Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/12 10:17 PM, "Mark Andrews" wrote: > The fact that you can ping them just means that you have a kernel > bug. Yeah, the bug is using Linux. ;-) -- Don't worry about avoiding temptation -- as you grow older, it starts avoiding you. -- The Old Farmer's Almanac ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
In message , michoski writes: > On 4/30/12 4:14 PM, "Augie Schwer" wrote: > > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > > > > augie@augnix:~$ ifconfig lo:1 > > lo:1 Link encap:Local Loopback > > inet addr:10.0.0.1 Mask:255.255.255.224 > > > > augie@augnix:~$ ping 10.0.0.2 -c 1 > > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms > > > > --- 10.0.0.2 ping statistics --- > > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > > > > Given all that, can anyone suggest a reason why Bind won't listen on > > that address? > > No, we all saw the netmask. > > A few tried to point out the answer...you first need to get the desired > aliases UP on the system for BIND to listen-on. > > For example, loopback is 127/8 so I can ping all those addresses: > > OPS:507 r...@dev-ops-test11.vega:mhoskins# ifconfig lo > loLink encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:32 errors:0 dropped:0 overruns:0 frame:0 > TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:8148 (7.9 KiB) TX bytes:8148 (7.9 KiB) > > OPS:508 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.2 > PING 127.0.0.2 (127.0.0.2) 56(84) bytes of data. > 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms > > --- 127.0.0.2 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.012/0.012/0.012/0.000 ms > > OPS:509 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.3 > PING 127.0.0.3 (127.0.0.3) 56(84) bytes of data. > 64 bytes from 127.0.0.3: icmp_seq=1 ttl=64 time=0.011 ms > > --- 127.0.0.3 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms The fact that you can ping them just means that you have a kernel bug. % ifconfig lo0 lo0: flags=8049 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet 10.53.0.1 netmask 0x inet6 fd92:7065:b8e:::1 prefixlen 64 inet 10.53.0.2 netmask 0x inet6 fd92:7065:b8e:::2 prefixlen 64 inet 10.53.0.3 netmask 0x inet6 fd92:7065:b8e:::3 prefixlen 64 inet 10.53.0.4 netmask 0x inet6 fd92:7065:b8e:::4 prefixlen 64 inet 10.53.0.5 netmask 0x inet6 fd92:7065:b8e:::5 prefixlen 64 inet 10.53.0.6 netmask 0x inet6 fd92:7065:b8e:::6 prefixlen 64 inet 10.53.0.7 netmask 0x inet6 fd92:7065:b8e:::7 prefixlen 64 inet 10.53.0.50 netmask 0x inet 10.53.0.60 netmask 0x inet 10.53.0.70 netmask 0x inet 10.53.0.80 netmask 0x inet 10.53.0.90 netmask 0x inet 10.53.0.100 netmask 0x inet 10.53.0.110 netmask 0x inet 10.53.0.120 netmask 0x inet 10.53.0.130 netmask 0x inet 10.53.0.140 netmask 0x inet 10.53.0.150 netmask 0x inet 10.53.0.160 netmask 0x inet 10.53.0.170 netmask 0x % ping 127.0.0.45 PING 127.0.0.45 (127.0.0.45): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 ^C --- 127.0.0.45 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss % > However, I can't bind daemons to 127.0.0.2, etc. until I configure lo:0, > etc. aliases for those addresses! If your ifconfig output doesn't show the > IP you want to listen-on, it won't work. This is how it's been as long as > I've been alive. > > If this is hard to believe, try adding a 10.0.0.2 (or whatever) loopback > alias with a netmask of 255.255.255.255 (the correct netmask for aliases) > and see how BIND behaves. > > -- > By nature, men are nearly alike; > by practice, they get to be wide apart. > -- Confucius > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-user
