Re: DNS DDoS protection
I would like to hear the latest configurations for BIND to help with DDoS. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:10d03447-7c44-45f3-af46-cced14a24d4b] From: bind-users on behalf of Marco Sent: Friday, February 24, 2023 2:20 PM To: bind-users@lists.isc.org Subject: Re: DNS DDoS protection Am 24.02.2023 um 13:25:40 Uhr schrieb Bob Harold: > Before answering this question, can you tell me the proper place > where I should be asking this question? > > "We are researching DDoS protection, including DNS. What companies or > products or methods should I be looking at?" If it is about the proper BIND configuration to avoid DoS, it is the right place. It isn't the right place to look for companies that provide such a service. -- Visit https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users=05%7C01%7Chck%40utk.edu%7C7e22da4bbcb746cb3e2208db169c2a8a%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C638128632210135360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=kySXDwZ6CPoWCboliXpvuty9N1vlWnMvE2QRgi%2BCnqw%3D=0 to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F=05%7C01%7Chck%40utk.edu%7C7e22da4bbcb746cb3e2208db169c2a8a%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C638128632210135360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=8Ae0GXW%2FtYi322%2F%2FJpgy%2B0vEV3Od1svX%2FA3wnfi1RPw%3D=0 for more information. bind-users mailing list bind-users@lists.isc.org https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users=05%7C01%7Chck%40utk.edu%7C7e22da4bbcb746cb3e2208db169c2a8a%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C638128632210135360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=kySXDwZ6CPoWCboliXpvuty9N1vlWnMvE2QRgi%2BCnqw%3D=0 -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I need to find statistics on a running server.
Thank you very much. I forgot about rndc stats -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:d47c2196-1345-4deb-b3ea-048bab50a21f] From: Howard, Christopher Sent: Thursday, January 12, 2023 1:42 PM To: bind-users@lists.isc.org ; King, Harold Clyde (Hal) Subject: Re: I need to find statistics on a running server. You can use "rndc stats" to have bind dump a file with stats in it. This is how I get stats from our servers. I store the values every 2 minutes and create a dashboard from that. Stuff like total queries, total queries from ipv4 clients, total queries from ipv6 clients, total A//CNAME/PTR/NXDOMAIN requests/answers. With it stored every 2 minutes it's easy to chart out number per second, of course that's averaged out over the 2 minute window. -Christopher On Thu, 2023-01-12 at 18:30 +0000, King, Harold Clyde (Hal) via bind-users wrote: That's not bad idea. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:f2542891-ff64-48e7-b76e-8dcf8558e0d7] From: Jeff Sumner Sent: Thursday, January 12, 2023 1:22 PM To: King, Harold Clyde (Hal) ; bind-users Subject: Re: I need to find statistics on a running server. You don't often get email from kc4...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> I’ve turned on query logging, then grepped for the count of lines logged in a particular second. Worked well enough for the job at the time. J De: bind-users em nome de "King, Harold Clyde (Hal) via bind-users" Responder A: "King, Harold Clyde (Hal)" Data: quinta-feira, 12 de janeiro de 2023 1:20 PM Para: bind-users Assunto: I need to find statistics on a running server. I need to find some answers like queries per second. Any fast ideas folks? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:ddc53916-50a2-4e86-8dac-18eabfd73205] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I need to find statistics on a running server.
That's not bad idea. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:f2542891-ff64-48e7-b76e-8dcf8558e0d7] From: Jeff Sumner Sent: Thursday, January 12, 2023 1:22 PM To: King, Harold Clyde (Hal) ; bind-users Subject: Re: I need to find statistics on a running server. You don't often get email from kc4...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> I’ve turned on query logging, then grepped for the count of lines logged in a particular second. Worked well enough for the job at the time. J De: bind-users em nome de "King, Harold Clyde (Hal) via bind-users" Responder A: "King, Harold Clyde (Hal)" Data: quinta-feira, 12 de janeiro de 2023 1:20 PM Para: bind-users Assunto: I need to find statistics on a running server. I need to find some answers like queries per second. Any fast ideas folks? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:ddc53916-50a2-4e86-8dac-18eabfd73205] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
I need to find statistics on a running server.
