Re: Communication error when we do axfr query for the large size zone

2022-04-19 Thread rams 
We have CentOS Linux 7 , 128GB ram and bind 9.16.13.
Could you please share what information exactly you are looking for? to
resolve the issue.

On Wed, Apr 20, 2022 at 11:36 AM Ondřej Surý  wrote:

> We can’t really help you if you withhold information. You need to learn to
> provide complete information if you want other people to help you instead
> of letting them guess what does you environment look like.
>
> Ondrej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal working hours.
>
> On 20. 4. 2022, at 8:04, rams  wrote:
>
> 
> Seeing only these two line in log:
> Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288
> 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR
> started (serial 1605611713)
> Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches
> resource limit [space usage > 90.0%]
> Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches
> resource limit [space usage > 90.0%]
> Apr 20 05:54:50 perf-bind named[74314]: client @0x7fb844005288
> 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': send:
> operation canceled
>
> On Wed, Apr 20, 2022 at 11:17 AM Crist Clark 
> wrote:
>
>> Probably.
>>
>> Maybe check for any log messages from BIND. Do packet capture to see
>> exactly what's happening to the TCP.
>>
>> On Tue, Apr 19, 2022 at 10:12 PM rams  wrote:
>>
>>> Hi,
>>> We are getting the following error when we query for the 25M zone with
>>> axfr .
>>>
>>> ]# dig @localhost 25million.com axfr |tail
>>> a8157794.25million.com. 86400   IN  A   1.1.1.1
>>> a8157795.25million.com. 86400   IN  A   1.1.1.1
>>> a8157796.25million.com. 86400   IN  A   1.1.1.1
>>> a8157797.25million.com. 86400   IN  A   1.1.1.1
>>> a8157798.25million.com. 86400   IN  A   1.1.1.1
>>> a8157799.25million.com. 86400   IN  A   1.1.1.1
>>> a81578.25million.com.   86400   IN  A   1.1.1.1
>>> a815780.25million.com.  86400   IN  A   1.1.1.1
>>> *;; communications error to 127.0.0.1#53: end of file*
>>>
>>> Do we need to increase or set any parameters?.
>>>
>>> Regards,
>>> Ramesh
>>> --
>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>> from this list
>>>
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Communication error when we do axfr query for the large size zone

2022-04-19 Thread rams 
Seeing only these two line in log:
Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288
127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR
started (serial 1605611713)
Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches
resource limit [space usage > 90.0%]
Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches
resource limit [space usage > 90.0%]
Apr 20 05:54:50 perf-bind named[74314]: client @0x7fb844005288
127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': send:
operation canceled

On Wed, Apr 20, 2022 at 11:17 AM Crist Clark 
wrote:

> Probably.
>
> Maybe check for any log messages from BIND. Do packet capture to see
> exactly what's happening to the TCP.
>
> On Tue, Apr 19, 2022 at 10:12 PM rams  wrote:
>
>> Hi,
>> We are getting the following error when we query for the 25M zone with
>> axfr .
>>
>> ]# dig @localhost 25million.com axfr |tail
>> a8157794.25million.com. 86400   IN  A   1.1.1.1
>> a8157795.25million.com. 86400   IN  A   1.1.1.1
>> a8157796.25million.com. 86400   IN  A   1.1.1.1
>> a8157797.25million.com. 86400   IN  A   1.1.1.1
>> a8157798.25million.com. 86400   IN  A   1.1.1.1
>> a8157799.25million.com. 86400   IN  A   1.1.1.1
>> a81578.25million.com.   86400   IN  A   1.1.1.1
>> a815780.25million.com.  86400   IN  A   1.1.1.1
>> *;; communications error to 127.0.0.1#53: end of file*
>>
>> Do we need to increase or set any parameters?.
>>
>> Regards,
>> Ramesh
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>> from this list
>>
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Communication error when we do axfr query for the large size zone

2022-04-19 Thread rams 
Hi,
We are getting the following error when we query for the 25M zone with axfr
.

]# dig @localhost 25million.com axfr |tail
a8157794.25million.com. 86400   IN  A   1.1.1.1
a8157795.25million.com. 86400   IN  A   1.1.1.1
a8157796.25million.com. 86400   IN  A   1.1.1.1
a8157797.25million.com. 86400   IN  A   1.1.1.1
a8157798.25million.com. 86400   IN  A   1.1.1.1
a8157799.25million.com. 86400   IN  A   1.1.1.1
a81578.25million.com.   86400   IN  A   1.1.1.1
a815780.25million.com.  86400   IN  A   1.1.1.1
*;; communications error to 127.0.0.1#53: end of file*

Do we need to increase or set any parameters?.

Regards,
Ramesh
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

all resource record types and examples

2022-04-12 Thread rams 
Hi,
Greetings ...
Could someone please share all supported DNS RRs and examples of each RR.

Regards,
Ramesh
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CPU core load not distributing with bind 9.16.21

2021-09-27 Thread rams 
Hi,
I am using bind 9.16.21 on ubuntu. When I am running dnsperf against that,
always load is going one CPU core, because of this issue, I am seeing less
QPS. Has anyone faced the same issue? Could you please someone look into
this and help me with this?

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CPU core load not distributing with bind 9.16.21

2021-09-23 Thread rams 
Hi,
I am using bind 9.16.21 on ubuntu. When I am running dnsperf against that,
always load is going one CPU core, because of this issue, I am seeing less
QPS. Has anyone faced the same issue? Could you please someone look into
this and help me with this?

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

how/why the kernel is "routing" incoming packets to a specific core

2021-09-23 Thread rams 
Hi,
I am using bind 9.16.21 on ubuntu. When I am running dnsperf against that,
always load is going one CPU core, because of this issue, I am seeing less
QPS. Has anyone faced the same issue? Could you please someone look into
this and help me with this?

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to start name

2021-04-08 Thread rams 
Thank you Stuart for your reply.
When I run named-checkconf seeing as below and also status shows always
failed.
I have looked into the below zones and not seen any issue with those.

[dev][root@xtld2.usiad42 log]# named-checkconf -z /etc/named.conf
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
[dev][root@xtld2.usiad42 log]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
● named.service - LSB:
start|stop|status|restart|try-restart|reload|force-reload DNS server
   Loaded: loaded (/etc/rc.d/init.d/named; bad; vendor preset: disabled)
   Active: failed (Result: timeout) since Fri 2021-04-09 04:49:29 UTC; 1h
15min ago
 Docs: man:systemd-sysv-generator(8)
  Process: 23987 ExecStop=/etc/rc.d/init.d/named stop (code=exited,
status=1/FAILURE)
  Process: 1345 ExecStart=/etc/rc.d/init.d/named start (code=killed,
signal=TERM)

Apr 09 05:19:38  named[1354]: generating session key for dynamic DNS
Apr 09 05:19:38 named[1354]: could not create /var/run/named/session.key
Apr 09 05:19:38 named[1354]: failed to generate session key for dynamic
DNS: permi...ied
Apr 09 05:19:38 named[1354]: sizing zone task pool based on 583 zones
Apr 09 05:19:38  named[1354]: none:100: 'max-cache-size 90%' - setting to
115894MB ...MB)
Apr 09 05:19:39  named[1354]: none:100: 'max-cache-size 90%' - setting to
115894MB ...MB)
Apr 09 05:19:39  named[1354]: configuring command channel from
'/etc/rndc.key'
Apr 09 05:19:39  named[1354]: configuring command channel from
'/etc/rndc.key'
Apr 09 05:19:39  named[1354]: reloading configuration succeeded
Apr 09 05:19:39 named[1354]: zone
5.0.0.0.0.0.0.0.8.1.6.0.1.0.a.2.ip6.arpa/IN: ref...led
Hint: Some lines were ellipsized, use -l to show in full.
[dev][root@xtld2.usiad42 log]#


On Fri, Apr 9, 2021 at 11:16 AM Stuart@registry.godaddy
 wrote:

>
>
> > From: bind-users  on behalf of rams <
> brames...@gmail.com>
> > Date: Friday, 9 April 2021 at 2:56 pm
> > To: bind-users 
> > Subject: Unable to start name
>
> > Hi
> > We are using bind 9.11.28.1 on centos7.8. We have large number of zones
> > on disk. When we stop/start , we are not getting successful message and
> > seeing below error. But in log we see named is running and doing
> > axfr/ixfr. Do we need to add any configuration paameter to avoid below
> > error.
> >
> > Starting named (via systemctl):  Job for named.service failed because a
> timeout was exceeded. See "systemctl status named.service" and "journalctl
> -xe" for details
>
> You mentioned that you have a large number of zones. If there are no error
> messages generated by NAMED starting other than the exceeding of a timeout,
> it could just be the system service-start timing out.
>
> Have a look at TimeoutSec in the service unit definition:
>
>
> https://www.freedesktop.org/software/systemd/man/systemd.service.html#TimeoutSec=
>
> You may also want to try "named-checkconf -z /etc/named.conf" and see how
> long
> it takes (as this does a similar sort of validation as starting the
> service does).
>
> Stuart
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Unable to start name

2021-04-08 Thread rams 
Hi
We are using bind 9.11.28.1 on centos7.8. We have large number of zones on
disk. When we stop/start , we are not getting successful message and seeing
below error. But in log we see named is running and doing axfr/ixfr. Do we
need to add any configuration paameter to avoid below error.

