Re: SRV query with no domain?

2012-08-16 Thread Christopher Cain 
Of course a dig query will fail without the domain appended.  Dig takes
you query at face value and will not append domains from your search
suffix list like nslookup and ping will.  You ALWAYS have to fully qualify
your requests when using dig.

Chris.

On 12-08-15 3:29 PM, "wbr...@e1b.org"  wrote:

>kevin wrote on 08/15/2012 12:52:18 PM:
>
>> I don't believe SRV lookups use the "search" directive in /etc/
>> resolv.conf; I think that's only for A (name-to-address) lookups.
>> But I could be wrong on that...
>
>Using host I was able to do a search for _sip._tcp for the search domain
>on my system (domain changed to example.org):
>
>wbrown@wbrown-D630:~$ host -t srv _sip._tcp
>_sip._tcp.example.org has SRV record 0 0 5060 tandberg-vcse.example.org.
>wbrown@wbrown-D630:~$ host -t srv _sip._tcp.example.org
>_sip._tcp.example.org has SRV record 0 0 5060 tandberg-vcse.example.org.
>
>Dig fails on same query without domain, succeeds if it is included:
>
>wbrown@wbrown-D630:~$ dig +short  _sip._tcp srv
>wbrown@wbrown-D630:~$ dig +short  _sip._tcp.example.org srv
>0 0 5060 tandberg-vcse.example.org.
>
>
>
>Confidentiality Notice:
>This electronic message and any attachments may contain confidential or
>privileged information, and is intended only for the individual or entity
>identified above as the addressee. If you are not the addressee (or the
>employee or agent responsible to deliver it to the addressee), or if this
>message has been addressed to you in error, you are hereby notified that
>you may not copy, forward, disclose or use any part of this message or
>any 
>attachments. Please notify the sender immediately by return e-mail or
>telephone and delete this message from your system.
>


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamic DNS Update depuis mes cartes ethernet

2011-04-27 Thread Christopher Cain 
If each of your three adapters get their IP's from DHCP, why don't you
configure the DHCP server to update DDNS instead of the client (i.e. - a
separate ddns-domainname statement for each DHCP subnet)?  That way you can
specify the zone to update dynamically based on the subnet each adapter gets
an IP from.

For example:

Adapter 1 will get an IP from Subnet A and the DHCP server will add a record
to the zone named a.zone.com.
Adapter 2 will get an IP from Subnet B and the DHCP server will add a record
to the zone named b.zone.com.
Adapter 3 will get an IP from Subnet C and the DHCP server will add a record
to the zone named c.zone.com.

Chris.



> -- Forwarded message --
> From: Flex Banana 
> To: bind-us...@isc.org, Users of ISC DHCP 
> Date: Wed, 27 Apr 2011 13:36:17 +0200
> Subject: Dynamic DNS Update depuis mes cartes ethernet
> Bonjour,
>
> J'aimerai mettre à jour mes zones via le méchanisme Dynamic DNS Update en
> fonction des machines qui se connectent sur mes différentes cartes réseau.
>
> Mon serveur est équipé de trois cartes ethernet avec différents subnet qui
> ne sont pas accessibles les uns des autres et j'ai besoin que les zones
> soient automatiquement mises à jour par les clients par l'adresse IP de la
> carte ethernet d'où le DHCP est distribué.
>
> En quelque sort j'ai besoin que l'adresse IP ci-dessous corresponde à
> l'adresse de la carte ethernet duquelle le DHCP est distribué:
>
> zone trucmuche.ch. { primary *10.1.1.100*; key clé_serveur; }
>
> J'utilise bind 9.7.3 avec dhcpd 4.2.1 sous openSUSE 11.4
>
> Merci infiniment et meilleures salutations
> Banana
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: continous DNS query to ROOT DNS server

2011-04-26 Thread Christopher Cain 
Babu - if that's the case, and if the DHCP servers are only configured to
use your BIND servers for DNS resolution, then perhaps its an issue with
Windows DHCP and not BIND (unless you have configured BIND to forward
un-auth RFC1918 to AS112 servers).

Chris.


