Clarification on bind response
Hi, I have set up data as follows in bind. Zone: rameshops5526old.com maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns2.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns1.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns6.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns4.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns3.rameshops5526old.com. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. Queried against bind and get the reposne as follows [r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194 maint.rameshops5526old.com. ; DiG 9.6.1-P3 @10.31.145.194 maint.rameshops5526old.com. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 16855 ;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;maint.rameshops5526old.com.IN A ;; ANSWER SECTION: maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. ;; AUTHORITY SECTION: global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. ;; Query time: 2 msec ;; SERVER: 10.31.145.194#53(10.31.145.194) ;; WHEN: Tue Aug 24 06:26:31 2010 ;; MSG SIZE rcvd: 195 Here AA flag is returning is it correct? because domain global.rameshops5526old.com. delegated so we should not return AA flag right? Please clarify me. Thanks Regards, Ramesh ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Clarification on bind response
In message aanlktinrcdo9eetozjb4xsxcp309jaedtza7wxfeh...@mail.gmail.com, rams writes: Hi, I have set up data as follows in bind. Zone: rameshops5526old.com maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns2.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns1.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns6.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns4.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns3.rameshops5526old.com. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. Queried against bind and get the reposne as follows [r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194 maint.rameshops5526old.com. ; DiG 9.6.1-P3 @10.31.145.194 maint.rameshops5526old.com. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 16855 ;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;maint.rameshops5526old.com.IN A ;; ANSWER SECTION: maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. ;; AUTHORITY SECTION: global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. ;; Query time: 2 msec ;; SERVER: 10.31.145.194#53(10.31.145.194) ;; WHEN: Tue Aug 24 06:26:31 2010 ;; MSG SIZE rcvd: 195 Here AA flag is returning is it correct? because domain global.rameshops5526old.com. delegated so we should not return AA flag right? Please clarify me. Thanks Regards, Ramesh aa indicates that the server is authoritative for the CNAME record. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Clarification on bind response
Hi , Please tell me the correct answer for the below set up: *Zone: rameshops5526old.com * maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns2.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns1.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns6.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns4.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns3.rameshops5526old.com. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. dig @localhost *maint.rameshops5526old.com A* ** Thanks Regards, Ramesh * * ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Clarification on bind response
On 24.08.10 12:48, rams wrote: Please tell me the correct answer for the below set up: this is not set up, this is the answer. *Zone: rameshops5526old.com * maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns2.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns1.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns6.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns4.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns3.rameshops5526old.com. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. dig @localhost *maint.rameshops5526old.com A* what do you want? What problem do you have? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Clarification on bind response
Hi When we have data as follows queried domain maint.rameshops5526old.com. against bind and my own resolver. Bind and my resolver response are same but only mismatching with flags. bind is returning AA flag but my resolver is not returning AA flag. in this case wihcih is correct bind or my resolver? Zone: rameshops5526old.com maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns2.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns1.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns6.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns4.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns3.rameshops5526old.com. global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net. global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Clarification on bind response
On 24.08.10 17:48, rams wrote: When we have data as follows queried domain maint.rameshops5526old.com. against bind and my own resolver. Bind and my resolver response are same but only mismatching with flags. bind is returning AA flag but my resolver is not returning AA flag. in this case wihcih is correct bind or my resolver? yes. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
query-source does not work for forwarded queries
The query-source option does not work for forwarded queries per wireshark with BIND 9.4-ESV-R2 on Solaris 10 as well as AIX 5.3. If I remove the forward only option from named.conf, then the query-source does take effect for the recursive queries (but of course the queries fail because I need them to be forwarded to the target that is accessible through the firewall). With the forward only option, the forwarded queries pick up their source ip address as if there were a secret hidden setting of forward-source * option. Is this a known bug? Is there a work around? Right now I need to open up the firewall to permit a long changing list of source addresses to reach the forwarding target, but it would be more appropriate to allow only the short stable list of service addresses for the inside resolvers (made portable by use of host routing rather than ARP). Thanks in advance. -- Gordon Lang ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
caching of server fail BIND9
