BIND with RPZ - CPU Affinity
All, Recently we put live some DNS Servers, The spec: 2x Xeon (total seen by OS 24CPU) 16GB RAM Ubuntu Server 12.04 We test limited number RPZ list BIND 9.8.1 (came with Ubuntu 12.04), and put it on the live network, the result is OK, all load is shared among 24 CPU, @10% usage Then in response to BIND Security Advisory (exploit), we upgraded it to 9.8. 5-P2, and we increase to RPZ list to a huge list (1,3M blacklist) But now the CPU load is seem to focus only on CPU0 (40%), and remaining CPU (1-23) only around 2% Any idea what may seems to be the problem, Best Regards, Arie Lendra Putra 陈维文 Description: Calligraphy -- Together is a beautiful word, Coming together is the Beginning, Keeping together is Progress Thinking together is Unity, Working together is Success image001.png___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how-to configure BIND or any DNS implementation for cloud infrastructure
From: Odimegwu David odimegwuda...@yahoo.fr Is it possible for one to configure BIND or any DNS implementation for the cloud? I was forced to search for this forum because the exigences of my situation necessitates a cloud. But yet, in a cloud: 1. I cannot be systems administrator, even if, I don't know yet, if the company can give me administrator privileges. 2. The IP address of the machine will not possibly be my own because the machine will be shared by numerous subscribers to the cloud infrastructure. 3. I know that like all other users, i will be given set of user privileges that are restrictive. So, i am doubtful if my intentions are possible? Although, the domain name and zone administration recourses to me. With this constraints, is it possible for cloud DNS to be possible? I have this site in mind: polarhome.com, where i intend paying for server space. This information should be provided by the service provider as it will vary from vendor to vendor. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
how-to configure BIND or any DNS implementation for cloud infrastructure
Is it possible for one to configure BIND or any DNS implementation for the cloud? I was forced to search for this forum because the exigences of my situation necessitates a cloud. But yet, in a cloud: 1. I cannot be systems administrator, even if, I don't know yet, if the company can give me administrator privileges. 2. The IP address of the machine will not possibly be my own because the machine will be shared by numerous subscribers to the cloud infrastructure. 3. I know that like all other users, i will be given set of user privileges that are restrictive. So, i am doubtful if my intentions are possible? Although, the domain name and zone administration recourses to me. With this constraints, is it possible for cloud DNS to be possible? I have this site in mind: polarhome.com, where i intend paying for server space. thanks odimegwu david ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how-to configure BIND or any DNS implementation for cloud infrastructure
What exactly are you looking for, DNS hosting? Regards, Sunday Olutayo - Original Message - From: Odimegwu David odimegwuda...@yahoo.fr To: bind-users@lists.isc.org Sent: Friday, August 30, 2013 5:01:02 PM Subject: how-to configure BIND or any DNS implementation for cloud infrastructure Is it possible for one to configure BIND or any DNS implementation for the cloud? I was forced to search for this forum because the exigences of my situation necessitates a cloud. But yet, in a cloud: 1. I cannot be systems administrator, even if, I don't know yet, if the company can give me administrator privileges. 2. The IP address of the machine will not possibly be my own because the machine will be shared by numerous subscribers to the cloud infrastructure. 3. I know that like all other users, i will be given set of user privileges that are restrictive. So, i am doubtful if my intentions are possible? Although, the domain name and zone administration recourses to me. With this constraints, is it possible for cloud DNS to be possible? I have this site in mind: polarhome.com, where i intend paying for server space. thanks odimegwu david ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: chroot /var/run permissions
Hi John, Perhaps you could try to chown directory /var/named to named drwxrwx--- 3 named named Edwin Lee - Original Message - From: jo...@primebuchholz.com To: bind-users@lists.isc.org Sent: Wednesday, August 28, 2013 2:38:11 AM Subject: chroot /var/run permissions Greetings, I'm upgrading my bind installation on one of my hosts, and everything seems to be working properly although I'm getting a permissions error/warning in the log on startup: Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open '/var/run/named.pid'. Aug 27 14:24:45 flotsam named[13746]: Please check file and directory permissions or reconfigure the filename. Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open '/var/run/named/session.key'. Aug 27 14:24:45 flotsam named[13746]: Please check file and directory permissions or reconfigure the filename. Aug 27 14:24:45 flotsam named[13746]: command channel listening on 127.0.0.1#953 Aug 27 14:24:45 flotsam named[13746]: the working directory is not writable Aug 27 14:24:45 flotsam named[13746]: all zones loaded This is in a chroot environment, and I'm starting a static-linked copy of named like this: /var/named/usr/sbin/named -t /var/named -u named. The permissions on the tree in questions are: /var/named/var: drwxrwx--- 3 root named 512 Aug 27 14:25 run /var/named/var/run: drwxrwx--- 2 root named 512 Aug 27 14:25 named After named starts, it creates /var/named/var/run/named.pid and /var/named/var/run/named/session.key with the following permissions: -rw-r--r-- 1 root named6 Aug 27 14:35 named.pid -rw--- 1 root named 102 Aug 27 14:35 session.key What I am I missing here? /var/named/var/run and /var/named/var/run/named have group write permissions, so it seems it *shouldn't* be complaining, and the resulting files should've been owned by named, shouldn't they? Thanks, -John -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND with RPZ - CPU Affinity