Starting named (via systemctl):  Job for named.service failed because a
timeout was exceeded. See "systemctl status named.service" and "journalctl
-xe" for details

Kindly help me.

Regards,
Ramesh.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Is auto-dnssec option mndatory for inline sign?

2020-11-13 Thread rams 
Hi,
auto-dnssec option is mandatory for inline signing along with
"inline-signing yes" option? Kindly confirm.

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to generate ZSK key with one year valid

2020-11-13 Thread rams 
Hi,
Can anyone help me how to generate ZSK key with one year validity?
When I am trying , it is default 30 days validity but i want to make ZSK
key validity 1 year. Is it possible in bind?

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Latest bind for centos7

2020-11-05 Thread rams 
Hi,
What is the latest bind version for Centos 7?
Where we can download it?

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

auto RRSIG enable

2020-11-01 Thread rams 
Hi,
Do we need to set any option in named.conf for auto RRSIG generation in
bind?
Can anyone help me on this.

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Key rollover for inline signing zones

2020-10-28 Thread rams 
Hi,
Can anyone share the steps and commands for key rollover for inline signing
zones in bind by manual/auto.

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CAA iodef clarification

2020-05-12 Thread rams 
Hi

On the CAA record iodef filed, do we force this to be unique or can it
match a CNAME?


Thanks,

Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to configure minimal-responses option at zone level?

2019-10-23 Thread rams 
Hi,
Greetings !
How to configure "minimal-responses" option at zone level?
At global level it is working fine. but looking help for zone level to
configure. Can someone help me on this

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

DS records setup

2019-02-20 Thread rams 
Greetings.!

how does recursive resolver get the information for a zone example.com in
below setup when

example.com has DS records in .com

.com is tld zone
example.com is sld zone

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SSHFP observation

2019-01-31 Thread rams 
Thank you Mukund,Jim and Alan to look my issue.

We are seeing the issue only when sshfp fingerprint value less than 4
characters.

It is working fine value with >=4 characters.

Ex: test3.ramesh-sshfp.com SSHFP 1 1   WORKING FINE

I am guessing there is bug in bind and posted in bugs list .

Regards,
Ramesh

On Thu, 31 Jan 2019, 7:14 pm rams  Hi,
> I have setup sshfp records as follows in bind zone file:
>
> test1.ramesh-sshfp.com. 86400   IN  SSHFP 1 1 aa
> test2.ramesh-sshfp.com. 86400   IN  SSHFP 1 1 00
>
> Successfully started bind but when queried for domain test1 and test2 ,
> returning malformed error and no answer. If fingerprint value wrong then
> bind should validate and should not start. Is it expected behavior? Kindly
> confirm.
>
> Bind responses
> [qa][root@regression-bind-useast1a01-01 zones]# dig @localhost
> test2.ramesh-sshfp.com. sshfp
> ;; Warning: Message parser reports malformed message packet.
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
> test2.ramesh-sshfp.com. sshfp
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49768
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> ;; WARNING: Messages has 55 extra bytes at end
>
> ;; QUESTION SECTION:
> ;test2.ramesh-sshfp.com.IN  SSHFP
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jan 31 13:29:18 2019
> ;; MSG SIZE  rcvd: 107
>
> [qa][root@regression-bind-useast1a01-01 zones]# dig @localhost
> test1.ramesh-sshfp.com. sshfp
> ;; Warning: Message parser reports malformed message packet.
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
> test1.ramesh-sshfp.com. sshfp
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23302
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> ;; WARNING: Messages has 55 extra bytes at end
>
> ;; QUESTION SECTION:
> ;test1.ramesh-sshfp.com.IN  SSHFP
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jan 31 13:29:23 2019
> ;; MSG SIZE  rcvd: 107
>
> [qa][root@regression-bind-useast1a01-01 zones]#
>
> Regards,
> Ramesh
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Fwd: SSHFP observation

2019-01-31 Thread rams 
Hi,
I have setup sshfp records as follows in bind zone file:

test1.ramesh-sshfp.com. 86400   IN  SSHFP 1 1 aa
test2.ramesh-sshfp.com. 86400   IN  SSHFP 1 1 00

Successfully started bind but when queried for domain test1 and test2 ,
returning malformed error and no answer. If fingerprint value wrong then
bind should validate and should not start. Is it expected behavior? Kindly
confirm.

Bind responses
[qa][root@regression-bind-useast1a01-01 zones]# dig @localhost
test2.ramesh-sshfp.com. sshfp
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
test2.ramesh-sshfp.com. sshfp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49768
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: Messages has 55 extra bytes at end

;; QUESTION SECTION:
;test2.ramesh-sshfp.com.IN  SSHFP

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 31 13:29:18 2019
;; MSG SIZE  rcvd: 107

[qa][root@regression-bind-useast1a01-01 zones]# dig @localhost
test1.ramesh-sshfp.com. sshfp
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
test1.ramesh-sshfp.com. sshfp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23302
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: Messages has 55 extra bytes at end

;; QUESTION SECTION:
;test1.ramesh-sshfp.com.IN  SSHFP

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 31 13:29:23 2019
;; MSG SIZE  rcvd: 107

[qa][root@regression-bind-useast1a01-01 zones]#

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind has a database option instead of zone files?

2019-01-26 Thread rams 
Greetings!!
Does Bind has a database option to read zones [if zones are in database]
instead  of zone files? if yes , how to setup? can someone help me.

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Unbound 1.9 release date

2019-01-22 Thread rams 
Greetings,
Is anyone knows unbound 1.9 release date?

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

bind 9.10.6.1 vs 9.10.6

2018-08-21 Thread rams 
Hi,
Greetings
Is there any QPS improvement bind 9.10.6 vs 9.10.6.1? because we are seeing
47K QPS on 9.10.6 and 95K QPS on 10.9.6.1 on the same zone.


Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RRSIG query

2018-04-10 Thread rams 
Hi
Greetings!!
We have 1Million signed zone records in bind. My zone is going to
auto-resign after 3 days. If we change RRSIG expire date to greater than
two months from now then if restart bind, Can we avoid auto-resign in this
week? is there any impact on resolution or is my zone is valid? what we
would need to do to make my zone is valid after changing rrsig expire date
value manually. DO we need to change any other values along with RRSIG
expire value. Kindly look into this.

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Any chance to do partial sign when RRSIG expires

2018-02-26 Thread rams 
Hi,
Greetings 
Currently in bind we are doing auto full sign when RRSIG expires . Is there
any chance to generate only RRSIGS instead of full sign.

the reason I am asking is when we have large zone and when it happens auto
RRSIG expire and full sign, the complete zone is going to full sign and
taking more memory. To avoid that is there any chance to generate only
RRSIGs like batch wise or any other alternation.

Regards.
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

SOA serial increment when we update SOA RR

2017-10-04 Thread rams 
Greetings!!

When we change any resource record like A or , then SOA serial number
gets incremented. But If we update only SOA record ,Is serial number of SOA
remain same as before or serial number of SOA will increment?.



Do we have any RFC for this?


Regards,

Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

getting two rrsigs for dnskey after ksk rollover

2017-09-20 Thread rams 
Greetings!!!
We are getting two RRSIGs and 3 DNSKEY [ 1-256 and 2-257] when we do KSK
rollover. Is it correct we are returning two RRSIGs for DNSKEY?


Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to pause master zone updates to slave for couple of minutes

2017-09-04 Thread rams 
Hi,
Greetings.
I want to test bulk updates master to slave in Bind. Is there any way to
pause to send updates to slave from master?

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

email notification in bind?

2017-08-29 Thread rams 
Hi,
Greetings!!!

Do we have  email notification feature in Bind when zone update fails.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Adding DS Records for Subdelegated Domains

2017-08-04 Thread rams 
Hi,
we have two scenarios as follows. Is there any chance to copy DS records
through AXFR or any another method to copy child DS records into parent
zone.

