Hello,
by regarding the excellent guide of Jan Pit Mens, i have integrated Bind 9.8.1
DLZ with Mysql 5.x DB; everything is fine and fantastic.
I cannot use Postgresql 8.4.8 backend; named correctly starts but, when first
nslookup query take place, named crash with this dump:
Hello,
everything is fine, i patched the source tree!
Thank you, regards!
Francesco
Da: bind-users-bounces+job=colliniconsulting...@lists.isc.org
[mailto:bind-users-bounces+job=colliniconsulting...@lists.isc.org] Per conto di
Job
Inviato: lunedì 3 ottobre
Hello Bind-Users ML,
is there a way, a patch or something else, in order to log:
- date/time
- client
- request (es www.site.comhttp://www.site.com)
- reply (es. 1.1.1.1)
in a file, without using debug log format, which writes lots of lines for a
query?
Thank you, regards.
Francesco
Hello Bind ML,
i am trying to setup some blacklists foqr some users.
I have a file for every blacklist, example: blacaklistA blacklistB blacklistC.
I have to assign different combination of A B C to users.
I created dns bind view that, by matching source ip client, provide different
answer
Hello Bind ML,
i am trying to setup some blacklists foqr some users.
I have a file for every blacklist, example: blacaklistA blacklistB blacklistC.
I have to assign different combination of A B C to users.
I created dns bind view that, by matching source ip client, provide different
answer
Hello,
we are using in a production environment Bind-9.10.1
Since i install it, i had sometimes problems with dns resolution
By typing rndc reload the system seems in hung: i have named process
running, but i cannot have any dns resolution and i cannot kill the named
process with -INT or -HUP.
Hi Brown,
oops... excuse me! :) You are right!
Francesco
Da: wbr...@e1b.org [wbr...@e1b.org]
Inviato: martedì 3 febbraio 2015 15.37
A: Job
Cc: bind-users@lists.isc.org
Oggetto: Re: Blocking if resolved ip is geolicalized
From: Job j
Hello,
i would like to ask this particular thing: i would like to block resolution if
RESOLVED IP is geolocated in some country.
As example, if 1.2.3.4 is geolocated in China and i want to block all Chinese
website, if a resolve www.site.ch (that is 1.2.3.4), bind should give me an
error or a
Hello,
is there a way to reload a single VIEW (not a zone, but a view), for example
when i change the match-clients directive?
I notice that, on huge load servers, issuing rndc reload is very heavy for
the machine.
If it should be possible to reload only this directives (match-clients), it
Hello,
i read some document that say enabling threads (in Bind 9.x compiling), give
less performance than disabling threads, in a 32 bit environment (with 2 cpu),
using Bind DLZ (with Postgresql DB).
I found something here:
http://zaphods.net/~zaphodb/high-performance-bind9.html
Do you
Hello,
regarding this post of some years ago:
http://bind9-users.isc.narkive.com/aduGYTeB/dlz-client-parameter-segfault
i would like is there is some hacks/workaround in order to use $client$
variable in other query, as example in the findzone query?
Actually the source client token is
Hello,
regarding this post of some years ago:
http://bind9-users.isc.narkive.com/aduGYTeB/dlz-client-parameter-segfault
i would like is there is some hacks/workaround in order to use $client$
variable in other query, as example in the findzone query?
Actually the source client token is
Hello,
i am looking to Bind DLZ and i would ask you if there is a way to specify, for
a specific user, to block some domains and, for another user, to block other
domains.
By reading documentation i did not find the way to join ip-client trigger to
some domain CNAME that can block basing on
Hello,
i recompiled Bind 9.10.1-P1 with system large tuning enabled.
I have some hundreds of view (with DLZ) in our system.
With this feature compiled in, bind does not start:
Mar 3 16:50:45 cloud02gw named[13338]: reloading configuration failed: out of
memory
I have 16 Gb of RAM, and about
, 2015 11:44 AM
To: Job
Cc: bind-users@lists.isc.org
Subject: Re: Config large tuning and out of memory
Job,
I won't go in to this in detail, as it's more complicated than your 32 bit
system can't address more than 4GB of RAM, but your 32 bit OS is almost
certainly your problem. Most of your 16GB
?
Thank you again!