Re: Convice Bind to listen on IP alias with a range of IPs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/30/2012 07:13 PM, Augie Schwer wrote: > Thanks for the reply, please see my previous e-mail about the address > being perfectly pingable on that interface. > Whats that have to do with anything? It being pingable only means something is responding for it. This does NOT mean it is on THAT specific server. If it is not on THAT server then bind cant use it. This isn't rocket science :) - -- Larry Brower, CCNA Linux System Administrator II HostGator.com LLC lbro...@hostgator.com Http://www.hostgator.com Http://support.hostgator.com/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPn15TAAoJEF1Xw4ZWTEoJlK0P/0wCGKtzfFr7jCrxq2YQlZbj 2DBwCO9gjZWHnHr35DQ/iYz7U+gU9rzKvXMdDWNKsr8zXoqiyMgt0N1Yp+llHQdj zgGOIlEuqIcL77hGBNQ7zlrutfiPaUuIG/vZe8mLX31M8yDOG2fa38cGtSNKILZL aSejkv5u+4QfRBhWGqtWtcUwslWdBc3TLoxKoI2YidPALjtkGXsPF/qYoke80b+Y 0YPxZ/lyS85KovK9ZgG3dCXl35r0hyLTbHBeD9JTUw6g28CKPq8HX5nKdo1hTYQv +Wdb5cIQGIovVF1QZcXkdGWnhIh9AkGXQ3J4RasCUPi6TuKTlWNhlQjYiYWAl5BB WmvPGSm3gczEJS2VGkTeJbDMKSfmNzRruzObBbVBhUr4rp/xCuJITfltne5PEmaJ 3acBm1fHi1SGifueJeK9LdFPDW27Xog2+1FDbdJFrTGO1qjwGfrEyJ9FFtk9ve2U FZWvyOdomoKapAtI4sxbKG54LTmgAazXflRa4CowEA8EhykX2qGgFhv3rKy3Y9Gf hXnNlVJUIOif9kotAem50MsgTLmMpHkOOcb6ADNDMZ91hxRvJrZ/Eb7E4UtU/g+S UDlb28WT5Cu8okrhqS1uiVjvl4dhnr0ZIz6AZMgMgKTOUw0vihvDgIZ6Ve6Ws+HB PLdxKpjwi6pt6RvHk+al =+qgi -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/12 4:14 PM, "Augie Schwer" wrote: > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > > augie@augnix:~$ ifconfig lo:1 > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > augie@augnix:~$ ping 10.0.0.2 -c 1 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms > > --- 10.0.0.2 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > > Given all that, can anyone suggest a reason why Bind won't listen on > that address? No, we all saw the netmask. A few tried to point out the answer...you first need to get the desired aliases UP on the system for BIND to listen-on. For example, loopback is 127/8 so I can ping all those addresses: OPS:507 r...@dev-ops-test11.vega:mhoskins# ifconfig lo loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8148 (7.9 KiB) TX bytes:8148 (7.9 KiB) OPS:508 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.2 PING 127.0.0.2 (127.0.0.2) 56(84) bytes of data. 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms --- 127.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.012/0.012/0.012/0.000 ms OPS:509 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.3 PING 127.0.0.3 (127.0.0.3) 56(84) bytes of data. 64 bytes from 127.0.0.3: icmp_seq=1 ttl=64 time=0.011 ms --- 127.0.0.