrote:
I've removed "additional-from-cache" and restart bind, below part of
named.conf
Ok, bad guess on my part :o(
Not sure I'm afraid. I don't really understand your config; do you mean
to have recursion off in both views?
What is sending the queries? They
33 matches
Mail list logo