Re: OT: Silly Bind question
DAve wrote: > Mark D. Foster wrote: >> Andy was right, it's the line-ordering in your zone file. >> I take it you can't slave the zone from tinydns to bind? >> > > Arrrg! I tried moving the txt record but no change. I can put the recs > in any order I want as the script that generates my Bind Zones pulls > them from SQL, so arranging the keys to write out TXT in any place > within the zone is easy enough to do. But I didn't see a difference before. > > I'll relook at what I did. This should not be that difficult, online > docs show text examples with no mention of where in the zone they need > to be. I would ahve thought that it A) didn't matter, or B) an origin > line prior to the TXT line, or B) a full domain name in the text-name > field would be able to over ride the previous host name. > > IOW, > > host IN A xxx.xxx.xxx.xxx > domain. IN TXT "something" > > I would have though that a full origin name as the left value on the TXT > line would override the previous host value. But that does not seem to > be so. I still think I've done something wrong here. > > DAve Ha ha, I am kicking myself. Just a reminder that even the most complicated problems can sometimes be simple. This DNS server I was testing from was a replacement box, temporary install until the Bind servers were removed. Once I put the correct values in /etc/resolve.conf everything worked as expected. I was manually editing the zone on one machine but querying another. I figured it out when the serial number shown in the query response differed from the serial number the log file showed was being reloaded. I appreciate the help. DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: Silly Bind question
Mark D. Foster wrote: > DAve wrote: >> Andy Dills wrote: >> >>> On Sun, 3 Feb 2008, DAve wrote: >>> I am stumped, what have I done wrong? >>> You'll kick yourself. Here's the hint: >>> >>> /users/andy>dig @ns1.totallogic.com ftp.pixelhammer.com txt >>> >>> ; <<>> DiG 9.3.4 <<>> @ns1.totallogic.com ftp.pixelhammer.com txt >>> ; (1 server found) >>> ;; global options: printcmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26833 >>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 >>> >>> ;; QUESTION SECTION: >>> ;ftp.pixelhammer.com. IN TXT >>> >>> ;; ANSWER SECTION: >>> ftp.pixelhammer.com.86400 IN TXT "v=spf1 ip4:65.196.224.82 >>> ip4:65.196.224.83 ~all" >>> >> I'm kicking but it ain't helping. Interesting that the host ftp works. >> It is also the last host in the zone. I tried tying the txt record to >> the origin but no change. According to the Bind book, and to the openspf >> folks, this should work. >> >> pixelhammer.com. IN TXT "some sorta krazy text string" >> >> But it don't. Now, I am even more confused. Does the location of the >> Text record 'within' the zone file make a difference? >> >> Thanks, >> >> DAve >> >> > Andy was right, it's the line-ordering in your zone file. > I take it you can't slave the zone from tinydns to bind? > Arrrg! I tried moving the txt record but no change. I can put the recs in any order I want as the script that generates my Bind Zones pulls them from SQL, so arranging the keys to write out TXT in any place within the zone is easy enough to do. But I didn't see a difference before. I'll relook at what I did. This should not be that difficult, online docs show text examples with no mention of where in the zone they need to be. I would ahve thought that it A) didn't matter, or B) an origin line prior to the TXT line, or B) a full domain name in the text-name field would be able to over ride the previous host name. IOW, hostIN A xxx.xxx.xxx.xxx domain. IN TXT "something" I would have though that a full origin name as the left value on the TXT line would override the previous host value. But that does not seem to be so. I still think I've done something wrong here. DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: Silly Bind question
