Are there performance increases/decreases involved with using a db in
place of bind's normal zone files?
Is there a sqlite3 backend to bind?
Regards,
Chris.
--
http://www.finalcog.com/
2009/5/4 David Ford da...@blue-labs.org:
I use the DLZ/PG backend and it's rock solid. I use Ant with a
Hello Martin,
since a major outage at my provider, dtag.de or Deutsche Telecom AG, I have
trouble
with f.root-servers.net. Sometimes dig ... +vc does help me to see
f.root-servers.net.
The real problem is anycast. With udp it behaves different than with tcp.
When querying servers that are
Please explain:With DNSSEC tcp is almost a must. Same with IPv6.Is EDNS0 not
EDNS would be nice if it was working, but the same guy who disabled tcp in the
firewall somehow has shot EDNS too.
There are so many broken firewalls around nameservers that tcp is a must.
It is not an EDNS or bind problem. It is the firewalls in between.
Expect the worst but try to give your
Hi all,
I have some doubts and I would like clarify them:
- Bind ( version 9.5) provides lots of statistics information and provides
two interfaces for users to get access to it (file dump and HTTP access).
For what I see and read the counters are cumulative during the time the
service is
I'm seeing lots of DNS resolution failures on my router (running Utuntu
8.10, bind 9.3.4). While most succeed, I get quite a few FORMERR errors
similar to:
May 4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 66.151.140.2#53
May 4 20:25:25 localhost named[19579]:
Hello Nuno,
I don't know if you can reset the stats, but in my environment I had the
need to check statistics to alert us to attacks and high abnormally high
query numbers. In order to do this, I wrote shell scripts that check the
current count and writes that value to a file. This is a
Good day,
(BIND 9.6.0-P1)
Although, to me, delegation seems like a fairly simple configuration, I
seem to be having problems. What I am trying to do is very simple - I
have a lab, and I want to delegate part of the namespace to someone else
in the lab. My configuration looks like this:
(zone
My understanding of delegation is that the resolver goes out to it's
configured nameserver. That nameserver returns the NS records for the
delegated namespace, then the resolver goes to the delegated server to
ask the next question. Am I incorrect in that?
It works that way, sometimes.
It works that way, sometimes.
If recursion is enabled on your server, it will query the other servers
in
the NS records on behalf of the resolver and return what it finds. If
recursion is off, it will just return the NS records and the resolver
is
expected to follow them (and some really dumb
With help of a list member, we got this figured out.
The problem is that, outside of the config I showed you, I had a
forwarder setup.
zone foo.example IN {
type forward;
forward only;
forwarders { x; y };
};
My understanding of things was that BIND would answer most
At Tue, 5 May 2009 11:11:13 +0100,
Nuno Ribeiro nribeir...@gmail.com wrote:
I have some doubts and I would like clarify them:
- Bind ( version 9.5) provides lots of statistics information and provides
two interfaces for users to get access to it (file dump and HTTP access).
For what I see and
I'm seeing lots of DNS resolution failures on my router (running Utuntu
8.10, bind 9.3.4). While most succeed, I get quite a few FORMERR errors
similar to:
May 4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 66.151.140.2#53
May 4 20:25:25 localhost named[19579]:
I apologize for the multiple posts. I didn't think my post was making it to
the list since I never received my own post, but have been receiving those
of others. And yes, I'm configured to see my own posts.
A couple people have suggested I look at the trace output of bind to see
what server is
On Tue, 5 May 2009, Stephane Bortzmeyer wrote:
This is a BIND 9.5.1-P1, Debian package. It is configured to use ISC's
DLV:
https://www.isc.org/node/437
___
bind-users mailing list
bind-users@lists.isc.org
On Tue, May 5, 2009 at 2:34 PM, Stephane Bortzmeyer bortzme...@nic.fr wrote:
I get a SERVFAIL when trying to resolve .gov:
I get:
; DiG 9.4.3-P2 +dnssec SOA gov.
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 32204
;; flags: qr rd ra; QUERY: 1,
Does work with bind 9.6.0 - as NSEC3 is available...
; DiG 9.6.0-P1 +dnssec @127.0.0.1 SOA gov.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 41388
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 1
;; OPT
i just deployed new bind-9.6.0-p1
and I'm getting a lot of these:
May 5 20:18:41 dd named[21037]: host unreachable resolving
'128.235.241.88.zen.spamhaus.org/TXT/IN': 2001:7b8:3:1f:0:2:53:1#53
___
bind-users mailing list
bind-users@lists.isc.org
the other problem im having is these:
May 5 20:44:57 dd named[21037]: success resolving
'92.68.83.189.zen.spamhaus.org/TXT' (in 'zen.spamhaus.org'?) after
reducing the advertised EDNS UDP packet size to 512 octets
i have followings in my named.conf
edns-udp-size 512;
On Tue, May 05, 2009 at 01:45:40PM -0500,
Jeremy C. Reed jeremy_r...@isc.org wrote
a message of 6 lines which said:
This is a BIND 9.5.1-P1, Debian package. It is configured to use ISC's
DLV:
https://www.isc.org/node/437
I was aware of this bug, but not that it apparently has not been
On Tue, 5 May 2009, alexus wrote:
i just deployed new bind-9.6.0-p1
and I'm getting a lot of these:
May 5 20:18:41 dd named[21037]: host unreachable resolving
'128.235.241.88.zen.spamhaus.org/TXT/IN': 2001:7b8:3:1f:0:2:53:1#53
If you have IPv6 but don't use IPv6, see the named switch -4
On Tue, May 05, 2009 at 11:18:05PM +0200,
Benedikt Gollatz b...@differentialschokolade.org wrote
a message of 15 lines which said:
It has.
Well, most people do not track XXX-proposed-updates which is supposed
to be a bit... untested. I just had lenny and
security.debian.org/updates in my
On Tue, May 5, 2009 at 5:41 PM, Jeremy C. Reed jeremy_r...@isc.org wrote:
On Tue, 5 May 2009, alexus wrote:
i just deployed new bind-9.6.0-p1
and I'm getting a lot of these:
May 5 20:18:41 dd named[21037]: host unreachable resolving
'128.235.241.88.zen.spamhaus.org/TXT/IN':
In message 1d8c9a4471119a40bd574f9d8d464ae304bd4...@xch60ykf.rim.net, Todd S
nyder writes:
With help of a list member, we got this figured out.
The problem is that, outside of the config I showed you, I had a
forwarder setup.
zone foo.example IN {
type forward;
forward
In message 4a00c706.5060...@chrysler.com, Kevin Darcy writes:
Eric Swenson wrote:
I apologize for the multiple posts. I didn't think my post was making
it to the list since I never received my own post, but have been
receiving those of others. And yes, I'm configured to see my own
Peter Dambier wrote:
Hello Martin,
since a major outage at my provider, dtag.de or Deutsche Telecom AG, I have
trouble
with f.root-servers.net. Sometimes dig ... +vc does help me to see
f.root-servers.net.
The real problem is anycast. With udp it behaves different than with tcp.
I suspect my problem has to do with the fact that imap.gmail.com is a CNAME
for gmail-imap.l.google.com. When queries fail (with the FORMERRs), the
responses I see coming back to my DNS server include a CNAME record and two
A records. When I do the little hack with a manual query, which makes the
27 matches
Mail list logo