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms However, I can't bind daemons to 127.0.0.2, etc. until I configure lo:0, etc. aliases for those addresses! If your ifconfig output doesn't show the IP you want to listen-on, it won't work. This is how it's been as long as I've been alive. If this is hard to believe, try adding a 10.0.0.2 (or whatever) loopback alias with a netmask of 255.255.255.255 (the correct netmask for aliases) and see how BIND behaves. -- By nature, men are nearly alike; by practice, they get to be wide apart. -- Confucius ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/30/2012 06:14 PM, Augie Schwer wrote: > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > > augie@augnix:~$ ifconfig lo:1 > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > This is only showing the IP 10.0.0.1/27 which is a single IP on the box. You dont get a range of IP's by using a specific mask on the interface. > augie@augnix:~$ ping 10.0.0.2 -c 1 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms > > --- 10.0.0.2 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > You have 10.0.0.2 bound to a system somewhere which is nice but has nothing to do with lo:1 > Given all that, can anyone suggest a reason why Bind won't listen on > that address? Because you are doing it wrong. You need to actually have the IP bound to an interface on the server for it to work. - -- Larry Brower, CCNA Linux System Administrator II HostGator.com LLC lbro...@hostgator.com Http://www.hostgator.com Http://support.hostgator.com/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPn0vfAAoJEF1Xw4ZWTEoJsKoQAK6OfTyORlqJnRYTdKFIQJue Jsh4ZgQlqGGNU7gqlqEbKWsJ7nn7rawWxZMM/XGoW7FBIjgZaO9fComu4kNS5iEi oxal2B9ruKaIc2lG/ZoJzXkfpSmoEsXQ6DOUFlXwkyrPySdZ9qSLs61GVZL/OCUq h42xlLQL8qF4pkrYUVwElclEs6vcRQY52DiPUuDz6hjtdOflTytpD9gkpXfPEgje SHFM+Lgdi82fLfBwtJkqCkztQ17+XQR1P3Xg4XK4B1TNyilCZO4UKs+7NpBVLHA7 iLySYWQokz+ZLhRrELkDWekGbF8fvSOug3ObsdqRseLTdevqkyNYEPw70DHzR8a1 /HxFIyknxTFsY/37W4BuT02h8+hNGOJUN2VWEc3E78Cf2Qdip2oUrleLppy8+g1J d7j/FH8KB7S2e/zJV/jMwT3DykUWzZEG5H/rVVxl3mwlp54+Od71pxh6WBHQU5I1 P14joF/9qKpO4ghwlDIbZ9OoYxAP78IQm6qbx1syty2HOHy2Rs0qlgflIvydjE1f LSLJWezdmwPtgC/onD6X++JP3+vTW1TGC4agSx6oxasaJqjuZrWm9vJ9dmca2pR/ CPdDSMavRynySCHRKoGiO34ZgzGDAmu+UoU2H00NMJH7Z54eIzBAyHURPO+tJ3KD LG/KR7ew2ayX36i5lcNk =UzLF -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/2012 7:14 PM, Augie Schwer wrote: > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 Netmask says what addresses are REACHABLE on that interface, not the addresses assigned to that interface. AlanC -- a...@clegg.com | acl...@infoblox.com 1.919.355.8851 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
Thanks for the reply, please see my previous e-mail about the address being perfectly pingable on that interface. We run PowerDNS and Unbound with a similar interface configuration without a problem, I'm sure Bind can too, I just need to know what the special config. option I'm missing is. Any help is appreciated, thank you. :) --Augie On Mon, Apr 30, 2012 at 4:36 PM, michoski wrote: > On 4/30/12 2:56 PM, "Augie Schwer" wrote: >> I must be doing something wrong, because what I want to do doesn't >> seem that difficult. >> >> I have a range of IPs bound to a local interface: >> >> lo:1 Link encap:Local Loopback >> inet addr:10.0.0.1 Mask:255.255.255.224 > > This isn't a /27 CIDR range, it's one IP alias with the wrong netmask. :-) > > IP aliases should generally have a 255.255.255.255 netmask, and you'd need > to configure aliases (ifcfg-lo:0, ifcfg-lo:1, etc.) for each IP in the range > you want to listen-on. > >> And I want to convince Bind to listen on sub-set of the given range ( >> 10.0.0.2 for example ), yet when I configure that IP: >> >> listen-on { 10.0.0.2; }; >> >> Bind won't listen on that interface: > > Yes, indeed, only 10.0.0.1 is up according to your ifconfig