Hmm! I was just thinking this is a BUG!
I wrote a function in Perl to modify the serial number:
sub increase_serial {
my $bindetc = /usr/local/bind/etc/;
my @zones = get_zones(); # get the zones
for my $zone (@zones) {
for my $isp ('tel','cnc') { # two isp links
On Fri, 20 Mar 2009 15:57:03 +1100
Mark Andrews mark_andr...@isc.org wrote:
I'm trying to query for A record, like this :
# dig @a.gtld-servers.net ns1.ats-com.com +short
203.130.232.235
# dig @203.130.232.235 ns1.ats-com.com +short
(No A Record)
What is happen if that NS be
More data will need to be known. Where is the master and where is the
slave, in the same subnet, or elsewhere?
Were you previously getting any queries against the master at all,
look in your logs?
Are you sure your domains NS records even point to the master server?
If the master is
-- Forwarded message --
From: Chris Dew cms...@googlemail.com
Date: 2009/3/20
Subject: Re: No name resolution when slave is down
To: Dennis J. denni...@conversis.de
Asking the obvious here, but does your domain registrar list both your
master and your slave as authoritative
DHCP options not giving both nameservers? What happens when you
manually configure your workstation to only query the master?
Quoting Dennis J. denni...@conversis.de:
Hi,
This morning the slave in our nameserver setup went down and
surprisingly none of the domains hosted on these system
Hi,
This morning the slave in our nameserver setup went down and surprisingly
none of the domains hosted on these system could be resolved anymore even
with the master working perfectly fine.
When I send queries directly to the master it resolves the domains fine so
I'm not sure why a failure
Greetings fellow bind users:
We have two name servers: ns1, ns2.
We have domain name: let's say abc.com
Management decided to have a dns hosting company hosts that domain. LOL.
Now they want to move that domain back to the ns1, ns2. ($$)
I have changed the dns entries at the registrar to point
Hi Everyone
I have installed BIND 9.6.0-P1 on a Windows Server 2003 x64 system but when I
come to start the ISC BIND service I always get a 1067 error which I read
somewhere was due to permissions so made sure the user account password etc was
correct still didn't fix the issue.
Sometimes the
You have recursion disabled on your abc.com server, and I believe that
is preventing your query from succeeding. My understanding is that the
contents of the root hints file are not stored in the server's cache
(which means, I think, that they are not themselves returned in response
to queries
On 20.03.09 09:56, John D. Vo wrote:
We have two name servers: ns1, ns2.
We have domain name: let's say abc.com
Management decided to have a dns hosting company hosts that domain. LOL.
Now they want to move that domain back to the ns1, ns2. ($$)
I have changed the dns entries at the registrar
In article gq077q$13q...@sf1.isc.org, John D. Vo j...@eagle.net
wrote:
1. If ns1 is not authoritative for abc.com, ns2 cannot do a zone
transfer from ns1, correct? please confirm.
Correct.
2. If yes on number 1, then WHY?
A nameserver declares itself non-authoritative either because it
We have a domain which we serve dns for but we don't handle mail for this
client. However in the log file I can see all the time that there mail server
is trying to run a query on our dns server but is being denied.
The log message
20-Mar-2009 16:32:54.984 security: info: client
In article gq0gtm$1a0...@sf1.isc.org,
Carl Fretwell c...@growstudio.co.uk wrote:
We have a domain which we serve dns for but we don't handle mail for this c=
lient. However in the log file I can see all the time that there mail serve=
r is trying to run a query on our dns server but is
I had to do this a couple times lately .. this is the simplest way I've
found. It's not elegant or nifty, but it works.
on the master:
grep zone named.conf | awk '{print $2} | sort master.zones
on the slave:
grep zone named.conf | awk '{print $2} | sort slave.zones
get the files on the
Yes, Todd. 9.2.2.
Todd Snyder wrote:
I had to do this a couple times lately .. this is the simplest way I've
found. It's not elegant or nifty, but it works.
on the master:
grep zone named.conf | awk '{print $2} | sort master.zones
on the slave:
grep zone named.conf | awk '{print $2} |
I know at some point in the recent past, BIND started loading RFC1918
zones, which can increase the zone count, even though they don't show up
in named.conf. That caused me 5 minutes of wtf before I remembered.
I think it was well after 9.2.2, so I'm guessing you should be safe.
t.
Hi Todd:
Thank you for those magical commands. Works better than printing them
out and crossing one by one with a pen.
Think the problem was some of the domains I created on master(see my
previous post) did not get transferred to the slave hence the mismatch.
I just reloaded on the master
In message 49c3f591.1090...@eagle.net, John D. Vo writes:
--===8258205717685425773==
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
html
head
meta content=text/html;charset=ISO-8859-1
BIND does NOT load RFC1918 zones. The Internet-Draft that will
allow that has been stalled for over a year now. Once that
draft
clears the working group the #if 0/#endif around the RFC 1918
zones will be removed.
Perhaps I am confused by terminology.
I am referring
Barry Margolin bar...@alum.mit.edu wrote:
This suggests one of the following problems:
1. 95.102.17.107 is pointing to your nameserver in its resolver
configuration, but your server doesn't allow them to use you as a
resolver (the IP isn't in your allow-recursion and allow-query-cache
BIND 9.5.1-P2 is now available.
BIND 9.5.1-P2 is a SECURITY patch for BIND 9.5.1. It addresses a bug
in DNSSEC lookaside validation (DLV): unrecognized signature algorithms,
which should have been treated as the equivalent of an unsigned zone,
were instead treated as a
BIND 9.4.3-P2 is now available.
BIND 9.4.3-P2 is a SECURITY patch for BIND 9.4.3. It addresses a bug
in DNSSEC lookaside validation (DLV): unrecognized signature algorithms,
which should have been treated as the equivalent of an unsigned zone,
were instead treated as a
Users of BIND version 9.5.x or 9.4.x AND DLV
ISC announced a new user interface for DLV - DNSSEC Lookaside Validation
on March 11th. We have been running the DLV service in limited
production and will shortly be ready to move to full production.
On
2009/3/21 Mark Andrews mark_andr...@isc.org:
Named records modification times of masterfiles and only
reloads those that are *newer* than the recorded modification
time.
Thanks. That help me understand for the case.
___
24 matches
Mail list logo