> -- Forwarded message --
> From: babu dheen 
> To: bind-users@lists.isc.org, Chris Buxton 
> Date: Tue, 26 Apr 2011 22:13:24 +0530 (IST)
> Subject: Re: continous DNS query to ROOT DNS server
> Dear Chris,
>
> Actually this query is being sent by my DHCP server running in windows
> operating system.
>
> I have configured forwarders in DHCP towards my gateway DNS servers(running
> in Redhat BIND).
>
>
>
> --- On *Tue, 26/4/11, Chris Buxton * wrote:
>
>
> From: Chris Buxton 
> Subject: Re: continous DNS query to ROOT DNS server
> To: "babu dheen" , bind-users@lists.isc.org
> Date: Tuesday, 26 April, 2011, 9:17 PM
>
> Create RFC 1918 reverse zones for whatever parts of this address space
> you're using.
>
> Newer versions of BIND will do this automatically for you -- the zones
> are created without content. What version of BIND are you using?
>
> Chris Buxton
> BlueCat Networks
>
>
> On 4/26/11, babu dheen 
> http://in.mc1373.mail.yahoo.com/mc/compose?to=babudh...@yahoo.co.in>>
> wrote:
> > Dear Chris,
> >
> > Thanks for your quick response. But my concern is; why this query is
> > actually started going to AS112 servers.
> >
> > Is it because my DHCP servers do not maintain PTR record zone for all
> > internal IP address?
> >
> > I need to have a solution to stop this query at host level instead of
> adding
> > entry in DNS server
> >
> >
> > Regards
> > papdheen M
> >
> > --- On Tue, 26/4/11, Chris Buxton 
> > http://in.mc1373.mail.yahoo.com/mc/compose?to=chris.p.bux...@gmail.com>>
> wrote:
> >
> >
> > From: Chris Buxton 
> > http://in.mc1373.mail.yahoo.com/mc/compose?to=chris.p.bux...@gmail.com>
> >
> > Subject: Re: continous DNS query to ROOT DNS server
> > To: "babu dheen" 
> > http://in.mc1373.mail.yahoo.com/mc/compose?to=babudh...@yahoo.co.in>>,
> bind-users@lists.isc.org,
> "Kevin
> > Darcy" 
> > http://in.mc1373.mail.yahoo.com/mc/compose?to=k...@chrysler.com>
> >
> > Date: Tuesday, 26 April, 2011, 5:52 PM
> >
> >
> > They're not root servers.
> >
> > Add this to your named.conf, alongside your 'forwarders' statement:
> >
> > forward only;
> >
> > Chris Buxton
> > BlueCat Networks
> >
> >
> > On 4/26/11, babu dheen 
> > http://in.mc1373.mail.yahoo.com/mc/compose?to=babudh...@yahoo.co.in>>
> wrote:
> >> Hi,
> >>
> >> I understand that my system contacts AS112 server but not sure why my
> >> system
> >> is contacting AS112 ROOT servers
> >>
> >> Can you tell me what i need to do at server level to stop this. I read
> the
> >> RFC but no where it clearly mentioned why this is happening.
> >>
> >> I have already configured forwarders in my system to send query to my
> >> gateway DNS server(running in BIND). then why my system is not using
> >> gateway
> >> DNS either for reverse DNS query mapping?
> >>
> >> Regards
> >> babu
> >>
> >> --- On Tue, 26/4/11, Kevin Darcy 
> >> http://in.mc1373.mail.yahoo.com/mc/compose?to=k...@chrysler.com>>
> wrote:
> >>
> >>
> >> From: Kevin Darcy 
> >> http://in.mc1373.mail.yahoo.com/mc/compose?to=k...@chrysler.com>
> >
> >> Subject: Re: continous DNS query to ROOT DNS server
> >> To: 
> >> bind-users@lists.isc.org
> >> Date: Tuesday, 26 April, 2011, 12:32 AM
> >>
> >>
> >> On 4/25/2011 2:33 PM, babu dheen wrote:
> >>
> >>
> >>
> >>
> >>
> >> Dears,
> >>
> >>  I have DHCP server running in Windows Operating System(Windows 2003), i
> >> have configured forwarder towards gateway DNS server(running in redhat).
> >>
> >>  When i check the firewall hits for DHCP server i can see, my DHCP
> server
> >> is
> >> sending too many DNS query towards ROOT DNS servers(192.175.48.1,
> >> 192.175.48.6, 192.175.48.42 and etc)
> >>
> >>  Please guide us to stop this query at server level.
> >>
> >> Regards
> >> BabuThis is not a DHCP list.
> >>
> >> This is not a Microsoft list.
> >>
> >> Those aren't root nameserver addresses, they are AS112 addresses, see
> >> http://public.as112.net/node/8
> >>
> >> Apparently you didn't define your own RFC 1918 zones.
> >>
> >>
> >>
> >> - Kevin
> >>
> >>
> >> -Inline Attachment Follows-
> >>
> >>
> >> ___
> >> bind-users mailing list
> >> bind-users@lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> > --
> > Sent from my mobile device
> >
>
> --
> Sent from my mobile device
>
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
_