Scenario 1:
Customer has domain2.com on Bind1 signed with DS records for domain2.com at
place with registrar. Customer delegates a zone (sub.domain2.com) from
Bind1 to another DNS provider and wants to sign domain on the other provider
Assumption: We would have to host the DS records for sub.domain2.com in the
zone file domain2.com. They'd need to sign the zone on the other provider.


Scenario 2:

Customer has DS records for domain3.com at registrar and has domain3.com
and sub.domain3.com as separate zones on Bind1.
Question: Since this all on the same provider do the DS records only need
to exist at registrar? Will the separate zone create an issue since it (
sub.domain3.com) is not the same zone as what has DS records at the
provider (domain3.com)?


Thanks & Regards,

Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

update failed: not authoritative for update zone (NOTAUTH)

2016-10-13 Thread rams 
Hi,
Greetings !!!
I am getting the following error when we do updates to bind even we have
configured allow-update ANY, named folder is having all permissions and
also owner ship.

updating zone 'xtldprimary.com/IN': update failed: not authoritative for
update zone (NOTAUTH)


Kindly some one help me to resolve this issue.


Thanks & Regards,

Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to request ixfr updates against public ip directly instead of unicast ip in bind

2016-10-12 Thread rams 
Hi,
Greetings!!!
I have master and slave servers. When we have updates in master, slave is
getting updating after 20 or 30 minutes.
When I look into tcpdump pcakets, Slave is trying with master unicast ip to
get updates. We don't have port opened slave to master with unicast ip and
we have port opened slave to master with public ip.

Do we have any option checking for SOA value directly with public ip of
master instead of unicast ip.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Wildcard

2016-09-22 Thread rams 
Hi,
Greetings. When we have "something.*." with cname record, if we
query domain as "something.abc." , bind is not returning answer and
if i query with same name "something.*.", getting answer in bind.
When we have widlcard in middle labels, are we not treating as wildcard
record? Kindly share info.
Do we have any specific RFC for this.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Breaking trusted chain in dnssec

2016-07-13 Thread rams 
Greetings...!
Is any one explain how to break trusted chain in dnssec with example how to
create zone or data with trusted chain break.

Thanks & Regards,
ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

any tool or command to find/verify the closest encloser NSEC3 record

2016-06-28 Thread rams 
Hi,
Greetings 
Is anyone can help me to verify the NSEC3 record in response is correct or
not.
Do we have any tool or command to check closet encloser NSEC3 record or
Correct NSEC3 record returned in response.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Ns records rfc

2016-03-05 Thread rams 
Is there any rfc that a tld zone should have atleast two ns records when we
create the tld zone

Thanks & regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

recursive answer not constant

2015-12-18 Thread rams 
Hi
I have own resolver as authoritative and configured to chase the domain in
recursive bind as configured in my resolver.

ex:
example.com CNAME bind.com

I have bind.com A record in bind.

When I queried example.com against my auth resolver, for couple of queries
giving A record from bind and some times not giving A record.

Do we have any configuration in bind? Why I am getting A record some times
and not some times.

Note: allow query is already enabled in bind.

Kindly look into this issue.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: CAA RR type

2015-05-15 Thread rams 
Thank You Mark.
Now I am using 9.9 and It is working fine.


Regards,
Ramesh

On Fri, May 15, 2015 at 12:59 PM, Mark Andrews  wrote:

>
> In message  owv0s7...@mail.gmail.com>, rams writes:
> > Hi.
> > I have zone file as follows
> >
> > $ORIGIN rameshtest-caa.com.
> > $TTL 86400  ; 1 day
> > @   IN  SOA ns1.rameshtest-caa.com.
> > root.rameshtest-caa.com. (
> > 2009040114 ; serial
> > 3600   ; refresh (1 hour)
> > 900; retry (15 minutes)
> > 1814400; expire (3 weeks)
> > 900; minimum (15 minutes)
> > )
> > IN  NS  ns1.rameshtest-caa.com.
> > IN  A   1.1.1.1
> > ns1 IN  A   1.2.3.4
> > a   IN  A   2.2.2.2
> > IN  3FFE:0B80:0444:0004::::0004
> > caa IN  CAA 0 issue "ca.example.net"
> > caa1IN CAA 0 iodef "mailto:secur...@example.com";
> > caa2IN CAA 0 iodef "http://iodef.example.com/";
> >
> > When I start named, getting the following error:
> >
> > /var/named/zones/rameshtest-caa.com:15: unknown RR type 'CAA'
> > /var/named/zones/rameshtest-caa.com:16: unknown RR type 'CAA'
> > /var/named/zones/rameshtest-caa.com:17: unknown RR type 'CAA'
> > zone rameshtest-caa.com/IN: loading from master file /var/named/zones/
> > rameshtest-caa.com failed: unknown class/type
> > _default/rameshtest-caa.com/IN: unknown class/type
> >[FAILED]
> >
> >
> > I am using bind 9.6. Did I miss/mistake  anything here? Could you please
> > guide me to work for CAA.
> >
> > Thanks & Regards,
> > Ramesh
>
> Use a recent (supported) version of BIND.
>
> CAA was published Jan 2013.
> BIND 9.6.0 was released Dec 2008.
>
> CAA Support was added to BIND at these release points:
>
> BIND 9.8.8  (BIND 9.8.x is at EoL)
> BIND 9.9.6
> BIND 9.10.1
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: CAA RR type

2015-05-15 Thread rams 
Thank You Mukund .
I figured that it is implemented in 9.10

Regards,
Ramesh

On Fri, May 15, 2015 at 12:54 PM, Mukund Sivaraman  wrote:

> On Fri, May 15, 2015 at 12:39:21PM +0530, rams wrote:
> > I am using bind 9.6. Did I miss/mistake anything here? Could you
> > please guide me to work for CAA.
>
> BIND 9.6 is unsupported. Please use a current version of BIND.
>
> Mukund
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CAA RR type

2015-05-15 Thread rams 
Hi.
I have zone file as follows

$ORIGIN rameshtest-caa.com.
$TTL 86400  ; 1 day
@   IN  SOA ns1.rameshtest-caa.com.
root.rameshtest-caa.com. (
2009040114 ; serial
3600   ; refresh (1 hour)
900; retry (15 minutes)
1814400; expire (3 weeks)
900; minimum (15 minutes)
)
IN  NS  ns1.rameshtest-caa.com.
IN  A   1.1.1.1
ns1 IN  A   1.2.3.4
a   IN  A   2.2.2.2
IN  3FFE:0B80:0444:0004::::0004
caa IN  CAA 0 issue "ca.example.net"
caa1IN CAA 0 iodef "mailto:secur...@example.com";
caa2IN CAA 0 iodef "http://iodef.example.com/";

When I start named, getting the following error:

/var/named/zones/rameshtest-caa.com:15: unknown RR type 'CAA'
/var/named/zones/rameshtest-caa.com:16: unknown RR type 'CAA'
/var/named/zones/rameshtest-caa.com:17: unknown RR type 'CAA'
zone rameshtest-caa.com/IN: loading from master file /var/named/zones/
rameshtest-caa.com failed: unknown class/type
_default/rameshtest-caa.com/IN: unknown class/type
   [FAILED]


I am using bind 9.6. Did I miss/mistake  anything here? Could you please
guide me to work for CAA.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

fowarder not working

2013-11-29 Thread rams 
Hi I have configured my bind as forwader but when I query it is not
forwarding and looking into local only.

   recursion yes;
zone "com." {
type forward;
forwarders {ip; };
};

;; QUESTION SECTION:
;soap-e2e-signzone.com. IN  A

;; AUTHORITY SECTION:
.   518400  IN  NS  F.ROOT-SERVERS.NET.
.   518400  IN  NS  G.ROOT-SERVERS.NET.
.   518400  IN  NS  H.ROOT-SERVERS.NET.
.   518400  IN  NS  I.ROOT-SERVERS.NET.
.   518400  IN  NS  J.ROOT-SERVERS.NET.
.   518400  IN  NS  K.ROOT-SERVERS.NET.
.   518400  IN  NS  L.ROOT-SERVERS.NET.
.   518400  IN  NS  M.ROOT-SERVERS.NET.
.   518400  IN  NS  A.ROOT-SERVERS.NET.
.   518400  IN  NS  B.ROOT-SERVERS.NET.
.   518400  IN  NS  C.ROOT-SERVERS.NET.
.   518400  IN  NS  D.ROOT-SERVERS.NET.
.   518400  IN  NS  E.ROOT-SERVERS.NET.

Kindly help on this.

