slave fail to ixfr from master
hi, Our slave can not get ixfr data from master, the soa number in the slave is smaller than one of the master and no responding lines are not found in the notity log. However, in the slave server, connections about both of them are found with tcpdump. to reboot the named can not fix the problem. Do you meet with the problem? how to fix it? Liu Mingxing___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave fail to ixfr from master
On Sun, Sep 14, 2014 at 04:40:52PM +0800, Liu Mingxing wrote: Our slave can not get ixfr data from master, the soa number in the slave is smaller than one of the master and no responding lines are not found in the notity log. However, in the slave server, connections about both of them are found with tcpdump. to reboot the named can not fix the problem. Do you meet with the problem? how to fix it? Show us the things you have described; host -C example.com shows all the listed NS hosts and their SOA records. Why are notifies (apparently) not being sent? Maybe this slave is not an NS host? (That's what also-notify in the master zone definition is for.) Also check that the master lists this slave in its allow-transfer setting, either in global options or in the zone definition. Also include logs and configuration from both master and slave, if this wasn't enough to get it figured out. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
1000's of zone using the same zone file in a blacklist
Hi List,
We are currently looking at using Bind in a DNS blacklist setup to block
adult content from a network. We can scale outwards as far as we want,
but it's the up sizing that has me worried.
Here is a sample of the zone definitions (names changed :) ):
zone domain1 { type master; file blocked_domain.zone; };
zone domain2 { type master; file blocked_domain.zone; };
zone domain3 { type master; file blocked_domain.zone; };
repeat that about 475000 times (not joking)
This causes named to use about 7gig of RAM and a reload time of about
+30 seconds. The conf file is 42meg big.
The zone that is loaded simply has the following:
$TTL600
@ IN SOA dns.domain dns.domain. (
2014091101
600
300
600
75 )
@ IN NS dns.domain.
@ IN A 127.1.1.1
* IN A 127.1.1.1
We are using the stock bind built by Ubuntu for 14.04, version
9.9.5.dfsg-3 to be exact.
Is there any way we can reduce the memory footprint/optimize this any
more ? Look ups are really fast and not a problem, just reload time and
memory used.
Thanks,
Pieter
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: 1000's of zone using the same zone file in a blacklist
On 15 September 2014 02:56, Pieter De Wit pie...@insync.za.net wrote: Is there any way we can reduce the memory footprint/optimize this any more ? Look ups are really fast and not a problem, just reload time and memory used. Look into using an RPZ instead of individual zone blacklists. Single zone file will load much faster than thousands of zones. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: slave fail to ixfr from master
The masters and slaves are in a private network. The zone update problem was found in only one slave server. I had checked the config file in the masters and slaves and no problems are found according to what you said. The problem disappeared when named was rebooted after deleting the zones the server hosts. Liu Mingxing From: /dev/rob0 Date: 2014-09-14 21:33 To: bind-users Subject: Re: slave fail to ixfr from master On Sun, Sep 14, 2014 at 04:40:52PM +0800, Liu Mingxing wrote: Our slave can not get ixfr data from master, the soa number in the slave is smaller than one of the master and no responding lines are not found in the notity log. However, in the slave server, connections about both of them are found with tcpdump. to reboot the named can not fix the problem. Do you meet with the problem? how to fix it? Show us the things you have described; host -C example.com shows all the listed NS hosts and their SOA records. Why are notifies (apparently) not being sent? Maybe this slave is not an NS host? (That's what also-notify in the master zone definition is for.) Also check that the master lists this slave in its allow-transfer setting, either in global options or in the zone definition. Also include logs and configuration from both master and slave, if this wasn't enough to get it figured out. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