Francesco
Da: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] per
conto di Job [j...@colliniconsulting.it]
Inviato: martedì 3 marzo 2015 11.43
A: bind-users@lists.isc.org
Oggetto: Too many connections on the same IP
Hello Stefan, and thank you for the reply.
Are you using iptables Firewall?
Does the problem only occur on UDP connections to the problematic IP? Or also
on TCP connections to the same IP?
At the beginning, i thought was an iptables-behind-firewall problem and i made
massive dns resolutions
Hello!
I installed a 64bit Centos 6 operating system, with Postgresql 8.4.20 x64 and
Bind, latest 9.10 version.
I use Bind-DLZ in lots of view.
In our lab we are simulating what happens with some hundred of queries per
second.
I notice that, when using BIND-DLZ, some queries does not resolve
Hello,
regarding this post of some years ago:
http://bind9-users.isc.narkive.com/aduGYTeB/dlz-client-parameter-segfault
i would like is there is some hacks/workaround in order to use $client$
variable in other query, as example in the findzone query?
Actually the source client token is
Hello,
during a massive DNS utilization our Bind 9.10.1-P1 seems not to resolve
anymore, neither local zone.
We shutdown one of the two nodes and all queries arrived only on one node.
CPU and memory load were not too overloaded, machine was quite fine.
After some fast tests, i noticed that if
Hello,
working with many views, we use the in-view directive in order to load once
the table in the first view (sometime can be large), and reuse it in other
views, by linking it with in-view zone.
We appreciated RPZ to protect with dns firewall users; an rpz file can be long
some hundreds of
Unfortunately, no.
Thank you for the reply Evant.
So, DLZ is still the better way if someone needs to share dns blacklists
between lots of zone, i think.
But, i noticed very useful the RPZ function that can block (or walled
gardening) the resolution for those sites that are located into bad
Hi Chris,
Have that view forward to the main view, using any of a variety of methods.
For example, forward to the loopback address, which doesn't match the new
view's match-clients ACL.
So do you think, without using the in-view clause because it not supports
RPZ, is there a way to load
Hello,
You can use a combination of rpz-client-ip. trigger and
rpz-passthru. action to achieve either effect.
i notice i can define a policy and then, with rpz-passtru, i can make
exceptions for client.
But i did not find how to write a policy, for example resolve with 127.0.0.1
*.playboy.com,
Hello,
i noticed i can write a RPZ file for blocking some websites resolution, as
example, and excluse come Client IP from this policy.
I would like to do exactly the opposite: i want to define some blocking
resolution policy and ASSIGN only to specific client.
Is it possible with RPZ?
Thank
]
Inviato: venerdì 15 maggio 2015 17.16
A: Job
Cc: bind-users@lists.isc.org
Oggetto: Re: R: R: RPZ and client matching
Hi Job
On Fri, May 15, 2015 at 04:56:07PM +0200, Job wrote:
Hello,
very interesting feature:
We have prepared a branch that adds an rpz-skipzone. policy action
that, when matched
Hello,
very interesting feature:
We have prepared a branch that adds an rpz-skipzone. policy action
that, when matched by the trigger, behaves as if the current policy zone
is disabled, and proceeds to the next one. It is still in the early
stages, but it may be released in 9.11.
But, actually
Hello, is there any workaround to use the in-view statement in RPZ in order
to reuse the huge zone files between views (often they are some millions of
records long)?
Or something else, a part DLZ that, in small hardware, has got some slowdown
with DB.
Thank you,
Francesco
Hello,
for a test page purpuose, we would like to avoid propagation only for a
specific record A, example:
test.domain.com
We need to test if users set up our DNS server in ethernet configuration, and
they display correctly the test page.
But, if test.domain.com propagate, we are not sure they
y sentence,
can i trigger the Client only for a zone and not for the other zone?
Some Client would not have to match together the two zones!
Thank you again!
Francesco
Da: Tony Finch [d...@dotat.at]
Inviato: giovedì 19 maggio 2016 18.13
A: Job
Cc: bind-u
Hello,
is it possible to log, regarding the RPZ responce policy, everything EXPECT the
CLIENT PASS THROUGH events?
I would like to log only what is matched.
