bind-9.6-ESV-R5-P1 crash!!!
Hi All, I discover that bind-9.6-ESV-R5-P1 (configured as a cache-recursor server) crash in this case: 1/ logging statement are like that: logging { category default { default_syslog; default_debug; }; category lame-servers { null; }; }; 2/ i send 3 qps using tcpreplay from another server 3/ logrotate is cronned to turn at 4:00 everyday 4/ this configuration generates approximatively 250M by day of data in the logfile /var/log/messages, And at 4:00 when the logrotate begin and make the turn of the log (without compress)== Bind begin a strange behavior like that: i made the test 3 times, for the two first i found that bind at 4:00 (before 4:00 all is ok) begin answering only 50% of the querry for 6 hours aproximatively then bind are no longer running and the server goes in an OOM (Out Of Memory) du to bind who consume 8 Go of RAM (at 4:00 he consume just 500 M and begin rising from 500M to 8 Go) and the third test actually running at 4:00 bind begin answering only 50 % of query then at 10:00 he answer all query by a SERVFAIL with a huge query time(2000 msec) Off Course when i cronned the logrotate to turn each hour the /var/log/messages doesn't exceed 15M and all is OK. And also when i limit the data logged (by modifying the logging statement) all is OK too. so why when the /var/log/messages is about 250 M the bind crash knowing that just before logrotate begin working I have more than 50 % of RAM, CPU, and partition Free. Thanks. Issam Harrathi. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
CNAME only zone?
Is it possible to create a zone file that only contains a CNAME? The request I got is to create a CNAME to point shop4water.com to shop4water.hostedbywebtstore.com. We own shop4water.com – hostedbywebstore.com is something external that we don’t own. I’ve reviewed past posts and searched the internet. I see things saying “you can’t have CNAME only” or “you can” or “you should use DNAME instead” and then others saying that “you can’t use CNAME or DNAME with any other record and the SOA itself is a record”. So my basic question is: Is it possible to do this? If so what should the zone file for shop4water.com look like? Is there another way to make queries for shop4water.com go to shop4water.hostedbywebtstore.com? Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
On 09/12/11 16:25, Lightner, Jeff wrote: Is it possible to create a zone file that only contains a CNAME? This comes up a lot, it seems. No. CNAME conflicts with any other record - including the SOA and NS records required at the apex. You will have to put an A record at the apex. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME only zone?
I don't know what you mean by that. Apex of what exactly - my zone file? I can make a zone file that simply has a CNAME in it with no SOA, serial number etc...? As noted I do not own the target zone so I can't update any records there. Can you tell me exactly what the zone file should look like with the CNAME record at the apex? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Phil Mayers Sent: Friday, December 09, 2011 11:41 AM To: bind-users@lists.isc.org Subject: Re: CNAME only zone? On 09/12/11 16:25, Lightner, Jeff wrote: Is it possible to create a zone file that only contains a CNAME? This comes up a lot, it seems. No. CNAME conflicts with any other record - including the SOA and NS records required at the apex. You will have to put an A record at the apex. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
On 09/12/11 16:55, Lightner, Jeff wrote: I don't know what you mean by that. Apex of what exactly - my zone file? The zone is a tree. The records at the apex of the zone are those with the same name as the zone - normally the SOA, NS, MX, and other records. Since all zones must have a SOA and NS at the apex, and CNAME is incompatible with any other record at the same name (except RRSIG/NSEC), you cannot have a CNAME at the apex. I can make a zone file that simply has a CNAME in it with no SOA, serial number etc...? No. You can't. Such zone files are syntactically invalid, and will not be loaded by bind. This is easy to try e.g. test.zone. 300 SOA ns.test.zone. hostmaster.test.zone. 100 2700 1800 3600 3600 test.zone. 300 NS ns.test.zone. test.zone. 300 CNAME www.other.zone. ns.test.zone. 300 A 192.0.2.1 # named-checkzone test.zone $FILE dns_master_load: z:3: test.zone: CNAME and other data dns_master_load: z:3: test.zone: CNAME and other data zone test.zone/IN: loading from master file z failed: CNAME and other data zone test.zone/IN: not loaded due to errors. As noted I do not own the target zone so I can't update any records there. Can you tell me exactly what the zone file should look like with the CNAME record at the apex? As noted above, such a zone is invalid. You *can* do this: test.zone. 300 SOA ns.test.zone. hostmaster.test.zone. 100 2700 1800 3600 3600 test.zone. 300 NS ns.test.zone. test.zone. 300 A 192.0.2.2 ; the IP of www.other.zone ns.test.zone. 300 A 192.0.2.1 i.e. put an A record at the zone apex, with the IP of the other server. It does mean you need a script / process in place to update the A record if the name ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
