Re: zone files in bind-9.9
于 2013-1-6 21:53, Carsten Strotmann 写道: you can use named-compilezone to convert from RAW-Format to Text-Format. Or you can use dig with axfr to get a zone-transfer from the server (dig @server axfr zone.tld). You can change the format for writing zone files in the named.conf if you prefer the text format files. Thanks for the kind info Carsten. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
Another question, since the zone files are raw format now, how can we edit the zones? I use nsupdate only so it's not a problem, but for editting by hand, how to? Thanks. 于 2013-1-6 21:53, Carsten Strotmann 写道: you can use named-compilezone to convert from RAW-Format to Text-Format. Or you can use dig with axfr to get a zone-transfer from the server (dig @server axfr zone.tld). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
于 2013-1-7 10:44, Mark Andrews 写道: Master zones still use text format by default. Slave zones use raw format by default. You are not expected to edit slave zones. OK I see. that's right. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
于 2013-1-3 19:06, Joerg Stephan 写道: So we are seeking a way to distribute the named.conf.x for the several zonfiles. Currently this is solved by powerdns via mysql replication. Is there any tool in bind we could use. Generating the conf file and syncing via ssh/rsync is discussed on our side, and we hoped that there is a nicer way. #1 BIND also has the feature called DLZ, which run with a database backend. So you could use database replication to get the zones synced the same way as powerdns. #2 if you do run BIND with static zone files, thus you could run a CGI to create/delete zones from the file on each remote nameserver host. My site www.dnsbed.com is doing this way. #3 A question is, why you switch from powerdns to BIND? is there any items to share? thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
nsupdate for default TTL
Hi Is there a way to dynamic update the zone's default TTL by nsupdate? Thanks and Merry Xmas! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate for default TTL
于 2012-12-26 22:12, Carsten Strotmann 写道: Because there is no concept of a default TTL in a loaded zone, you can only change the dedicated TTLs on each individual resource record using the nsupdate tool. Thanks Carsten. Happy new year! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Just wondering if BIND can do GLB -Global Load Balancing Stuff?
I once maintained two F5-BIGIP-GTM boxes a coupe of years ago, at that time they called as F5 3DNS. GTM does have a BIND installed, but that means nothing. Its GSLB DNS module is not BIND, but a customized module in Linux kernel. Among with this module there are some scheduler methods to balance the requests, for example, based on the locations or QoS or something others. This kernel module intercepts DNS request IMO, if a record should have to be balanced by GTM, the kernel module will response it based on the chosen scheduler. Otherwise records will responsed by BIND. 于 2012-12-12 21:23, Manish Rane 写道: Can BIND work as a Global Load Balancer? Or I am keen to know about constructing GTM kindaa stuff which can monitor the health of devices and route away traffic from failed ones by putting lower TTL value? I believe F5 3DNS does the same thing? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can we load balance trafgic for CNAME records?
于 2012-12-14 13:27, Manish Rane 写道: Like say i need to play with mail services and I have 2 ISPs.say ISP A and ISP B. MX 10 mail.example.com http://mail.example.com 20.20.20.20 (from isp A) Mx 20 mail01.example.com http://mail01.example.com 30.30.30.30 (from isp B) CNAME cas.example.com http://cas.example.com mail.example.com http://mail.example.com 20.20.20.20 mail01.example.com http://mail01.example.com 30.30.30.30 A cname host can't be pointed to two hostnames. Now when users wil confugure their mail boxes they will use cas.example.com http://cas.example.com. Can I load balance the traffic for cas.example.com http://cas.example.com? If you want the traffic balance, I think the two MXes should take the same priority. i.e, xxx.com. 900 IN MX 5 mx1.xxx.com. xxx.com. 900 IN MX 5 mx2.xxx.com. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can we load balance traf[f]ic for CNAME records?