Thank you,
Francesco
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
-boun...@lists.isc.org] per
conto di Job [j...@colliniconsulting.it]
Inviato: giovedì 19 maggio 2016 14.33
A: bind-users@lists.isc.org
Oggetto: Three RPZ zone definition
Hello,
within in a view i have added the third rpz zone (i take it separately), it is
loaded but the RPZ policy does not act
Hello,
within in a view i have added the third rpz zone (i take it separately), it is
loaded but the RPZ policy does not act.
If i leave only two zones, it works perfectly.
Is there a limit of two zone consequentially?
How can i avoid it?
Here is my configuration:
response-policy { zone
>>That's how passthru is supposed to work.
Hi Tony,
is there a way to define more response-policy in Bind or the possibility to
apply a response-policy only to certain client ip?
Thank you again!
Francesco
Tony.
--
f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode
Hi guys,
i have this situation with RPZ zones (and can grow up with more RPZ zones):
response-policy { zone "policy1.lan"; zone "policy2.lan"; };
Within polici1.lan and policy2.lan i have included the client IP that must not
load the policy (passthrough).
If a Client IP needs to have enabled
Hi guys,
i have this situation with RPZ zones (and can grow up with more RPZ zones):
response-policy { zone "policy1.lan"; zone "policy2.lan"; };
Within polici1.lan and policy2.lan i have included the client IP that must not
load the policy (passthrough).
If a Client IP needs to have enabled
Hi guys,
i have this situation with RPZ zones (and can grow up with more RPZ zones):
response-policy { zone "policy1.lan"; zone "policy2.lan"; };
Within polici1.lan and policy2.lan i have included the client IP that must not
load the policy (passthrough).
If a Client IP needs to have enabled
Hi,
for policies purpuose, we need to know which remote site is resolving a Bind
9.x public DNS Server.
The problem occurs when some carriers "share" the same IP address between more
customers and they surf behind a shared NAT.
Is there a way? Perhaps with DNS crypt o dnssec?
Thank you!
/F
Hello,
we use Bind with DLZ, Postgres 8.4.8 as RDBMS support.
Everything works but, with DLZ query, i notice (in Postsgresql log), that Bind
calls two times the same queries.
For example, to resolve with Bind-DLZ www.fiorino.it, it should make three
queries (to descend until Top level
Hello,
which is the best load balancer for two or more Bind DNS Server, located in the
same farm?
I read something about HAProxy but it does not manage udp connection and the
interesting security proxy/balancer DnsDist does not pass original client ip
for Bind-DLZ...
Thank you, regards!
Thank you to everybody and excuse me, first of all.
I wrote requests for postgresql (even if connected with Bind-DLZ) in the wrong
Group!
Thank you!
Francesco
Da: Sten Carlsen [st...@s-carlsen.dk]
Inviato: domenica 18 settembre 2016 0.03
A: Job
Cc: bind-users@lists.isc.org
Oggetto: Re
m 22.09.2016 um 22:41 schrieb Job:
> >>> If you want to avoid additional queries, turn minimal_responses off.
> >
> > I thought setting minimal_responses = yes should lower the number of querie
> s
> > Do you think it is the opposite?
>
> it's not about thin
Hi Tony,
excellent answer, thank you very much.
My first goal, since i use Bind 9.10 in conjunction with DLZ (old driver), is
limiting additional queries to reduc load into backend database system.
By tuning the minimal-responses i have few database queries less than before;
it is a good step,
Hello,
in Bind 9.10 we tried minimal-responses = yes to limit "additional queries"
when resolving.
I notice that resolution is faster.
Actually, dig @host some_url still shows an additional query, maybe not needed
for a caching-only resolver:
; (1 server found)
;; global options: +cmd
;; Got
s-boun...@lists.isc.org] per conto di Matus UHLAR -
fantomas [uh...@fantomas.sk]
Inviato: giovedì 22 settembre 2016 17.07
A: bind-users@lists.isc.org
Oggetto: Re: Minimal responses and speeding up queries
On 22.09.16 16:41, Job wrote:
>in Bind 9.10 we tried minimal-responses = yes to limit &q
Hello,
i would please like to have some suggestions to optimize Postgres 8.4 for a
very heavy number of select (with join) queries.
The queries read data, very rarely they write.
Thank you!
Francesco
___
Please visit
Hello,
in Bind 9.10.x we need, often, to reload configuration due to dynamical IP
changes.
