2009/3/21 Mark Andrews :
>
> Named records modification times of masterfiles and only
> reloads those that are *newer* than the recorded modification
> time.
>
Thanks. That help me understand for the case.
___
bind-users mailing list
Users of BIND version 9.5.x or 9.4.x AND DLV
ISC announced a new user interface for DLV - DNSSEC Lookaside Validation
on March 11th. We have been running the DLV service in limited
production and will shortly be ready to move to full production.
On 15t
BIND 9.4.3-P2 is now available.
BIND 9.4.3-P2 is a SECURITY patch for BIND 9.4.3. It addresses a bug
in DNSSEC lookaside validation (DLV): unrecognized signature algorithms,
which should have been treated as the equivalent of an unsigned zone,
were instead treated as a validation
BIND 9.5.1-P2 is now available.
BIND 9.5.1-P2 is a SECURITY patch for BIND 9.5.1. It addresses a bug
in DNSSEC lookaside validation (DLV): unrecognized signature algorithms,
which should have been treated as the equivalent of an unsigned zone,
were instead treated as a validation
Barry Margolin wrote:
> This suggests one of the following problems:
>
> 1. 95.102.17.107 is pointing to your nameserver in its resolver
> configuration, but your server doesn't allow them to use you as a
> resolver (the IP isn't in your allow-recursion and allow-query-cache
> ACL).
>
> 2. T
BIND 9.6.1 Beta 1 is now available.
BIND 9.6.1b1 is a beta maintenance release for BIND 9.6.
BIND 9.6.1b1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.6.1b1/bind-9.6.1b1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bi
> BIND does NOT load RFC1918 zones. The Internet-Draft that will
> allow that has been stalled for over a year now. Once that
draft
> clears the working group the #if 0/#endif around the RFC 1918
> zones will be removed.
Perhaps I am confused by terminology.
I am referri
In message <49c3f591.1090...@eagle.net>, "John D. Vo" writes:
> --===8258205717685425773==
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
>
>
>
>
>
>
>
> Hi Todd:
>
> Thank you for those magical commands. Works better than printing them
> out
Named records modification times of masterfiles and only
reloads those that are *newer* than the recorded modification
time.
Changing the zone content without updating the serial will
also cause problems for slaves.
Mark
--
Mark Andrews, ISC
1 S
Hi Todd:
Thank you for those magical commands. Works better than printing them
out and crossing one by one with a pen.
Think the problem was some of the domains I created on master(see my
previous post) did not get transferred to the slave hence the mismatch.
I just reloaded on the master an
I know at some point in the recent past, BIND started loading RFC1918
zones, which can increase the zone count, even though they don't show up
in named.conf. That caused me 5 minutes of wtf before I remembered.
I think it was well after 9.2.2, so I'm guessing you should be safe.
t.
-Origin
Yes, Todd. 9.2.2.
Todd Snyder wrote:
I had to do this a couple times lately .. this is the simplest way I've
found. It's not elegant or nifty, but it works.
on the master:
grep zone named.conf | awk '{print $2} | sort > master.zones
on the slave:
grep zone named.conf | awk '{print $2} | sor
I had to do this a couple times lately .. this is the simplest way I've
found. It's not elegant or nifty, but it works.
on the master:
grep zone named.conf | awk '{print $2} | sort > master.zones
on the slave:
grep zone named.conf | awk '{print $2} | sort > slave.zones
get the files on the sa
Greetings:
My master name server says it has 102 zones but my slave says it has 98.
Without going through each and compare one with another, is there an
easier way to see what's missing on the slave?
Thanks.
--
Best Regards,
John D. Vo
Eagle Teleconferencing Services, Inc.
Network-Sys
Actually, master and slave has little (read "nothing") to do with
whether the domain resolves.
What's relevant are the delegation records pointing to your domain and
the authoritative
records for the two servers. In a normal, straight-forward setup for
one master and
one slave, both servers wou
We had need to continue to have the MX record a domain we acquired point
to an external location. The MX record was modified and the email
continued to work. I did see odd lookups in the logs but disregarded
them as they were failures - it looked like the target mail server was
the one trying to
In article ,
Carl Fretwell wrote:
>
> We have a domain which we serve dns for but we don't handle mail for this c=
> lient. However in the log file I can see all the time that there mail serve=
> r is trying to run a query on our dns server but is being denied.
