Re: New ideas about DNS
On 18 March 2015 at 07:23, Heamnath J hea...@gmail.com wrote: Hi their i need an new ideas for securing the bind dns server for centos 6.6 Securing which part? the CentOS system or the BIND DNS name server software/configuration? Have you read... Secure Domain Name System (DNS) Deployment Guide from NIST? http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 11:56, Matus UHLAR - fantomas wrote:
On 18.03.15 11:48, Constantin Stefanov wrote:
But in fact the configuration with only one writable file referenced
several times is suported now. If I write:
view view1 {
zone aaa.exampe.org {
masters {IP;};
file slave/aaa.exmaple.org;
};
};
view view2 {
zone aaa.exampe.org {
in-view view1;
};
};
then both views will refernce ther same writable file, won't they? Or am
I missing something about in-view directive?
And if I'm right, the only question is how to simplify the configuration
so not to have two definitions in two files for every slave zone which
is shared between views.
maybe you could put all those zone definitions into one file and include it
in each view.
I can't. It stopped working after upgrade to 9.10, but worked before
with 9.6. And the question is how to keep the config as simple as it was
before upgrade.
the only other way is stop using views...
--
Konstantin Stefanov,
Research Computing Center
M.V Lomonosov Moscow State University
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 13:22, Matus UHLAR - fantomas wrote: On 18.03.15 12:05, Constantin Stefanov wrote: I can't. It stopped working after upgrade to 9.10, but worked before with 9.6. And the question is how to keep the config as simple as it was before upgrade. I mean, the in-view definitions... On 18.03.15 13:10, Konstantin Stefanov wrote: So now I have to have two definitions for every slave zone in different files. Well, it is the thing I did, but I do not like it. Requirement to have 2 synced definitions in 2 different places leads to bugs. and what did you have before? multiple definitions of the same zones with the same filenames, which leads to bugs (although you were lucky not to encounter them) Yes, I was lucky and everything worked for me as I thought it had to be. now you can have: definitions of zones with filename in one general view file with definitions of zones with in-view. multiple inclusions of the file in multiple views. And now I am unlucky as I have to make my cofig more complex, confusing and bug-prone to achieve the same effect. But I'm lucky enough to have three options to choose how to spoil my config. the only other way is stop using views... ... you still can stop using views. And I can still stop using DNS. If I only could stop using views, I would not ask the question. -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.15 11:48, Constantin Stefanov wrote:
But in fact the configuration with only one writable file referenced
several times is suported now. If I write:
view view1 {
zone aaa.exampe.org {
masters {IP;};
file slave/aaa.exmaple.org;
};
};
view view2 {
zone aaa.exampe.org {
in-view view1;
};
};
then both views will refernce ther same writable file, won't they? Or am
I missing something about in-view directive?
And if I'm right, the only question is how to simplify the configuration
so not to have two definitions in two files for every slave zone which
is shared between views.
maybe you could put all those zone definitions into one file and include it
in each view.
the only other way is stop using views...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 13:02, Matus UHLAR - fantomas wrote: On 18.03.15 11:48, Constantin Stefanov wrote: then both views will refernce ther same writable file, won't they? Or am I missing something about in-view directive? On 18.03.2015 11:56, Matus UHLAR - fantomas wrote: maybe you could put all those zone definitions into one file and include it in each view. On 18.03.15 12:05, Constantin Stefanov wrote: I can't. It stopped working after upgrade to 9.10, but worked before with 9.6. And the question is how to keep the config as simple as it was before upgrade. I mean, the in-view definitions... On 18.03.15 13:10, Konstantin Stefanov wrote: So now I have to have two definitions for every slave zone in different files. Well, it is the thing I did, but I do not like it. Requirement to have 2 synced definitions in 2 different places leads to bugs. and what did you have before? multiple definitions of the same zones with the same filenames, which leads to bugs (although you were lucky not to encounter them) now you can have: definitions of zones with filename in one general view file with definitions of zones with in-view. multiple inclusions of the file in multiple views. the only other way is stop using views... ... you still can stop using views. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ideas for cloud server
On 18.03.15 14:18, Heamnath J wrote: How to change centos server as real time cloud server ?.. please be more specific. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
I see why it may lead to problems.
But in fact the configuration with only one writable file referenced
several times is suported now. If I write:
view view1 {
zone aaa.exampe.org {
masters {IP;};
file slave/aaa.exmaple.org;
};
};
view view2 {
zone aaa.exampe.org {
in-view view1;
};
};
then both views will refernce ther same writable file, won't they? Or am
I missing something about in-view directive?
