Re: rndc: 'reload' failed: not found
Cent OS+BIND 9.7.3+DLZ(BDB as backend) # rndc reload 2mysite.net rndc: 'reload' failed: not found rndc reload not work correctly,why? I've not used DLZ, but in general the error message you see is the same one you'd see if BIND didn't know about the zone. For example: # rndc reload doesntexists.zone rndc: 'reload' failed: not found # rndc reload bohrnag.org zone reload up-to-date # I did a quick search on the net, and it looks like it might also be an issue with the permissions on the database files, depending on the user BIND is running as? For example, http://fixunix.com/dns/55171-chrootd-bind-dlz-file-__db-00-perms-causing-rndc-reload-fail-where-set-change-them.html Regards Eivind Olsen eiv...@aminor.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc: 'reload' failed: not found
On 08-Mar-2011, at 4:31 PM, Eivind Olsen wrote: Cent OS+BIND 9.7.3+DLZ(BDB as backend) # rndc reload 2mysite.net rndc: 'reload' failed: not found rndc reload not work correctly,why? I've not used DLZ, but in general the error message you see is the same one you'd see if BIND didn't know about the zone. For example: # rndc reload doesntexists.zone rndc: 'reload' failed: not found # rndc reload bohrnag.org zone reload up-to-date # Is both of the zone loaded from DLZ? I did a quick search on the net, and it looks like it might also be an issue with the permissions on the database files, depending on the user BIND is running as? For example, http://fixunix.com/dns/55171-chrootd-bind-dlz-file-__db-00-perms-causing-rndc-reload-fail-where-set-change-them.html Regards Eivind Olsen eiv...@aminor.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc: 'reload' failed: not found
You cannot reload a dlz zone file. The zone is dynamic in mysql. Dlz+mysql can only support 7-800 qps, so what you want to do is build your webinterface to it, bind it to some other IP, and setup slaves that are not dlz at all to do a rndc reload on that one,that way you can automate everything through database and only have to call rndc reload manually on slaves for zones you change. Doing it that way, you get the 16k qps from bind and also have full database integration. Only real issue is dlz host also has no idea when a zone is updated since its in mysql, so there is no way to send a notify to slaves either, probably best to code a program on slaves to listen on a socket for updates and tell them to rndc reload when you change a zone file. I wouldn't go any higher than bind97, bind98 while I could do dig @dlzhost axfr blah.com just fine, slave did not find a bind98 dlz master authoratative so would not transfer the zone, a bug I still have not heard back on... Dan. On Tue, 8 Mar 2011, Paul Ooi Cong Jen wrote: On 08-Mar-2011, at 4:31 PM, Eivind Olsen wrote: Cent OS+BIND 9.7.3+DLZ(BDB as backend) # rndc reload 2mysite.net rndc: 'reload' failed: not found rndc reload not work correctly,why? I've not used DLZ, but in general the error message you see is the same one you'd see if BIND didn't know about the zone. For example: # rndc reload doesntexists.zone rndc: 'reload' failed: not found # rndc reload bohrnag.org zone reload up-to-date # Is both of the zone loaded from DLZ? I did a quick search on the net, and it looks like it might also be an issue with the permissions on the database files, depending on the user BIND is running as? For example, http://fixunix.com/dns/55171-chrootd-bind-dlz-file-__db-00-perms-causing-rndc-reload-fail-where-set-change-them.html Regards Eivind Olsen eiv...@aminor.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc: 'reload' failed: not found
This usually happens when your nameserver isn't configured for the zone to be reloaded. Ciao Torsten Am Tue, 8 Mar 2011 14:47:02 +0800 schrieb ShanyiWan w...@114.com.cn: Cent OS+BIND 9.7.3+DLZ(BDB as backend) # rndc reload 2mysite.net rndc: 'reload' failed: not found rndc reload not work correctly,why? -- ShanyiWan 2011-03-08 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc: 'reload' failed: not found
On Tue, 8 Mar 2011 04:07:51 -0600 (CST), Dan wrote: You cannot reload a dlz zone file. The zone is dynamic in mysql. That's fine, but the original poster said Cent OS+BIND 9.7.3+DLZ(BDB as backend), which lead me to believe he's using BDB and not MySQL. Take what I say here for what it's worth (not much, since I've got no experience with DLZ). Maybe the link I gave earlier wasn't any good? (this one: http://fixunix.com/dns/55171-chrootd-bind-dlz-file-__db-00-perms-causing-rndc-reload-fail-where-set-change-them.html - I'd at least suggest the original poster looks at it to see if is of any help). Regards Eivind Olsen eiv...@aminor.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc: 'reload' failed: not found
Is both of the zone loaded from DLZ? In my tests? Neither of the zones, it was just meant to show that the rndc reload error message was the same as if BIND had no idea about the zone. Regards Eivind Olsen eiv...@aminor.no ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind9 Log data consistency