DAve wrote: > Andy Dills wrote: > >> On Sun, 3 Feb 2008, DAve wrote: >> >>> I am stumped, what have I done wrong? >>> >> You'll kick yourself. Here's the hint: >> >> /users/andy>dig @ns1.totallogic.com ftp.pixelhammer.com txt >> >> ; <<>> DiG 9.3.4 <<>> @ns1.totallogic.com ftp.pixelhammer.com txt >> ; (1 server found) >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26833 >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 >> >> ;; QUESTION SECTION: >> ;ftp.pixelhammer.com. IN TXT >> >> ;; ANSWER SECTION: >> ftp.pixelhammer.com.86400 IN TXT "v=spf1 ip4:65.196.224.82 >> ip4:65.196.224.83 ~all" >> > > I'm kicking but it ain't helping. Interesting that the host ftp works. > It is also the last host in the zone. I tried tying the txt record to > the origin but no change. According to the Bind book, and to the openspf > folks, this should work. > > pixelhammer.com. IN TXT "some sorta krazy text string" > > But it don't. Now, I am even more confused. Does the location of the > Text record 'within' the zone file make a difference? > > Thanks, > > DAve > > Andy was right, it's the line-ordering in your zone file. I take it you can't slave the zone from tinydns to bind? -- Said one park ranger, 'There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.' Mark D. Foster, CISSP <[EMAIL PROTECTED]> http://mark.foster.cc/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: Silly Bind question
Andy Dills wrote: > On Sun, 3 Feb 2008, DAve wrote: >> I am stumped, what have I done wrong? > > You'll kick yourself. Here's the hint: > > /users/andy>dig @ns1.totallogic.com ftp.pixelhammer.com txt > > ; <<>> DiG 9.3.4 <<>> @ns1.totallogic.com ftp.pixelhammer.com txt > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26833 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 > > ;; QUESTION SECTION: > ;ftp.pixelhammer.com. IN TXT > > ;; ANSWER SECTION: > ftp.pixelhammer.com.86400 IN TXT "v=spf1 ip4:65.196.224.82 > ip4:65.196.224.83 ~all" I'm kicking but it ain't helping. Interesting that the host ftp works. It is also the last host in the zone. I tried tying the txt record to the origin but no change. According to the Bind book, and to the openspf folks, this should work. pixelhammer.com.IN TXT "some sorta krazy text string" But it don't. Now, I am even more confused. Does the location of the Text record 'within' the zone file make a difference? Thanks, DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: Silly Bind question
Mark D. Foster wrote: > DAve wrote: >> >> I am stumped, what have I done wrong? >> >> Thanks, >> >> DAve >> >> >> > Looks to me like you need to remove the pixelhammer.com zone from your > old bind servers, as the delegation from the root points to > ns1auth.tls.net and ns2auth.tls.net both of which appear to have > authority for the zone AND the txt record you seek. I used pixelhammer because it was not a commercial clients domain. ns1auth.tls.net is the server running TinyDNS. Text records work there. ns1.totallogic.com is the server running Bind and text records don't work. Yes, ns2.totallogic.com is a lame server for pixelhammer.com but I don't believe that causes Bind to withold a text record. For the purpose of testing it should work, shouldn't it? DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT: Silly Bind question