I need to find some answers like queries per second. Any fast ideas folks? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:ddc53916-50a2-4e86-8dac-18eabfd73205] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: getting answers from DNS queries
That's fair. I can see queries come into my DNS server, but I can't find answers to thoughts queries. I have an RPZ zone and I get a log file that says PASSTHROUGH or NXDOMAIN. That tells me that the request was served or denied. I want something that will tell me the answer to each query. I have my server set to denied requests for recursion. So I know those will be denied, I want that for every query. I compile each new release and use that for production. Is there something I can set at compile-time? Perhaps I add an option to the logging statement? I kinda lost my google-fu on this one and I really am thankful to y'all for any help that you might have. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:f96c691b-14fb-43c3-81bb-27c0801dd170] From: Ondřej Surý Sent: Monday, April 25, 2022 10:37 AM To: King, Harold Clyde (Hal) Cc: bind-users Subject: Re: getting answers from DNS queries > I asked this last week, but I didn't an answer. Probably because I still don’t know what you mean. You need to better articulate your problem and your question. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 25. 4. 2022, at 16:11, King, Harold Clyde (Hal) via bind-users > wrote: > > I asked this last week, but I didn't an answer. Who can I tell if a DNS query > is refused or answered? Is it in the log files? Can a compile-time option > help me access it? Sorry to repeat but I really need to know this. > > Thank in advance. > > > -- > > Hal King - h...@utk.edu > Systems Administrator > Office of Information Technology > Shared Services > > The University of Tennessee > 103c5 Kingston Pike Building > 2309 Kingston Pk. Knoxville, TN 37996 > Phone: 974-1599 > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
getting answers from DNS queries
I asked this last week, but I didn't an answer. Who can I tell if a DNS query is refused or answered? Is it in the log files? Can a compile-time option help me access it? Sorry to repeat but I really need to know this. Thank in advance. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:00350bec-9764-4740-8d61-e8bec49334bc] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I tell if a quiry is answered or denied
That's not in my version of bind-9.16.23. Thanks anyway! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:d0cf86b5-1da2-47ba-9a66-0e3522260ce4] From: Jeff Sumner Sent: Wednesday, April 20, 2022 4:25 PM To: King, Harold Clyde (Hal) ; bind-users Subject: Re: How can I tell if a quiry is answered or denied You don't often get email from kc4...@gmail.com. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification> *** You can turn on answer logging: rndc answerlog Apologies- I believe the above is likely specific to EIP DNS builds. J -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How can I tell if a quiry is answered or denied
I'm trying to find bad actors stretching out my load on my main DNS server I can't tell from the query log if a host is denied an answer, or given an answer. Also, can I get the answer in my logs? I got one great answer today, maybe I'm pushing my luck, but I do feel lucky. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:fe5c07f5-ef0a-4dd8-a8d0-f22481933b6b] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reading secondary PTR files
Thank you that did the trick! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:7843e9a7-77dc-4edb-92f4-95ba78de367b] From: Larry Rosenman Sent: Wednesday, April 20, 2022 9:56 AM To: King, Harold Clyde (Hal) Cc: bind-users Subject: Re: Reading secondary PTR files You don't often get email from l...@lerctr.org. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification> this is what I use with 9.18.1 named-compilezone -f raw -F text -o - 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa.signed On 04/20/2022 8:42 am, King, Harold Clyde (Hal) via bind-users wrote: I need to read the reverse zone in txt and I'm not sure how to decode the file with named-compilezone. Does anyone know the part I'm missing? named-compilezone -f raw -F text -o /etc/named/secondary/9.249.192.in-addr.arpa.db 9.249.192 /etc/named/secondary/9.249.192.in-addr.arpa.db -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:16504630076260111f6e158884917586@lerctr.org] -- Larry Rosenman http://www.lerctr.org/~ler<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lerctr.org%2F~ler=05%7C01%7Chck%40utk.edu%7C6cebeb03aae44b96901908da22d5a086%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637860598513880738%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=lstRONgc2LQLeer%2FBMd52bIRmIenyDC0PukWdDamADM%3D=0> Phone: +1 214-642-9640 E-Mail: l...@lerctr.org<mailto:l...@lerctr.org> US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106 -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Reading secondary PTR files