[SOLVED] Re: BIND9 SERVFAIL on some .gov addresses

2011-02-23 Thread Christopher Cain 
[forgot to change the digest subject before sending - sorry folks]

On Wed, Feb 23, 2011 at 12:30, Christopher Cain wrote:

> Ryan - thanks for the link.  This would have saved me quite a bit of
> troubleshooting time a few weeks back.
>
> Christopher Cain
> E: ch...@christophercain.ca
>
>
>
>> -- Forwarded message --
>> From: Ryan Novosielski 
>> To: bind-users@lists.isc.org
>> Date: Wed, 23 Feb 2011 11:39:41 -0500
>> Subject: Re: [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Take a look at this. It is somewhat confusing, but it is helpful and
>> should tell you right away if you definitely have a firewall issue (and
>> frankly there's little else it could be).
>>
>> https://www.dns-oarc.net/oarc/services/replysizetest
>>
>>
>>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-users Digest, Vol 782, Issue 5

2011-02-23 Thread Christopher Cain 
Ryan - thanks for the link.  This would have saved me quite a bit of
troubleshooting time a few weeks back.

Christopher Cain
E: ch...@christophercain.ca



> -- Forwarded message --
> From: Ryan Novosielski 
> To: bind-users@lists.isc.org
> Date: Wed, 23 Feb 2011 11:39:41 -0500
> Subject: Re: [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Take a look at this. It is somewhat confusing, but it is helpful and
> should tell you right away if you definitely have a firewall issue (and
> frankly there's little else it could be).
>
> https://www.dns-oarc.net/oarc/services/replysizetest
>
>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

2010-10-05 Thread Christopher Cain 
Dotan - Are zone transfers working correctly between ns1 & ns2?  Although
you have ns2 defined as a slave to ns1, your cat output of the zone on ns2
shows a zone with contents different from the master.  The slave zone is
missing a host record for ns1.  Is it possible the system trying to resolve
ns1 is querying ns2?

Christopher Cain
E: ch...@christophercain.ca
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Is 10.in-addr.arpa not recommended?

2010-09-27 Thread Christopher Cain 
Hi all.

I am setting up a new appliance-based DNS solution that will contain a fair
number of separately managed Windows DNS slave servers (in addition to the
DNS appliances that will handle the .

Currently there are just over 8000 host records that resolve to IP's in the
10.x.x.x space.  I am wrestling with whether or not I should create a single
10.in-addr.arpa zone or if I should create 256 /16 zones (i.e. -
0.10.in-addr.arpa to 255.10.in-addr.arpa).

The reason I want to encompass the entire 10 space is so new arpa zones will
not have to be defined on all servers (specifically on the Windows slaves)
if a new part of the 10 space is used at some point.

Any recommendations or comments would be greatly appreciated.

Thanks,

Christopher Cain
E: ch...@christophercain.ca
http://ca.linkedin.com/in/christophercain
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

DDNS Updates fail When More Than 15 Authoritative Servers (NS records) are listed in a Dynamically Updated Zone

2010-09-20 Thread Christopher Cain 
[I apologize in advance if this is a double post.  I'm not sure if my
original went through]

I was implementing ISC Bind 9.5 at a client site last month and had a single
zone that accepted DDNS updates only from the ISC DHCP service.

The environment consisted of a Master BIND server and almost 25 Windows
slave servers.  All DNS servers were listed as authoritative at first.  This
caused DDNS updates from DHCP to fail with the following message:

"Unable to add forward map from host.domain.com to 10.10.10.10: DNS format
error".

After spending quite a bit of time troubleshooting this issue with no luck,
I was finally successful with DDNS updates after I reduced the number of
authoritative servers for the dynamic zone to 15.  Since I have done this,
the issue has not resurface.

Can anyone help explain to me why this happened and if there is anything I
can do to avoid this from happening in the future?

Thanks,

Christopher Cain
E: ch...@christophercain.ca
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users