Re: Split Delegation IP Reverse

2010-11-23 Thread Jonathan Petersson
You could CNAME the records to another PTR domain maintained by the third server. 230.0.168.192.in-addr.arpa is an alias for 230.0-28.0.168.192.in-addr.arpa 230.0-28.0.168.192.in-addr.arpa domain name pointer host.domainname On Tue, Nov 23, 2010 at 10:43 PM, Wilbert J. Rojas O.

Re: How does BIND 9 scale with multithreading?

2010-09-30 Thread Jonathan Petersson
1 QuadCore Intel i7 920 on Fedora 11 x86_64 (can't remember the exact kernel version) with and without hyperthreading and overclocked ranging between 2.8 and 3.4GHz On Thu, Sep 30, 2010 at 2:03 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 29.09.10 10:43, Jonathan Petersson wrote: I

Re: How does BIND 9 scale with multithreading?

2010-09-29 Thread Jonathan Petersson
I did some benchmarking on this about 1.5 yrs ago, here's a graph representing the results: http://sedoss.com/bind.png On Wed, Sep 29, 2010 at 10:37 AM, philippe.simo...@swisscom.com wrote: Hi i read that 'old' bind version where better when threading was disabled. Load balancing between 2

Re: refuse in notify slave

2009-10-21 Thread Jonathan Petersson
The easiest workaround for this is either to use views or TSIG keys. /Jonathan On Thu, Oct 22, 2009 at 6:56 AM, Nelson Serafica ntseraf...@gmail.com wrote: I have multiple ip address on my primary ns server. (eth0 , eth0:1 , eth0:2). Let's say eth0 is 1.2.3.4, eth0:1 is 2.3.4.5 and th0:2 is

Internal whois server

2009-08-10 Thread Jonathan Petersson
Hi all, This is probably somewhat of an un-legit way of using whois but I'm curious as to whether it would be possible to install an internal whois server that responds with the appropriate prefix-data upon request for internal ip-numbers/domains while forwarding unknown requests to external

Re: Scale BIND over multiple kernels effectively

2009-05-03 Thread Jonathan Petersson
2009 15:41:03 -0700, Jonathan Petersson jpeters...@garnser.se wrote: in light of this is it possible to tell BIND how many threads it should utilize or is it a ALL or ONE case? Do you mean the -n command line option? usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g] [-n number_of_cpus

Re: named daemon hangs

2009-05-02 Thread Jonathan Petersson
Could you please provide a copy of your config, I'm guessing that you have a general forwarder in place or haven't turned on recursion. /Jonathan On Sat, May 2, 2009 at 8:06 AM, Nelson Vale nelsonduv...@gmail.com wrote: Hi all, I've been facing a problem in my private network which I was not

Re: Scale BIND over multiple kernels effectively

2009-04-30 Thread Jonathan Petersson
Thanks for the feedback, 2 threads on 2 core: 45kqps 4 threads on 4 core: 108kkqps 8 threads on 4 core + HT: 75kqps 16 threads on 8 core + HT: 35kqps correct? yes in light of this is it possible to tell BIND how many threads it should utilize or is it a ALL or ONE case? /Jonathan

Re: approach on parsing the query-log file

2009-04-29 Thread Jonathan Petersson
, at 10:26 PM, Jonathan Petersson wrote: Hi all, I'm thinking of writing a quick tool to archive the query-log in a database to allow for easier reports. The obvious question that occurs is; What would be what's the best approach to do this? Running scripts that parses through the query-log

Re: request timeout

2009-04-28 Thread Jonathan Petersson
IIRC it's 3 seconds. On Tue, Apr 28, 2009 at 12:42 AM, Jeff Pang hostmas...@duxieweb.com wrote: When a Bind requests another Bind for a name resolving, what's the timeout value for this resuest? I mean, within how many seconds peer Bind doesn't answer it, this Bind will give up the query?

Re: approach on parsing the query-log file

2009-04-28 Thread Jonathan Petersson
, 2009 at 2:33 AM, Chris Buxton cbux...@menandmice.com wrote: On Apr 28, 2009, at 5:26 AM, Jonathan Petersson wrote: Hi all, I'm thinking of writing a quick tool to archive the query-log in a database to allow for easier reports. If it were me, I would turn off query logging and use a packet

Re: approach on parsing the query-log file

2009-04-28 Thread Jonathan Petersson
: Jonathan Petersson wrote: So I gave tail a try in perl both via File::Tail and by putting tail -f in a pipe. As was stated previously in this thread, you are going down a bad path by using query-log for any purpose beyond short debugging sessions. The loss in performance is rather painful

Re: approach on parsing the query-log file

2009-04-28 Thread Jonathan Petersson
I did try to run the following option: syslog named; but when matching on named.* in syslog.conf there's no output. /Jonathan 2009/4/28 JINMEI Tatuya / 神明達哉 jinmei_tat...@isc.org: At Tue, 28 Apr 2009 10:01:02 -0700, Jonathan Petersson jpeters...@garnser.se wrote: So I gave tail a try

