RE: Digging to the final IP

2014-10-20 Thread Frank Bulk (iname.com) 
We’re using this in a bash shell script.  I don’t think there’s a native shell 
command to get the IP, so I’ll use a mixture of host and dig as necessary.

 

Thanks,

 

Frank

 

From: Fajar A. Nugraha [mailto:w...@fajar.net] 
Sent: Sunday, October 19, 2014 11:04 PM
To: Frank Bulk
Cc: comp-protocols-dns-b...@isc.org
Subject: Re: Digging to the final IP

 

What are you using this for?

 

If it's part of a script, it might be easier to just use gethostbyname. For 
example, in php: http://php.net/manual/en/function.gethostbyname.php , Returns 
the IPv4 address or a string containing the unmodified hostname on failure.

 

-- 

Fajar

 

 

On Mon, Oct 20, 2014 at 10:43 AM, Frank Bulk frnk...@iname.com 
mailto:frnk...@iname.com  wrote:

Thanks, what I ended up using.

Didn't think that there was anything host could do that dig couldn't do.

Frank


-Original Message-
From: bind-users-boun...@lists.isc.org 
mailto:bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org 
mailto:bind-users-boun...@lists.isc.org ] On Behalf Of Barry Margolin
Sent: Sunday, October 19, 2014 5:00 AM
To: comp-protocols-dns-b...@isc.org mailto:comp-protocols-dns-b...@isc.org 
Subject: Re: Digging to the final IP

In article mailman.1097.1413711142.26362.bind-us...@lists.isc.org 
mailto:mailman.1097.1413711142.26362.bind-us...@lists.isc.org ,
 Sten Carlsen st...@s-carlsen.dk mailto:st...@s-carlsen.dk  wrote:

 Would host be closer to what you want?

Host also tells you about aliases it encounters along the way.



 --
 Best regards

 Sten Carlsen

 No improvements come from shouting:

   MALE BOVINE MANURE!!!

  On 19 Oct 2014, at 08:05, Karl Auer ka...@biplane.com.au 
  mailto:ka...@biplane.com.au  wrote:
 
  On Sun, 2014-10-19 at 00:26 -0500, Frank Bulk wrote:
  Is there a dig option that will list out the final (IPs) or query
result??
  By default, even with +short, it can list intermediate CNAME(s) and not

  what
  IP(s) that CNAME may have.
 
  Not great, but might be enough to be helpful:
 
dig +nonssearch $1 | egrep -i STATUS|^$1
 
  Regards, K.
 
