Re: failed multi-view zone transfer
Notifications by default do not go to the server listed in the mname field of the SOA record, so that the primary master does not notify itself. If you put the actual primary master's name in the mname, does it work correctly? You saud that also-notify lists the slaves. This should ensure that both slaves receive notifications, regardless of the mname value. If that is not working, then it sounds to me like you've found a bug. Regards, Chris Buxton BlueCat Networks On 1/21/11, jeffreyp bindus...@bindusers.exjay.com wrote: greetings, i'm in the midst of an odd problem (to me, anyway) and would appreciate any pointers. three servers, all running bind-9.7.2-P3 compiled from source with the same options. one master; two slaves. two views: internal and external. one master and one slave are on the same subnet with just a switch between 'em; the other slave is on a different subnet out on the internet. i'm wanting to have both views for all zones transferred to both slaves. i've set things up with tsig and per mark andrews' great scheme documented at http://www.mail-archive.com/bind-users@lists.isc.org/msg03593.html transfers from the master to the slave on its same subnet happen as desired; transfers from the master to the slave on the different subnet do not. notify logging shows that the notifies are being properly received by both slaves. my master zone definitions specify also-notify for both slaves. each slave zone definition specifies a masters statement. what i've observed (initially because of a typo and quite by chance) is that the transfer to the slave on the internet does not happen if the host specified in the SOA's MNAME field is also specified in an NS record. but if the host specified in the SOA's MNAME field is not an NS record then the transfer does complete. and therein lies the problem. i've intentionally not posted my config, thinking someone might recognize this off the top of their head. i will certainly post it if necessary. thanks, jeffreyp ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Sent from my mobile device ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Question about recursion logging
Hi, I have a Bind 9 recursive only server on Window. Is there any way I could configure Bind to write to the logs exactly what root server is being queried for a client request? I enabled query logging and resolver logging but there is no info about which server is being queried exactly. Thank you, Buzai ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: failed multi-view zone transfer
thanks chris. sorry if i've confused anyone. the notifications appear to be working fine. i enabled notify logging on the slaves and do see the notifications at the slaves, as expected. it's the transfers that are not happening. and, specifically, just the transfers of the internal view to the slave on the different subnet. the soa/mname is the actual primary master, and the zone has two ns records, one that is the same hostname as the mname, and an other hostname that is the slave. additionally (and it's redundant, i know), there is an also-notify that is the ip address of the slave. to answer your question: no, if the actual primary master's name is in the mname field the transfer does not work correctly. so the slave gets notified, and with the proper tsig key, but does not transfer the zone. on the master, the internal zone file is thus: $ORIGIN . $TTL 3600 ; 1 hour somezone.tldIN SOA hank.example.com. dns.example.com. ( 2003081123 ; serial 3600 ; refresh (1 hour) 600; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS dean.example.com. NS hank.example.com. again, the notifies appear to be working fine. but when using the zone file as above, the zone does not transfer to the slave. but if the hank.example.com NS record is removed, the zone does transfer. as a matter of fact, it doesn't matter what is in the NS records (resolvable hostnames, un-resolvable hostnames): if hank.example.com. is in the NS records then the zone will not transfer; if hank.example.com. is not in the NS records then the zone will transfer. thanks for the help! On 1/22/11 9:43 AM, Chris Buxton wrote: Notifications by default do not go to the server listed in the mname field of the SOA record, so that the primary master does not notify itself. If you put the actual primary master's name in the mname, does it work correctly? You saud that also-notify lists the slaves. This should ensure that both slaves receive notifications, regardless of the mname value. If that is not working, then it sounds to me like you've found a bug. Regards, Chris Buxton BlueCat Networks On 1/21/11, jeffreypbindus...@bindusers.exjay.com wrote: greetings, i'm in the midst of an odd problem (to me, anyway) and would appreciate any pointers. three servers, all running bind-9.7.2-P3 compiled from source with the same options. one master; two slaves. two views: internal and external. one master and one slave are on the same subnet with just a switch between 'em; the other slave is on a different subnet out on the internet. i'm wanting to have both views for all zones transferred to both slaves. i've set things up with tsig and per mark andrews' great scheme documented at http://www.mail-archive.com/bind-users@lists.isc.org/msg03593.html transfers from the master to the slave on its same subnet happen as desired; transfers from the master to the slave on the different subnet do not. notify logging shows that the notifies are being properly received by both slaves. my master zone definitions specify also-notify for both slaves. each slave zone definition specifies a masters statement. what i've observed (initially because of a typo and quite by chance) is that the transfer to the slave on the internet does not happen if the host specified in the SOA's MNAME field is also specified in an NS record. but if the host specified in the SOA's MNAME field is not an NS record then the transfer does complete. and therein lies the problem. i've intentionally not posted my config, thinking someone might recognize this off the top of their head. i will certainly post it if necessary. thanks, jeffreyp ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.8.0b1 Released Today
