I would add that Windows PC OSs by default have the dns client cache set to
'enable'.
John Manson
U.S. House of Representatives | HIR Data Communications | Washington, DC 20515
Desk: 202-226-4244 | NCC: 202-226-6430 | john.man...@mail.house.gov
___
To add to Len's comments, bind will keep going to the partially broken Fedora
dns as long as it has the fastest response time.
As a short term fix, you can use the 'blackhole' option to prevent your dns
from sending queries to that IP.
John Manson
U.S. House of Representatives | HIR Data
Give each instance of named a unique name:
A-named, b-named, etc
- Original Message -
From: bind-users-requ...@lists.isc.org [mailto:bind-users-requ...@lists.isc.org]
Sent: Tuesday, July 02, 2013 08:00 AM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: bind-users Digest,
We are running Bind 9.9.2 and would like to invoke the rate-limit option but
named says 'unknown option'.
Do we need to upgrade bind to get this option?
Using this syntax:
rate-limit { responses-per-second 5; window 5; };
Thanks
John Manson
US House of Representatives
If the 'type' info in a zone statement determines master or slave, can you have
2 views in the same named.conf file, one with type master zones and the other
with type slave zones?
John Manson
CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington,
DC 20515
Desk:
We have a second master at a different location and I was wondering if there is
any way to have the first master send db file updates to it using file
transfers like it does to the slaves.
We currently do db file transfers between masters with sftp and would like to
stop using OS processes and
I searched www.isc.orghttp://www.isc.org to no avail.
Is bind 9.9.x compatible with Solaris 11?
Anything out of the ordinary with compiling and such?
Thanks
John Manson
CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington,
DC 20515
Desk: 202-226-4244 | TCC: 202-226-6430
My external authoritative dns does not allow recursion.
We have vanity names like speaker.gov.
When we add an entry like:
www.speaker.govhttp://www.speaker.gov CNAME
www.house.govhttp://www.house.gov
it fails because of the recursion statement even though the external dns is
:00)
So the first lookup does not fully resolve due to recursion.
Does this help?
-Original Message-
From: Chris Buxton [mailto:cli...@buxtonfamily.us]
Sent: Thursday, March 28, 2013 11:13 AM
To: Manson, John
Cc: bind-users@lists.isc.org
Subject: Re: Recursion issue
On Mar 28, 2013, at 7
:
test.gopleader@mercury.house.gov:
test.gopleader.gov. 300 IN CNAME testwww.house.gov.
-Original Message-
From: Chris Buxton [mailto:cli...@buxtonfamily.us]
Sent: Thursday, March 28, 2013 11:49 AM
To: Manson, John
Cc: bind-users@lists.isc.org
Subject: Re: Recursion issue
On Mar 28
, 2013 11:49 AM
To: Manson, John
Cc: bind-users@lists.isc.org
Subject: Re: Recursion issue
On Mar 28, 2013, at 8:27 AM, Manson, John wrote:
From the internet:
Answer records
name class typedatatime to live
test.gopleader.govIN CNAME testwww.house.gov
Testwww from
...@buxtonfamily.us]
Sent: Thursday, March 28, 2013 12:57 PM
To: Manson, John
Cc: bind-users@lists.isc.org
Subject: Re: Recursion issue
On Mar 28, 2013, at 9:05 AM, Manson, John wrote:
I disagree with your statement about recursion.
What stops an authoritative server from doing recursion if you do
http://www.digwebinterface.com/? Is one of the internet sites I use.
John Manson
CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington,
DC 20515
Desk: 202-226-4244 | TCC: 202-226-6430 |
john.man...@mail.house.govmailto:john.man...@mail.house.gov
Found this entry in external named log:
Mar 26 20:07:18 local@mercury named[4043]: [ID 873579 daemon.notice] client
72.13.58.93#39043: view outhouse: notify question section contains no SOA
This IP is not one of mine.
Does the word 'notify' related to zone transfers or something else.
Thanks
In the work around section of this notice, it talks about 'make clear' and
editing a file statement.
No problem with that.
Does 'make clear' affect the running named or is it best to stop named and
start it afterward?
Do I also need to run configure again or just make?
Will dig and rndc be
Can this option be used in a 'slave' config to prevent out-bound transfers?
Transfers-out 0;
The 9.9.2 ARM is ambiguous.
Thanks
John Manson
CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington,
DC 20515
Desk: 202-226-4244 | TCC: 202-226-6430 |
Good Day
Running 9.9.2 for about a month now with no worries.
Today I noticed only the reload message in the namedlog and not the zone
messages that are usually there after stopping and restarting the named process.
Worked fine on the 26th but not today.
Logs sample:
Dec 26 15:01:52
I would like to retract this post after I had a long conversation with my
co-worker who is just back from leave.
