In message , Je
ff Pang writes:
> Hello,
>
> Following the discussions in the list, I made a test on one of our
> servers, which is in an ISP's datacenter.
>
> The result is below:
>
> $ dig +short rs.dns-oarc.net txt
> rst.x476.rs.dns-oarc.net.
> rst.x485.x476.rs.dns-oarc.net.
> rst.x490.x485.
In message <789398ea51916246a8016370ebc0231f0f3...@it-rome.sooner.net.ou.edu>,
"Laws, Peter C." writes:
> Yes, I get all that. But earlier in the thread, I noted that:
>
> "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the
> dns-oarc.net test, which I assume is the defau
Yes, I get all that. But earlier in the thread, I noted that:
"Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the
dns-oarc.net test, which I assume is the default. I, too, get the 3843 "at
least" value.
"Why would I set it to 3843? Wouldn't I want it to be set to 4096 ev
Hello,
Following the discussions in the list, I made a test on one of our
servers, which is in an ISP's datacenter.
The result is below:
$ dig +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"218.204.255.72 DNS reply size li
In article ,
Gregory Hicks wrote:
> > Date: Mon, 03 May 2010 17:37:46 +0200
> > From: fddi
> > To: Bind Users Mailing List
> > Subject: problem with domain and sub-domain configuration
> > X-FuHaFi: 0.68005
> >
> >
> >
> > Hello I have one domain
> >
> > test.com with namserver
In message <4bdf4b79.4050...@ou.edu>, Peter Laws writes:
> On 05/03/10 16:19, Mark Andrews wrote:
>
> > The test is a rough guide to the maximum packet size supported by the path.
>
> So what would be the point of using edns-udp-size to something even
> smaller? None I can see ...
>
> What am
On 05/03/10 17:04, Ray Van Dolson wrote:
> My workflow is as follows:
>
> 1. We notice slow DNS resolution to a given external domain (either
>via user complaint or other means)
> 2. Troubleshoot and identify that the given domain's primary
>nameservers don't properly handl
On Mon, May 03, 2010 at 04:54:38PM -0700, Doug Barton wrote:
> On 05/03/10 16:46, Ray Van Dolson wrote:
> > On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
> >> On 05/03/10 09:34, Ray Van Dolson wrote:
> >>>
> >>> I believe having edns-udp-size set at 512 gives us maximum
> >>> compati
On 05/03/10 16:46, Ray Van Dolson wrote:
> On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
>> On 05/03/10 09:34, Ray Van Dolson wrote:
>>>
>>> I believe having edns-udp-size set at 512 gives us maximum
>>> compatibility with anything out there behind a broken firewall, etc,
>>> though
In message <20100503163413.ga2...@esri.com>, Ray Van Dolson writes:
> On Fri, Apr 30, 2010 at 11:55:48PM -0700, Cathy Almond wrote:
> > Hi Ray,
> >
> > I'd recommend not using type 'any' in your tests - the results won't
> > always be what you expect. ANY is a diagnostic query type - and what a
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
> On 05/03/10 09:34, Ray Van Dolson wrote:
> >
> > I believe having edns-udp-size set at 512 gives us maximum
> > compatibility with anything out there behind a broken firewall, etc,
> > though we should look at removing the limit at some
On 05/03/10 09:34, Ray Van Dolson wrote:
>
> I believe having edns-udp-size set at 512 gives us maximum
> compatibility with anything out there behind a broken firewall, etc,
> though we should look at removing the limit at some point in the future
> when possible.
Doing this will simply perpetuat
On 05/03/10 08:37, fddi wrote:
>
>
> Hello I have one domain
>
> test.com with namserver ns.test.com (10.0.0.1)
>
> and a subdomain
>
> cr.test.com with nameserver ns.cr.test.com (10.1.0.1)
>
>
> my problem is that if I update hostnames inside test.com zone
> updates are not seen by cr.test.
Did you wait for the records to time out of the cache?
A "forward" zone is not a zone in the RFC 1034 sense. It it a
namespace where the nameserver does not follow the normal resolution
path. If you want cr.test.com to see the change make "test.com" a
slave zone and list cr.test.com as a namese
In message <201005030503.49752.j...@aexorsyst.com>, "John Z. Bohach" writes:
> Hello,
>
> I'm trying to run a local caching-only nameserver (bind-9.3.3) on Linux
> in order to bypass my ISP's name-servers, and most things work fine,
> except some domains behave strangely.
>
> For example, fore
On 05/03/10 16:19, Mark Andrews wrote:
The test is a rough guide to the maximum packet size supported by the path.
So what would be the point of using edns-udp-size to something even
smaller? None I can see ...
What am I missing?
--
Peter Laws / N5UWY
National Weather Center / Network Op
In message <4bdf39f7.1060...@ou.edu>, Peter Laws writes:
> On 05/03/10 15:55, Lightner, Jeff wrote:
>
>
> > Also one of the links I sent earlier had a similar comment about less
> > than 300 bytes difference not being a problem. I had missed that.
> >
> > 4096 - 3843 = 153
> > It seems if I'd p
On 05/03/10 15:55, Lightner, Jeff wrote:
Also one of the links I sent earlier had a similar comment about less
than 300 bytes difference not being a problem. I had missed that.
4096 - 3843 = 153
It seems if I'd paid attention I'd not have posted my follow up
questions.
It's not on the dns-o
On 3/05/10 10:25 PM, "Ray Van Dolson" wrote:
> David, I think you're exactly right. Lots of FUD, but, if I understand
> correctly, BIND does by default does send out EDNS0 signalling by
> default...