I don't know what you mean by that. Apex of what exactly - my zone file? Can you tell me exactly what the zone file should look like with the CNAME record at the apex? Determine the address(es) for the target domain name shop4water.hostedbywebtstore.com (I'm using 127.0.0.1 as an example), and add each to an A record in the zone, which should look a bit like this: $TTL 3600 @ IN SOA shop4water.com. root.shop4water.com. ( 1 ; serial 3H ; refresh 1H ; retry 1W ; expiry 1H ); negTTL IN NS ns7.worldnic.com. IN NS ns8.worldnic.com. IN A 127.0.0.1 ; replace w/ IP of target As Phill said, a CNAME instead of the A record is illegal at the apex (i.e. the top) of the zone; CNAME must not exist with other data e.g. NS or SOA records, which are mandatory for a zone. Hope that helps. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
On 09/12/11 17:08, Phil Mayers wrote: i.e. put an A record at the zone apex, with the IP of the other server. It does mean you need a script / process in place to update the A record if the name ...blast. if the IP of the other server changes ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
On Friday 09 December 2011 10:25:36 Lightner, Jeff wrote: Is it possible to create a zone file that only contains a CNAME? As already answered, no. The request I got is to create a CNAME to point shop4water.com to shop4water.hostedbywebtstore.com. You can ask your registrar if they can/will do this in the parent com. zone. I have seen ugliness of this type from either Network Solutions or register.com before, not sure which. We own shop4water.com – hostedbywebstore.com is something external that we don’t own. Do note that hostedbywebtstore is not the same as hostedbywebstore; we're sticklers for precise spelling. Also note that other workarounds will solve the same problem in a better way. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME only zone?
Also note that other workarounds will solve the same problem in a better way. Care to enlighten me as to what those workarounds would be? Also - why is it a registrar can do a CNAME only but we mere mortals can't? In fact documentation from Amazon (it is apparently their web store I've since learned) suggests doing it at registrar so I'll probably go that route but I'm wondering why it should work there but not on one of my delegated name servers. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of /dev/rob0 Sent: Friday, December 09, 2011 12:41 PM To: bind-users@lists.isc.org Subject: Re: CNAME only zone? On Friday 09 December 2011 10:25:36 Lightner, Jeff wrote: Is it possible to create a zone file that only contains a CNAME? As already answered, no. The request I got is to create a CNAME to point shop4water.com to shop4water.hostedbywebtstore.com. You can ask your registrar if they can/will do this in the parent com. zone. I have seen ugliness of this type from either Network Solutions or register.com before, not sure which. We own shop4water.com - hostedbywebstore.com is something external that we don't own. Do note that hostedbywebtstore is not the same as hostedbywebstore; we're sticklers for precise spelling. Also note that other workarounds will solve the same problem in a better way. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
Please do not top-post. Thank you. On Friday 09 December 2011 11:52:58 Lightner, Jeff wrote: Also note that other workarounds will solve the same problem in a better way. Care to enlighten me as to what those workarounds would be? Not knowing the exact situation puts me at a distinct handicap in trying to do so, but I can suggest some possibilities beyond what was suggested by Jan-Piet and Phil. - A cron job to look up the desired name and nsupdate(8) the A record for shop4water.com. when that address changes - HTTP redirects, or just a redirect for shop4water.com to point to your desired CNAME target; www.shop4water.com *can* be a CNAME. - Find different hosting. Also - why is it a registrar can do a CNAME only but we mere mortals can't? Only approved registrars are allowed to update records in official top-level domains. You can make as many CNAME records as you like, playing by the rule that a CNAME cannot coexist with a record of the same name and any other RRtype. Registrars are also bound by the reality of DNS. If you want a CNAME, they do not delegate the zone to you. They remove any NS records which had been in place for your zone, and your nameservers are no longer in use for that name. In fact by not being delegated, it ceases to be a zone. In fact documentation from Amazon (it is apparently their web store I've since learned) suggests doing it at registrar so I'll probably go that route but I'm wondering why it should work there but not on one of my delegated name servers. Phil answered this, but to restate/repeat, a delegated zone *must* have SOA and NS records at the zone apex. Meaning: if shop4water.com is delegated, the parent com zone at a a minimum has NS records for shop4water.com, and your zone *must* contain SOA and NS records for shop4water.com. Those SOA and NS violate the rule that a CNAME cannot coexist with a record of the same name and any other RRtype. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME only zone?