On 8/30/13 2:45 AM, Arie Lendra Putra wrote: 2x Xeon (total seen by OS 24CPU) 16GB RAM Ubuntu Server 12.04 We test limited number RPZ list BIND 9.8.1 (came with Ubuntu 12.04), and put it on the live network, the result is OK, all load is shared among 24 CPU, @10% usage Then in response to BIND Security Advisory (exploit), we upgraded it to 9.8.5-P2, and we increase to RPZ list to a huge list (1,3M blacklist) But now the CPU load is seem to focus only on CPU0 (40%), and remaining CPU (1-23) only around 2% Any idea what may seems to be the problem, Did you build the 9.8.5-P2 binaries yourself from ISC source or do you know what configure options were used? (If you're not sure, you can check by running named -V) You might check to make sure that threads are enabled, or enable them explicitly with ./configure --enable-threads (+whatever other options you built with previously) before re-building the source. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how-to configure BIND or any DNS implementation for cloud infrastructure
thanks. does cloudns use BIND or what do they use? Just found the site minutes after posting this question. thanks De : SUNDAY A. OLUTAYO olut...@sadeeb.com À : Odimegwu David odimegwuda...@yahoo.fr Envoyé le : Vendredi 30 août 2013 14h58 Objet : Re: how-to configure BIND or any DNS implementation for cloud infrastructure Try this www.cloudns.net for DNS hosting You can contact me if you need email hosting Regards, Sunday Olutayo From: Odimegwu David odimegwuda...@yahoo.fr To: SUNDAY A. OLUTAYO olut...@sadeeb.com Sent: Friday, August 30, 2013 5:42:43 PM Subject: Re: how-to configure BIND or any DNS implementation for cloud infrastructure yeah, DNS hosting with email MX support. I also wondering about IP address for the machines? thanks De : SUNDAY A. OLUTAYO olut...@sadeeb.com À : Odimegwu David odimegwuda...@yahoo.fr Cc : bind-users@lists.isc.org Envoyé le : Vendredi 30 août 2013 14h08 Objet : Re: how-to configure BIND or any DNS implementation for cloud infrastructure What exactly are you looking for, DNS hosting? Regards, Sunday Olutayo From: Odimegwu David odimegwuda...@yahoo.fr To: bind-users@lists.isc.org Sent: Friday, August 30, 2013 5:01:02 PM Subject: how-to configure BIND or any DNS implementation for cloud infrastructure Is it possible for one to configure BIND or any DNS implementation for the cloud? I was forced to search for this forum because the exigences of my situation necessitates a cloud. But yet, in a cloud: 1. I cannot be systems administrator, even if, I don't know yet, if the company can give me administrator privileges. 2. The IP address of the machine will not possibly be my own because the machine will be shared by numerous subscribers to the cloud infrastructure. 3. I know that like all other users, i will be given set of user privileges that are restrictive. So, i am doubtful if my intentions are possible? Although, the domain name and zone administration recourses to me. With this constraints, is it possible for cloud DNS to be possible? I have this site in mind: polarhome.com, where i intend paying for server space. thanks odimegwu david ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how-to configure BIND or any DNS implementation for cloud infrastructure
Hi David, Cloud DNS is not only possible, but desirable in many cases. A large anycasted provider can provide better latency and availability than most organizations. If you're looking for a hosted DNS solution, most will accept NOTIFY packets from a BIND instance. If you're just looking to run a nameserver hosted in EC2/Rackspace/etc., you can install whatever DNS server you like--you're managing the box yourself. John On Fri, Aug 30, 2013 at 12:01 PM, Odimegwu David odimegwuda...@yahoo.frwrote: Is it possible for one to configure BIND or any DNS implementation for the cloud? I was forced to search for this forum because the exigences of my situation necessitates a cloud. But yet, in a cloud: 1. I cannot be systems administrator, even if, I don't know yet, if the company can give me administrator privileges. 2. The IP address of the machine will not possibly be my own because the machine will be shared by numerous subscribers to the cloud infrastructure. 3. I know that like all other users, i will be given set of user privileges that are restrictive. So, i am doubtful if my intentions are possible? Although, the domain name and zone administration recourses to me. With this constraints, is it possible for cloud DNS to be possible? I have this site in mind: polarhome.com, where i intend paying for server space. thanks odimegwu david ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can I get the web sites for settings for BIND that you have mentioned in the past.
I had some of the web pages saved in Firefox for Bind installation and settings. I updated the video driver on desktop and got the black screen of death on restart. I hadn't had the time to switch over to Chrome and re-save the web pages from Firefox and lost them. The web pages you referenced looked a lot clearer than i.e. Ubuntu help partials of a few other sites. Thanks, Bruce G. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users