Thanks,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to get AD flag

2013-08-01 Thread rams 
Thanks david,
This the response i get
dig +short rs.dns-oarc.net txt @
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"50.16.87.189 sent EDNS buffer size 4096"
"50.16.87.189 DNS reply size limit is at least 3843 bytes"



On Fri, Aug 2, 2013 at 11:11 AM, David Newman wrote:

> On 8/1/13 10:19 PM, rams wrote:
>
> > I have 9.7 bind installed and configured recursive.  When i query
> > against forwader i am not getting AD flag but remaining answer is
> > correct for signed query. Could you please guide me how to get AD flag.
> > Already i have enabled dnssec-validation and dnssec-enabled.
>
> It's possible your forwarder has a bug that doesn't return DNSSEC
> responses (this is the case with one of our registrars' secondaries), or
> there may be a network problem.
>
> Try the dns-oarc reply size test against your forwarder:
>
> https://www.dns-oarc.net/oarc/services/replysizetest
>
> $ dig +short rs.dns-oarc.net txt @address_of_your_forwarder
>
> DNSSEC nameservers should not truncate or fragment responses, and should
> support EDNS and UDP and TCP responses. Fix any problems here first
> before doing DNSSEC debugging.
>
> You might also try querying other nameservers (e.g., Google's at
> 8.8.8.8) and check the flags there.
>
> dn
>
>
>
>
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to get AD flag

2013-08-01 Thread rams 
Hi ,
I have 9.7 bind installed and configured recursive.  When i query against
forwader i am not getting AD flag but remaining answer is correct for
signed query. Could you please guide me how to get AD flag. Already i have
enabled dnssec-validation and dnssec-enabled.

Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Can I disable caching without disabling recursion?

2012-07-09 Thread rams 
Hi ,
Can I disable cache without disabling recursion?

Thanks & Regards,

Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard falls into glue records

2012-05-14 Thread rams 
Hi,
I have NS record points a record [A/] which is falls into wildcard .
But when I query for NS record against bind, we are not getting these
records as glue records.

ex:
*.a.example.com A 1.1.1.1
example.com. NS abc.a.example.com.

Querying example.com with any or ns.
don't we get glue records for this scenario? please confirm.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Resign a zone

2011-11-08 Thread rams 
Hi ,
I have signed zone  and already i have resigned two times. Now again i am
resigning zone but after resign zone , RRSIG values are not changed. the
same old values displaying. Any wrong in me. Could you please guide me how
to change RRSIG values.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Resign a signed zone

2011-06-17 Thread rams 
Hi ,

Can we resign a signed zone with out key files? Please clarify me.


Thanks,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

key directory in named.conf

2011-04-27 Thread rams 
Hi,
How to declare multiple signed key paths in key-directory. When i declare as
follows, named not starting.

key-directory  {"/var/named/zones";"/root/ramesh/Largezone";}

Please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

dynamic update is not working for signed zone

2011-04-25 Thread rams 
Hi,
When i do a dynamic update using nsupdate, i am unable to add record into
signed zone.
steps followed:
[root@stulcqacustbind2 muktha]# nsupdate
> server 
> update add net.rameshnu.sun. 86400 IN A 1.2.3.4
> send
update failed: SERVFAIL
>

Bind log:
25-Apr-2011 12:43:22.166 update: info: client ip#47830: updating zone
'net.rameshnu.sun/IN': adding an RR at 'net.rameshnu.sun' A
25-Apr-2011 12:43:22.167 update: error: client ip#47830: updating zone
'net.rameshnu.sun/IN': found no private keys, unable to generate any
signatures
25-Apr-2011 12:43:22.167 update: error: client ip#47830: updating zone
'net.rameshnu.sun/IN': RRSIG/NSEC/NSEC3 update failed: not found

Please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Help on recursive set up

2011-02-23 Thread rams 
I have configuered recursion yes in named.conf and i queried for NS
delegated records against bind. Actually that domain is not exist in my
system. Here how bind will work.

On Wed, Feb 23, 2011 at 6:20 PM, rams  wrote:

> I have configuered recursion yes in named.conf and i queried for NS
> delegated records against bind. Actually that domain is not exist in my
> system. Here how bind will work.
>
>
>
>
> On Wed, Feb 23, 2011 at 6:16 PM, Stephane Bortzmeyer wrote:
>
>> On Wed, Feb 23, 2011 at 05:59:06PM +0530,
>>  rams  wrote
>>  a message of 33 lines which said:
>>
>> > Could you please tell me how to set up for recursive server for NS
>> > delegation records.
>> >
>> > It would be great if you give named.conf
>>
>> It would be great if you rewrite your requirments because I simply
>> cannot parse them.
>>
>> Enabling recursion:
>>
>> recursion yes;
>>
>> in named.conf.
>>
>> But I do not understand the point about "NS delegation
>> records". Please elaborate.
>>
>>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Help on recursive set up

2011-02-23 Thread rams 
Hi,
Could you please tell me how to set up for recursive server for NS
delegation records.

It would be great if you give named.conf

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard scenario

2011-01-31 Thread rams 
Hi,
I have zone as follows in bind.

$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (

  2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
joshfeb1.com. NS udns1.ultradns.net.
joshfeb1.com. NS udns2.ultradns.net.
**.joshfeb1.com. A 1.1.1.1
*.www.joshfeb1.com.  A 2.2.2.2*

When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
NOERROR and NOANSWER.When can i get answer. Could you please clarify me.

I able to get answer with abc.joshfeb1.com and abc.www.joshfeb1.com. Why
bind is not returning answer for www.joshfeb1.com, it should map to **.
joshfeb1.com. right?

Thanks & Regards,
Ramesh
*
Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread rams 
Hi Mark,

Thank You for quick clarify. I have included trailing dot and restart bind.
Now when i queired for domain "www.joshfeb1.com" with type A, I am getting
NOERROR and NOANSWER.

[root@ zones]# dig  www.joshfeb1.com. A

; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40667
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 04:13:00 2011
;; MSG SIZE  rcvd: 106

[root@zones]#

Is it correct. Actually www.joshfeb1.com is not exist and it should look
into *.joshfeb1.com right. Could you please clarify why it is not returning
answer.

Thanks & Regards,
Ramesh


On Tue, Feb 1, 2011 at 9:41 AM, Mark Andrews  wrote:

>
> In message ,
> rams w
> rites:
> > Hi,
> > I have zone as follows in bind.
> >
> > $ORIGIN joshfeb1.com.
> > @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> > 2011013101 ; serial
> > 10800 ; refresh
> > 3600 ; retry
> > 2592000 ; expire
> > 86400 ; minimum
> > )
> > joshfeb1.com. NS udns1.ultradns.net.
> > joshfeb1.com. NS udns2.ultradns.net.
> > **.joshfeb1.com A 1.1.1.1
> > *.www.joshfeb1.com A 2.2.2.2*
> >
> > When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> > NXDOMAIN.When can i get records in response. Could you please clarify me.
> >
> > The following response return.
> >
> > *[root@zones]# dig  abc.www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:36:56 2011
> > ;; MSG SIZE  rcvd: 110
> >
> > *[root@ zones]# dig  abc.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:05 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > *[root@ zones]# dig  www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:15 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > [root@stulcqacustbind2 zones]#
> >
> >
> > What bind is returning is correct?
>
> Yes.  You have a mixture of relative (no period at end) and absolute names
> (period at end) in the zone file above.  What you added to the zone
> was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You needed
> a period at the end of "com" or to just use "www".
>
> Mark
>
> > Thanks & Regards,
> > Ramesh
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard scenario

2011-01-31 Thread rams 
Hi,
I have zone as follows in bind.

$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
joshfeb1.com. NS udns1.ultradns.net.
joshfeb1.com. NS udns2.ultradns.net.
**.joshfeb1.com A 1.1.1.1
*.www.joshfeb1.com A 2.2.2.2*

When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
NXDOMAIN.When can i get records in response. Could you please clarify me.

The following response return.

*[root@zones]# dig  abc.www.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;abc.www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:36:56 2011
;; MSG SIZE  rcvd: 110

*[root@ zones]# dig  abc.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;abc.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:37:05 2011
;; MSG SIZE  rcvd: 106

*[root@ zones]# dig  www.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:37:15 2011
;; MSG SIZE  rcvd: 106

[root@stulcqacustbind2 zones]#


What bind is returning is correct?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on CNAME

2011-01-24 Thread rams 
y resolver is returning multiple CNAMEs for same hostname. But I believe
CNAME should not return same hostname with multiple values.

Ex: Configured GEOIP records as follows:

ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME az.ramesh.com.  Arizone configured

ramesh.com CNAME va.ramesh.com.  Virginia configured

ramesh.com CNAME others.ramesh.com.  Others configured

Queried “ramesh.com” from AZ,VA and OTHERS regions against my resolver.