>
> The log message
>
> 20-Mar-
We have a domain which we serve dns for but we don't handle mail for this
client. However in the log file I can see all the time that there mail server
is trying to run a query on our dns server but is being denied.
The log message
20-Mar-2009 16:32:54.984 security: info: client 95.102.17.107#1
In article , "John D. Vo"
wrote:
> 1. If ns1 is not authoritative for abc.com, ns2 cannot do a zone
> transfer from ns1, correct? please confirm.
Correct.
> 2. If yes on number 1, then WHY?
A nameserver declares itself non-authoritative either because it hasn't
loaded the zone at all, or be
On 20.03.09 09:56, John D. Vo wrote:
> We have two name servers: ns1, ns2.
> We have domain name: let's say abc.com
> Management decided to have a dns hosting company hosts that domain. LOL.
> Now they want to move that domain back to the ns1, ns2. ($$)
> I have changed the dns entries at the regis
You have recursion disabled on your abc.com server, and I believe that
is preventing your query from succeeding. My understanding is that the
contents of the root hints file are not stored in the server's cache
(which means, I think, that they are not themselves returned in response
to queries for
Hi Everyone
I have installed BIND 9.6.0-P1 on a Windows Server 2003 x64 system but when I
come to start the "ISC BIND" service I always get a 1067 error which I read
somewhere was due to permissions so made sure the user account password etc was
correct still didn't fix the issue.
Sometimes th
Greetings fellow bind users:
We have two name servers: ns1, ns2.
We have domain name: let's say abc.com
Management decided to have a dns hosting company hosts that domain. LOL.
Now they want to move that domain back to the ns1, ns2. ($$)
I have changed the dns entries at the registrar to point to
On 20.03.09 16:23, Ralf Peng wrote:
> Hmm! I was just thinking this is a BUG!
>
> I wrote a function in Perl to modify the serial number:
>
> sub increase_serial {
[...]
> }
>
>
> I do below to execute the reload:
>
> increase_serial();
> system("/usr/local/bind/sbin/rndc reload");
wh
Hi,
I am trying to set up lab which replicates the root server also. ( DNS
with Root server simulation for Intranet),
Basically I have two servers one abc.com as authoritative server and the
other rootns.man acting as root server. running BIND 9 on both.
I have done the following things in m
DHCP options not giving both nameservers? What happens when you
manually configure your workstation to only query the master?
Quoting "Dennis J." :
Hi,
This morning the slave in our nameserver setup went down and
surprisingly none of the domains hosted on these system could be
resolved anymo
-- Forwarded message --
From: Chris Dew
Date: 2009/3/20
Subject: Re: No name resolution when slave is down
To: "Dennis J."
Asking the obvious here, but does your domain registrar list both your
master and your slave as authoritative nameservers for your domain?
Could you provid
More data will need to be known. Where is the master and where is the
slave, in the same subnet, or elsewhere?
Were you previously getting any queries against the master at all,
look in your logs?
Are you sure your domains NS records even point to the master server?
If the master is rep
Hi,
This morning the slave in our nameserver setup went down and surprisingly
none of the domains hosted on these system could be resolved anymore even
with the master working perfectly fine.
When I send queries directly to the master it resolves the domains fine so
I'm not sure why a failure o
Am 2009-03-17 18:05:31, schrieb David Sparks:
> Did you look at this:
>
> "countries.nerd.dk is NOT a list of spammers, it is an IP-to-country DNS
> mapping service."
>
> http://countries.nerd.dk/
Yes, I have gotten the tip from the list and it is
exactly what I was searching for.
Thanks, Gre
On Fri, 20 Mar 2009 15:57:03 +1100
Mark Andrews wrote:
> > I'm trying to query for A record, like this :
> > # dig @a.gtld-servers.net ns1.ats-com.com +short
> > 203.130.232.235
> >
> > # dig @203.130.232.235 ns1.ats-com.com +short
> > (No A Record)
> >
> > What is happen if that NS be used for
Hmm! I was just thinking this is a BUG!
I wrote a function in Perl to modify the serial number:
sub increase_serial {
my $bindetc = "/usr/local/bind/etc/";
my @zones = get_zones(); # get the zones
for my $zone (@zones) {
for my $isp ('tel','cnc') { # two isp links
32 matches
Mail list logo