Hello, Configuration: Bind9 configured to write logs into sys/rsyslog. - From there, data is getting phrased and used for analytical / billing purposes. Scenario: At some point, a problem arise and rsyslog crashes for any possible reason. There is no unix logging socket any more bind can communicate with. Bind seems to have behaviour of ignoring this error and it continue with normal operation - although no records are kept pointing to any transactions happening on the system since the moment of last crash. Is it possible to somehow configure bind to treat those errors as fatal. For example - abort execution because socket cannot be opened, log files written, and so on. Or, is there any other solution to prevent possibility of answering DNS queries without logs being stored and achieve full consistency between events and logs. Thanks Regards, -- Stefan Certic RoutoMessaging 48 Charlotte Street London, W1T 2NS United Kingdom http://www.routomessaging.com GSMA Associate Member Switchboard +44 (0) 870 231 Fax + 44 (0) 870 231 7775 Email : ste...@routotelecom.com MSN ID : ste...@routotelecom.com DISCLAIMER This email contains information provided by Routo Telecommunications Ltd, which may be privileged or confidential. It is meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. Routo Telecommunications Ltd may not be held responsible for the content of this email as it may reflect the personal view of the sender and not that of the company. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. We monitor our email system and may record your emails. Routo Telecommunications Ltd Registration Number 04546322 has its principal place of business at 48 Charlotte Street, London, W1T 2NS, United Kingdom. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IXFR manually edited zone files
On Mar 7, 2011, at 12:24 PM, David Coulthart wrote: On Mar 7, 2011, at 11:42 AM, Chris Thompson wrote: On Mar 7 2011, David Coulthart wrote: BIND Version: 9.7.3 on Solaris 9 10 (locally compiled) ... Based on the ARM a posting to bind-users[1], I enabled ixfr-from-differences master; on the hidden master expecting the master nameserver would generate a diff from the previous zone file in memory and the new one being loaded so it could send an IXFR to the slaves. ... There is also a named-journalprint utility which you can apply to the journal file on the master to check it contains what you hope for. I don't see a journal file being created on the master after I do the reload. The only messages in the master's log about a journal are on initial startup: ... Based on the description of ixfr-from-differences in the ARM, I think a journal file should be created. I have named running as user named, but I've checked permissions on the directory zone file confirmed that named can create files in the directory containing the zone file. It looks like the problem is with setting ixfr-from-differences to master. If I instead set the option to yes, a journal file is generated IXFR works correctly. The zone definition in my test named.conf is: zone example.com { type master; file example.com.zone; }; so I expected setting ixfr-from-differences master; would cause a journal file to be created for this master zone. Am I not understanding what the master option for ixfr-from-differences is intended to do or is this a bug in BIND? Thanks, Dave Coulthart ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IXFR manually edited zone files
In message b840935f-4809-40cf-98c5-029cbbab4...@columbia.edu, David Coulthart writes: On Mar 7, 2011, at 12:24 PM, David Coulthart wrote: On Mar 7, 2011, at 11:42 AM, Chris Thompson wrote: On Mar 7 2011, David Coulthart wrote: BIND Version: 9.7.3 on Solaris 9 10 (locally compiled) ... Based on the ARM a posting to bind-users[1], I enabled ixfr-from-diffe rences master; on the hidden master expecting the master nameserver would gener ate a diff from the previous zone file in memory and the new one being load ed so it could send an IXFR to the slaves. ... There is also a named-journalprint utility which you can apply to the journal file on the master to check it contains what you hope for. I don't see a journal file being created on the master after I do the reloa d. The only messages in the master's log about a journal are on initial star tup: ... Based on the description of ixfr-from-differences in the ARM, I think a jou rnal file should be created. I have named running as user named, but I've ch ecked permissions on the directory zone file confirmed that named can cre ate files in the directory containing the zone file. It looks like the problem is with setting ixfr-from-differences to master. I f I instead set the option to yes, a journal file is generated IXFR works c orrectly. The zone definition in my test named.conf is: zone example.com { type master; file example.com.zone; }; so I expected setting ixfr-from-differences master; would cause a journal f ile to be created for this master zone. Am I not understanding what the mast er option for ixfr-from-differences is intended to do or is this a bug in BIN D? Thanks, Dave Coulthart ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Index: bin/named/zoneconf.c === RCS file: /proj/cvs/prod/bind9/bin/named/zoneconf.c,v retrieving revision 1.171.34.2 diff -u -r1.171.34.2 zoneconf.c --- bin/named/zoneconf.c7 Mar 2011 04:16:39 - 1.171.34.2 +++ bin/named/zoneconf.c8 Mar 2011 20:44:00 - @@ -1077,10 +1077,10 @@ INSIST(result == ISC_R_SUCCESS obj != NULL); if (cfg_obj_isboolean(obj)) ixfrdiff = cfg_obj_asboolean(obj); - else if (strcasecmp(cfg_obj_asstring(obj), master) + else if (!strcasecmp(cfg_obj_asstring(obj), master) ztype == dns_zone_master) ixfrdiff = ISC_TRUE; - else if (strcasecmp(cfg_obj_asstring(obj), slave) + else if (!strcasecmp(cfg_obj_asstring(obj), slave) ztype == dns_zone_slave) ixfrdiff = ISC_TRUE; else -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 Log data consistency