I need to read the reverse zone in txt and I'm not sure how to decode the file with named-compilezone. Does anyone know the part I'm missing? named-compilezone -f raw -F text -o /etc/named/secondary/9.249.192.in-addr.arpa.db 9.249.192 /etc/named/secondary/9.249.192.in-addr.arpa.db -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:36fbaf98-8bc3-4d0b-8a9a-8eeade380eaa] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
Thank you all for your help with this. -- Hal On 2/21/19, 4:04 AM, "bind-users on behalf of Matus UHLAR - fantomas" wrote: >On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal) >wrote: >> Could I just define needs.example.com as a zone in a separate file so: >> >> zone "example.com" { type master; notify no; file "static/antiphish.db"; >> }; >> >> zone "needs.example.com" { type forward; forwards{8.8.8.8;}; On 20.02.19 16:08, Kevin Darcy wrote: >Delegate needs.example.com from example.com and you should be set. if this is not clear enough, it means that the "example.com" zone stored in "static/antiphish.db" file must contain NS record for "needs": needs NS your.name.server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
Could I just define needs.example.com as a zone in a separate file so: zone "example.com" { type master; notify no; file "static/antiphish.db"; }; zone "needs.example.com" { type forward; forwards{8.8.8.8;}; -- Hal We have a URL phishing setup that causes URLs we detect to redirect to a warning page. We have run into a problem. One of our clients has scripts that he calls from a host in that domain. Needs.example.com when we block example.com. Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Here’s a very rough draft of the root zone: $ORIGIN . $TTL 3600 example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. *CNAME url-blocking.ourdns.com needsforward(8.8.8.8) -- Hal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Combining forward with master zone.
We have a URL phishing setup that causes URLs we detect to redirect to a warning page. We have run into a problem. One of our clients has scripts that he calls from a host in that domain. Needs.example.com when we block example.com. Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Here’s a very rough draft of the root zone: $ORIGIN . $TTL 3600 example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. *CNAME url-blocking.ourdns.com needsforward(8.8.8.8) -- Hal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to create an SRV record for the CSTA service
OK I made mistakes. I’m sorry for wasting anyone's time, I really am. I was trying to see if anyone had even made an SRV record for the CSTA service. My presentation of the dig example was a poor choice. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 On 9/13/18, 12:30, "Reindl Harald" wrote: Am 13.09.18 um 18:03 schrieb King, Harold Clyde (Hal): > You have me dead to rights on that. I was trying to make an example and failed. Here's my record: > _csta._tcp.csta.example.com. 3600 IN SRV 20 0 1040 hostname.example.com so why don't you just send an unaltered record instead of 3 mails? the first two ending with a dot but missing fields, the last one seems to have all fields but the traling dot is missing csta.example.com. is a subdomain "csta" below example.com is that desired? "hostname.example.com" instead "hostname.example.com." means "hostname.example.com.example.com" again: don't provide mangeled informations when you need help - frankly the only obfusction you can make es replace your domain name and ONLY that with example.com the first is a working example from a microsoft SIP record and now compare it to your real setup _sipfederationtls._tcp 3600 IN SRV 1 100 5061 sipfed.online.lync.com. _csta._tcp.csta.example.com. 3600 IN SRV 20 0 1040 hostname.example.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to create an SRV record for the CSTA service