My resolver is returning same hostname with mutliple CNAME's.

>From AZ i am getting:

ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME az.ramesh.com.

>From VA i am getting:

ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME va.ramesh.com.

Is this behavior is correct. Could you please clarify me.


Thanks & regards,

Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

NSEC3 ISSUE

2011-01-07 Thread rams 
I have trouble resolving the host name dnssecnsec3qatestdomain.com. which is
NSEC3 signed. This is the parent and child zone. If I run dig ( dnssec
query) with the +cd option I which is a proper response:



[r...@stulcqanusbind1 ~]# dig  dnssecnsec3qatestdomain.com. any +dnssec *+cd
*



; <<>> DiG 9.7.1-P2 <<>>  dnssecnsec3qatestdomain.com. any +dnssec +cd

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1601

;; flags: qr rd ra cd; QUERY: 1, ANSWER: 8, AUTHORITY: 3, ADDITIONAL: 1



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 4096

;; QUESTION SECTION:

;dnssecnsec3qatestdomain.com.   IN  ANY



;; ANSWER SECTION:

dnssecnsec3qatestdomain.com. 86396 IN   RRSIG   A 7 2 86400 2020083100
20100831205954 61559 dnssecnsec3qatestdomain.com.
A4HqcGYSyEoM7Y75MoRaK4zzNiuL45tq+AnfUIrxxEIPkIOI12FmFyhY
JOQN216QkTbYkJBlNwe2Ky1SRGjwhQ==

dnssecnsec3qatestdomain.com. 86396 IN   A   12.12.1.0

dnssecnsec3qatestdomain.com. 86396 IN   A   255.12.1.0

dnssecnsec3qatestdomain.com. 86396 IN   RRSIG   SOA 7 2 86400 2020083100
20100831205954 61559 dnssecnsec3qatestdomain.com.
eAV/LHcB3WLA9ULvsz/kcVJ63XeJCX/YAOu9ZFUM+SVDIW/BAUXNfq9O
iNBuukgDBlFZFOQyblfgjpcSW3CQMw==

dnssecnsec3qatestdomain.com. 86396 IN   SOA udns1.ultradns.net.
bitbuck...@qa.neustar.com. 2009111903 10800 3600 2592000 86400

dnssecnsec3qatestdomain.com. 86396 IN   RRSIG   NS 7 2 86400 2020083100
20100831205954 61559 dnssecnsec3qatestdomain.com.
r11osNc3HFoVFWjC1iNN9Yv3IKGvApbZwkNLdK5HTlPt+3UDB2Do7RvT
9SSJaZYLj4PEC8Gp6lT1L+0LlsEP9w==

dnssecnsec3qatestdomain.com. 86396 IN   NS  udns2.ultradns.net.

dnssecnsec3qatestdomain.com. 86396 IN   NS  udns1.ultradns.net.



;; AUTHORITY SECTION:

dnssecnsec3qatestdomain.com. 86396 IN   NS  udns2.ultradns.net.

dnssecnsec3qatestdomain.com. 86396 IN   NS  udns1.ultradns.net.

dnssecnsec3qatestdomain.com. 86396 IN   RRSIG   NS 7 2 86400 2020083100
20100831205954 61559 dnssecnsec3qatestdomain.com.
r11osNc3HFoVFWjC1iNN9Yv3IKGvApbZwkNLdK5HTlPt+3UDB2Do7RvT
9SSJaZYLj4PEC8Gp6lT1L+0LlsEP9w==





But dig (dnssec query)without +cd option returns servfail.





[r...@stulcqanusbind1 ~]# dig  dnssecnsec3qatestdomain.com. any +dnssec



; <<>> DiG 9.7.1-P2 <<>> @ dnssecnsec3qatestdomain.com. any +dnssec

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7437

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 4096

;; QUESTION SECTION:

;dnssecnsec3qatestdomain.com.   IN  ANY





In my logs I am getting messages:



Jan  7 13:17:55  named[17154]: error (no valid RRSIG) resolving '
dnssecnsec3qatestdomain.com/DNSKEY/IN': 10.31.142.103#53

Jan  7 13:17:55  named[17154]: error (broken trust chain) resolving '
dnssecnsec3qatestdomain.com/ANY/IN': 10.31.142.103#53



When doing query without +cd option.



Can you figure out what would be the exact problem?


Thanks & Regards,

Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

clarification on SOA

2010-12-01 Thread rams 
Hi,

I have one SOA record as follows in zone.

qa.com.   86400   IN SOA ramesh.com. qa.com. (
2009111903 ; serial
10800  ; refresh (3 hours)
3600   ; retry (1 hour)
2592000; expire (4 weeks 2 days)
300  ; minimum (1 day)
)

I queried for non exist domain against bind. Bind is returning SOA record
with 300 as TTL value. Is it correct? Because in my zone , SOA has 86400
TTL.

Please clarify me.

Thanks & Regards,
ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

clarification

2010-10-22 Thread rams 
Hi,

I have a record in BIND as follows:

mxdomain.com. 86400 IN MX 65536 gmail.com.

When I query "mxdomain.com." with type MX. What is the bind response. Is
there any RFC mentioned about this .

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification

2010-10-22 Thread rams 
Hi,
What is the bind response when queried MX record. The MX record is having
prefernce value is greater than maximum of preference value [ex: 65536].

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

nsupdate

2010-10-01 Thread rams 
An observation in nsupdate:





Suppose we have two A records as ,



*addforixfr.bind9712.com. 3456   IN  A   10.32.21.30*

*addforixfr.bind9712.com. 3456   IN  A   10.32.21.20*



When we update TTL value as below for one of the records , the TTL value
changes for both the records.



*update add addforixfr. bind9712.com 8564 A 10.32.21.30*

* *



[root@ zones]# dig @ addforixfr.bind9712.com



; <<>> DiG 9.2.4 <<>> @ addforixfr.bind9712.com

; (1 server found)

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15707

;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 0



;; QUESTION SECTION:

;addforixfr.bind9712.com.   IN  A



;; ANSWER SECTION:

*addforixfr.bind9712.com. 8564   IN  A   10.32.21.20*

*addforixfr.bind9712.com. 8564   IN  A   10.32.21.30*



;; AUTHORITY SECTION:

bind9712.com.   86400   IN  NS  ns3.bind9712.com.

bind9712.com.   86400   IN  NS  ns4.bind9712.com.

bind9712.com.   86400   IN  NS  ns5.bind9712.com.

bind9712.com.   86400   IN  NS  ns1.bind9712.com.

bind9712.com.   86400   IN  NS  ns2.bind9712.com.



;; Query time: 1 msec

;; SERVER: 10.31.142.24#53(10.31.142.24)

;; WHEN: Mon Mar 15 02:53:32 2010

;; MSG SIZE  rcvd: 163


Please clarify me.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind not starting

2010-09-30 Thread rams 
Hi,

I have configured records as follows in bind. When we start the bind 9.7,
bind is not starting.
But bind is started successfully when commented below ns domains which are
marked as RED. Could you please clarify me.

*Note: Bind 9.6 is started successfully with the same below zone. *
Error:
zone nsdomain.com/IN: NS 'ns1.nsdomain.com' has no address records (A or
)
zone nsdomain.com/IN: not loaded due to errors.
_default/nsdomain.com/IN: bad zone