于 2012-12-14 17:14, Manish Rane 写道: I understand that Mail Delivery load balance can be achieved by usingMX priorities. My concern is not that, rather I am more worries about users who will be using A record to configure their mail clients like IMAP or POP. I am thinking on load balancing their since I want users to access the both the ISPs to connect. I can have A/CNAME? record configured in my zone with *lower TTL value say 180* so that if any of the link goes down I can edit the zone and have the faulty entry removed which eventually would cost me less downtime. That way I dont need to do any configuration at client end since the A/CNAME record is gonna be the same. That is why I was wondering if A or CNAME can be configured for two different IP addresses which also holds MX Records and thus configure the load balancing by that way? There are two ways of setup that. the first, for example, imap.example.com has two A records, imap.example.com. 900 IN A 11.22.33.44 imap.example.com. 900 IN A 55.66.77.88 If one server go down, half of the users have the chance to use the another one. the second, imap.example.com has only one A record, imap.example.com 900 IN A 11.22.33.44 when this server go down, you change the record value to another IP by hand. that's no problem for the clients ,but you must do it by hand. Or write a script to do this automatically for you. Regards. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I migrate my Domain from ISP hosted to my own BIND server?
于 2012-12-14 17:55, Manish Rane 写道: I need to migrate my domain which is hosted at my ISP on to my own internal BIND server and have my own NS record. Does anyone steps I need to take care of or complete procedure? you'd better pick up a book to read for the begin :) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: is there a also-allow-transfer
Hello Mark, My named.conf looks as: acl NAMESVR { 74.81.81.82; }; options { directory /var/cache/bind; recursion no; version unknown; allow-transfer { NAMESVR; }; also-notify { NAMESVR; }; allow-update { 127.0.0.1; }; }; # zone begins zone test.com { type master; file /var/cache/bind/test.com.db; allow-transfer { NAMESVR; 74.81.81.81; }; also-notify { NAMESVR; 74.81.81.81; }; }; When I run named-checkconf I got the error: # named-checkconf /etc/bind/named.conf:8: expected IP address near 'NAMESVR' Please help. Thanks. 于 2012-12-13 15:23, Mark Andrews 写道: In message 50c9818e.2060...@nsbeta.info, Feng He writes: Hello, I have the allow-transfer{} section in the global options{} block. But for a special zone, I want to include another IP to allow transfer besides the global IPs. Is there a also-allow-transfer option in BIND? If not how to control this? acl xxx { }; options { allow-transfer { xxx; }; }; zone yyy { allow-transfer { xxx; extra; }; }; Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this l ist bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: is there a also-allow-transfer
Thanks. So how to handle the case described as below? We already have the also-notify{} section in the global options{} block. But for a special zone, just want to include another IP to also-notify besides the global IPs. 于 2012-12-13 17:00, Sten Carlsen 写道: On 13/12/12 9:46, Feng He wrote: Hello Mark, My named.conf looks as: acl NAMESVR { 74.81.81.82; }; NAMESVR is an acl, it could look like {74.81.0.0/16} or {any} Essentially it is a kind of bitmask, not a list of IPs. options { directory /var/cache/bind; recursion no; version unknown; allow-transfer { NAMESVR; }; also-notify { NAMESVR; }; All notifys must have a list of IPs, if the acl was any, you would have to notify the full internet. The mechanism is designed to accept only a list of IPs. It can not accept an acl. allow-update { 127.0.0.1; }; }; # zone begins zone test.com { type master; file /var/cache/bind/test.com.db; allow-transfer { NAMESVR; 74.81.81.81; }; also-notify { NAMESVR; 74.81.81.81; }; }; When I run named-checkconf I got the error: # named-checkconf /etc/bind/named.conf:8: expected IP address near 'NAMESVR' Please help. Thanks. 于 2012-12-13 15:23, Mark Andrews 写道: In message50c9818e.2060...@nsbeta.info, Feng He writes: Hello, I have the allow-transfer{} section in the global options{} block. But for a special zone, I want to include another IP to allow transfer besides the global IPs. Is there a also-allow-transfer option in BIND? If not how to control this? acl xxx { }; options { allow-transfer { xxx; }; }; zone yyy { allow-transfer { xxx; extra; }; }; Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: is there a also-allow-transfer
