Re: Host command timing out sporadically
Lyle Giese l...@lcrcomputer.net wrote: Don't use host. It's not telling us what is going wrong and it's only doing an A record lookup of host name. I agree dig is better for serious debugging, but for a quick check host isn't as bad as you suggest. $ host dotat.at dotat.at has address 212.13.197.229 dotat.at has IPv6 address 2001:ba8:1e3:: dotat.at mail is handled by 1 ppsw-mx-a.csi.cam.ac.uk. $ host nx.dotat.at Host nx.dotat.at not found: 3(NXDOMAIN) $ host bad-delegation.dotat.at ;; connection timed out; no servers could be reached $ Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Sole: Northeasterly 4 or 5, occasionally 6 until later in west. Moderate or rough, becoming slight or moderate. Fog patches in east, rain later. Moderate or good, occasionally very poor in east. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Max Client per Query
On 30.04.12 13:54, Rafael Molina wrote: I need information about how works max client per query and client per query ? if multiple clients send the same query, bind won't try to resolve multiple times, but wait until the answer comes. It needs to know which clients asked for that. I want to limit number query done by a client. The usage of resources in my equipments is very high specially in my firewall. either you have misconfigured or misbehaving client, or you need to upgrade your dns server. By limiting queries you may cause troubles to your clients. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can I build a new DNS/BIND system parallel to our existing DNS production system?
Dear DNS/BIND gurus, I am the sole Unix/Linux/Backup Admin for a midsize city in California. I also inherited a old DNS/BIND (BIND 8.2.2-P5) system running on a Sun-Fire-V210 with Solaris 8 on it. The city is comprised of a hotchpotch of many Windows domains/domain-controllers, WINS servers, and Windows based recursive DNS servers. My DNS/BIND skill set is elementary and I just ordered two DNS books to start learning it in depth (DNS BIND Cookbook and DNS and BIND; 5th Editionhttp://www.amazon.com/dp/0596100574/ref=pe_175190_21431760_C1_cs_sce_dp_3 ). 1- Is it possible to treat the entire environment as brand new, start building a couple of Linux name servers running the latest and greatest BIND S/W, start populating it in parallel with our current production system, and once the new system is completely up and running, turn off the two Sun-Fire-V210s. 2- If step#1 is possible, as a minimum (H/W, S/W) what do I need for a complete DNS/BIND system satisfying all the city's DNS needs (internal/external resolutions). Any architectural/implementation/best practices advice would be highly appreciated. Many thanks in advance, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Samad Agha wrote: 1- Is it possible to treat the entire environment as brand new, start building a couple of Linux name servers running the latest and greatest BIND S/W, start populating it in parallel with our current production system, and once the new system is completely up and running, turn off the two Sun-Fire-V210s. Absolutely! Since you're currently running BIND 8, I don't expect you to be using many advanced features, and hopefully you have a fairly standard configuration. 2- If step#1 is possible, as a minimum (H/W, S/W) what do I need for a complete DNS/BIND system satisfying all the city's DNS needs (internal/external resolutions). Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. Any architectural/implementation/best practices advice would be highly appreciated. Estimate what amount of traffic you're seeing during prime time. How many queries per second? I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems. (caveat: I haven't benchmarked BIND 9.9.x, which might have improved this). Regards Eivind Olsen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Hi Samad, It's entirely possible to roll out a parallel BIND installation. We're doing something similar at Brandeis right now--a mix of BIND and PowerDNS servers. I take it that your current BIND setup is purely authoritative? Or is it also handling recursive requests? John On 05/03/2012 12:14 PM, Samad Agha wrote: Dear DNS/BIND gurus, I am the sole Unix/Linux/Backup Admin for a midsize city in California. I also inherited a old DNS/BIND (BIND 8.2.2-P5) system running on a Sun-Fire-V210 with Solaris 8 on it. The city is comprised of a hotchpotch of many Windows domains/domain-controllers, WINS servers, and Windows based recursive DNS servers. My DNS/BIND skill set is elementary and I just ordered two DNS books to start learning it in depth (DNS BIND Cookbook and DNS and BIND; 5th Edition http://www.amazon.com/dp/0596100574/ref=pe_175190_21431760_C1_cs_sce_dp_3). 