Re: approach on parsing the query-log file

2009-04-28 Thread Jonathan Petersson
/28 Jeremy C. Reed jeremy_r...@isc.org: On Tue, 28 Apr 2009, Jonathan Petersson wrote: I did try to run the following option: syslog named; syslog should define a syslog facility. Look in the openlog, syslog and/or syslog.conf manual pages to see lists of facilities. The ARM says

Re: approach on parsing the query-log file

2009-04-28 Thread Jonathan Petersson
can do your tail business on it. I also seem to remember, tail has some flags that may help you with dealing with the log ration issues.  I only remember them vaguely, as they were not applicable to what I was doing at the time. Hope this helps some. On Apr 27, 2009, at 10:26 PM, Jonathan

Re: stop zone transfers from coming in

2009-04-28 Thread Jonathan Petersson
I would honestly look for a typo since you're saying that it does work for some. Either way unless the admin turn it off you will get zone-transfers, the question lies in wether your name-server accepts them and propagates them down. Check in the log for transfer or notification refusals and make

approach on parsing the query-log file

2009-04-27 Thread Jonathan Petersson
Hi all, I'm thinking of writing a quick tool to archive the query-log in a database to allow for easier reports. The obvious question that occurs is; What would be what's the best approach to do this? Running scripts that parses through the query-log would cause locking essentially killing BIND

Limit allow-transfer to key + IP

2009-04-14 Thread Jonathan Petersson
Hi all, I was reading up on TSIG signed zone-transfers and gave it a try in my lab this morning, successfully. However what I noticed (which makes sense based on my config) is that any host with the appropriate key is allowed to perform a zone-transfer. Is there any way to limit the

Re: Limit allow-transfer to key + IP

2009-04-14 Thread Jonathan Petersson
Thanks! /Jonathan On Tue, Apr 14, 2009 at 12:28 PM, Chris Thompson c...@cam.ac.uk wrote: On Apr 14 2009, Jonathan Petersson wrote: I was reading up on TSIG signed zone-transfers and gave it a try in my lab this morning, successfully. However what I noticed (which makes sense based on my

Re: about allow-transfer

2009-04-09 Thread Jonathan Petersson
allow-transfer { slaveip; }; On Wed, Apr 8, 2009 at 11:42 PM, Jeff Pang hostmas...@duxieweb.com wrote: hello, I have two bind-9.6 (one master one slave) for product application. how to set allow-transfer in master's named.conf? shall it be: allow-transfer { none; }; or: allow-transfer

Re: Regexp to match RR's

2009-04-08 Thread Jonathan Petersson
be a better thing if the tool itself gave this to prevent sending incorrect data to begin with. /Jonathan On Wed, Apr 8, 2009 at 3:09 PM, Kevin Darcy k...@chrysler.com wrote: Jonathan Petersson wrote: Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home

Re: Regexp to match RR's

2009-04-08 Thread Jonathan Petersson
On Apr 8, 2009, at 3:21 PM, Kevin Darcy wrote: I'm not a big fan of allowing users to enter Resource Records verbatim. Most users aren't that sophisticated, or, if they are, they can do their nsupdates directly, if they have been given access to the relevant TSIG key (how's that for a False

Re: Windows servers triying to update my zone

2009-04-07 Thread Jonathan Petersson
I'm not clear what you're trying to achieve her but if you don't want the servers to update the zones you're fine as it is. You may want to look at the hosts that is trying to make updates and make changes on those accordingly. If you do want them to be able to update just add allow-update { ip;

Regexp to match RR's

2009-04-07 Thread Jonathan Petersson
Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home-server. I'm curious as to wether someone knows of a list of regexps that can be used to match RR's. Thx /Jonathan ___ bind-users mailing list

Re: C/C++ version Load balancer DNS

2009-04-03 Thread Jonathan Petersson
You can use BIND itself as a load-balancer. What's your goal? What's your current load? What's your anticipated load 12 months from now? What kind of equipment do you have available? /Jonathan On Fri, Apr 3, 2009 at 2:37 PM, Mallappa Pallakke palla...@gmail.com wrote:  Hi,  Is there any C/C++

Re: DNS forwarding not working properly?