This would be easy by hand, but not by programming, since I have lots of zones for updates :) 于 2012-12-13 17:35, Sten Carlsen 写道: also-notify { 74.81.81.82; 74.81.81.81; }; ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
is there a also-allow-transfer
Hello, I have the allow-transfer{} section in the global options{} block. But for a special zone, I want to include another IP to allow transfer besides the global IPs. Is there a also-allow-transfer option in BIND? If not how to control this? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: is there a also-allow-transfer
于 2012-12-13 15:23, Mark Andrews 写道: acl xxx { }; options { allow-transfer { xxx; }; }; zone yyy { allow-transfer { xxx; extra; }; } cool. thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns master-slave transfer
于 2012-10-29 9:58, kavin 写道: Now,I want transfer the zone data from the master dns serverto slave dns server ,the master dns use bind-dlz+mysql and the slave dns server use bind+file. AFAIK, BIND DLZ doesn't send a notify message to slave, so both your master and slave should be able to use the DLZ backend and run a mysql replication for data sync. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: client ... query (cache) './NS/IN' denied:
On Fri, Aug 19, 2011 at 3:24 AM, Shawn Bakhtiar shashan...@hotmail.com wrote: Hi all, For the first time my primary name server is not reporting any more client XXX.XXX.XXX.XXX query (cache) './NS/IN' denied: 1 Time(s) This is a DNS attacking. Many DNS Servers are meeting this kind of attack each day here. The traffic is huge, once I noticed the traffic to one of my NS host is 1.6G. It's a DDoS that will make your DNS can't serve at all. Regards. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: stub zone
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo juwu...@yahoo.com wrote: Would like to use the BIND stub zone function, however, heard that ISC considers stopping support to stub zone in the future, is that true? ___ Hi, what's the use of stub zone? I never used it, thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: stub zone
On Wed, Jul 27, 2011 at 8:51 AM, Chris Buxton chris.p.bux...@gmail.com wrote: On Jul 25, 2011, at 10:33 PM, Feng He wrote: On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo juwu...@yahoo.com wrote: Would like to use the BIND stub zone function, however, heard that ISC considers stopping support to stub zone in the future, is that true? ___ Hi, what's the use of stub zone? I never used it, thanks. A stub zone is conceptually similar to the root hints zone, but for a domain other than the root. It's a way to add NS and glue records to the cache as a way to either optimize recursion performance or overlay a private namespace onto the public Internet. For example, suppose you have a name server with this configuration: options { some stuff goes here }; zone bluecatnetworks.com { type stub; masters { 192.168.0.1; }; }; Thanks. So, what's the difference between a stub zone and a slave zone? I think the configure: zone bluecatnetworks.com { type slave; masters { 192.168.0.1; }; }; Will be able to have the same effect. Regards, Feng. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS update on host down
I did the same stuff using a script. When the host is down, run dynamic update to modify the records. Some BIND based GSLB such as F5 BIG-IP GTM has this feature. Regards. On Tue, Jul 26, 2011 at 10:23 PM, Paul Reilly parei...@tcd.ie wrote: Is there a simple utility, which can ICMP ping or HTTP ping a host, and update the hosts DNS entry if the host is down? I'm thinking I could have 2 include files, and swap between then if the host is down or not. Any pointers ? Paul ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: howto know if a query was delegated to cache