$ORIGIN nsdomain.com.
@ IN SOA dns1.dns.net. ppk.yahoo.com. (
2009111903 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
a.nsdomain.com.86400INA1.1.1.1
a1.nsdomain.COM.86400INFE80::
a1.nsdomain.com.86400INFE80::
a1.nsdomain.com.86400INA1.1.1.1
a1.nsdomain.com.86400INNSa1.nsdomain.com.
a10.nsdomain.com.9INNSns1.nu.moon.
a11.nsdomain.com.9INNSabc.nsdomain.com.
a12.nsdomain.com.86400INNSmx.nsdomain.com.
a13.nsdomain.com.86400INNScname.nsdomain.com.
a13.nsdomain.com.86400INNSa.nsdomain.com.
a13.nsdomain.com.86400INNSmx.nsdomain.com.
a14.nsdomain.com.2147483647INNSns1.a14.nsdomain.com.
a15.nsdomain.com.2147483647INNSns1.a15.nsdomain.com.
a2.nsdomain.com.86400INNSnsdomain.com.
a3.nsdomain.com.86400INNSa3.nsdomain.com.
a3.nsdomain.com.86400INNSa2.nsdomain.com.
a3.nsdomain.com.86400INNSa1.nsdomain.com.
a3.nsdomain.com.86400INNSnsdomain.com.
a4.nsdomain.com.86400INNSa4.nsdomain.com.
a4.nsdomain.com.86400INNSa4.nsdomain.com.
a4.nsdomain.com.86400INNSa4.nsdomain.com.
A5.NSDOMAIN.COM.86400INFE80::
a5.NSDOMAIN.com.86400INFE80::
A5.nsdomain.com.86400INFE80::
a5.nsdomain.com.86400INFE80::
A5.NSDOMAIN.COM.86400INA255.255.255.255
a5.nsdomain.COM.86400INA255.255.255.255
a5.NSDOMAIN.com.86400INA255.255.255.255
A5.nsdomain.com.86400INA255.255.255.255
a5.nsdomain.com.86400INA255.255.255.255
a5.nsdomain.com.86400INNSA5.NSDOMAIN.COM.
a5.nsdomain.com.86400INNSa5.nsdomain.COM.
a5.nsdomain.com.86400INNSa5.NSDOMAIN.com.
a5.nsdomain.com.86400INNSA5.nsdomain.com.
A6.NSDOMAIN.COM.86400INA255.255.255.255
a6.nsdomain.COM.86400INA255.255.255.254
a6.NSDOMAIN.com.86400INA255.255.255.253
A6.nsdomain.com.86400INA255.255.255.252
a6.nsdomain.com.86400INA255.255.255.251
a6.nsdomain.com.86400INNSA6.NSDOMAIN.COM.
a6.nsdomain.com.86400INNSa6.nsdomain.COM.
a6.nsdomain.com.86400INNSa6.NSDOMAIN.com.
a6.nsdomain.com.86400INNSA6.nsdomain.com.
a6.nsdomain.com.86400INNSa6.nsdomain.com.
A7.NSDOMAIN.COM.86400IN2001::1001
a7.nsdomain.COM.86400IN2001::
a7.NSDOMAIN.com.86400INFEA0::
A7.nsdomain.com.86400INFE90::
a7.nsdomain.com.86400INFE80::
a7.nsdomain.com.86400INNSA7.NSDOMAIN.COM.
a7.nsdomain.com.86400INNSa7.nsdomain.COM.
a7.nsdomain.com.86400INNSa7.NSDOMAIN.com.
a7.nsdomain.com.86400INNSA7.nsdomain.com.
a7.nsdomain.com.86400INNSa7.nsdomain.com.
a8.nsdomain.com.0INNSns1.nu.moon.
a9.nsdomain.com.100INNSns1.nu.moon.
cname.nsdomain.com.86400INCNAMEnsdomain.com.
mx.nsdomain.com.86400INMX10 nsdomain.com.
net.nsdomain.com.86400INNSns3.dns.net.nsdomain.com.
net.nsdomain.com.86400INNSns2.dns.net.nsdomain.com.
net.nsdomain.com.86400INNSns1.dns.net.nsdomain.com.
ns1.dns.net.nsdomain.com.86400IN
2001:0DCE:2000:0002::::0130
ns1.dns.net.nsdomain.com.86400INA202.46.190.130
ns2.dns.net.nsdomain.com.86400IN
2001:0DCE:2000:0002::::0130
ns2.dns.net.nsdomain.com.86400INA202.46.191.130
ns3.dns.net.nsdomain.com.86400INA203.97.8.250
*;nsdomain.com.86400INNSns2.nsdomain.com.
;nsdomain.com.86400INNSns1.nsdomain.com.*
nsdomain.com.86400INNSdns2.dns.net.
nsdomain.com.86400INNSdns1.dns.net.
;End of file: 1285827330


Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on delegated NS

2010-09-29 Thread rams 
Hi ,

When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when
i queried for NS delegated record with NS.

Could you please clarify me or is it bug in 9.7?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on bind response

2010-08-24 Thread rams 
 Hi

When we have data as follows queried domain "maint.rameshops5526old.com."
against bind and my own resolver. Bind and my resolver response are same but
only mismatching with flags. bind is returning AA flag but my resolver is
not returning AA flag. in this case wihcih is correct bind or my resolver?

Zone: rameshops5526old.com

maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-24 Thread rams 
Hi ,
Please tell me the correct answer for the below set up:

*Zone: rameshops5526old.com
*
maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.

dig @localhost *maint.rameshops5526old.com A*

**
Thanks & Regards,
Ramesh
*
*
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on bind response

2010-08-23 Thread rams 
Hi,

I have set up data as follows in bind.
Zone: rameshops5526old.com

maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.

Queried against bind and get the reposne as follows

[r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194
maint.rameshops5526old.com.
; <<>> DiG 9.6.1-P3 <<>> @10.31.145.194 maint.rameshops5526old.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16855
;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;maint.rameshops5526old.com.IN  A
;; ANSWER SECTION:
maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
;; AUTHORITY SECTION:
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Aug 24 06:26:31 2010
;; MSG SIZE  rcvd: 195
Here AA flag is returning is it correct? because domain "
global.rameshops5526old.com. " delegated so we should not return AA flag
right? Please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RRSIG for glue records

2010-08-04 Thread rams 
Hi ,

I have delegated NS records and those records pointed to A records in signed
zone. When I queired for my delgated domain against bind 9.6-p3.

Bind is returning NS records and RRSIG for NS in authority section
correctly. Glue records are returned correctly in additional section but
RRSIG values are not returned for glue records.
Is RRSIG won't return for glue records in additonal section?

Could you please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on ANY query

2010-08-02 Thread rams 
Hi ,

I have data as follows

a.rameshops5446.com. 86400 IN A 1.2.3.1
a.rameshops5446.com. 86400 IN MX 10 a.rameshops5446.com.
I queried domain "a.rameshops5446.com" with type ANY against bind9.6 .

Actual Result:
Bind is returning above two records in answer section and also returning A
record in additional section as follows.

# dig @localhost a.rameshops5446.com. any
; <<>> DiG 9.6.1-P3 <<>> @localhost a.rameshops5446.com. any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33411
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;a.rameshops5446.com.   IN  ANY
;; ANSWER SECTION:
a.rameshops5446.com.86400   IN  MX  10 a.rameshops5446.com.
a.rameshops5446.com.86400   IN  A   1.2.3.1
;; AUTHORITY SECTION:
rameshops5446.com.  86400   IN  NS  udns2.ultradns.net.
rameshops5446.com.  86400   IN  NS  udns1.ultradns.net.
;; ADDITIONAL SECTION:
a.rameshops5446.com.86400   IN  A   1.2.3.1
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug  3 04:06:45 2010
;; MSG SIZE  rcvd: 137
Here my doubt is A record already returned in answer section why the same A
record is returning in additional section. I know if MX pointed record have
any A/ records will return in additional section. but in above case
already the same A record returned in answer section. Is bind result
correct? could you please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

cname chain limit

2010-07-09 Thread rams 
Hi ,

What is the cname chains limit ?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-users Digest, Vol 538, Issue 1

2010-06-07 Thread rams 
Hi ,

When we resign using "dnssec-signzone -o  -f 
" , we don't get SOA incremented . In general AXFR looks
for SOA comparison to reload zone file. In this case how will AXFR happen?


Thanks & Regards,
Ramesh




On Mon, Jun 7, 2010 at 5:30 PM,  wrote:

> Send bind-users mailing list submissions to
>bind-users@lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
>bind-users-requ...@lists.isc.org
>
> You can reach the person managing the list at
>bind-users-ow...@lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>   1. .org registrars allowing DS records (itservices88)
>   2. Re: .org registrars allowing DS records  (Kevin Oberman)
>   3. Re: .org registrars allowing DS records (Doug Barton)
>   4. Re: .org registrars allowing DS records  (Mark Andrews)
>   5. Re: .org registrars allowing DS records (itservices88)
>   6. how to resign a zone (rams)
>   7. Re: how to resign a zone (Alan Clegg)
>
>
> --
>
> Message: 1
> Date: Sun, 6 Jun 2010 11:36:43 -0700
> From: itservices88 
> Subject: .org registrars allowing DS records
> To: bind-users@lists.isc.org
> Message-ID:
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I am using godaddy.com for my .org domains and as per the customer support
> replies, they donot support DNSSEC and thus cannot add DS records for my
> domains.
>
> Which other registrars people are using that allow DS records.
>
> Thanks
> -dani
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20100606/d0704f3b/attachment-0001.html
> >
>
> --
>
> Message: 2
> Date: Sun, 06 Jun 2010 17:14:27 -0700
> From: "Kevin Oberman" 
> Subject: Re: .org registrars allowing DS records
> To: itservices88 
> Cc: bind-users@lists.isc.org
> Message-ID: <20100607001427.7e7161c...@ptavv.es.net>
> Content-Type: text/plain; charset=us-ascii
>
> > I am using godaddy.com for my .org domains and as per the customer
> support
> > replies, they donot support DNSSEC and thus cannot add DS records for my
> > domains.
> >
> > Which other registrars people are using that allow DS records.
> >
> > Thanks
> > -dani
>
> Last I checked, .org, while signed, was not yet accepting DS records from
> anyone. I suspect that no gtld other than .gov will accept them until the
> root
> is signed next month.
>
> I do know that afilias was certifying registrars and I believe that they
> will
> be releasing a list of those registrars that are certified, but that will
> not
> mean that they will be accepting them immediately.
>
> Until then, dlv.isc.org is the best (only?) option.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: ober...@es.net  Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
>
>
>
>
> --
>
> Message: 3
> Date: Sun, 06 Jun 2010 17:24:07 -0700
> From: Doug Barton 
> Subject: Re: .org registrars allowing DS records
> To: Kevin Oberman 
> Cc: bind-users@lists.isc.org
> Message-ID: <4c0c3c27.2050...@dougbarton.us>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 06/06/10 17:14, Kevin Oberman wrote:
> >> I am using godaddy.com for my .org domains and as per the customer
> support
> >> replies, they donot support DNSSEC and thus cannot add DS records for my
> >> domains.
> >>
> >> Which other registrars people are using that allow DS records.
> >>
> >> Thanks
> >> -dani
> >
> > Last I checked, .org, while signed, was not yet accepting DS records from
> > anyone. I suspect that no gtld other than .gov will accept them until the
> root
> > is signed next month.
> >
> > I do know that afilias was certifying registrars and I believe that they
> will
> > be releasing a list of those registrars that are certified, but that will
> not
> > mean that they will be accepting them immediately.
>
> Basically correct, yes. For ORG, keep your eye on the following list:
> http://www.pir.org/get/registrars
>
&g

how to resign a zone

2010-06-06 Thread rams 
Hi,

How to resign a zone?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

clarification on AXFR

2010-06-02 Thread rams 
Hi,
During AXFR of a zone, the zone.dbfile is not created till the AXFR
completes. Till AXFR completes, the file name will be some value as
456eefwfc. Is it correct behavior?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind response

2010-06-01 Thread rams 
Hi ,

I have the following zone file:
$ORIGIN td3497.com.
@ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
2010052610 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.
mx.chain.td3497.com. 86400 IN MX 34 mx1.chain.td3497.com.
mx1.chain.td3497.com. 86400 IN MX 34 mx2.chain.td3497.com.
mx2.chain.td3497.com. 86400 IN MX 34 mx3.chain.td3497.com.
mx3.chain.td3497.com. 86400 IN A 1.2.3.4
ramesh.td3497.com. 86400 MX 20 .
ramesh.td3497.com. 86400 MX 20 mx1.
cname.td3497.com. 86400 CNAME .
 td3497.com. 86400 IN NS udns2.ultradns.net.
td3497.com. 86400 IN NS udns1.ultradns.net.
;End

I queried for cname domain against bind 9.6.X and got the following response
C:\Documents and Settings\rameshb>dig @localhost cname.td3497.com mx
; <<>> DiG 9.6.1-P1 <<>> @localhost cname.td3497.com mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;cname.td3497.com.  IN  MX
;; ANSWER SECTION:
cname.td3497.com.   86400   IN  CNAME   .
;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 31 14:10:32 2010
;; MSG SIZE  rcvd: 47

Here why authority section is not returned? Actually authority section
should be returned with SOA right?
Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind result

2010-06-01 Thread rams 
Is there any update on the following issue.

On Mon, May 31, 2010 at 2:16 PM, rams  wrote:

> Hi ,
>
> I have the following zone file:
>
> $ORIGIN td3497.com.
>
> @ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
>
> 2010052610 ; serial
>
> 10800 ; refresh
>
> 3600 ; retry
>
> 2592000 ; expire
>
> 86400 ; minimum
>
> )
>
> cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.
>
> mx.chain.td3497.com. 86400 IN MX 34 mx1.chain.td3497.com.
>
> mx1.chain.td3497.com. 86400 IN MX 34 mx2.chain.td3497.com.
>
> mx2.chain.td3497.com. 86400 IN MX 34 mx3.chain.td3497.com.
>
> mx3.chain.td3497.com. 86400 IN A 1.2.3.4
>
> ramesh.td3497.com. 86400 MX 20 .
>
> ramesh.td3497.com. 86400 MX 20 mx1.
>
> *cname.td3497.com. 86400 CNAME .*
>
>  td3497.com. 86400 IN NS udns2.ultradns.net.
>
> td3497.com. 86400 IN NS udns1.ultradns.net.
>
> ;End
>
>
>
> I queried for cname domain against bind 9.6.X and got the following
> response
>
> C:\Documents and Settings\rameshb>dig @localhost cname.td3497.com mx
>
> ; <<>> DiG 9.6.1-P1 <<>> @localhost cname.td3497.com mx
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 681
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;cname.td3497.com.  IN  MX
>
> ;; ANSWER SECTION:
> cname.td3497.com.   86400   IN  CNAME   .
>
> ;; Query time: 15 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon May 31 14:10:32 2010
> ;; MSG SIZE  rcvd: 47
>
>
>
> Here why authority section is not returned? Actually authority section
> should be returned with SOA right?
>
> Thanks & Regards,
>
> Ramesh
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on bind result

2010-05-31 Thread rams 
Hi ,

I have the following zone file:

$ORIGIN td3497.com.

@ IN SOA udns1.ultradns.net. ppk.yahoo.com. (

2010052610 ; serial

10800 ; refresh

3600 ; retry

2592000 ; expire

86400 ; minimum

)

cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.

mx.chain.td3497.com. 86400 IN MX 34 mx1.chain.td3497.com.

mx1.chain.td3497.com. 86400 IN MX 34 mx2.chain.td3497.com.

mx2.chain.td3497.com. 86400 IN MX 34 mx3.chain.td3497.com.

mx3.chain.td3497.com. 86400 IN A 1.2.3.4

ramesh.td3497.com. 86400 MX 20 .

ramesh.td3497.com. 86400 MX 20 mx1.

*cname.td3497.com. 86400 CNAME .*

 td3497.com. 86400 IN NS udns2.ultradns.net.

td3497.com. 86400 IN NS udns1.ultradns.net.

;End



I queried for cname domain against bind 9.6.X and got the following response

C:\Documents and Settings\rameshb>dig @localhost cname.td3497.com mx

; <<>> DiG 9.6.1-P1 <<>> @localhost cname.td3497.com mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cname.td3497.com.  IN  MX

;; ANSWER SECTION:
cname.td3497.com.   86400   IN  CNAME   .

;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 31 14:10:32 2010
;; MSG SIZE  rcvd: 47



Here why authority section is not returned? Actually authority section
should be returned with SOA right?

Thanks & Regards,

Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to resign a signed zone

2010-05-26 Thread rams 
Hi,
How do we resign the  signed zone? What is the command to do the RESIGNING ?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

chaining MX

2010-05-26 Thread rams 
Hi,
I have mx records with chaining as follows.
mx.chain.td3497.com.86400INMX34 mx1.chain.td3497.com.
mx1.chain.td3497.com.86400INMX34 mx2.chain.td3497.com.
mx2.chain.td3497.com.86400INMX34 mx3.chain.td3497.com.
mx3.chain.td3497.com.86400INA1.2.3.4

Now if i query for domain "mx.chain.td3497.com. " with type MX or any, did
we get chain in answer ? or did we get only specific domain pointed mx
record.

Thanks & regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: add a record into signed zone

2010-05-13 Thread rams 
Hi ,
As you said I tried with nsupdate but unable to add a record into signed
zone. It is giving SERVFAIL. Do we need to send any special value?

Thanks,
Ramesh

On Thu, May 13, 2010 at 9:05 AM, Mark Andrews  wrote:

>
> In message ,
> rams
>  writes:
> >
> > Hi,
> > How to add a record into signed zone using nsupdate. Is there any
> additional
> > arguments need to be passed for getting RRSIG of addition record or
> > automatically bind will take care?
> >
> > Thanks & Regards,
> > Ramesh
>
> Named will take care of it.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

add a record into signed zone

2010-05-12 Thread rams 
Hi,
How to add a record into signed zone using nsupdate. Is there any additional
arguments need to be passed for getting RRSIG of addition record or
automatically bind will take care?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Behavior of delegation records for dnssec

2010-05-10 Thread rams 
Hi,

I have delegation of NS records in my zone and i signed zone using RSASHA1
algorithm. It is signed successfully. When I checked the the zone i am not
seeing RRSIG for delegated NS records. When I query for delegated NS record
with dnssec, it is returning NS records, NSEC and RRSIG for NSEC and also
glue records returned in additional section with out any RRSIG. Dig results
are given below.