Hi Sebastian, Thanks for response. Problem with another log file is that solution is doubling number of I/O transactions. At some point, data needs to be phrased into database and written to disk. I'm afraid doubling operations will cause bottlenecks during high load traffic peaks and slow-down maximal throughput. Maybe I should consider another direction of storing bind events into database in strict transaction mode. Any known approaches? Regards, Stefan Certic On Tuesday 08 March 2011 21:11:44 Sebastian Tymków wrote: Hi, I think you have to either monitor your syslog process or monitor bind log. You can use logging statement to setup file for bind logging and monitor that file. http://www.zytrax.com/books/dns/ch7/logging.html Best regards, Sebastian On Tue, Mar 8, 2011 at 4:08 PM, Stefan Certic ste...@routotelecom.comwrote: Hello, Configuration: Bind9 configured to write logs into sys/rsyslog. - From there, data is getting phrased and used for analytical / billing purposes. Scenario: At some point, a problem arise and rsyslog crashes for any possible reason. There is no unix logging socket any more bind can communicate with. Bind seems to have behaviour of ignoring this error and it continue with normal operation - although no records are kept pointing to any transactions happening on the system since the moment of last crash. Is it possible to somehow configure bind to treat those errors as fatal. For example - abort execution because socket cannot be opened, log files written, and so on. Or, is there any other solution to prevent possibility of answering DNS queries without logs being stored and achieve full consistency between events and logs. Thanks Regards, -- Stefan Certic RoutoMessaging 48 Charlotte Street London, W1T 2NS United Kingdom http://www.routomessaging.com GSMA Associate Member Switchboard +44 (0) 870 231 Fax + 44 (0) 870 231 7775 Email : ste...@routotelecom.com MSN ID : ste...@routotelecom.com DISCLAIMER This email contains information provided by Routo Telecommunications Ltd, which may be privileged or confidential. It is meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. Routo Telecommunications Ltd may not be held responsible for the content of this email as it may reflect the personal view of the sender and not that of the company. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. We monitor our email system and may record your emails. Routo Telecommunications Ltd Registration Number 04546322 has its principal place of business at 48 Charlotte Street, London, W1T 2NS, United Kingdom. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 Log data consistency
On 03/08/2011 09:46 PM, Stefan Certic wrote: Hi Sebastian, Thanks for response. Problem with another log file is that solution is doubling number of I/O transactions. At some point, data needs to be phrased into database and written to disk. I'm afraid doubling operations will cause bottlenecks during high load traffic peaks and slow-down maximal throughput. AFAIK bind does not do transactional logging, and it doesn't do any mode of logging where it will stop answering queries if logging stops. Personally I consider this a good thing. If I were you, I would log to files using standard bind file logging, and use an asynchronous, stateful tail of the logfiles to generate database records. Something like: open logfile begin loop begin transaction select lastposition from logfile_state for update seek to lastposition read X lines - create SQL rows update logfile_state set lastposition commit loop Since you're storing both the query logs and the file position in the same SQL transaction, this should be pretty much bombproof. Obviously you'll need to handle filename changes/rotation but that's fairly trivial. I've used code like this before - it's handy because you can periodically rsync the files to do incremental remote tail (you need to code in support for partial lines in that case) I really, really wouldn't stop answering queries if logging stops, but if you must - you could add a failure mode to the above process which terminates bind or blocks port 53. HTH ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IXFR manually edited zone files
On Mar 8, 2011, at 3:44 PM, Mark Andrews wrote: In message b840935f-4809-40cf-98c5-029cbbab4...@columbia.edu, David Coulthart writes: It looks like the problem is with setting ixfr-from-differences to master. I f I instead set the option to yes, a journal file is generated IXFR works c orrectly. ... Is this a bug in BIND? Index: bin/named/zoneconf.c === RCS file: /proj/cvs/prod/bind9/bin/named/zoneconf.c,v retrieving revision 1.171.34.2 diff -u -r1.171.34.2 zoneconf.c --- bin/named/zoneconf.c 7 Mar 2011 04:16:39 - 1.171.34.2 +++ bin/named/zoneconf.c 8 Mar 2011 20:44:00 - @@ -1077,10 +1077,10 @@ INSIST(result == ISC_R_SUCCESS obj != NULL); if (cfg_obj_isboolean(obj)) ixfrdiff = cfg_obj_asboolean(obj); - else if (strcasecmp(cfg_obj_asstring(obj), master) + else if (!strcasecmp(cfg_obj_asstring(obj), master) ztype == dns_zone_master) ixfrdiff = ISC_TRUE; - else if (strcasecmp(cfg_obj_asstring(obj), slave) + else if (!strcasecmp(cfg_obj_asstring(obj), slave) ztype == dns_zone_slave) ixfrdiff = ISC_TRUE; else Thank you very much, Mark. I've confirmed this patch fixes the problem. Thanks, Dave Coulthart ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users