And if I'm right, the only question is how to simplify the configuration
so not to have two definitions in two files for every slave zone which
is shared between views.
On 18.03.2015 1:25, Mark Andrews wrote:
Referencing the same writable file in multiple places in named can:
* lead to corrupted journals
* the wrong zone content being published in the wrong view
* named not being able to serve zone content when restarted when the
master is down
* content not showing up in a timely manner
* extra zone transfers recovering from the above
If you failed to experience one or more of these you were lucky.
There is a good chance that some of these things were happening and
you were not even aware.
We got bug reports about all of these events that were caused by
the same writable file being referenced multiple times.
Referencing the same writeable file multiple times has never been
a supported configuration. This is now being caught.
Mark
--
Константин Стефанов,
Лаборатория параллельных информационных технологий НИВЦ МГУ
тел. +7 (495) 939-23-41
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ideas for cloud server
How to change centos server as real time cloud server ?.. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.15 11:48, Constantin Stefanov wrote: then both views will refernce ther same writable file, won't they? Or am I missing something about in-view directive? On 18.03.2015 11:56, Matus UHLAR - fantomas wrote: maybe you could put all those zone definitions into one file and include it in each view. On 18.03.15 12:05, Constantin Stefanov wrote: I can't. It stopped working after upgrade to 9.10, but worked before with 9.6. And the question is how to keep the config as simple as it was before upgrade. I mean, the in-view definitions... the only other way is stop using views... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 13:02, Matus UHLAR - fantomas wrote: On 18.03.15 11:48, Constantin Stefanov wrote: then both views will refernce ther same writable file, won't they? Or am I missing something about in-view directive? On 18.03.2015 11:56, Matus UHLAR - fantomas wrote: maybe you could put all those zone definitions into one file and include it in each view. On 18.03.15 12:05, Constantin Stefanov wrote: I can't. It stopped working after upgrade to 9.10, but worked before with 9.6. And the question is how to keep the config as simple as it was before upgrade. I mean, the in-view definitions... So now I have to have two definitions for every slave zone in different files. Well, it is the thing I did, but I do not like it. Requirement to have 2 synced definitions in 2 different places leads to bugs. the only other way is stop using views... -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 16:12, Lightner, Jeff wrote: It isn't really that hard to maintain two separate zone files for each domain. We've been doing it for years. It isn't. But maintaining one file is easier. And having to maintain two after five years everything worked fine with one is annoying. It isn't really clear why you're using views if all your zone files are the same as you seem to imply. Here we do views specifically because for some domains the zone files DO need to be different between internal and external views. While others are the same as I noted before it is very easy to simply edit one file then copy it to the other. Not all my zones are identical, but most, and there is quite a bunch of them. The problem is that two files for identical zones can't be the same as they used to be. They must differ in file names for slave zone caches, or have 'in-view' directive. So simply copying does not work, otherwise 'include' would work fine. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Konstantin Stefanov Sent: Wednesday, March 18, 2015 6:31 AM To: bind-users@lists.isc.org Subject: Re: Single slave zone definition for two view (cache file name problem) On 18.03.2015 13:22, Matus UHLAR - fantomas wrote: On 18.03.15 12:05, Constantin Stefanov wrote: I can't. It stopped working after upgrade to 9.10, but worked before with 9.6. And the question is how to keep the config as simple as it was before upgrade. I mean, the in-view definitions... On 18.03.15 13:10, Konstantin Stefanov wrote: So now I have to have two definitions for every slave zone in different files. Well, it is the thing I did, but I do not like it. Requirement to have 2 synced definitions in 2 different places leads to bugs. and what did you have before? multiple definitions of the same zones with the same filenames, which leads to bugs (although you were lucky not to encounter them) Yes, I was lucky and everything worked for me as I thought it had to be. now you can have: definitions of zones with filename in one general view file with definitions of zones with in-view. multiple inclusions of the file in multiple views. And now I am unlucky as I have to make my cofig more complex, confusing and bug-prone to achieve the same effect. But I'm lucky enough to have three options to choose how to spoil my config. the only other way is stop using views... ... you still can stop using views. And I can still stop using DNS. If I only could stop using views, I would not ask the question. -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Single slave zone definition for two view (cache file name problem)