output. Once > you've fixed that, you should be able to use an IP range in your listen-on > statement as needed, for example: > > listen-on { !10.0.0.1; 10.0.0/24; }; > > The BIND ARM shows you listen-on's full syntax: > > http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.html > > Good luck. > > -- > Men use thought only to justify their wrong doings, > and speech only to conceal their thoughts. > -- Voltaire > -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/12 2:56 PM, "Augie Schwer" wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 This isn't a /27 CIDR range, it's one IP alias with the wrong netmask. :-) IP aliases should generally have a 255.255.255.255 netmask, and you'd need to configure aliases (ifcfg-lo:0, ifcfg-lo:1, etc.) for each IP in the range you want to listen-on. > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: Yes, indeed, only 10.0.0.1 is up according to your ifconfig output. Once you've fixed that, you should be able to use an IP range in your listen-on statement as needed, for example: listen-on { !10.0.0.1; 10.0.0/24; }; The BIND ARM shows you listen-on's full syntax: http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.html Good luck. -- Men use thought only to justify their wrong doings, and speech only to conceal their thoughts. -- Voltaire ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/30/2012 04:56 PM, Augie Schwer wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: > > "named[15035]: not listening on any interfaces" > is 10.0.0.2 bound to the server? can you show the ip address or ifconfig output ? - -- Larry Brower, CCNA Fedora Ambassador - North America Fedora Quality Assurance lbro...@fedoraproject.org http://www.fedoraproject.org/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPnyJPAAoJEF1Xw4ZWTEoJzecP/j6745eQs5TWT8+9p4k7L92p UF5pM65GSynCmh2KZk0VGLYuYCJNWGywsQU6S3CnsNAWE+a9TaL3I7ViKIrpRjId 0pp/4P4o8Jxi8/fkgG+wXnceOHsSklCKTV883ppKCwl1RJJfncNJQN1+p/bUhBgA 53rMNk0pzr6wAllS3LcqrbGoe3hBJj5hbI/snqw67zjvU4PsfgBi+SjYI0+j9paN edv2VhmN3qQvpJyQW2lMEVwxOLNAa4coClRYaqiOCz35Tg+ZykBVMU5W2jaByS6e qb2KX+Q+eOd6S6IQDT8C122yeHv9nik4Pl1LB6Om3hUEhoAr56BCSWbmPkIy72uC LtQkqWhtqU4706Bzq2Yf5SFpAJQI63ef1Bypm2N91gRhggFBkCcSWnzDXig/cVh+ XGDcXGzSnRCrpHz1uiKNO6rSmDPmd/eugTMGHNa/VTbqepIwIUhu1lLP9AswHWSa 3C3oqncA3CJO6+STryYtyLMtSx6BMtMgaDBJoDCJ1TZ9zAa9nFQlF1hybhsMstEP sgttF17hbgksoOXc0L7Lj1OMTvoClKwosfaEpzyfPJNwZhthG8a37SdNswf/PifF dHlxUniVLOyg4uj6jplzkD2GLFd5ZMwg74fISORh6guOQjNext+Vs/pZt5IvGmie Wi++mDbkUPhq6/9ZwGec =G6Ta -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
I think you've all missed the netmask there, 10.0.0.2 is in that range. augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 augie@augnix:~$ ifconfig lo:1 lo:1 Link encap:Local Loopback inet addr:10.0.0.1 Mask:255.255.255.224 augie@augnix:~$ ping 10.0.0.2 -c 1 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms Given all that, can anyone suggest a reason why Bind won't listen on that address? -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