There is a rr flag in the response which indicates the answer is not from a cache. On Mon, Jul 25, 2011 at 6:14 PM, harish badrinath harishbadrin...@gmail.com wrote: (Originally sent to bind-workers, sorry if this is considered cross posting. Slightly modified from the original message) Hello, I am using Bind version:BIND 9.7.1-P2 I am doing some small internal changes to bind and i have to know when a query is being answered from internal cache and when from resolvers. That information doesn’t seem to be recorded in client.attributes or client-query.attributes ?? Can any one tell me where the code branches for cached/non cached responses in function query_find in the file bin/named/query.c *or* if the current client was responsible for cache insertion/addition for client-query.qname. I need help, to generate a construct along the lines of, if(condition|binary_function == (true|false)) { response was given by cache } *or* #define ISFROMCACHE(client/query) ... Regards Harish ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: howto know if a query was delegated to cache
You may have been confused about what should be cached and what should not be cached. This is an answer which is coming from the authoritative server and which is not a cached response: $ dig www.google.com @ns1.google.com ; DiG 9.6-ESV-R4 www.google.com @ns1.google.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 32616 ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.google.com.IN A ;; ANSWER SECTION: www.google.com. 604800 IN CNAME www.l.google.com. www.l.google.com. 300 IN A 74.125.127.106 www.l.google.com. 300 IN A 74.125.127.103 www.l.google.com. 300 IN A 74.125.127.104 www.l.google.com. 300 IN A 74.125.127.99 www.l.google.com. 300 IN A 74.125.127.105 www.l.google.com. 300 IN A 74.125.127.147 ;; Query time: 54 msec ;; SERVER: 216.239.32.10#53(216.239.32.10) ;; WHEN: Mon Jul 25 21:28:29 2011 ;; MSG SIZE rcvd: 148 This is a cached answer from a public cache server: $ dig www.google.com @8.8.8.8 ; DiG 9.6-ESV-R4 www.google.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com.IN A ;; ANSWER SECTION: www.google.com. 86399 IN CNAME www.l.google.com. www.l.google.com. 299 IN A 74.125.53.105 www.l.google.com. 299 IN A 74.125.53.106 www.l.google.com. 299 IN A 74.125.53.104 www.l.google.com. 299 IN A 74.125.53.147 www.l.google.com. 299 IN A 74.125.53.99 www.l.google.com. 299 IN A 74.125.53.103 ;; Query time: 51 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jul 25 21:28:42 2011 ;; MSG SIZE rcvd: 148 Have you seen the flags? the first has an aa flag set, while the second doesn't have. Instead it has a ra flag set. Sorry for my before post to write wrong with rr flag. Regards. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
MX choosing
Given the MX hosts for sympatico.ca domain: $ dig sympatico.ca mx +short 5 mxmta.sympatico.ca. $ dig mxmta.sympatico.ca +short 67.69.240.17 67.69.240.24 67.69.240.22 67.69.240.23 67.69.240.21 67.69.240.20 67.69.240.19 67.69.240.18 when the peer MTA fail to talk to one of these hosts,will it try the next one? or it just give up? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MX choosing
Thanks. this is the description: When the lookup succeeds, the mapping can result in a list of alternative delivery addresses rather than a single address, because of multiple MX records, multihoming, or both. To provide reliable mail transmission, the SMTP client MUST be able to try (and retry) each of the relevant addresses in this list in order, until a delivery attempt succeeds. However, there MAY also be a configurable limit on the number of alternate addresses that can be tried. In any case, the SMTP client SHOULD try at least two addresses. On Fri, Jul 22, 2011 at 5:11 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 22.07.11 16:50, Feng He wrote: Given the MX hosts for sympatico.ca domain: $ dig sympatico.ca mx +short 5 mxmta.sympatico.ca. $ dig mxmta.sympatico.ca +short 67.69.240.17 67.69.240.24 67.69.240.22 67.69.240.23 67.69.240.21 67.69.240.20 67.69.240.19 67.69.240.18 when the peer MTA fail to talk to one of these hosts,will it try the next one? or it just give up? this is out of DNS and BIND scope. see rfc 5321, section 5.1 for MTA requirements. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MX choosing
On Fri, Jul 22, 2011 at 5:58 PM, Tony Finch d...@dotat.at wrote: The question of whether a sender should attempt retries using the different addresses of a multihomed host has been controversial. The main argument for using the multiple addresses is that it maximizes the probability of timely delivery, and indeed sometimes the probability of any delivery; the counter-argument is that it may result in unnecessary resource use. In any case, the SMTP client SHOULD try at least two addresses. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND and DNS protocol