It isn't really that hard to maintain two separate zone files for each domain. We've been doing it for years. It isn't really clear why you're using views if all your zone files are the same as you seem to imply. Here we do views specifically because for some domains the zone files DO need to be different between internal and external views.While others are the same as I noted before it is very easy to simply edit one file then copy it to the other. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Konstantin Stefanov Sent: Wednesday, March 18, 2015 6:31 AM To: bind-users@lists.isc.org Subject: Re: Single slave zone definition for two view (cache file name problem) On 18.03.2015 13:22, Matus UHLAR - fantomas wrote: On 18.03.15 12:05, Constantin Stefanov wrote: I can't. It stopped working after upgrade to 9.10, but worked before with 9.6. And the question is how to keep the config as simple as it was before upgrade. I mean, the in-view definitions... On 18.03.15 13:10, Konstantin Stefanov wrote: So now I have to have two definitions for every slave zone in different files. Well, it is the thing I did, but I do not like it. Requirement to have 2 synced definitions in 2 different places leads to bugs. and what did you have before? multiple definitions of the same zones with the same filenames, which leads to bugs (although you were lucky not to encounter them) Yes, I was lucky and everything worked for me as I thought it had to be. now you can have: definitions of zones with filename in one general view file with definitions of zones with in-view. multiple inclusions of the file in multiple views. And now I am unlucky as I have to make my cofig more complex, confusing and bug-prone to achieve the same effect. But I'm lucky enough to have three options to choose how to spoil my config. the only other way is stop using views... ... you still can stop using views. And I can still stop using DNS. If I only could stop using views, I would not ask the question. -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: nsupdate and views
If you can't arrange for the source address of the nsupdate to fall within the match-clients of the view, you can always put a TSIG key in the match-clients for the view, and then sign the update with that key. - Kevin -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of David Covey Sent: Tuesday, March 17, 2015 10:06 PM To: bind-us...@isc.org Subject: nsupdate and views Hello all, I don't quite see how to dynamically manage multiple views of a zone. Specifically I have a zone name with both 'internal' and 'external' views that I'd like to manage with the nsupdate command. Is there a way to specify the zone+view using nsupdate? - David Covey Geophysical Institute, University of Alaska Fairbanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18 March 2015 at 13:30, Konstantin Stefanov cs...@parallel.ru wrote: It isn't. But maintaining one file is easier. And having to maintain two after five years everything worked fine with one is annoying. This highlights the need for a test environment, don't apply untested updates to production systems, it'll help you avoid running into issues like this where something in the product has changed and then you're forced to cobble together an ad-hoc solution to just fix it on-the-fly. Not all my zones are identical, but most, and there is quite a bunch of them. The problem is that two files for identical zones can't be the same as they used to be. They must differ in file names for slave zone caches, or have 'in-view' directive. So simply copying does not work, otherwise 'include' would work fine. Not sure whether BIND would detect this or not but what about using a hard link? Underlying file would be the same but filenames different (though with the caveat of these should be read-only master zones, no DDNS, not a slave zone) Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 16:55, Steven Carr wrote: On 18 March 2015 at 13:30, Konstantin Stefanov cs...@parallel.ru wrote: It isn't. But maintaining one file is easier. And having to maintain two after five years everything worked fine with one is annoying. This highlights the need for a test environment, don't apply untested updates to production systems, it'll help you avoid running into issues like this where something in the product has changed and then you're forced to cobble together an ad-hoc solution to just fix it on-the-fly. Did I say it is happening in production? I think I didn't, because it is a copy to test the upgrade, production is still running OK with 9.6. Not all my zones are identical, but most, and there is quite a bunch of them. The problem is that two files for identical zones can't be the same as they used to be. They must differ in file names for slave zone caches, or have 'in-view' directive. So simply copying does not work, otherwise 'include' would work fine. Not sure whether BIND would detect this or not but what about using a hard link? Underlying file would be the same but filenames different (though with the caveat of these should be read-only master zones, no DDNS, not a slave zone) The issue is that named started to detect it since, if I'm not mistaken, 9.7. It happened because such config was leading to bugs, but instead of fixing the bugs, the whole feature was prohibited. Hardlinks is not a solution. I do not care about additional disk space, what I care about is the need to have two configs with different file names (again the case with hardlinks) instead of one as it was with 9.6 -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 17:41, /dev/rob0 wrote:
On Wed, Mar 18, 2015 at 11:48:40AM +0300, Constantin Stefanov wrote:
I see why it may lead to problems.
But in fact the configuration with only one writable file
referenced several times is suported now. If I write:
view view1 {
zone aaa.exampe.org {
masters {IP;};
file slave/aaa.exmaple.org;
};
};
view view2 {
zone aaa.exampe.org {
in-view view1;
};
};
then both views will refernce ther same writable file, won't they?