Sorry for the bother.
From: Manson, John
Sent: Friday, December 28, 2012 10:54 AM
To: 'bind-users@lists.isc.org'
Subject: Named stopped loging?
Good Day
Running 9.9.2 for about
Keep it simple.
We use syslog-ng and named logging set to default.
We get entries like this so it is easy to see who is talking to who and how
long it is taking.
Sample from one of our external servers. Redacted where necessary:
Nov 27 09:42:44 local@mercury named[17686]: [ID 873579 daemon.info]
The adb grow-names process? does not appear to be related to recursive cache as
I cleared cache while monitoring syslog and the counter kept increasing.
However a reload did start the adb grow-names process anew.
Both shown below
.
.
.
Nov 14 15:25:40 local@mercury named[2920]: [ID 873579
Just upgraded to 9.9.2 today and am seeing the following in syslog for the
first time:
Nov 14 15:08:58 local@mercury named[2920]: [ID 873579 daemon.info] adb:
grow_names to 6143 starting
Nov 14 15:08:58 local@mercury named[2920]: [ID 873579 daemon.info] adb:
grow_names finished
I gather this
Should I install bind 9.9.0 first and then update to bind 9.9.1 then update to
bind 9.9.2?
This excerpt from the README file is a little confusing:
BIND 9.9.2
BIND 9.9.2 is a maintenance release and patches the security
flaw described in CVE-2012-4244.
BIND 9.9.1
BIND
From time to time I notice a large number of queries like these to one of my
external dns servers:
14:14:40.01407 121.10.105.66 - 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.01529 121.10.105.66 - 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.03688 121.10.105.66 - 143.231.1.67 DNS C
While googling for 'default' config file options, I found this chart.
http://www.ipamworldwide.com/component/content/article/48-dns-isc/98-bind-973-options.html
It does not take the place of the ARM but seems helpful.
Enjoy
John Manson
CAO/HIR/NAF Data-Communications | U.S. House of
This url works.
http://www.internic.net/domain/named.root
You can edit your hints file to change or add info, just be sure to follow the
existing format.
JM
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
The key names will show up in syslog messages along with IPs and view names.
Compare master and slave syslogs for clues.
JM
--
Message: 1
Date: Sat, 25 Aug 2012 11:48:47 -0400
From: John Wingenbach b...@wingenbach.org
To:
Good explanation of Service Discovery:
http://www.dns-sd.org/
Also, Bonjour is a big offender:
http://en.wikipedia.org/wiki/Bonjour_%28software%29
A lot of Apple apps use it like itunes.
-Original Message-
From: bind-users-bounces+john.manson=mail.house@lists.isc.org
In our case, 90% of the dns-sd queries were for the 192.168 network.
These are from 1 client:
DNS C db._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C dr._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C lb._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C
One thing about views, since named.conf is read 'top down', you have to exclude
IP pairs used for tranfers by the 2nd view from the 1st view.
All our tranfers happen in 1 second or less on average.
JM
-Original Message-
From: bind-users-bounces+john.manson=mail.house@lists.isc.org
Is there a command for bind that will list all Options default names and
settings in named.conf?
Might be helpful in understanding why bind is acting a certin way.
Thanks
John Manson
CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC
20515
Desk: 202-226-4244 |
Will bind run on VMware?
John Manson
CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC
20515
Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
___
Please visit
defaults for 'view' and 'zone'.
Thanks
-Original Message-
From: Evan Hunt [mailto:e...@isc.org]
Sent: Tuesday, June 05, 2012 3:04 PM
To: Mike Hoskins
Cc: Manson, John; 'bind-users@lists.isc.org'
Subject: Re: Default Options
Is there a command for bind that will list all Options default names
How can I find out which Unix files/libraries bind requires before I do the
compile?
Thanks
John Manson
CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC
20515
Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
Yes
It would help if you could add the version of each listed below.
What are the 'few others?
Thanks
-Original Message-
From: Dennis Clarke [mailto:dcla...@blastwave.org]
Sent: Tuesday, May 22, 2012 12:14 PM
To: Manson, John
Cc: 'bind-users@lists.isc.org'
Subject: Re: Bind9.9.1
I found this article about setting up a secondary master.
This may be useful as we are bringing up a disaster recovery site.
The author explains that the zone type should be 'slave'' so it can receive db
updates from the normal master.
Seems like that makes it a slave instead of a master for that
Any idea when the ARM for 9.9.0 will be published?
No mention on the ISC web site.
Reference and FAQ
The primary documentation for BIND is the ARM, the Administrator's Reference
Manual. There is a separate edition of the ARM for each major release of BIND.
You can download the PDF file of the
36 matches
Mail list logo