Also note that other workarounds will solve the same problem in a better way. Care to enlighten me as to what those workarounds would be? If all the use cases for the CNAME are for http traffic, just configure an http server/load balancer/etc. under your control to return a 302 or 301 redirect back to the client browser and you maintain control if needs change in the future. 1. Point DNS A record for shop4water.com to an IP of a webserver under your control... 2. Use insert your favorite webserver here (using URL Rewrite rules, perl, etc.) to send a redirect back to the browser to direct them to the shop4water.hostedbywebstore.com URL. Depending on whether you want to preserve the URL or not can vary the type of redirects that you will be configuring but that is fairly simple to setup on a variety of well known http servers. Also - why is it a registrar can do a CNAME only but we mere mortals can't? In fact documentation from Amazon (it is apparently their web store I've since learned) suggests doing it at registrar so I'll probably go that route but I'm wondering why it should work there but not on one of my delegated name servers. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind- users-bounces+jlightner=water@lists.isc.org] On Behalf Of /dev/rob0 Sent: Friday, December 09, 2011 12:41 PM To: bind-users@lists.isc.org Subject: Re: CNAME only zone? On Friday 09 December 2011 10:25:36 Lightner, Jeff wrote: Is it possible to create a zone file that only contains a CNAME? As already answered, no. The request I got is to create a CNAME to point shop4water.com to shop4water.hostedbywebtstore.com. You can ask your registrar if they can/will do this in the parent com. zone. I have seen ugliness of this type from either Network Solutions or register.com before, not sure which. We own shop4water.com - hostedbywebstore.com is something external that we don't own. Do note that hostedbywebtstore is not the same as hostedbywebstore; we're sticklers for precise spelling. Also note that other workarounds will solve the same problem in a better way. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind as a service on windows -c option not working
Bind 9.8.1 P1 installed in D:\bind9. Config files and other zone files and log files in D:\bind_config Service configuration: Path to executable D:\bind9\bin\named.exe -c D:\bind_config\etc\named.conf named.conf has the line: directory D:\named.conf; If the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ISC\BIND\InstallDir is present, then at the start the named.conf is searched under the folder etc of InstallDir folder. If I delete this key, the the named.conf file is searched in system32/etc folder or something under system32 folder. In both cases the -c option is not taken by the service. As starting bind from command line, the -c option is taken in account and named.conf is read from the specified path. How to tell the named running as a service to read the config file from the path specified with -c option? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
On Friday 09 December 2011 10:25:36 Lightner, Jeff wrote: The request I got is to create a CNAME to point shop4water.com to shop4water.hostedbywebtstore.com. On 09.12.11 11:41, /dev/rob0 wrote: You can ask your registrar if they can/will do this in the parent com. zone. I have seen ugliness of this type from either Network Solutions or register.com before, not sure which. Note that there still may be servers that have configured .com as delegation-only and thus it won't work there. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Where do you want to go to die? [Microsoft] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
How to tell the named running as a service to read the config file from the path specified with -c option? Try changing path to executable by moving quote: D:\bind9\bin\named.exe -c D:\bind_config\etc\named.conf Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
On 09.12.11 17:52, Lightner, Jeff wrote: Also - why is it a registrar can do a CNAME only but we mere mortals can't? Because if you want CNAME, you must put it directly to he .com zone what mere mortals just can not. And I wonder if any registrar allows that. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
On 09.12.2011 21:32, wbr...@e1b.org wrote: How to tell the named running as a service to read the config file from the path specified with -c option? Try changing path to executable by moving quote: D:\bind9\bin\named.exe -c D:\bind_config\etc\named.conf No luck: The following information is part of the event: none:0: open: C:\WINDOWS\system32\etc\named.conf: file not found ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
No luck: The following information is part of the event: none:0: open: C:\WINDOWS\system32\etc\named.conf: file not found So why not put the configuration file there. Then use the directory option to direct BIND to look for all the zone files on the D: drive. options { directory D:\bind_config; other options as required } Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
On 09.12.2011 22:15, wbr...@e1b.org wrote: No luck: The following information is part of the event: none:0: open: C:\WINDOWS\system32\etc\named.conf: file not found So why not put the configuration file there. Then use the directory option to direct BIND to look for all the zone files on the D: drive. options { directory D:\bind_config; other options as required } This is not the answer I am looking. If the parameter exists, it's must working. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
This is not the answer I am looking. If the parameter exists, it's must working. Have you tried issuing the command from a command prompt? Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME only zone?
2011/12/10 Lightner, Jeff jlight...@water.com: Is it possible to create a zone file that only contains a CNAME? Some nameservers can setup that, though it's breaking the RFC. quote: Never one to let a RFC stand in the way of a solution to a real problem, we're happy to announce that CloudFlare allows you to set your zone apex to a CNAME. This allows CloudFlare users to host on EC2, Rackspace's Cloud, Google App Engine, or other cloud hosts and use their naked domain (e.g., yourdomain.com) without forcing a hack solution to a subdomain (e.g., www.yourdomain.com). http://blog.cloudflare.com/zone-apex-naked-domain-root-domain-cname-supp -- My Blog: http://nsbeta.info/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users