; <<>> DiG 9.6.1-P3 <<>> @localhost srs.net.nu.moon. A +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40245
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;srs.net.nu.moon.   IN  A

;; AUTHORITY SECTION:
srs.net.nu.moon.86400   IN  NS  ns1.dns.net.nu.moon.
srs.net.nu.moon.86400   IN  NS  ns2.dns.net.nu.moon.
srs.net.nu.moon.86400   IN  NS  ns3.dns.net.nu.moon.
srs.net.nu.moon.86400   IN  NSECnet.nu.moon. NS RRSIG NSEC
srs.net.nu.moon.86400   IN  RRSIG   NSEC 5 4 86400
20100521075518 20100421075518 57966 net.nu.moon.
DxLpXxvkOsLVruDKp1K/K7FUPpxlxI/awCOtggM6m6T/d26iGwDJ1wqW
5PTQ6baNCgUTUbiydNEpHmKR7Z1bqQ==

;; ADDITIONAL SECTION:
ns1.dns.net.nu.moon.86400   IN  A   202.46.190.130
ns1.dns.net.nu.moon.86400   IN  2001:dce:2000:2::130
ns2.dns.net.nu.moon.86400   IN  A   202.46.191.130

Why i am not getting RRSIG for NS records and also RRSIG for additional
section records. Is there any configuration required for glue records and
delegated records . Please clarify me on this.

Thanks,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-users Digest, Vol 512, Issue 3

2010-05-09 Thread rams 
Hi Peter,

In the out put of your dig result , you can see the following section. This
section is counted as RR and count will be updated in additional section.
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096



Thanks,
ramesh

On Sun, May 9, 2010 at 11:02 PM,  wrote:

> Send bind-users mailing list submissions to
>bind-users@lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
>bind-users-requ...@lists.isc.org
>
> You can reach the person managing the list at
>bind-users-ow...@lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>   1. RE: Dig 9.7 DNSSEC output (Peter Janssen)
>   2. Re: Dig 9.7 DNSSEC output (R Dicaire)
>   3. RE: Dig 9.7 DNSSEC output (Peter Janssen)
>   4. Re: Dig 9.7 DNSSEC output (Shumon Huque)
>   5. RE: Dig 9.7 DNSSEC output (Chris Thompson)
>
>
> --
>
> Message: 1
> Date: Sun, 9 May 2010 17:48:34 +0200
> From: "Peter Janssen" 
> Subject: RE: Dig 9.7 DNSSEC output
> To: "'R Dicaire'" 
> Cc: bind-users@lists.isc.org
> Message-ID: <024201caef8f$150177e0$3f0467...@janssen@eurid.eu>
> Content-Type: text/plain;   charset="iso-8859-1"
>
> Hi Rick,
>
> as per the header of Dig output?
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9
>
> a part from that, I'm glad that my counting is still up to par :-)
>
> R.
> --Pj.
>
> Peter Janssen
> Technical Manager
>
> Join us in June! EURid hosts ICANN?s 38th meeting in Brussels.? Find out
> more at brussels38.icann.org.
>
> ??? EURid
> ??? Woluwelaan 150
> ??? 1831 Diegem - Belgium
> ??? TEL.: +32 (0) 2 401 2750
> ??? peter.jans...@eurid.eu
> ??? http://www.eurid.eu
> ???
>
>
>
> From: R Dicaire [mailto:dicai...@gmail.com]
> Sent: Sunday, May 09, 2010 17:42
> To: Peter Janssen
> Cc: bind-users@lists.isc.org
> Subject: Re: Dig 9.7 DNSSEC output
>
> On Sun, May 9, 2010 at 11:24 AM, Peter Janssen 
> wrote:
> ;; ADDITIONAL SECTION:
> ns.nic.se. ? ? ? ? ? ? ?3600 ? ?IN ? ? ?A ? ? ? 212.247.7.228
> ns.nic.se. ? ? ? ? ? ? ?3600 ? ?IN ? ? ? ? ?2a00:801:f0:53::53
> ns2.nic.se. ? ? ? ? ? ? 3600 ? ?IN ? ? ?A ? ? ? 194.17.45.54
> ns3.nic.se. ? ? ? ? ? ? 60 ? ? ?IN ? ? ?A ? ? ? 212.247.3.83
> ns.nic.se. ? ? ? ? ? ? ?3600 ? ?IN ? ? ?RRSIG ? A 5 3 3600 20100517132001
> 20100507132001 20273 nic.se.
> TLTnkqESLN7DdoC2urF14ox1JolvUSCySe4oqYfof4ER/ZNNl8DO1P46
> mSKpNxf3kNUJWoMkjBjtUgZgiMcVSuD7V6qTHLA2A8tEhnM4pXCeo/yj
> kirCEzo3YQzcW56BZVXgVe41K3QT4GpIm0rmTyEy+8ZCe7oeMKFem5PL Ibw=
> ns.nic.se. ? ? ? ? ? ? ?3600 ? ?IN ? ? ?RRSIG ?  5 3 3600
> 20100517132001
> 20100507132001 20273 nic.se.
> HcUbk9y1aR9zeHOwNsqTtPL97P+ftyoQVAyTZbuPpr6GEzIsKL8MyQoP
> h4qyAkOHFWC2lgZ4xroHemR9OXa3JCLn1UtYE0UbgszUJWSJcQW+2ho3
> GIsfEzVfJwMEomhvPuEyVfNxdaP87ITFTfNJcUvEApHCnYHO0RNgeEL0 l/Y=
> ns2.nic.se. ? ? ? ? ? ? 3600 ? ?IN ? ? ?RRSIG ? A 5 3 3600 20100517132001
> 20100507132001 20273 nic.se.
> fGqc3OIwmaYPFJoRrULGaUIRxGV+i6FJkcSZ4HRJL0x+siwVcTrIb+5t
> ER9woGl9sabyXH9H4aHc90ARABer0RodbnQSZDT7SPamDb97UP1ESBs2
> Av9N43nr54M/ctLk8EZc1q7GblBK7inf7iY/AQsHTsFv1BWJOAYw+n4N YaM=
> ns3.nic.se. ? ? ? ? ? ? 60 ? ? ?IN ? ? ?RRSIG ? A 5 3 60 20100517132001
> 20100507132001 20273 nic.se.
> vTil1+1r3dOyV3zHdd53p2O5qnBHfexdwJVjx2E+G5z5FTqa50YRQYfH
> JwVHHertJcMo2wek/y2g0GBQJdkFTKwpJZv3IWWp9TYqJ3lCIYzoWxWV
> pzc7i+m2Ha3HupVY0e/tOJPKsiJu+LnyH3LJ66WV/xCRDjhZ8N6RONl5 xQU=
>
> I count 8 RRs. 3 A, 1 , 4 RRSIG.
>
> Where are you seeing 9?
>
> --
> aRDy Music/Rick Dicaire
>
> http://www.ardynet.com
> http://linux.ardynet.com
>
>
>
> --
>
> Message: 2
> Date: Sun, 9 May 2010 12:00:14 -0400
> From: R Dicaire 
> Subject: Re: Dig 9.7 DNSSEC output
> To: Peter Janssen 
> Cc: bind-users@lists.isc.org
> Message-ID:
>
> Content-Type: text/plain; charset="windows-1252"
>
> On Sun, May 9, 2010 at 11:48 AM, Peter Janssen  >wrote:
>
> > as per the header of Dig output?
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9
> >
>
> Curious, I too get 9 but only 8 RRs are shown:
>
> ; <<>> DiG 9.7.0-P1 <<>> +dnssec @rdb.ardynet.com ardynet.com ns
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19752
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 9
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;ardynet.com. IN NS
>
> ;; ANSWER SECTION:
> ardynet.com. 10800 IN NS rdb.ardynet.com.
> ardynet.com. 10800 IN NS dev.ardynet.com.
> ardynet.com. 10800 IN RRSIG NS 5 2 10800 2010051512 2010050912
> 60794
> ardynet.com. uEABRGErPScK6zTn8V2aZwWXdC7sc1wh7eFsyGHkwcfGrugsLdFPVSfZ
> vetCUVXoOj1OnUNPeO5/cM

help on NESC3PARAM

2010-05-06 Thread rams 
HI ,
How to sign  a zone for getting  NSEC3, NSEC3PARAM RR's in a signed zone.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Create DS and DLV records

2010-05-04 Thread rams 
Hi,
could you please explain me, how to create DS and DLV records into my zone.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users