2009-03-26 Thread Jonathan Petersson
You need to enable recursion in options. /Jonathan 2009/3/26 ARMSTRONG, KENNETH karmstr...@botetourtva.us: OK, I've been trying my hardest to figure this out. I have BIND9 installed and set up as a slave to one of our Domain Controllers (so we can at least still get DNS if it were to go

Re: NOTIFY from masters when slave provides several views

2009-03-26 Thread Jonathan Petersson
Hi Terry, Each view has to be independently notified if an update takes place. /Jonathan On Thu, Mar 26, 2009 at 4:46 PM, terry+bindus...@tmk.com wrote:  This question is related to the prior Internal and External view on same slave server? - RESOLVED thread, but seems to be a different

Re: Ever growing jnl files

2009-01-07 Thread Jonathan Petersson
I've seen similar behaviors in earlier versions of BIND as well. Since it doesn't seam to impact performance etc I haven't really bothered with it. What you can do is to run an rndc freeze/thaw, this will check out the journal file. /Jonathan On Wed, Jan 7, 2009 at 10:30 AM, Nicholas F Miller

Re: Bind open to query from anyone

2009-01-05 Thread Jonathan Petersson
In general I would think that it isn't recommended unless it's intended, you probably don't want random client querying your servers for content you don't control. To kill this add recursion no; in options, if you do want this enables for certain prefixes have a look at allow-recursion. Good

statistics-channels No such URL

2009-01-03 Thread Jonathan Petersson
Hi everyone, Could someone give me a quick pointer what to look for if I get No such URL when trying to access the statistics web-site. Thx /Jonathan ___ bind-users mailing list bind-users@lists.isc.org

Re: statistics-channels No such URL

2009-01-03 Thread Jonathan Petersson
is compiled from source with --with-libxml2 --enable-threads Thanks /Jonathan On Sat, Jan 3, 2009 at 9:41 AM, Jonathan Petersson jpeters...@garnser.se wrote: Hi everyone, Could someone give me a quick pointer what to look for if I get No such URL when trying to access the statistics web-site. Thx

Re: statistics-channels No such URL

2009-01-03 Thread Jonathan Petersson
Sorry for all the spamming, I forgot doing a distclean between the builds, it's working now. /Jonathan On Sat, Jan 3, 2009 at 9:51 AM, Jonathan Petersson jpeters...@garnser.se wrote: Also: [r...@localhost bind-9.6.0]# ./configure --with-libxml2 --enable-pthread . checking for libxml2

Re: Magic for NSEC3

2009-01-03 Thread Jonathan Petersson
Thanks for your input /Jonathan On Jan 3, 2009, at 16:13, Mark Andrews mark_andr...@isc.org wrote: In message fa2e1350901031122w75768929h3b17e0a47b806...@mail.gmail.com, Jonathan Petersson writes: Hi all, Hopefully this post wont cause as much SPAM as my last one. About a year ago I

Re: zone propagation

2008-12-24 Thread Jonathan Petersson
What I've done is that I maintain a master-slave zone on my master, if any new zones are manipulated I push out an updated config to my 20 or so slave-servers, once pushed out a trigger a sudo script via ssh that reloads bind with the new config and viola. /Jonathan On Wed, Dec 24, 2008 at 7:38

Re: DDNS and allow-update declarations

2008-12-10 Thread Jonathan Petersson
I did some testing with this couple a months ago and it seams like AD is following the NS directive in the SOA. The design I used in my test-case was to put AD as an authoritative updater of the specified zone on my master, once updated the BIND master was responsible for updating the slaves.

Re: DDNS and allow-update declarations

2008-12-10 Thread Jonathan Petersson
On Wed, Dec 10, 2008 at 4:00 PM, Mark Andrews [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], Nicholas F Mille r writes: I have a couple of questions regarding how a Microsoft domain controller updates a dynamic zone. 1 ) When a domain controller tries to update the zone does

Re: Binding DNS server to a particular IP address

2008-12-03 Thread Jonathan Petersson
Shouldn't the server statement in options/view do the trick? /Jonathan On Wed, Dec 3, 2008 at 12:04 PM, Todd Snyder [EMAIL PROTECTED] wrote: Try the listen-on directive. Read more here: http://books.google.com.hk/books?id=zkZN52WhG8sCprintsec=frontcoverdq=

Re: nsupdate ACL based on a key AND ip-subnet

2008-11-17 Thread Jonathan Petersson
Actually, to take this a step further, is there any remote possibility to combine this with update-policy as well? I know both questions has been mentioned on the list before with varied answers but I wanted to raise it again since this was finally figured out. /Jonathan On Mon, Nov 17, 2008 at

Re: nsupdate ACL based on a key AND ip-subnet

2008-11-17 Thread Jonathan Petersson
Yeah it would most likely be a feature request/change. IIRC update-policy cannot be used in congestion with the allow-update statement. Personally I prefer the usage of update-policy as I can assign different business units within my organization to take responsibility for certain records/record

Re: nsupdate ACL based on a key AND ip-subnet

2008-11-17 Thread Jonathan Petersson
Guess I should start digging in the code then :) On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt [EMAIL PROTECTED] wrote: IIRC update-policy cannot be used in congestion with the allow-update statement. My bad--you're right. There's code I'd never noticed before that says allow-update will be