  --
  ~~~
  Karl Auer (ka...@biplane.com.au mailto:ka...@biplane.com.au )
  http://www.biplane.com.au/kauer
  http://twitter.com/kauer389
 
  GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
  Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
 
 
  ___
  Please visit https://lists.isc.org/mailman/listinfo/bind-users to
  unsubscribe from this list
 
  bind-users mailing list
  bind-users@lists.isc.org mailto:bind-users@lists.isc.org 
  https://lists.isc.org/mailman/listinfo/bind-users

--
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org mailto:bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org mailto:bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users

 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Compromised BIND?

2011-05-31 Thread Frank Bulk - iName.com 
Yes, this message arrived in my Inbox 44 minutes after it was sent.

Frank

-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Warren Kumari
Sent: Tuesday, May 31, 2011 4:59 PM
To: Warren Kumari
Cc: bind-users@lists.isc.org
Subject: Re: Compromised BIND?

Does anyone else find the bind-users list to be very slow?

webster.isc.org (localhost [IPv6:::1]) Tue, 31 May 2011 19:48:30 + -
webster.isc.org (webster.isc.org) Tue, 31 May 2011 20:52:09 +

Or is it just me seeing this?

W


On May 31, 2011, at 4:17 PM, Warren Kumari wrote:


 On May 31, 2011, at 3:22 PM, Kevin Darcy wrote:

 On 5/31/2011 2:38 PM, Supersonic wrote:
 I have a BIND 9.8.0-P2 server instance running on a production server.

 Doing what, exactly? Resolving internal names only? Resolving Internet
names? Acting as an authoritative server for internal clients? Internet
clients? Some combination of the above?

 My firewall is showing repeated attempts by named.exe to connect to IP
addresses in foreign countries on ports , 6667 and 6669 - common IRC
ports used by worms/trojans/zombies. Checking my named.exe file, it shows
that it is unchanged from the installation source. Is this connection
normal? Should I be allowing it?

 TCP connections or UDP packets?

 If you're serving authoritative data to Internet clients, then my guess
is your firewall simply isn't stateful enough to realize that these are
responses to DNS queries that originally came in from Internet clients using
those port numbers. Just because they are common IRC ports used by
worms/trojans/zombies doesn't preclude them from also being chosen at
random as the source ports of incoming queries to your nameserver. Responses
go back to the same port from which the query was received.


 Can you make a distribution of ports and see if it contacts other port
numbers with approximately the same frequency? I'm guessing this is just the
FW / IDS being helpful

 W


 If they're outgoing TCP connections, I'd be worried. Offhand, I can't
think of any legitimate reason why named would be trying to TCP-connect to
any port other than 53.


- Kevin


 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users


 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Nslookup not showng TTL

2009-10-15 Thread Frank Bulk - iName.com 
You can do an ipconfig /displaydns to see some TTL info.

Frank

-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of John Horne
Sent: Thursday, October 15, 2009 3:07 AM
To: Bind users
Subject: Nslookup not showng TTL

Hello,

Using BIND 9.5.1 it seems that the nslookup command is not showing the
TTL value of found records. It makes no difference if I set 'debug' or
'd2'. Example:

==
nslookup
 set debug
 www.plymouth.ac.uk
Server: 127.0.0.1
Address:127.0.0.1#53


QUESTIONS:
www.plymouth.ac.uk, type = A, class = IN
ANSWERS:
-  www.plymouth.ac.uk
canonical name = extranet.plymouth.ac.uk.
-  extranet.plymouth.ac.uk
internet address = 141.163.163.185
AUTHORITY RECORDS:
-  plymouth.ac.uk
nameserver = dns0.plymouth.ac.uk.
-  plymouth.ac.uk
nameserver = dns1.plymouth.ac.uk.
ADDITIONAL RECORDS:
-  dns0.plymouth.ac.uk
internet address = 141.163.1.250
-  dns1.plymouth.ac.uk
internet address = 141.163.177.1

www.plymouth.ac.uk  canonical name = extranet.plymouth.ac.uk.
Name:   extranet.plymouth.ac.uk
Address: 141.163.163.185

==


How can I see the TTL value using nslookup?



Thanks,

John.

-- 
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

NS validation?

2009-02-07 Thread Frank Bulk - iName.com 
A business customer of ours could not change their DNS entry at Register.com
from ns1.mtcnet.net/ns1.netins.net.

After 10 failed attempts thru register.com to register domain
to ns1.mtcnet.net and ns1.netins.net, I contacted Register.com
and escalated this call to their highest tech authority.  I
found out that Register.com uses 'VeriSign' as its DNS
Registered Validator.  Apparently when I transferred this domain
name from a different registrar I was supposed to use a