You have me dead to rights on that. I was trying to make an example and failed. Here's my record: _csta._tcp.csta.example.com. 3600 IN SRV 20 0 1040 hostname.example.com -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 On 9/13/18, 11:54, "Gary O'Brien" wrote: You're missing the priority weight and port. _service._proto.name. TTL class SRV priority weight port target On 09/13/2018 09:40 AM, King, Harold Clyde (Hal) wrote: > There's a typo in my record. It's _csta._tcp.csta-example.com. 3600 IN SRV hostname.example.com. > > -- Gary O'Brien Secure64 Software Corporation 970.372.0009 gary.obr...@secure64.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to create an SRV record for the CSTA service
There's a typo in my record. It's _csta._tcp.csta-example.com. 3600 IN SRV hostname.example.com. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 On 9/13/18, 11:39, "bind-users on behalf of King, Harold Clyde (Hal)" wrote: I'm kinda stuck. I am tasked with creating an SRV record for the CSTA service. But I must be doing it wrong. Here's what I thought it should be: _csta_tcp.csta-example.com. 3600 IN SRV hostname.example.com. Am I even close? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to create an SRV record for the CSTA service
I'm kinda stuck. I am tasked with creating an SRV record for the CSTA service. But I must be doing it wrong. Here's what I thought it should be: _csta_tcp.csta-example.com. 3600 IN SRV hostname.example.com. Am I even close? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Perfomance tuning CPUs
It looks like our named process is getting inturrupted when too many queries come in. What I think I see is the main named process sitting on one CPU and child processes on the others. We have 16 CPUs and 19 named processes. Looks like everything is fine if the main process stays on a CPU, but if it gets knocked off, packets get dropped. I’m trying to replicate that on our test box but wondered if anyone had run into this before and had some advice. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Removing an NS server
I want to thank you all for the recommendations. I’m having a bit of mail list troubles so I don’t know Alberto’s email but thanks to you all! -- Hal King - h...@utk.edu<mailto:h...@utk.edu> Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 From: Bob Harold Date: Wednesday, August 8, 2018 at 09:10 To: John Miller , Hal King Cc: Bind Users Subject: Re: Removing an NS server On Tue, Aug 7, 2018 at 5:01 PM John Miller mailto:johnm...@brandeis.edu>> wrote: Hal, we've done this before - it's not particularly hard, just takes a bit for everyone to pick up the new set of NS records. You just make the change upstream and also remove the NS records that reference the system. It's kind of weird: during the interim, you'll have a running nameserver that doesn't return itself in its NS records. If the same set of servers also serves your reverse zones, don't forget to update ARIN as well as Educause. Educause sets their upstream TTLs to two days (ARIN's 1 day), but people shouldn't be caching the referral, only your actual NS records. If you're at all concerned, you can always set a low TTL ahead of time on your NS records, so everyone will pull the updated records relatively quickly once you make your changes. John On Tue, Aug 7, 2018 at 4:46 PM, King, Harold Clyde (Hal) mailto:h...@utk.edu>> wrote: > I don't think I made my point. I need to pull/remove a DNS nameserver from my > set of nameservers. > My plan was to put the reference to it from our domain name provider. Then > pull it from the list of NS records. I am not changing my SOA record. Just > the nameserver. Did I make a mistake? Did you mean pull the NS reord for that > server, then pull it from the name provider. I'll still have 4 servers > running the SOA, and I don't plan to stop the old nameserver until well after > a week of running. > > > -- > Hal King - h...@utk.edu<mailto:h...@utk.edu> > Systems Administrator > Office of Information Technology > Shared Systems Services If I remember correctly, setting my NS ttl lower than my parent caused a problem when one of my servers failed and I took it out of the NS record set. I think it went something like this: resolver asks tld (before the change) and gets: example.com<http://example.com> 2d NS dns1.example.com<http://dns1.example.com> example.com<http://example.com> 2d NS dns2.example.com<http://dns2.example.com> example.com<http://example.com> 2d NS dns3.example.com<http://dns3.example.com> dns3 fails and I remove it from the NS records, both locally and at the parent TLD. Resolver talks to my servers (a few hours later, after the change) and gets: example.com<http://example.com> 1h NS dns1.example.com<http://dns1.example.com> example.com<http://example.com> 1h NS dns2.example.com<http://dns2.example.com> Resolver cache now has: example.com<http://example.com> 1h NS dns1.example.com<http://dns1.example.com> example.com<http://example.com> 1h NS dns2.example.com<http://dns2.example.com> example.com<http://example.com> 2d NS dns3.example.com<http://dns3.example.com> An hour later the two shorter NS records expire and the resolver is left with: example.com<http://example.com> 2d NS dns3.example.com<http://dns3.example.com> If dns3.example.com<http://dns3.example.com> is down, the resolver will fail to reach my zone, and will not ask the TLD until that record expires. So I think the TTL on NS records needs to match the parent zone, whether I like that ttl or not. In your case, removing the NS records from both your zone and the parent zone, two days (or whatever the ttl) before you turn off the server, should be fine. -- Bob Harold ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Removing an NS server
I don't think I made my point. I need to pull/remove a DNS nameserver from my set of nameservers. My plan was to put the reference to it from our domain name provider. Then pull it from the list of NS records. I am not changing my SOA record. Just the nameserver. Did I make a mistake? Did you mean pull the NS reord for that server, then pull it from the name provider. I'll still have 4 servers running the SOA, and I don't plan to stop the old nameserver until well after a week of running. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Need to move an NS server out of service
I have ns2.example.com one of my DNS servers. The building, and the reason for the NS server, is ending. Should I remove the host from our domain name provider then my actual NS record in DNS, or NS record then provider? I'd appreciate any help I could get. -- Hal King ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Separate DNS slaves as internal and external
I have DNS slaves for internal and external entities. I don't know how to work the NS records so that outside users would only get the external slave and internal would only get the internal slave. How can I do this? If I put only the internal slaves with NS records external users query the internal servers. If I put both external users still see and use internal slave. If I put only external, internal users get the external slave. I have put the external slave in our registrar. Any help would be appreciated. Thanks in advance -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can bind works without defining root servers
How does Bind update the root servers? Does it go out and check, or is a release made for each change? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 On 8/15/17, 11:02, "bind-users on behalf of Alan Clegg"wrote: Root hints have been built in forever. (and that's "forever" in Internet years) On 8/15/17 10:58 AM, Duleep Thilakarathne wrote: > Hi, > > I can observe, bind can resolve host names without following entry in > named.conf. could anyone help me to understand this default behavior. > > > zone "." { > type hint; > file "root.servers"; > }; > > regards > DT > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Transition from BIND 9.9 to 9.10
I have not found any problems so far on my test machines, but I was wondering what changes there are to look forward to in moving from 9.9 to 9.10? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can anyone tell me a good DNS server testing program
Thanks everyone for your suggestions. I’ll go forward with dnsperf. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 On 6/22/16, 08:58, "Warren Kumari" <war...@kumari.net> wrote: Kinda depends on what you are testing, but there is also Nominum's dnsperf: http://nominum.com/measurement-tools/ This is easy to install, simple to use, and comes with a sample query file. W On Wed, Jun 22, 2016 at 8:48 AM, Emil Natan <shly...@gmail.com> wrote: > queryperf, supplied with BIND, found under contrib. > What we usually do is "record" some real traffic, then run queryperf on > multiple machines against a server. If I'm not mistaken similar topic was > discussed here recently so you can search the archives. > > Emil > > On Wed, Jun 22, 2016 at 3:34 PM, King, Harold Clyde (Hal) <h...@utk.edu> > wrote: >> >> I have a new DNS BIND setup that I need to stress test. There are many >> test for hitting a web server to simulate traffic, but I can’t find a one >> for doing the same thing to a DNS server. Does anyone have any >> recommendations? >> >> >> -- >> Hal King - h...@utk.edu >> Systems Administrator >> Office of Information Technology >> Shared Systems Services >> >> The University of Tennessee >> 103C5 Kingston Pike Building >> 2309 Kingston Pk. Knoxville, TN 37996 >> Phone : 974-1599 >> Helpdesk 24/7 : 974-9900 >> >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can anyone tell me a good DNS server testing program
