Re: Public facing authoritative NS all masters
Please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show "under" the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread. Instead, save the list address and start a completely new message. hope this helps, Doug ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IP2Location instead of Maxmind
On Sat, Jul 12, 2014 at 06:31:34PM +0200, Ali Jawad wrote: > Hi > I am using 9.10 with geoIP, however the subscription based Maxmind database > does have quite a number of mistakes that are correct in IP2location > "judging from domaintools.com", can I use iP2location instead of Maxmind ? If they use the same database format, and it can be read with libGeoIP, then sure. If they don't use the same database format, there's an open source tool called "geoip-csv-to-dat" that you can use to roll a libGeoIP country database from text input. Maybe you could take the ip2location data and create a usable database from it. I'm not aware of any tools that can create the other libGeoIP database types (city, region, ISP, etc) -- last time I looked, only country worked. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
IP2Location instead of Maxmind
Hi I am using 9.10 with geoIP, however the subscription based Maxmind database does have quite a number of mistakes that are correct in IP2location "judging from domaintools.com", can I use iP2location instead of Maxmind ? Regards ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave zone files unreadable
On 7/12/14, 5:33 AM, Reindl Harald wrote: > Am 12.07.2014 04:48, schrieb Alan Clegg: >> nsupdate >> >> If BIND is installed, no dependencies and about as flexible as you can get > > i talk about web-interfaces generating complete zonefiles from > scratch out of a records table, orchestrating 4 remote nameservers > with the data which must be also maintainable by normal operators > [...] Believe it or not, I've done setups like what you ask for using database backends, web front-ends and multiple "remote" servers with the DNS infrastructure being maintained nearly completely using nsupdate. I wasn't providing a full implementation, that costs money. AlanC signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Public facing authoritative NS all masters
Am 12.07.2014 16:11, schrieb Gary Wallis: > DNS experts, > > What are the drawbacks, if any, of running only master name servers for the > set of authoritative NSs? > > For example given: > > [root@rc37 unxsVZ]# dig latimes.com NS +short > dns1.tribune.com. > dns2.tribune.com. > dns4.tribune.com. > dns3.tribune.com. > > Where all 4 dnsN servers are in fact masters (this is just a hypothetical, > the NS above are most likely secondary > servers) practically none if all is going fine if you are making a config mistake preventing named to work it makes a difference because the master goes down and the slaves have no chance to pull the mistake been there done that for ISP breaking zone-transfer reasons __ example: * subdomain1.example.com -> CNAME to whatever * later a mailsub-domain get addeded * you add MX subdomain1.example.com * named won't load that zone because CNAME and others are not allowed * the slave has no chance to pull such breakage well, that mistake happened years ago and needed to be fixed in our dns-backend to not allow, however at that time the secondary nameserver was a slave and nothing happened if both would have been configured as master and get the same input the zone would have gone offline signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Public facing authoritative NS all masters
DNS experts, What are the drawbacks, if any, of running only master name servers for the set of authoritative NSs? For example given: [root@rc37 unxsVZ]# dig latimes.com NS +short dns1.tribune.com. dns2.tribune.com. dns4.tribune.com. dns3.tribune.com. Where all 4 dnsN servers are in fact masters (this is just a hypothetical, the NS above are most likely secondary servers) Thank you! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave zone files unreadable
Am 12.07.2014 04:48, schrieb Alan Clegg: > On 7/11/14, 9:41 PM, Reindl Harald wrote: > >> i am one of that people because no other software >> is flexible enough or comes with dependency hell > > nsupdate > > If BIND is installed, no dependencies and about as flexible as you can get i talk about web-interfaces generating complete zonefiles from scratch out of a records table, orchestrating 4 remote nameservers with the data which must be also maintainable by normal operators and last but not least perfectly integrated in already self developed admin backends for other services - well, and since the nameservers are pulling ready-to-use zone-content via cronscript additional nameservers could be added without touch anything but sql permissions on the internal infrastructure "This allows resource records to be added or removed from a zone without manually editing the zone file" don't create you a zone from scratch based on database records nor adds it the zone from "named.conf" or would remove it based on a webbackend such command line tools are nice but not useable to do the same as a database backed webinterface maintaining 4 nameservers with different IP addresses for two of them in case of otherwise mirrored records for each zone - how do you integrate this in cronjobs? in our case the cronjob pulls the complete zone-content out from a database and writes it to disk, the single records are to re-create the two textfields with the zone internal and WAN additionally it's completly error-prone implement that way triggers like "oh that domain got recently a mail-address in DBMail so now we add a MX record if not already there as well as autoconfig and autodiscover in the database via the DNS-API class" which does codewise the same as if you would add that 3 records in the webUI signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave zone files unreadable
On 12/07/2014 11:08, Mark Andrews wrote: The real problem is humans. They like to tinker with files (hence the subject line). There really shouldn't be a reason for anyone to need to read slave database files. They are there so named can have the zone content when it starts up rather than having to re-transfer the content at startup. If you need the contents of the zone axfr them from the server. That way you actually get up to date content not 15 minute old content. If we could get people away from wanting to use a editor on master files directly we would. The practice is highly error prone even for experts. Most management systems in hosting comps typically open file < blah EOF and stuff, so maybe 99.% of the internet :D (of course these, and those of us who know how to write them by hand have no trouble - because we all learnt the hard way at some time) Also, I may be having a blonde moment (got a nasty case of te flu at present) but whatever happened to the once discussed advantages of having bind load zone files in the same way Apache httpd does using (Include/IncludeOptional sompath_under_"directory"/* ), if the zone is there it loads it, if not, it doesnt/ignores it - not just bail out completely, that removes the dangers of a corrupted named.conf with tens of thousands of zones. Testing showed with 11.5K hosts, the load time was only 3 or so seconds longer IIRC (maybe less), not bad for peace of mind ('n yes I know in DNS 3 seconds is a long time, but WTF takes pri and sec's offline at same time (ok I guess the clowns who run them both on hte same cheap over subscribed VPS but thats another rant for another day) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users