special DNS Registration thru VeriSign option (who knew?) then
transfer this to register.com

For some reason VeriSign doesn't have NS1.MTCNET.NET on its
list as registered DNS.  Go figure.

Ever heard of this before?

Frank

attachment: winmail.dat___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: SERVFAIL issues

2009-01-20 Thread Frank Bulk - iName.com 
My bad.  Let me restate the request -- that all the information available
via XML in the HTML statistics channel is also printed out when issuing
rndc stats.

Frank

-Original Message-
From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.
org] On Behalf Of Barry Margolin
Sent: Monday, January 19, 2009 9:47 PM
To: comp-protocols-dns-b...@moderators.individual.net
Subject: Re: SERVFAIL issues

In article gl3gns$1is...@sf1.isc.org,
 Frank Bulk frnk...@iname.com wrote:

 Sorry for not being more clear.  It's my understanding that rndc stats
 dumps only a subset of what ARM provides.

You still don't make sense.  ARM is documentation, it doesn't provide
any statistics.  ARM = Administrator's Reference Manual for BIND.


 Regards,

 Frank

 -Original Message-
 From: JINMEI Tatuya / 神明達哉 [mailto:jinmei_tat...@isc.org]
 Sent: Monday, January 19, 2009 1:38 PM
 To: Frank Bulk
 Cc: bind-us...@isc.org
 Subject: Re: SERVFAIL issues

 At Sat, 17 Jan 2009 00:37:25 -0600,
 Frank Bulk frnk...@iname.com wrote:

  Thanks for the info -- is there a way that there can be feature parity,
at
  least in terms of stats reported, between ARM and rndc stats?

 I don't understand the question...what do you mean by 'feature parity
 between ARM and rndc stats'?

 Anyway, the fact is that the ARM describes both the output of 'rndc
 stats' and the output from a HTML statistics channel (to some
 extent).  In general, what is described in the ARM should be
 consistent with the actual behavior.  Of course, there can always be
 a discrepancy between a manual (ARM) and the software behavior as long
 as it's done by a human.  Please file a bug report if you find one.

 ---
 JINMEI, Tatuya
 Internet Systems Consortium, Inc.

 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: SERVFAIL issues

2009-01-16 Thread Frank Bulk - iName.com 
Yes, I read that last night before posting.  I changed it to 256M.  Is
there a way using rndc to see if that took?  

And how do I see how much of the cache has been used?  I don't want to
provision more than necessary.  This server acts as a secondary DNS entry
for about 6000 broadband customers and is an authoritative DNS server for
100+ domains.

Frank

-Original Message-
From: Fr34k [mailto:freaknet...@yahoo.com] 
Sent: Friday, January 16, 2009 8:45 AM
To: frnk...@iname.com; bind-users@lists.isc.org
Subject: Re: SERVFAIL issues

Hello,

Has the max-cache-size setting in named.conf been considered?

If not, note that in early releases of 9.5.x max-cache-size is 32M by
default instead of unlimited as in 9.4.x

From the CHANGES file with the bind-9.5.0-P2 source:
max-cache-size defaults to 32M

Using:
max-cache-size 0 ;
will restore previous behavior (unlimited).

The ultimate setting would need to be considered for the environment BIND is
running in.

FWIW, we use max-cache-size 0 ; without issue.

You can search this list archives for max-cache-size for previous
discussions on this.

Thanks.



- Original Message 
From: Frank Bulk frnk...@iname.com
To: bind-users@lists.isc.org
Sent: Thursday, January 15, 2009 6:57:10 PM
Subject: SERVFAIL issues

http://marc.info/?l=bind-usersm=122239920822324w=2
http://marc.info/?l=bind-usersm=122243068905656w=2

We upgraded to 9.5.0-P1 when the Kaminsky DNS vulnerability was announced
and have had intermittent issues with SERVFAIL problems for some DSL modems
that don't properly fail over to a secondary DNS server.  A packet capture
showed that certain domains would result in a SERVFAIL, and once that domain
was identified, if we did a dig against it we had the same result.  We've
had to stop and start the named service about half a dozen times this fall
to resolve the issue.

We upgraded to 9.5.0-P2 in early November, hoping that this issue would be
resolved.  But today we experienced the problem again.  A customer couldn't
query a site, although everything seemed correct.  I captured all their
traffic and the trace showed that the DNS server was issuing a SERVFAIL.  I
stopped and then started named and immediately all was well.  Since we
sometimes reload named when adding/modifying domains, or at other times use
rndc, I'm not sure if that cleared things up such that this is the first
time I recall having this problem in 2 months.

Is this intermittent SERVFAIL issue resolved in 9.5.1-P1?

Frank


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users