I have a new DNS BIND setup that I need to stress test. There are many test for hitting a web server to simulate traffic, but I can’t find a one for doing the same thing to a DNS server. Does anyone have any recommendations? -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone : 974-1599 Helpdesk 24/7 : 974-9900 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to block part of a zone
I need to block a host in an exterior domain. Resolve all traffic for example.com from example.com¹s dns servers, but stop badhost.example.com. I guess I could become authoritative for badhost.example.com and point the host to 127.0.0.1. Does that sound like bad things would happen? Zone ³badhost.example.com² { type master; file ³/etc/named/badhost.example.com.db²; } Badhost.example.com. IN SOA localhost ( Admin.localhost 2014091601 3600 900 86 3600 ) NS localhost. A 127.0.0.1 -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 /--\ | One Contact 865-974-9900| | Many Solutions help.utk.edu| \--/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sites that points their A Record to localhost
-Original Message- From: Dave Warren da...@hireahit.com Date: Friday, January 10, 2014 at 15:47 To: Bind Users bind-users@lists.isc.org Subject: Re: Sites that points their A Record to localhost On 2014-01-10 12:36, wbr...@e1b.org wrote: From: Alan Clegg a...@clegg.com Yes, it seems that they have an A record for that label that provides the IP address 127.0.0.1. You probably want to ask the owner of the zone about this, as I?m not sure what the community can do about it. They have an MX record, so perhaps the domain is only intended for email. # host p3net.net p3net.net has address 127.0.0.1 p3net.net mail is handled by 10 aspmx.l.google.com. Although, they should have more MX records if using google. And less A records if they don't intend to do anything but email. But it's an imperfect world. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren Isn¹t there a ³rule² (note lower case) that says ŒZones _should_ have an A record. CNAMEs _should_not_ point to CNAMES.¹ Things that work, but shouldn¹t. I may be wrong on the rules, I can¹t find my reference. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Blocking private addresses with a optionq
Is there an option for bind like the allow-recursion { network-acl } For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a view like: View outsiders { block-private { other-networks }; … } Thanks! -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Shared Systems Services The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 /--\ | One Contact 865-974-9900| | Many Solutions help.utk.edu| \--/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
User wanting to use a .local domain to host DNS
I'm a bit confused by a user request. I think he is trying to keep some hosts on the private side of DNS, but he wants to use a DNS name like host.sub.local. I do not know of the use of the .local TLD except in bonjure. Can anyone shed some light on the use of the .local TLD? -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 103C5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
NS record outside of our name space
How can I make a record that will allow outside DNS to control a subdomain in our space. We own example.com We have a zone call wordpress.example.com If I make an NS record in the zone nothing seems to happen? ORIGIN wordpress.example.com NS wordpress.outside.com -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NS record outside of our name space
Here's an example of my zone record: $ORIGIN . $TTL 1800 ; 30 minutes Wordpress.example.com. IN SOA hiddenmaster.example.com. ipmgr.example.com. ( 2012020601 ; serial 10800 ; refresh (3 hours) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 900; minimum (15 minutes) ) $TTL 28800 ; 8 hours NS NS1.WORDPRESS.COM. NS NS2.WORDPRESS.COM. NS NS3.WORDPRESS.COM. $ORIGIN wordpress.example.com. $TTL 900; 15 minutes www CNAME wordpress.example.com. -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 From: Hal King h...@utk.edumailto:h...@utk.edu Date: Tue, 13 Mar 2012 13:40:54 + To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org Subject: NS record outside of our name space How can I make a record that will allow outside DNS to control a subdomain in our space. We own example.com We have a zone call wordpress.example.com If I make an NS record in the zone nothing seems to happen? ORIGIN wordpress.example.com NS wordpress.outside.com -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NS record outside of our name space
