dig +trace = Bad Referral orBad Horizontal referral

2016-09-16 Thread project722
I have an interesting problem. I started noticing that when I do a dig +trace against one of the domains we are authoritative for, we get errors from our nameservers for "Bad Referral" and you can see where it forwarded the request back up the namespace tree instead of giving the answer.

Re: Load balancer for Bind

2016-09-16 Thread bert hubert
On Fri, Sep 16, 2016 at 02:22:24PM +0100, Phil Mayers wrote: > I was mainly wondering about the comment: > > """ > dnsdist is still very fresh software. However, we are actively seeking Hi Phil, Thanks - that statement was accurate in March 2015 when we posted that item. I have now replaced it

Re: Load balancer for Bind

2016-09-16 Thread Phil Mayers
On 16/09/16 14:16, bert hubert wrote: Your question is justified of course. The history of dnsdist goes back to 2013. We spent most of 2015 ramping it up, and even as we were doing so it was already being deployed, pre-1.0.0. I was mainly wondering about the comment: """ dnsdist is still

Re: Load balancer for Bind

2016-09-16 Thread bert hubert
On Fri, Sep 16, 2016 at 02:03:31PM +0100, Phil Mayers wrote: > >Sorry for running advertisement here. But please know dnsdist is software > >neutral, it is not "powerdnsdist". > > I've never come across dnsdist before. Would you describe it as > production-ready? Hi Phil, A large CDN, one of

Re: Load balancer for Bind

2016-09-16 Thread Phil Mayers
On 15/09/16 15:49, bert hubert wrote: Sorry for running advertisement here. But please know dnsdist is software neutral, it is not "powerdnsdist". I've never come across dnsdist before. Would you describe it as production-ready? ___ Please visit

Re: BIND-RPZ and Views

2016-09-16 Thread Tony Finch
Anand Buddhdev wrote: > > In newer versions of BIND, you cannot share a writable file in different > views. This is a bad configurtion, and newer versions of BIND reject it. > Just use different file names. To clarify, you couldn't in older versions of BIND either! It would

Re: Load balancer for Bind

2016-09-16 Thread Daniel Stirnimann
> So what we recommend is using dnsdist to balance to your backends, and have > it prefer one backend when all things are equal. Then run multiple dnsdists > which each prefer a different backend. And then announce your dnsdist > service addresses a few times over BGP. +1 on this. We moved

Re: BIND-RPZ and Views

2016-09-16 Thread Anand Buddhdev
On 16/09/16 09:06, Tom wrote: Hi Tom, > Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views: > I configured view1 and view2. After configuring all rpz-zones in both > views, I had errors like this (slave file in view2 is already in use > from view1): > config: error:

BIND-RPZ and Views

2016-09-16 Thread Tom
Hi Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views: I configured view1 and view2. After configuring all rpz-zones in both views, I had errors like this (slave file in view2 is already in use from view1): config: error: /etc/named/named.conf:403: writeable file