We just had a problem where a BIND9 running on our postfix MX 451-rejected-as-unknown-domain all msgs from @sender.domain for 9 days. rndc flush allowed the domain to be resolved immediately and its messages accepted. When the BIND reports server fail, rather than a negative answer with neg-TTL, how long is SRV FAIL cached in BIND9? RFC2308 says no longer than 5 minutes. We do not know whether unknown domain's NS was really SRV FAIL for 9 days. Len ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Clarification on bind response
On 8/24/2010 2:25 AM, rams wrote: Hi, I have set up data as follows in bind. Zone: rameshops5526old.com http://rameshops5526old.com maint.rameshops5526old.com http://maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com http://maint.global.rameshops5526old.com. rameshops5526old.com http://rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com http://dns5.rameshops5526old.com. rameshops5526old.com http://rameshops5526old.com. 21600 IN NS dns2.rameshops5526old.com http://dns2.rameshops5526old.com. rameshops5526old.com http://rameshops5526old.com. 21600 IN NS dns1.rameshops5526old.com http://dns1.rameshops5526old.com. rameshops5526old.com http://rameshops5526old.com. 21600 IN NS dns6.rameshops5526old.com http://dns6.rameshops5526old.com. rameshops5526old.com http://rameshops5526old.com. 21600 IN NS dns4.rameshops5526old.com http://dns4.rameshops5526old.com. rameshops5526old.com http://rameshops5526old.com. 21600 IN NS dns3.rameshops5526old.com http://dns3.rameshops5526old.com. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net http://j.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net http://a.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net http://l.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net http://d.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net http://b.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net http://e.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net http://c.ns.nsatc.net. Queried against bind and get the reposne as follows [r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194 http://10.31.145.194 maint.rameshops5526old.com http://maint.rameshops5526old.com. ; DiG 9.6.1-P3 @10.31.145.194 http://10.31.145.194 maint.rameshops5526old.com http://maint.rameshops5526old.com. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 16855 ;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;maint.rameshops5526old.com http://maint.rameshops5526old.com. IN A ;; ANSWER SECTION: maint.rameshops5526old.com http://maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com http://maint.global.rameshops5526old.com. ;; AUTHORITY SECTION: global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS e.ns.nsatc.net http://e.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS l.ns.nsatc.net http://l.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS a.ns.nsatc.net http://a.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS j.ns.nsatc.net http://j.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS c.ns.nsatc.net http://c.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS d.ns.nsatc.net http://d.ns.nsatc.net. global.rameshops5526old.com http://global.rameshops5526old.com. 300 IN NS b.ns.nsatc.net http://b.ns.nsatc.net. ;; Query time: 2 msec ;; SERVER: 10.31.145.194#53(10.31.145.194) ;; WHEN: Tue Aug 24 06:26:31 2010 ;; MSG SIZE rcvd: 195 Here AA flag is returning is it correct? because domain global.rameshops5526old.com http://global.rameshops5526old.com. delegated so we should not return AA flag right? Please clarify me. You're authoritative for the CNAME record that is contained in the Answer Section. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Clarification on bind response
On 8/24/2010 8:18 AM, rams wrote: Hi When we have data as follows queried domain maint.rameshops5526old.com http://maint.rameshops5526old.com/. against bind and my own resolver. Bind and my resolver response are same but only mismatching with flags. bind is returning AA flag but my resolver is not returning AA flag. in this case wihcih is correct bind or my resolver? Zone: rameshops5526old.com http://rameshops5526old.com/ maint.rameshops5526old.com http://maint.rameshops5526old.com/. 300 IN CNAME maint.global.rameshops5526old.com http://maint.global.rameshops5526old.com/. rameshops5526old.com http://rameshops5526old.com/. 21600 IN NS dns5.rameshops5526old.com http://dns5.rameshops5526old.com/. rameshops5526old.com http://rameshops5526old.com/. 21600 IN NS dns2.rameshops5526old.com http://dns2.rameshops5526old.com/. rameshops5526old.com http://rameshops5526old.com/. 21600 IN NS dns1.rameshops5526old.com http://dns1.rameshops5526old.com/. rameshops5526old.com http://rameshops5526old.com/. 21600 IN NS dns6.rameshops5526old.com http://dns6.rameshops5526old.com/. rameshops5526old.com http://rameshops5526old.com/. 21600 IN NS dns4.rameshops5526old.com http://dns4.rameshops5526old.com/. rameshops5526old.com http://rameshops5526old.com/. 21600 IN NS dns3.rameshops5526old.com http://dns3.rameshops5526old.com/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS j.ns.nsatc.net http://j.ns.nsatc.net/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS a.ns.nsatc.net http://a.ns.nsatc.net/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS l.ns.nsatc.net http://l.ns.nsatc.net/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS d.ns.nsatc.net http://d.ns.nsatc.net/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS b.ns.nsatc.net http://b.ns.nsatc.net/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS e.ns.nsatc.net http://e.ns.nsatc.net/. global.rameshops5526old.com http://global.rameshops5526old.com/. 300 IN NS c.ns.nsatc.net http://c.ns.nsatc.net/. AA is set on BIND's response because the CNAME is coming directly from authoritative data. AA is not set on your resolver's response because the answer *isn't* coming directly from authoritative data. Why is this an issue? A stub resolver or an application generally doesn't -- and shouldn't -- care -- or usually doesn't even *know* -- about the setting of the AA flag. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
discrepancy with rndc dumpdb -zones
After several successful update delete ... nsupdate sends to the master DNS server, verified with dig, the rndc dumpdb -zones command produced named_dump.db file still showing the deleted records. This was repeatable and persistent (over the half hour time period) until I performed a hard restart of named. Has anyone else seen this sort of thing? Can anyone explain this? -- Gordon A. Lang ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