1- Is it possible to treat the entire environment as brand new, start building a couple of Linux name servers running the latest and greatest BIND S/W, start populating it in parallel with our current production system, and once the new system is completely up and running, turn off the two Sun-Fire-V210s. 2- If step#1 is possible, as a minimum (H/W, S/W) what do I need for a complete DNS/BIND system satisfying all the city's DNS needs (internal/external resolutions). Any architectural/implementation/best practices advice would be highly appreciated. Many thanks in advance, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Thanks for your help Eivind. Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. - Are there tools to find out about current amount of traffic? - Our uptime requirements are basically from 6am to 6pm during city's business hours. Estimate what amount of traffic you're seeing during prime time. How many queries per second? - Again, how do I find out? I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems.(caveat: I haven't bench-marked BIND 9.9.x, which might have improved this). - Currently I have two: Dell PowerEdge 2950 servers with two Intel Xeon 3.0GHZ CPUs, and 4GB RAM each running RHEL 5.8 OS Thanks again, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
But, how will I know the current serial number of the zone, if the zone has been changing frequently? Thank you. On Tue, 01 May 2012 09:42:40 +0100, Phil Mayers p.may...@imperial.ac.uk wrote: On 04/27/2012 02:37 AM, cloud cache wrote: Hello, How to use nsupdate to dynamic update the SOA records? For example, I want to update the zone's contact email and main NS As others have pointed out, you just need to use nsupdate and send a valid SOA. NOTE: valid means must have a serial number current. Bind won't do this for you - you need to choose an appropriate, higher, SOA serial in the new record you send. Adding 1 is fine. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
On 05/03/2012 02:44 PM, Samad Agha wrote: Thanks for your help Eivind. Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. - Are there tools to find out about current amount of traffic? - Our uptime requirements are basically from 6am to 6pm during city's business hours. Estimate what amount of traffic you're seeing during prime time. How many queries per second? - Again, how do I find out? It is fairly easy to find out your query load using BIND. You will just need to enable query logging (if it isn't already enabled) and use the data to calculate your queries per second from the data. Getting the information from your Windows DNS servers is not as easy. You will likely need to put your Windows DNS servers into debug mode to get any sort of query logging and the output isn't exactly pretty. You could also get the data by taking packet captures and/or using a tool such as dnssnarf, dnsdump or some other tool that another list member might recommend. I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems.(caveat: I haven't bench-marked BIND 9.9.x, which might have improved this). - Currently I have two: Dell PowerEdge 2950 servers with two Intel Xeon 3.0GHZ CPUs, and 4GB RAM each running RHEL 5.8 OS Thanks again, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Invitation to help ISC out with BIND10 command line tool testing
Dear BIND User Community, The BIND 10 engineering team and are looking for BIND 9 users or other DNS users who would be interested in helping us do some requirements gathering and prototype testing. We're asking a select group of customers to apply to be in a user test project for the command line tool. _What you would need to commit to_: Several 1/2 hr to 1 hr sessions with Shane and Larissa where we walk through command line tool scenarios, later test out the actual tool and provide feedback. _Benefits to you_: Opportunity to make sure their requirements get into the next generation of BIND. Hopefully make their lives easier in the long run. Love, admiration, and probably a free t-shirt. _Benefits to ISC_: Making sure the tool actually meets our users requirements. Hopefully reducing support overhead in the future as a result. Developing and strengthening relationships with our users. If you cannot help out but someone within your group/team is interested, please let me know as soon as possible! We're finalizing participants Wednesday, May 9th. Thank you for your consideration. Larissa Larissa Shapiro BIND and DHCP Product Manager Internet Systems Consortium +1650 423 1335 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Thanks Daniel, I really appreciate your help. SA On Thu, May 3, 2012 at 1:34 PM, Daniel Deighton ddeighton-...