I saw this statement: BIND (Berkeley Internet Name Domain) is an Open Source implementation of the Domain Name System protocols originally developed by the University of California, Berkeley. I'm not sure, is it BIND or DNS protocols or both developed by University of California, Berkeley? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
at least from my point dig hostname +trace should work even if there is no resolv.conf entries. On Tue, Jul 19, 2011 at 1:39 PM, Marc Lampo marc.la...@eurid.eu wrote: I guess not, since it does not work ;-) After deleting all entries, did you : 1) dig @dns.name. ... or 2) dig @IP.address or 3) No @... argument used at all ? In cases 1 3, dig will need data from /etc/resolv.conf. Only in case 2 dig can do without. Kind regards, Marc Lampo -Original Message- From: Feng He [mailto:short...@gmail.com] Sent: 19 July 2011 07:33 AM To: bind-users@lists.isc.org Subject: about the dig Hi list, When I deleted all the entries in /etc/resolv.conf (I am using Linux), dig can't work. I was thinking since dig is a standard resolver, it should have the capibility to follow the referrel from root, thus it will work fine even there is no system dns resolving. Am I right? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
On Tue, Jul 19, 2011 at 1:50 PM, Marc Lampo marc.la...@eurid.eu wrote: the list cannot be built-in, because some organisations work with an internal root. The local caching name server is the only one to know those new root's.) I don't think so. BIND 9 has the built-in root list. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
On Tue, Jul 19, 2011 at 2:47 PM, G.W. Haywood b...@jubileegroup.co.uk wrote: man resolv.conf If this file doesn't exist the only name server to be queried will be on the local machine; the domain name is determined from the hostname and the domain search path is constructed from the domain name. Nothing around the resolv.conf, I was talking about dig. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Patching bind for additional stats - any tips?
Sounds a great project. I wish google's improved BIND is as well as gmail. Regards. On Tue, Jul 19, 2011 at 9:13 AM, Alex Kolchinski kolchin...@google.com wrote: Hi everyone - I'm at Google and currently starting on a mini-project to get some more insight into how our BIND servers are performing. Our first thoughts on how to add logging on metrics we're interested in are currently to patch BIND to spit out the wanted stats directly from BIND (data on each query, perhaps aggregated). An alternative to this would be to try to match the incoming and outgoing request and response packets and amass the data from that, but our attempts at data gathering through sniffing have given unreliable results. (One alternative I've stumbled upon is DSC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
about the dig
Hi list, When I deleted all the entries in /etc/resolv.conf (I am using Linux), dig can't work. I was thinking since dig is a standard resolver, it should have the capibility to follow the referrel from root, thus it will work fine even there is no system dns resolving. Am I right? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: master slave different site different resolution
2011/7/14 Gabriele Gabriele d_gabri...@hotmail.it: Dear lists, I have an issue to resolve about 2 dns server Master/Slave. The Master is positioned in a site with public ip 1.1.1.1 and all the public dns resolutions point to 1.1.1.1 the Slave is positioned in a site whit public ip 2.2.2.2 and obviously all the public dns resolutions point to 1.1.1.1 the problem born when my Master site go down, because the Slave should change the dns public resolution whit 2.2.2.2 is it possible use bind for this? Sorry my bad understanding for your statement. But since you have two servers, two public IPs, why not just publish these two as authority or cache only servers? Regards. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
questions on the dig info