EDNS0 does not imply DNSSEC. So you can get large responses back for lots of
non DNSSEC querie
I was using the Java tester on a Windows system and saw the same
4096/3843 as I'd seen with DIG and just now noticed this comment in its
results:
"Note: There will always be a difference between the announced and
measured buffer size because of the algorithm used. However this
difference should no
Yes I do update the serial,
in fact I wrote to the list because I cannot find an explanation...
thanks
Rick
Gregory Hicks wrote:
Date: Mon, 03 May 2010 17:37:46 +0200
From: fddi
To: Bind Users Mailing List
Subject: problem with domain and sub-domain configuration
X-FuHaFi: 0.680
On 05/03/10 14:56, Kalman Feher wrote:
You probably should. Your resolver is saying its capable of handling 4096,
but apparently your network path may not support that. The changes on the
The network path to dns-oarc.net doesn't, but that doesn't really mean
anything. To some resolvers, the
On Mon, May 03, 2010 at 01:16:53PM -0700, David Miller wrote:
> All,
>
> There has been quite a bit of FUD bouncing around the net regarding the
> May 5th signing of the root zone and the sky falling (or at least
> massive failures across the internet). I have been asked multiple times
> about
All,
There has been quite a bit of FUD bouncing around the net regarding the
May 5th signing of the root zone and the sky falling (or at least
massive failures across the internet). I have been asked multiple times
about how I was going to prevent the internet from collapsing for my users.
I posted a note just before this so not sure if you saw that.
In that I noted my set of EDNS seemed to be contra-indicated as default
is 4096. Setting it to the lower value worked to set advertised value
but in turn the lower value reduced again so it seems one would never be
able to advertise th
Thanks.
Is there something in the world know to be exactly 4096 or are you suggesting I
somehow craft a record of that size?
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
Kalman F
On 3/05/10 9:54 PM, "Lightner, Jeff" wrote:
> On doing that however, I now see the advertised value is 3839 but the
> "at least" value is 3828 on one and 3827 on the other as shown below.
> Based on that it appears one should NOT set the edns-udp-size as it
> doesn't fix the problem.
This appe
To follow up on Peter's question what does it mean if one sees the
"reply size limit is at least" with a value lower than the advertised
EDNS buffer size?
This link talks about various scenarios but not that one so I'm not sure
if this means Peter and I need to be concerned.
I saw similar results
On 3/05/10 7:34 PM, "Lightner, Jeff" wrote:
> There is no EDNS entry in my named.conf. Do I need one, given that
> above worked?
You probably should. Your resolver is saying its capable of handling 4096,
but apparently your network path may not support that. The changes on the
5/5 will not req
At Thu, 29 Apr 2010 14:53:44 -0700,
Dale Kiefling wrote:
> We have a Bind 9.7.0-P1 instance that is throwing the following errors:
> 21-Apr-2010 16:59:00.173 general: error: socket: file descriptor exceeds
> limit
> (1024/1024)
The fact that the FD limit is 1024 suggests your named uses select
I hadn't done any tests because as noted below I was unaware there was
any testing needed. I was responding in thread that seemed relevant.
Someone replied off list suggesting I do
dig @b.root-severs.net com +dnssec +notcp
then
dig @b.root-servers.net com +dnssec +tcp.
The latter responded c
On 01/-10/37 13:59, Kalman Feher wrote:
Second, make sure the tested effective size appears in your named.conf in
the options statement "edns-udp-size" on your resolver.
In your case:
edns-udp-size 3843;
Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the
dns-oarc.net
On Fri, Apr 30, 2010 at 11:55:48PM -0700, Cathy Almond wrote:
> Hi Ray,
>
> I'd recommend not using type 'any' in your tests - the results won't
> always be what you expect. ANY is a diagnostic query type - and what a
> recursive nameserver does when it receives it will depend on what it has
> al
On 5/3/2010 4:36 PM, Lightner, Jeff wrote:
> It sounds as if he read an article saying we have to implement DNSSEC on
> our DNS servers or we'll quit working on 5/5? Is that the case?
>
> Also what is the drop dead date/time if so? 5/5 Midnight UTC? Some
> other time?
You don't need to do any
> Date: Mon, 03 May 2010 17:37:46 +0200
> From: fddi
> To: Bind Users Mailing List
> Subject: problem with domain and sub-domain configuration
> X-FuHaFi: 0.68005
>
>
>
> Hello I have one domain
>
> test.com with namserver ns.test.com (10.0.0.1)
>
> and a subdomain
>
> cr.test.
Hello I have one domain
test.com with namserver ns.test.com (10.0.0.1)
and a subdomain
cr.test.com with nameserver ns.cr.test.com (10.1.0.1)
my problem is that if I update hostnames inside test.com zone
updates are not seen by cr.test.com nameserver
they are seen if I restart named on cr.t
I fear I've missed something important.
My Network admin is saying his understanding is we MUST make changes for
this 5/5 change on the root servers. I was under the impression that
until we decide to implement DNSSEC ourselves we don't need to do
anything on our end to continue resolving.
W
On 1/05/10 7:10 PM, "Server Administrator" wrote:
> I tried OARC's DNS Reply Size Test on two of my name servers, both on
> the same network, behind the same firewall & router.
>
> Both came back and reported "DNS reply size limit is at least 3843"
> (results below).
>
> Is 3843 close enough
Hello,
I'm trying to run a local caching-only nameserver (bind-9.3.3) on Linux
in order to bypass my ISP's name-servers, and most things work fine,
except some domains behave strangely.
For example, forecast.weather.gov has a TTL of 5 seconds.
My initial look-up works correctly, and the respon
39 matches
Mail list logo