I tried adding the NS records but it looked like the entire example.com was now subject to the NS of wordpress.com. I just want the sub domain to get it's DNS from the wordpress.com NS servers. Not to give away my whole example.com domain. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 3/13/12 11:04 AM, Alan Clegg a...@clegg.com wrote: On 3/13/2012 9:49 AM, King, Harold Clyde (Hal) wrote: Here's an example of my zone record: $ORIGIN . $TTL 1800 ; 30 minutes Wordpress.example.com. IN SOA hiddenmaster.example.com. ipmgr.example.com. ( 2012020601 ; serial 10800 ; refresh (3 hours) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 900; minimum (15 minutes) ) $TTL 28800 ; 8 hours NS NS1.WORDPRESS.COM. NS NS2.WORDPRESS.COM. NS NS3.WORDPRESS.COM. $ORIGIN wordpress.example.com. $TTL 900; 15 minutes www CNAME wordpress.example.com. What are you actually trying to do? If all you are trying to do is give away the zone, you want these NS records to be in the example.com. zone .. ie: example.com. IN SOA ( ... ) IN NS ns1.example.com. IN NS ns2.example.com. wordpress IN NS ns1.wordpress.com. IN NS ns2.wordpress.com. IN NS ns3.wordpress.com. AlanC -- a...@clegg.com | 1.919.355.8851 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Not able to resolve a domain
I have found that www.thisisgame.com does not resolve on our DNS servers. Google DNS works fine. According to dns.14x.org the top level domain com is w. I do not see a w server. I have the most recent named.root file from June. What have I done wrong? Thanks for looking during this busy time. -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Not able to resolve a domain
This is the trace I get trying to resolve the domain. dig +trace thisisgame.com ; DiG 9.8.1-P1 +trace thisisgame.com ;; global options: +cmd . 456080 IN NS d.root-servers.net. . 456080 IN NS h.root-servers.net. . 456080 IN NS l.root-servers.net. . 456080 IN NS f.root-servers.net. . 456080 IN NS e.root-servers.net. . 456080 IN NS b.root-servers.net. . 456080 IN NS i.root-servers.net. . 456080 IN NS m.root-servers.net. . 456080 IN NS j.root-servers.net. . 456080 IN NS k.root-servers.net. . 456080 IN NS a.root-servers.net. . 456080 IN NS c.root-servers.net. . 456080 IN NS g.root-servers.net. ;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 364 ms com.172800 IN NS f.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. ;; Received 504 bytes from 192.33.4.12#53(192.33.4.12) in 496 ms thisisgame.com. 172800 IN NS ns1.thisisgame.com. dig: couldn't get address for 'ns1.thisisgame.com': not found -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 From: Hal King h...@utk.edumailto:h...@utk.edu Date: Fri, 18 Nov 2011 15:19:18 + To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org Subject: Not able to resolve a domain I have found that www.thisisgame.com does not resolve on our DNS servers. Google DNS works fine. According to dns.14x.org the top level domain com is w. I do not see a w server. I have the most recent named.root file from June. What have I done wrong? Thanks for looking during this busy time. -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Not able to resolve a domain
Never mind it's blocked on the IP level. Sorry to bring up stuff on a busy week. Thanks for all the help folks! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/18/11 10:49 AM, /dev/rob0 r...@gmx.co.uk wrote: On Friday 18 November 2011 09:19:18 King, Harold Clyde (Hal) wrote: I have found that www.thisisgame.com does not resolve on our DNS servers. Google DNS works fine. Looks fine from here. According to dns.14x.org the top level domain com is w. I do not see a w server. I have the most recent named.root file from June. What have I done wrong? I don't know what that means. IWFM using both normal recursion and direct-to-NS: ;; ANSWER SECTION: www.thisisgame.com.1800IN A 1.234.35.120 ;; AUTHORITY SECTION: thisisgame.com.1800IN NS ns1.thisisgame.com. ;; ADDITIONAL SECTION: ns1.thisisgame.com.1800IN A 1.234.35.141 I'll toss out a couple of WAGs at no extra charge! 1. When was 1/8 allocated, recently? Maybe you need to update your bogon filter? 2. It's Korean, are you blocking APNIC space? -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