* JINMEI Tatuya / 神明達哉: Paul Wouters p...@xelerance.com wrote: Does this work with DNSSEC if one loads an explicit trust anchor, even if in the world view the trust anchor is missing? I'm afraid I don't understand the question. Could you be more specific, e.g., by using the above example.com example? I think Paul is wondering if it works with the DENIC testbed. 8-) The forward hack does not work reliable for DNSSEC islands, IIRC. (I assume that static-stub zones result in RD=0 queries, so they should work in such a scenario.) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.8.0b1 Released Today
At Sat, 22 Jan 2011 20:38:46 +0100, Florian Weimer f...@deneb.enyo.de wrote: Does this work with DNSSEC if one loads an explicit trust anchor, even if in the world view the trust anchor is missing? I'm afraid I don't understand the question. Could you be more specific, e.g., by using the above example.com example? I think Paul is wondering if it works with the DENIC testbed. 8-) The forward hack does not work reliable for DNSSEC islands, IIRC. (I still don't understand what exactly it works with the DENIC testbed means in the context of the original question of Paul, but) If so, I believe the answer is yes. static-stub was developed specifically for that purpose (although the feature itself is generic and would be useful for other purposes) :-) --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
service if s/up/down/g ipv6
hello administrators bind. How is it necessary to have a secondary dns server ipv6 in to establish a connection ipv6. I like ipv6 me and one of someone else yet I can not properly establish connections ipv6 I do not even know if I r13151.ovh.net answer properly in ipv6 sincerely -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: service if s/up/down/g ipv6
In message 1295741593.4363.79.camel@localhost.localdomain, fakessh @ writes : hello administrators bind. How is it necessary to have a secondary dns server ipv6 in to establish a connection ipv6. I like ipv6 me and one of someone else yet I can not properly establish connections ipv6 I do not even know if I r13151.ovh.net answer properly in ipv6 sincerely=20 --=20 gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=3Dgetsearch=3D0x092164A7 You need to add a record for r13151.ovh.net if you want it to be addressed by name over IPv6. Mark % dig -6 ns . @r13151.ovh.net dig: couldn't get address for 'r13151.ovh.net': not found % dig -4 ns . @r13151.ovh.net ; DiG 9.6.0-APPLE-P2 -4 ns . @r13151.ovh.net ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: REFUSED, id: 29163 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;. IN NS ;; Query time: 342 msec ;; SERVER: 87.98.186.232#53(87.98.186.232) ;; WHEN: Sun Jan 23 12:58:48 2011 ;; MSG SIZE rcvd: 17 % -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: service if s/up/down/g ipv6
administrators bind. How is it necessary to have a secondary dns server ipv6 in to establish a connection ipv6. I like ipv6 me and one of someone else yet I can not properly establish connections ipv6 I do not even know if I r13151.ovh.net answer properly in ipv6 I'm not 100% sure I understand the question. I don't see any record for r13151.ovh.net, only a normal IPv4 A record: Eivind-mac:~ eivind$ dig +short a r13151.ovh.net 87.98.186.232 Eivind-mac:~ eivind$ dig +short r13151.ovh.net Eivind-mac:~ eivind$ Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: service if s/up/down/g ipv6
hello I tried to make a simple box ipv6 r13151.ovh.net did not I know about registration . my domain names such fakessh.eu owns a recording well. how to properly configure a zone ipv6 thanks Le dimanche 23 janvier 2011 à 03:41 +0100, Eivind Olsen a écrit : administrators bind. How is it necessary to have a secondary dns server ipv6 in to establish a connection ipv6. I like ipv6 me and one of someone else yet I can not properly establish connections ipv6 I do not even know if I r13151.ovh.net answer properly in ipv6 I'm not 100% sure I understand the question. I don't see any record for r13151.ovh.net, only a normal IPv4 A record: Eivind-mac:~ eivind$ dig +short a r13151.ovh.net 87.98.186.232 Eivind-mac:~ eivind$ dig +short r13151.ovh.net Eivind-mac:~ eivind$ Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: service if s/up/down/g ipv6
In message 1295764581.4363.93.camel@localhost.localdomain, fakessh @ writes : hello I tried to make a simple box ipv6 r13151.ovh.net did not I know about registration . my domain names such fakessh.eu owns a recording well.=20 You just add records like you would A records e.g. host 3600 IN A 1.2.3.4 host 3600 IN 2002:1234:abde:1b78:2002:1234:abde:1b78 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