We need to update the "match-clients" zone section.
Under heavy load, Bind9 stop responding to queries for some seconds and
generate a lots of queue in the request.
is there a way to update/change this
Da: Anand Buddhdev [ana...@ripe.net]
Inviato: venerdì 14 ottobre 2016 12.03
A: Job; bind-users@lists.isc.org
Oggetto: Re: Reloading match-clients
On 14/10/16 11:48, Job wrote:
Hi Job,
> is there a way to update/change this section without reloading or
> with a very-soft reload
Hello,
on Bind 9.10 (latest version of this stable branch), i notice in some cases a
relevant slowdown when resolving (for the first time) hostname, when named is
launched with both ipv4 and ipv6.
It use recursion to fetch for the first time the information and i have, often,
about 2000/3000ms
Hello,
for heavy-use cache improvements, i was thinking to "alter" the expire time of
cache records.
I would like to try to "alter" the expiration of records present in cache.
Do you know if with Bind is possible?
Thank you,
/F
___
Please visit
Dear guys,
I would like to ask you an help on this.
We are using since some years, with success, Bind DLZ (the first implementation
of 2004 i think).
We use Postgresql 9.6.1 as backend server and still a 32bit system with CentOS
5.
Bind is compiled with enable threads; we put 64 as drivers
Hi guys,
is it possible to match "destination port" in view clauses, instead of
"destination ip"?
We use already destination IP to split view between called bind IP.
I would like to know if there is a way to distinguish view between called
TCP/UDP port.
Thank you,
/F
Dear guys,
is there a way in Bind 9 to stop logging (to bind.log standard file) all the
in-addr.arpa queries?
We would like to log everything else but not the reverse resolution queries.
Thank you!
F
___
Please visit
>Or (on 9.11 and later) use dnstap, which should be a good deal faster.
Dear Tony,
thank you.
It seems like a "bridge" that permit resolved IP logging.
Do you also know if it can slow down performances or it is fully transparent?
Thank you again!
F
Hi guys,
is there a way to log resolved IP in Bind log files?
Example:
www.google.com 4.3.2.1
I am able to do it with tcpdump, but i do not like a "sniffering" solution!
Best,
F
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
Dear guys,
Due to heavy traffic caching performance, i would like to force external
domains TTL - for external domains - to at least 600 seconds.
Is there a way to do it, maybe by recompiling the package?
Thank you, very best!
/F
___
Please visit
Hi Reindl,
thank you!
>>not with named - unbound as resolver support's it
Perhaps do you know if DjbDns support this directive?
I thought putting a frontend DNS server before Bind...
Thank you,
/F
___
Please visit
Hello,
under important traffic average, raising up the options (-S) max-socks in named
startup parameters, could help?
Or it would be better to tune the (-n) cpus worker and the (-U) listeners?
Thank you, best regards!
/F
___
Please visit
Hi,
we are using with a quite good satisfaction Bind-DLZ (with Postgresql 9.6.4) on
Bind9.
I know, it is a quite old driver, but we know very well how does it work.
Due to traffic increase, we are experiencing some visible delays when the
number of concurrent queries per second reach the
Hi,
is there a way to avoid RPZ answering to "" queries, leaving the reply only
for A queries?
In my RPZ zone file, i have:
domain.abc A 1.2.3.4
I cannot understand why the reply - also - arrive for the query.
Thank you!
F
___
nviato: lunedì 26 marzo 2018 13.01
A: Job
Cc: bind-users@lists.isc.org
Oggetto: Re: RPZ-zone and queries
Job <j...@colliniconsulting.it> wrote:
>
> is there a way to avoid RPZ answering to "" queries, leaving the
> reply only for A queries?
I'm afraid not. The poli
Hi Tony,
thank you again!
Regarding:
Yes, see "local data" under
https://ftp.isc.org/isc/bind9/9.12.1/doc/arm/Bv9ARM.ch05.html#rpz
I tried but i did not understand how to create the "local data" policy only for
.
Thank you!
F
___
Please visit
Dear Guys,
is it possible to configure two different replies, related to A or query?
For example, in a RPZ zone, i would like this scenario:
www.site.com A 1.2.3.4
www.site.com (CNAME to www.site.com) -> in order to resolve regularly
the query
Is there a way to
63 matches
Mail list logo