Hello list, $ dig www.qq.com ns @ns1.qq.com ; DiG 9.4.2-P2.1 www.qq.com ns @ns1.qq.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 50734 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.qq.com.IN NS ;; ANSWER SECTION: www.qq.com. 86400 IN NS ns-tel1.qq.com. www.qq.com. 86400 IN NS ns-tel2.qq.com. ;; AUTHORITY SECTION: qq.com. 86400 IN NS ns4.qq.com. qq.com. 86400 IN NS ns1.qq.com. qq.com. 86400 IN NS ns2.qq.com. qq.com. 86400 IN NS ns3.qq.com. ;; Query time: 7 msec ;; SERVER: 219.133.62.252#53(219.133.62.252) ;; WHEN: Sat Jul 9 08:58:38 2011 ;; MSG SIZE rcvd: 144 $ dig www.qq.com ns @ns-tel1.qq.com ; DiG 9.4.2-P2.1 www.qq.com ns @ns-tel1.qq.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44393 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.qq.com.IN NS ;; AUTHORITY SECTION: qq.com. 86400 IN SOA ns1.qq.com. webmaster.qq.com. 1293074536 300 600 86400 86400 ;; Query time: 7 msec ;; SERVER: 121.14.73.115#53(121.14.73.115) ;; WHEN: Sat Jul 9 08:59:07 2011 ;; MSG SIZE rcvd: 78 I have two questions against the two dig info above. First, why ns1.qq.com (which is the authority nameserver for the zone of qq.com, not www.qq.com) returns the authority answer for www.qq.com's NS query? and even includes a AA flag in the response. Second, why ns-tel1.qq.com (which is the authority nameserver for the zone of www.qq.com) returns nothing for this zone's NS query? Thank you. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: questions on the dig info
2011/7/9 Lyle Giese l...@lcrcomputer.net: qq.com zone is the parent to the subdomain www.qq.com, so it has to have knowledge of the name servers for the www.qq.com subdomain. That is how a recursive name server finds www.qq.com. Do you mean the reference? I don't think the first case is answering with a reference. It's just a broken nameserver, as Mark said. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about AUTHORITY SECTION
2011/7/8 Kevin Darcy k...@chrysler.com: I think it's worth emphasizing that in the first case, the contents of the Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas in the second case the authoritative nameserver was *optionally* providing NS records in the Authority Section. It could have legally left the Authority Section completely empty, and in fact many load-balancers, pretending (to various degrees of competence) to be authoritative nameservers, will give responses that look like that. In the second case I think the NS records should be there in the Authority Section. Consider this case: example.com. IN NSdns.example.com. l2.example.com. IN NS dns.example.com. l3.l2.example.com. IN NS dns.example.com. When a query for example, dig l3.l2.example.com @dns.example.com, the nameserver answser without the Authority Section, then the client won't know the answer is in which authority zone. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
a death loop with DNS query
When I dig this: dig s1.mytest.blogchina.org +trace I got many these info: mytest.blogchina.org. 600 IN NS ns1.dnsv5.com. mytest.blogchina.org. 600 IN NS ns2.dnsv5.com. ;; BAD (HORIZONTAL) REFERRAL ;; Received 95 bytes from 183.60.59.217#53(ns1.dnsv5.com) in 6 ms mytest.blogchina.org. 600 IN NS ns1.dnsv5.com. mytest.blogchina.org. 600 IN NS ns2.dnsv5.com. ;; BAD (HORIZONTAL) REFERRAL ;; Received 95 bytes from 112.90.143.36#53(ns1.dnsv5.com) in 116 ms mytest.blogchina.org. 600 IN NS ns2.dnsv5.com. mytest.blogchina.org. 600 IN NS ns1.dnsv5.com. ;; BAD (HORIZONTAL) REFERRAL ;; Received 95 bytes from 180.153.162.153#53(ns2.dnsv5.com) in 27 ms mytest.blogchina.org. 600 IN NS ns2.dnsv5.com. mytest.blogchina.org. 600 IN NS ns1.dnsv5.com. ;; BAD (HORIZONTAL) REFERRAL ;; Received 95 bytes from 221.130.12.61#53(ns2.dnsv5.com) in 165 ms mytest.blogchina.org. 600 IN NS ns2.dnsv5.com. mytest.blogchina.org. 600 IN NS ns1.dnsv5.com. ;; BAD (HORIZONTAL) REFERRAL ;; Received 95 bytes from 122.225.217.194#53(ns2.dnsv5.com) in 24 ms mytest.blogchina.org. 600 IN NS ns1.dnsv5.com. mytest.blogchina.org. 600 IN NS ns2.dnsv5.com. What does this death loop mean? How it happened? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Difference between netstat rndc status
2011/7/3 Bind b...@dci.ir: Hello Admins When i run : #netstat -an |grep udp |wc it returns a number which is lower than the output of rndc status recursive clients. what is the difference between netstat -an |grep udp |wc(open udp ports to dns server) and amount of recursice clients in the rndc status command? Not the same stuff at all. netstat -an|grep udp shows the UDP concurrent connections currently. recursive clients: 1497/9900/1 This shows the history count of DNS replying. Regards. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users