No.
Or am I missing something about in-view directive?
Perhaps. The view2 reads zone data from view1, which in turn reads
data from the file (and its journal.) Notifies from the master are
directed to view1, which does the IXFR or AXFR and writes the
And what if notify will arrive from host which is in view2? I just
wonder, I don't think there is really a bug.
journal. There is no shared access to a journal.
So in fact they both read from the same writable file. Yes, technically
only one write reference for the file is there, others are just reading,
but the result is the same: one writable file is used for one zone in
several views. Of course it is a much more simpler design for
developers, than to allow concurrent writes.
And if I'm right, the only question is how to simplify the
configuration so not to have two definitions in two files for
every slave zone which is shared between views.
I can think of two possible ways to do what you want, each using
multiple, separate files for each zone (one file/journal per view.)
I don't believe either way exists right now, but perhaps one of these
ideas would make a reasonable feature request.
The first way would be if a view could have its own directory
option set. Then the relative paths in your example above would
point to different directories. The ARM is not explicit as to
whether or not this is possible, but some simple experimentation
would quickly determine the answer.
I think ARM is quite explicit that directory is only allowed in
'options' clause. But to be sure I tried to put 'directory' into view
and got an error
unknown option 'directory'
The second way definitely does NOT exist, and that would be to have
some kind of variable in the named.conf syntax to refer to the name
of the current view.
I thought of the same options, if you look at my message Matus UHLAR
(and the second suggestion was in my message which started the thread).
But I do not have needed skills to implement it myself.
--
Konstantin Stefanov,
Research Computing Center
M.V Lomonosov Moscow State University
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On Wed, Mar 18, 2015 at 11:48:40AM +0300, Constantin Stefanov wrote:
I see why it may lead to problems.
But in fact the configuration with only one writable file
referenced several times is suported now. If I write:
view view1 {
zone aaa.exampe.org {
masters {IP;};
file slave/aaa.exmaple.org;
};
};
view view2 {
zone aaa.exampe.org {
in-view view1;
};
};
then both views will refernce ther same writable file, won't they?
No.
Or am I missing something about in-view directive?
Perhaps. The view2 reads zone data from view1, which in turn reads
data from the file (and its journal.) Notifies from the master are
directed to view1, which does the IXFR or AXFR and writes the
journal. There is no shared access to a journal.
And if I'm right, the only question is how to simplify the
configuration so not to have two definitions in two files for
every slave zone which is shared between views.
I can think of two possible ways to do what you want, each using
multiple, separate files for each zone (one file/journal per view.)
I don't believe either way exists right now, but perhaps one of these
ideas would make a reasonable feature request.
The first way would be if a view could have its own directory
option set. Then the relative paths in your example above would
point to different directories. The ARM is not explicit as to
whether or not this is possible, but some simple experimentation
would quickly determine the answer.
The second way definitely does NOT exist, and that would be to have
some kind of variable in the named.conf syntax to refer to the name
of the current view.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 17:18, Matus UHLAR - fantomas wrote:
rOn 18.03.15 17:10, Konstantin Stefanov wrote:
The issue is that named started to detect it since, if I'm not mistaken,
9.7. It happened because such config was leading to bugs, but instead of
fixing the bugs, the whole feature was prohibited.
those bugs _were_ fixed: the in-view statement and prevention from using
the same file multiple times (I remember discussion about issues coming from
those here on the list).
you are complaining about your broken configuration worked.
Sorry, I gave up arguing with you.
Indeed, my configuration worked although broken. And now I can't make
the configuration as simple. Yes, the new 'in-view' makes the config
possible, but allowing simple configuration is a valuable feature in my
view.
Look at masters lists. You may write any config without it, simply by
repeating the same IPs where needed. But is masters lists a feature?
Ceratinly it is, it makes configuration easier and more maintainable.
The same is with my broken config. I am now able to have correct config
by repeating slave zones descrition twice.
But the feature 'ability to have only one description of common slave
zones' is now lost. And 'in-view' is not a substitution, as it again
requires two different description for one zone.
I'm trying to convey that in my view the feature here is not what
'in-view' solves. For me the feature that is lost allowed me to have
neat config.
A substitute could be, for example, some variable with view name to use
in file directive. If I could write somesthing like
zone aaa {
type slave;
file aaa.$viewname;
};
that would allow me to write simple config again. Other variants are
possible, for example allowing different 'directory' option setting for
different views, as it again making possible to point to different files
with the same line.