cloud cache wrote: > > How to use nsupdate to dynamic update the SOA records? > For example, I want to update the zone's contact email and main NS server > name. Like this: $ dig +noall +answer soa fanf2.ucam.org fanf2.ucam.org. 3600IN SOA black.dotat.at. dot.dotat.at. 40 3600 600 604800 60 $ nsupdate -l > update add fanf2.ucam.org 3600 soa black.csi.cam.ac.uk fanf2.cam.ac.uk 41 > 3600 600 604800 60 > send > quit $ dig +noall +answer soa fanf2.ucam.org fanf2.ucam.org. 3600IN SOA black.csi.cam.ac.uk. fanf2.cam.ac.uk. 41 3600 600 604800 60 $ Tony. -- f.anthony.n.finchhttp://dotat.at/ Biscay: South backing east, 5 to 7. Moderate or rough, becoming slight or moderate. Thundery showers. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 30/04/2012 23:56, Augie Schwer wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 This means you've got 10.0.0.1 on the interface lo:1. You don't have 10.0.0.2 configured yet. You need to create extra virtual interfaces called lo:2, lo:3 and so on, and give them addresses 10.0.0.2 and 10.0.0.3 and so on. > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: > > "named[15035]: not listening on any interfaces" That's right, because 10.0.0.2 is not yet configured. -- Anand Buddhdev RIPE NCC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
Augie Schwer wrote: > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ) You can't do that without hacking the network stack, as far as I know. See for instance this rather old FreeBSD patch. Note that even this doesn't quite do what you want since it doesn't allow you to bind to a subset of a CIDR range configured on an interface. http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/12071 Tony. -- f.anthony.n.finchhttp://dotat.at/ Fisher, German Bight: North or northeast 3 or 4, occasionally 5. Slight or moderate. Fair. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On Mon, 30 Apr 2012, Augie Schwer wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: > > "named[15035]: not listening on any interfaces" > > Bind has no problem listening on 10.0.0.1 however, so there must be > some configuration option I am missing. > > Any help is appreciated. > > augie@augnix:~$ named -v > BIND 9.7.0-P1 Your interface output above doesn't show the other IP. Maybe you need to run something like: ifconfig lo:1 10.0.0.2 up ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
In message <2a078dfa10a22fe23c0ad67b92b58...@mail.mxes.net>, cloud cache writes: > Hello, > > How to use nsupdate to dynamic update the SOA records? > For example, I want to update the zone's contact email and main NS > server name. > > Thanks. update add zone ttl SOA . send Just make sure the serial is bigger than the current serial or it will be ignores. The old SOA will be removed as a side effect of the add. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dynamic update to SOA records
Hello, How to use nsupdate to dynamic update the SOA records? For example, I want to update the zone's contact email and main NS server name. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Convice Bind to listen on IP alias with a range of IPs.
I must be doing something wrong, because what I want to do doesn't seem that difficult. I have a range of IPs bound to a local interface: lo:1 Link encap:Local Loopback inet addr:10.0.0.1 Mask:255.255.255.224 And I want to convince Bind to listen on sub-set of the given range ( 10.0.0.2 for example ), yet when I configure that IP: listen-on { 10.0.0.2; }; Bind won't listen on that interface: "named[15035]: not listening on any interfaces" Bind has no problem listening on 10.0.0.1 however, so there must be some configuration option I am missing. Any help is appreciated. augie@augnix:~$ named -v BIND 9.7.0-P1 -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".