DAve wrote: > Excuse the OT question but I need a well rounded experienced group for > this question. I have begun a migration from Bind to TinyDNS. TinyDNS is > working flawlessly, beyond expectations. However I need to drag the old > Bind servers behind until I can get several hundred pieces of client > equipment and devices switched over to the new DNS servers. This because > we are also changing the domain name of our authoritative servers. > > The problem, I have a client requesting SPF records. The TinyDNS servers > are responding correctly but for the life of me I cannot get Bind to > return a TXT record. I am baffled as to what I've done wrong. > > An example domain, pixelhammer.com querying the new servers. > bash-2.05b$ dig @ns1.tls.net pixelhammer.com txt > > ; <<>> DiG 8.3 <<>> @ns1.tls.net pixelhammer.com txt > ; (1 server found) > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUERY SECTION: > ;; pixelhammer.com, type = TXT, class = IN > > ;; ANSWER SECTION: > pixelhammer.com.23h47m45s IN TXT "v=spf1 ip4:65.196.224.82 > ip4:65.196.224.83 ~all" > > ;; Total query time: 4 msec > ;; FROM: avhost1.tls.net to SERVER: ns1.tls.net 65.124.104.29 > ;; WHEN: Sun Feb 3 00:10:36 2008 > ;; MSG SIZE sent: 33 rcvd: 93 > > No problem there, but when I query the old bind servers, I get nuthin, > nada, zip. > > bash-2.05b$ dig @ns1.totallogic.com pixelhammer.com txt > > ; <<>> DiG 8.3 <<>> @ns1.totallogic.com pixelhammer.com txt > ; (1 server found) > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; QUERY SECTION: > ;; pixelhammer.com, type = TXT, class = IN > > ;; AUTHORITY SECTION: > pixelhammer.com.1D IN SOA ns2.totallogic.com. > hostmaster.tls.net. ( > 2008020219 ; serial > 3H ; refresh > 1H ; retry > 1D ; expiry > 1D ); minimum > > > ;; Total query time: 3 msec > ;; FROM: avhost1.tls.net to SERVER: ns1.totallogic.com 65.196.224.2 > ;; WHEN: Sun Feb 3 00:10:01 2008 > ;; MSG SIZE sent: 33 rcvd: 102 > > > Here are the contents of the zone file. > ;Creating pixelhammer.com zone file > $TTL 1D > @ IN SOA ns2.totallogic.com. hostmaster.tls.net. ( > 2008020219 3H 1H 1D 1D ) > > ; MX Recs > IN MX 10 avhost.tls.net. > IN MX 20 mailgate.tls.net. > > ; NS Recs > IN NS ns1auth.tls.net. > IN NS ns3auth.tls.net. > IN NS ns2auth.tls.net. > > ; A Recs > IN A 65.196.224.25 > www IN A 65.196.224.25 > ftp IN A 65.196.224.25 > > ; TEXT Recs > IN TXT "v=spf1 ip4:65.196.224.82 ip4:65.196.224.83 ~all" > > ; CNAME Recs > mail IN CNAME mail.tls.net. > smtp IN CNAME smtp.tls.net. > > ;END pixelhammer.com zone file > > I am stumped, what have I done wrong? > > Thanks, > > DAve > > > Looks to me like you need to remove the pixelhammer.com zone from your old bind servers, as the delegation from the root points to ns1auth.tls.net and ns2auth.tls.net both of which appear to have authority for the zone AND the txt record you seek. monk:~> dig +trace pixelhammer.com ns ; <<>> DiG 9.4.1-P1 <<>> +trace pixelhammer.com ns ;; global options: printcmd . 65035 IN NS I.ROOT-SERVERS.NET. . 65035 IN NS J.ROOT-SERVERS.NET. . 65035 IN NS K.ROOT-SERVERS.NET. . 65035 IN NS L.ROOT-SERVERS.NET. . 65035 IN NS M.ROOT-SERVERS.NET. . 65035 IN NS A.ROOT-SERVERS.NET. . 65035 IN NS B.ROOT-SERVERS.NET. . 65035 IN NS C.ROOT-SERVERS.NET. . 65035 IN NS D.ROOT-SERVERS.NET. . 65035 IN NS E.ROOT-SERVERS.NET. . 65035 IN NS F.ROOT-SERVERS.NET. . 65035 IN NS G.ROOT-SERVERS.NET. . 65035 IN NS H.ROOT-SERVERS.NET. ;; Received 436 bytes from 192.168.1.11#53(192.168.1.11) in 3 ms com.172800 IN NS a.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.