@aplura.comwrote: On 05/03/2012 02:44 PM, Samad Agha wrote: Thanks for your help Eivind. Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. - Are there tools to find out about current amount of traffic? - Our uptime requirements are basically from 6am to 6pm during city's business hours. Estimate what amount of traffic you're seeing during prime time. How many queries per second? - Again, how do I find out? It is fairly easy to find out your query load using BIND. You will just need to enable query logging (if it isn't already enabled) and use the data to calculate your queries per second from the data. Getting the information from your Windows DNS servers is not as easy. You will likely need to put your Windows DNS servers into debug mode to get any sort of query logging and the output isn't exactly pretty. You could also get the data by taking packet captures and/or using a tool such as dnssnarf, dnsdump or some other tool that another list member might recommend. I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems.(caveat: I haven't bench-marked BIND 9.9.x, which might have improved this). - Currently I have two: Dell PowerEdge 2950 servers with two Intel Xeon 3.0GHZ CPUs, and 4GB RAM each running RHEL 5.8 OS Thanks again, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
In message f771e61acd065e9d65064d44e69d1...@mail.mxes.net, cloud cache writes : But, how will I know the current serial number of the zone, if the zone has been changing frequently? Thank you. You ask the master for the current SOA, add a small number to the serial then send, then check the result by requerying the master. Look at the fields you want to change not the serial when checking. The examples so far have a small number as 1 but it can be anything less than 2^31-1 and NO, I DO NOT RECOMMEND adding 2^31-1 to the serial when doing this. Script it. If serial + 1, doesn't work re-try with serial + 2, then serial + 3, etc. Eventually you will hit a increment that is bigger that the average update rate. Note I would not go above serial + 100. Mark On Tue, 01 May 2012 09:42:40 +0100, Phil Mayers p.may...@imperial.ac.uk wrote: On 04/27/2012 02:37 AM, cloud cache wrote: Hello, How to use nsupdate to dynamic update the SOA records? For example, I want to update the zone's contact email and main NS As others have pointed out, you just need to use nsupdate and send a valid SOA. NOTE: valid means must have a serial number current. Bind won't do this for you - you need to choose an appropriate, higher, SOA serial in the new record you send. Adding 1 is fine. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Hello, Samad, Another way to estimate you query rate is using system's udp counters. Not as precise as query logging, but doesn't cause performance drop in case of high query rates and accurate enough for estimation. 2012/5/4 Samad Agha samad.agha2...@gmail.com Thanks Daniel, I really appreciate your help. SA On Thu, May 3, 2012 at 1:34 PM, Daniel Deighton ddeighton-...@aplura.comwrote: On 05/03/2012 02:44 PM, Samad Agha wrote: Thanks for your help Eivind. Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. - Are there tools to find out about current amount of traffic? - Our uptime requirements are basically from 6am to 6pm during city's business hours. Estimate what amount of traffic you're seeing during prime time. How many queries per second? - Again, how do I find out? It is fairly easy to find out your query load using BIND. You will just need to enable query logging (if it isn't already enabled) and use the data to calculate your queries per second from the data. Getting the information from your Windows DNS servers is not as easy. You will likely need to put your Windows DNS servers into debug mode to get any sort of query logging and the output isn't exactly pretty. You could also get the data by taking packet captures and/or using a tool such as dnssnarf, dnsdump or some other tool that another list member might recommend. I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems.(caveat: I haven't bench-marked BIND 9.9.x, which might have improved this). - Currently I have two: Dell PowerEdge 2950 servers with two Intel Xeon 3.0GHZ CPUs, and 4GB RAM each running RHEL 5.8 OS Thanks again, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- AP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