On 30/4/12 13:56 , Chris Thompson wrote: >> http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01 >> >> Being actively discussed on DNSOP list > > It *was* being actively discussed there, up until about 10 days ago. Since > then the participants seem to have stopped, maybe from sheer exhaustion, as > it was pretty clear that there were irreconcilable opinions on the subject. > > It may be worth noting in the bind-users context that ISC's [quick check - > what is he these days - ah yes...] Chairman & Chief Scientist expressed > fairly, well, negative opinions about negative trust anchors, which maybe > does not bode well for them ever appearing in BIND. Like lying resolvers or NXdomain redirection? And irrespectively of how much I disagree with these, this it not to say that one should never change his mind. Gilles ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Operational Notification -- Segmentation Fault in resolver.c Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0
Operational Notification -- Segmentation Fault in resolver.c Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0 Summary: ISC has discovered a race condition in the resolver code that can cause a recursive nameserver running BIND 9.6-ESV-R6, 9.7.5, 9.8.2, or 9.9.0 to crash with a segmentation fault. Authoritative-only servers are not affected, but recursive-only or recursive-authoritative hybrid servers are at risk of crashing because of this bug. Posting date: 30 April 2012 Program Impacted: BIND Versions affected: 9.6-ESV-R6, 9.7.5, 9.8.2, 9.9.0. Description: ISC is issuing an operational notification for users running ISC BIND 9.6-ESV-R6, 9.7.5, 9.8.2 or 9.9.0. A race condition has been discovered in resolver.c that can result in a recursive nameserver running one of these versions to crash with a segmentation fault. This defect is not considered a security issue, as no known method for deliberately triggering it exists. It depends on a matter of random timing between multiple threads executing the resolver code. However, the nature of the bug is such that the probability of encountering the crash condition eventually increases in proportion to the number of queries being resolved as well as the number of queries being resolved simultaneously. Consequently, busy recursing nameservers and nameservers with more threads processing simultaneously are at higher risk of encountering this bug. This defect was introduced accidentally in change #3241 which appeared for the first time in the specified release versions. Prior release versions (9.6-ESV-R5-P1, 9.7.4-P1, and 9.8.1-P1 and any earlier versions) are not affected by this bug. ISC is preparing replacement release versions with a delivery target of mid-May 2012 and a source code patch is currently available in the ISC Knowledge Base article: https://kb.isc.org/article/AA-00664 Solution: Authoritative-only servers do not need to address this issue. If you have not upgraded yet to the affected versions, postpone updating until they are replaced by 9.6-ESV-R7, 9.7.6, 9.8.3, or 9.9.1, which are to be released in mid-May 2012 and which will include a fix for this issue along with several minor bug fixes. If you have already upgraded a recursive server to one of the affected versions, you have the option of reverting to a prior release version, waiting for the May release of superseding packages including the fix, or applying the source code patch from ISC and rebuilding BIND. The source code patch can be found as an attachment to the ISC Knowledge Base article https://kb.isc.org/article/AA-00664 - Do you have Questions? Questions regarding this advisory should go to supp...@isc.org. - Additional information on our Operational Notifications is here: https://www.isc.org/software/notifications, and Phased Disclosure Process is here: https://www.isc.org/security-vulnerability-disclosure-policy Legal Disclaimer: Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be inferred. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of non-infringement. Your use of, or reliance on, this notice or materials referred to in this notice is at your own risk. ISC may change this notice at any time. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Max Client per Query
Hi, I need information about how works max client per query and client per query ? I want to limit number query done by a client. The usage of resources in my equipments is very high specially in my firewall. I appreciate your help about this. Saludos, Atentamente, Rafael J. Molina Q. Coord. Nacional de Operaciones - Redes L.A.N VP Operaciones Tecnicas Inter Barquisimeto - MSO - Venezuela Ext.: 5378 Tlf.: 58-251-3355378 Cel.: 58-414-5750321 www.inter.com.ve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".
On Apr 30 2012, Warren Kumari wrote: On Apr 26, 2012, at 2:51 PM, Jan-Piet Mens wrote: [...] From a Comcast talk at SATIN 2012 I believe they called that a "negative trust anchor", and IIRC, the author wanted to publish a draft of its operation. Haven't seen it yet though, and it's probably off topic as regards BIND. http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01 Being actively discussed on DNSOP list It *was* being actively discussed there, up until about 10 days ago. Since then the participants seem to have stopped, maybe from sheer exhaustion, as it was pretty clear that there were irreconcilable opinions on the subject. It may be worth noting in the bind-users context that ISC's [quick check - what is he these days - ah yes...] Chairman & Chief Scientist expressed fairly, well, negative opinions about negative trust anchors, which maybe does not bode well for them ever appearing in BIND. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users