Re: OT: Silly Bind question
On Sun, 3 Feb 2008, DAve wrote: > > I am stumped, what have I done wrong? You'll kick yourself. Here's the hint: /users/andy>dig @ns1.totallogic.com ftp.pixelhammer.com txt ; <<>> DiG 9.3.4 <<>> @ns1.totallogic.com ftp.pixelhammer.com txt ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26833 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;ftp.pixelhammer.com. IN TXT ;; ANSWER SECTION: ftp.pixelhammer.com.86400 IN TXT "v=spf1 ip4:65.196.224.82 ip4:65.196.224.83 ~all" ;; AUTHORITY SECTION: pixelhammer.com.86400 IN NS ns1auth.tls.net. pixelhammer.com.86400 IN NS ns2auth.tls.net. pixelhammer.com.86400 IN NS ns3auth.tls.net. ;; ADDITIONAL SECTION: ns1auth.tls.net.86400 IN A 65.124.104.30 ns2auth.tls.net.86400 IN A 65.123.104.30 ns3auth.tls.net.86400 IN A 65.124.110.14 ;; Query time: 32 msec ;; SERVER: 65.196.224.2#53(65.196.224.2) ;; WHEN: Sun Feb 3 00:42:32 2008 ;; MSG SIZE rcvd: 218 Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
OT: Silly Bind question
Excuse the OT question but I need a well rounded experienced group for this question. I have begun a migration from Bind to TinyDNS. TinyDNS is working flawlessly, beyond expectations. However I need to drag the old Bind servers behind until I can get several hundred pieces of client equipment and devices switched over to the new DNS servers. This because we are also changing the domain name of our authoritative servers. The problem, I have a client requesting SPF records. The TinyDNS servers are responding correctly but for the life of me I cannot get Bind to return a TXT record. I am baffled as to what I've done wrong. An example domain, pixelhammer.com querying the new servers. bash-2.05b$ dig @ns1.tls.net pixelhammer.com txt ; <<>> DiG 8.3 <<>> @ns1.tls.net pixelhammer.com txt ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; pixelhammer.com, type = TXT, class = IN ;; ANSWER SECTION: pixelhammer.com.23h47m45s IN TXT "v=spf1 ip4:65.196.224.82 ip4:65.196.224.83 ~all" ;; Total query time: 4 msec ;; FROM: avhost1.tls.net to SERVER: ns1.tls.net 65.124.104.29 ;; WHEN: Sun Feb 3 00:10:36 2008 ;; MSG SIZE sent: 33 rcvd: 93 No problem there, but when I query the old bind servers, I get nuthin, nada, zip. bash-2.05b$ dig @ns1.totallogic.com pixelhammer.com txt ; <<>> DiG 8.3 <<>> @ns1.totallogic.com pixelhammer.com txt ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; pixelhammer.com, type = TXT, class = IN ;; AUTHORITY SECTION: pixelhammer.com.1D IN SOA ns2.totallogic.com. hostmaster.tls.net. ( 2008020219 ; serial 3H ; refresh 1H ; retry 1D ; expiry 1D ); minimum ;; Total query time: 3 msec ;; FROM: avhost1.tls.net to SERVER: ns1.totallogic.com 65.196.224.2 ;; WHEN: Sun Feb 3 00:10:01 2008 ;; MSG SIZE sent: 33 rcvd: 102 Here are the contents of the zone file. ;Creating pixelhammer.com zone file $TTL1D @ IN SOA ns2.totallogic.com. hostmaster.tls.net. ( 2008020219 3H 1H 1D 1D ) ; MX Recs IN MX 10 avhost.tls.net. IN MX 20 mailgate.tls.net. ; NS Recs IN NS ns1auth.tls.net. IN NS ns3auth.tls.net. IN NS ns2auth.tls.net. ; A Recs IN A 65.196.224.25 www IN A 65.196.224.25 ftp IN A 65.196.224.25 ; TEXT Recs IN TXT "v=spf1 ip4:65.196.224.82 ip4:65.196.224.83 ~all" ; CNAME Recs mailIN CNAME mail.tls.net. smtpIN CNAME smtp.tls.net. ;END pixelhammer.com zone file I am stumped, what have I done wrong? Thanks, DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"