That's just the thing. I compile on my test box and it works. Move it to production and it fails with the error stated. Bind-9.8.1 worked with the same environment settings. No chroot on my end. Same version of ssl (1.0.0d). -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/17/11 12:40 PM, Cathy Almond cat...@isc.org wrote: On 17/11/11 05:33, King, Harold Clyde (Hal) wrote: With great help I got Bind 9.8.1 to compile on solaris but I can not get Bind to start up. I am getting: 17-Nov-2011 00:31:23.609 initializing DST: openssl failure 17-Nov-2011 00:31:23.609 exiting (due to fatal error) Is anyone else seeing this? It's a problem with accessing the openssl libs - if you're running chrooted, you'll need to to copy them into the chroot environment. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
Well I recompiled everything within the environment and now I seem to have a working Bind. Thanks -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/17/11 2:26 PM, King, Harold Clyde (Hal) h...@utk.edu wrote: That's just the thing. I compile on my test box and it works. Move it to production and it fails with the error stated. Bind-9.8.1 worked with the same environment settings. No chroot on my end. Same version of ssl (1.0.0d). -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/17/11 12:40 PM, Cathy Almond cat...@isc.org wrote: On 17/11/11 05:33, King, Harold Clyde (Hal) wrote: With great help I got Bind 9.8.1 to compile on solaris but I can not get Bind to start up. I am getting: 17-Nov-2011 00:31:23.609 initializing DST: openssl failure 17-Nov-2011 00:31:23.609 exiting (due to fatal error) Is anyone else seeing this? It's a problem with accessing the openssl libs - if you're running chrooted, you'll need to to copy them into the chroot environment. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can't compile bind 9.8.1-P1 on Solaris
I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving –G a number makes –z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
Is anyone else having problems with the compile? -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 From: Hal King h...@utk.edumailto:h...@utk.edu Date: Wed, 16 Nov 2011 21:17:31 + To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org Subject: Can't compile bind 9.8.1-P1 on Solaris I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving –G a number makes –z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
Thanks! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/16/11 4:44 PM, Dennis Clarke dcla...@blastwave.org wrote: I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving -G a number makes -z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 I'm not seeing any problems yet .. but I use Sun Studio 11 for the builds. If you are willing to wait a few hours I'll have packages released pretty quick. Dennis -- -- http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B +-+---+ | Dennis Clarke | Solaris and Linux and Open Source | | dcla...@blastwave.org | Respect for open standards. | +-+---+ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
I compiled 9.8.1 on the same server with the same setup. So it is not in 9.8.1. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/16/11 8:30 PM, Evan Hunt e...@isc.org wrote: I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving ?G a number makes ?z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 Thanks for the report. We didn't touch that code in the security patch, so this bug must have also been in 9.8.1; we'll try to address it in 9.8.2. That isn't critical code; it's just one of the system tests. Just touch bin/tests/system/dlzexternal/driver.o and then run make again. The dlzexternal system test will fail when you run make check, but otherwise your server will be fine. In general, issues like this are best sent to the bind9-b...@isc.com alias, which opens a ticket in our bug database. I'll do so now. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named web statistics
Hi; I know there is a web front end to DNS stats, but I can not remember the option in the named.conf that defines the port. I'm running 9.8.0-P4 (just now being able to upgrade to a version that supports the statistics) Does anyone remember this? -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named web statistics
Thanks! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 7/6/11 11:15 AM, Jeremy C. Reed jr...@isc.org wrote: On Wed, 6 Jul 2011, King, Harold Clyde (Hal) wrote: I know there is a web front end to DNS stats, but I can not remember the option in the named.conf that defines the port. I'm running 9.8.0-P4 (just now being able to upgrade to a version that supports the statistics) statistics-channels has optional port ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users