I see developers' point and understand why reference to a zone (in-view)
is easier to program and debug than finding when referencing two
writable files is correct and when it is not, and programming checks.
And disabling referencing two writable files seems to be clever way,
especially since there is new 'in-view' feature.
For me as an user 'in-view' make sense with three or more views (than I
would have two descriptions, one full and one with in-view) for any
number of view.
But in case of two views (my case) in-view feature gives almost nothing.
I still have to have two files, and waht difference: two with different
filenames or one with filename and one with in-view. The script for the
first case is even simpler.
So again, for me the feature that worked is lost without any equal
substitute.
If you think that feature is of no real worth - OK, I don't know if
having exactly two views with a load of identical zones is a frequent
case. But the only thing I want to say - that there was a feature that
is now lost. Maybe that feature existed only by an oversight, but I used
it for five years, and it worked (for me, again).
And thanks for spending your time.
--
Konstantin Stefanov,
Research Computing Center
M.V Lomonosov Moscow State University
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Weird ping/traceroute proxying effect
Finally our secondary's server BIND is working but not the ping/traceroute tools. Unless one server is up, ping/traceroute does not work on the secondary DNS. What do I need to find this issue? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Know how to listen, and you will profit even from those who talk badly.-Plutarch ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
rOn 18.03.15 17:10, Konstantin Stefanov wrote: The issue is that named started to detect it since, if I'm not mistaken, 9.7. It happened because such config was leading to bugs, but instead of fixing the bugs, the whole feature was prohibited. those bugs _were_ fixed: the in-view statement and prevention from using the same file multiple times (I remember discussion about issues coming from those here on the list). you are complaining about your broken configuration worked. Sorry, I gave up arguing with you. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Weird ping/traceroute proxying effect
In article mailman.1803.1426696022.26362.bind-us...@lists.isc.org, Jukka Pakkanen jukka.pakka...@qnet.fi wrote: Are you using IP addresses or domain names when testing? If it works with = IP address, but not with names, the sec. DNS server is lacking proper DNS s= ervices itself. Both name and IP Adresses resolve. That is the weird part. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc= .org] On Behalf Of The Doctor Sent: 18. maaliskuuta 2015 17:17 To: bind-us...@isc.org Subject: Weird ping/traceroute proxying effect Finally our secondary's server BIND is working but not the ping/traceroute = tools. Unless one server is up, ping/traceroute does not work on the secondary DNS= . What do I need to find this issue? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.= ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChris= t rising!=20 http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Kno= w how to listen, and you will profit even from those who talk badly.-Plutar= ch ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri= be from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Know how to listen, and you will profit even from those who talk badly.-Plutarch ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
On 18.03.2015 18:37, Reindl Harald wrote: Am 18.03.2015 um 16:31 schrieb Konstantin Stefanov: I wrote earlier and may repeat again. The feature for me is not using the same file, the feature is having a clear and maitainable config. In this case it means to have only one description for a zone. did you ever consider provisioning your configs template based? shouldn't be too hard to implement with a small sql database and a nice webinterface, we do that to automatically add no-mail SPF, null-MX, honeypot-backup-mx and what not for years with great success It's a definite overkill for me. I was quite happy with manually editing text configs several times a year. Now I'll write a script and will be a little less happy, but SQLs, webinterfaces, honeypots... No and no, I do not need it at all. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Konstantin Stefanov, Research Computing Center M.V Lomonosov Moscow State University ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Weird ping/traceroute proxying effect
Are you using IP addresses or domain names when testing? If it works with IP address, but not with names, the sec. DNS server is lacking proper DNS services itself. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of The Doctor Sent: 18. maaliskuuta 2015 17:17 To: bind-us...@isc.org Subject: Weird ping/traceroute proxying effect Finally our secondary's server BIND is working but not the ping/traceroute tools. Unless one server is up, ping/traceroute does not work on the secondary DNS. What do I need to find this issue? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Know how to listen, and you will profit even from those who talk badly.-Plutarch ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Single slave zone definition for two view (cache file name problem)
Am 18.03.2015 um 16:31 schrieb Konstantin Stefanov: I wrote earlier and may repeat again. The feature for me is not using the same file, the feature is having a clear and maitainable config. In this case it means to have only one description for a zone. did you ever consider provisioning your configs template based? shouldn't be too hard to implement with a small sql database and a nice webinterface, we do that to automatically add no-mail SPF, null-MX, honeypot-backup-mx and what not for years with great success signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
New ideas about DNS
Hi their i need an new ideas for securing the bind dns server for centos 6.6 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
