Re: Significant memory usage

ations-for-bind-9 https://kb.isc.org/docs/aa-00769 https://kb.isc.org/docs/aa-01123 -- Ben -- Any opinions expressed in this message are those of the author alone. All information is provided without warranty of any kind. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: isc-bind service shutdown after update at 9.20.7-1.2.el8

ecStart tells systemd to clear the stock ExecStart declaration, rather than adding to it. And $OPTIONS is "-u bind -t /srv/dns" per /etc/default/named file. -- Ben -- Any opinions expressed in this message are those of the author alone. All information is provided without warra

Re: BIND 9.20.6: spurious recursive lookup failures after longish uptime

gt; domain, but apparently our logging does not catch those. What is your logging config like? Maybe post an extract of your logging{} block? Sometimes BIND is trying to say what is wrong, but the log config is throwing it away. -- Ben -- Any opinions expressed in this message are those o

Re: record PTR

@0 -x 197.242.181.69', it works. Do I need to request a > delegation of 197.242.181.69 to the name servers ns1.sami.tn? > > > > *De :* Ben Croswell > *Envoyé :* jeudi 14 mars 2024 13:10 > *À :* RAHAL Sami SOFRECOM ; ML BIND Users < > bind-users@lists.isc.org> >

Re: record PTR

The in-addr.arpa domain for your IP space will need to be delegated to your DNS servers. That generally happens at the entity that assigned the block. For instance ARIN, RIPE, or APNIC. On Thu, Mar 14, 2024, 8:06 AM wrote: > Hello, please, I want to know if I need to delegate a range of IP > add

Recursive client query rate-limiting

king about. Thanks, .Ben Bridges. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list

RE: Bind 9.16.1 crash

When you say “ISC packages”, are you referring to the packages in the ppa:isc/bind repository on launchpad? Ben Bridges From: Ondřej Surý Sent: Thursday, December 8, 2022 12:26 AM To: Ben Bridges Cc: Emmanuel Fusté ; bind-users@lists.isc.org Subject: Re: Bind 9.16.1 crash In fact, it’s as

RE: Bind 9.16.1 crash

It looks like that issue was occurring in a different part of the netmgr code and was fixed 8 months ago. Thanks, Ben Bridges From: bind-users On Behalf Of Andrew Latham Sent: Wednesday, December 7, 2022 2:35 PM Cc: bind-users@lists.isc.org Subject: Re: Bind 9.16.1 crash I see https

RE: Bind 9.16.1 crash

From: Emmanuel Fusté Sent: Wednesday, December 7, 2022 4:22 PM To: Ben Bridges ; bind-users@lists.isc.org Subject: Re: Bind 9.16.1 crash Current ESV : 9.16.35 No, your release is not patched. Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are packaged by the same maintainers

RE: Bind 9.16.1 crash

Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so they’re both still fully supported (and fully patched). Thanks, Ben Bridges From: bind-users On Behalf Of John Thurston Sent: Wednesday, December 7, 2022 2:32 PM To: bind-users@lists.isc.org Subject: Re: Bind 9.16.1

Bind 9.16.1 crash

uch appreciated. If this is not the proper forum for this posting, please point me in the right direction. Thanks, Ben Bridges [City Utilities] [SpringNet]<http://www.springnet.net> Sales 417.575.7000 | Support 417.874.8000 | springnet.net<http://www.springnet.net> -- Visit

Re: AXFR from Windows 2008R2 failing after upgrading to 9.18

Any logs? Regards Ben Lavender On Mon, 23 May 2022, 21:52 Lefteris Tsintjelis via bind-users, < bind-users@lists.isc.org> wrote: > I must be missing something. Any ideas why does it fail? Everything > seems normal. Works well with Windows 2016. Downgrading to 9.16 works > agai

Re: Determining Which Authoritative Sever to Use

I will say edge DNS servers reduce client config complexity, even if you have DHCP, and increase resiliency of the initial resolver. Where it's true with DHCP you can change the DHCP server options it doesn't help if someone just got a 4 day lease and then the DNS server dies. Additionally the ab

Re: Determining Which Authoritative Sever to Use (Bob McDonald)

b McDonald wrote: > Thanks for the answers. A couple more questions and then I'll stand down. > > First, it's Ben Croswell. Just pointing that out. > > Second, my reading of the definition of a static-stub zone in the Bvarm > indicates that its use is to allow a local

Re: Determining Which Authoritative Sever to Use

I would concur that internally Anycast is best for client facing edge nodes to reduce client configuration complexity as well as reducing impact of a first resolver outage. On Sun, May 8, 2022, 7:59 AM Tony Finch wrote: > Bob McDonald wrote: > > > > My question is this; how do the recursive ser

Re: Determining Which Authoritative Sever to Use

subscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listin

Re: Forwarding zone, setup

Are you loading the parent domain and trying to zone forward a child domain on the same DNS server? I.e. loading somedomain.local and trying to forward ab.somedomain.local If so an NS delegation is required in every instance I have done in my environment. The NS doesn't need to be "right" but it n

BIND OS tuning

Does BIND take advantage of net.core.rmem_max on Linux boxes? If I set the rmem_max to 12.5mb but leave the rmem_default as the OS default will I see a benefit on a high QPS DNS server? Or does BIND look to the rmem_default and ignore the rmem_max? -- -Ben Croswell

Re: Do not cache certain domains

Thanks, yes the second is actually the aim. We don't have secondaries since we use ADDS and BIND simply acts as a recursive service for the other internal domains. On 10/09/2020 16:01, Carl Byington wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-09-10 at 15:35 +0100

Re: Do not cache certain domains

Anyone think they may know the answer to this? Thanks Ben On 07/09/2020 23:00, Ben Lavender wrote: Hi, Without having to alter the TTL of the existing RRs as well as the default TTL. I know this can be done using cache-max-ttl to limit the whole cache, but can this be done for say one

Do not cache certain domains

Hi, Without having to alter the TTL of the existing RRs as well as the default TTL. I know this can be done using cache-max-ttl to limit the whole cache, but can this be done for say one single or multiple defined domains only? Thanks ___ Please v

Re: CNAME / TXT

If you uncomment that mg CNAME you end up with a CNAME mx and TXT at the same node in to the DNS tree and that is illegal. That is why you get the error "cname and other data". The mx and txt are the other data. On Sat, Aug 22, 2020, 8:19 PM Jukka Pakkanen wrote: > Cannot figure out what is wron

Re:

In this case a zone level forwarder takes priority over the global forwarder. Abc.com would go to 1.1.1.1 On Sat, Jun 27, 2020, 11:44 PM baalchina wrote: > Hi all, > > I had a bind 9.16.4 as recursive name server. I want to forward all > queries to a specific dns server out of my net such as 8.8

Re: [Non-DoD Source] Re: BIND Masters and slaves

Some servers already do Regards Ben Lavender On Mon, 15 Jun 2020, 19:02 DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users, wrote: > Or you can call the slave servers 'secondary' servers. > > > V/R > Jim DeCaro > DISA > Systems Administrator > Windows

Re: BIND Masters and slaves

The terminology is fairly misleading, as in the slave is not doing the work on-behalf of or instruction of the the master. But there is ways for the master to influence the slaves; such as "allow-transfer". I don't see the big issue with making a terminology change in this case. On 15/06/2020

Re: bind DoH ANd DoT Implementation

They go over this in the YT video https://www.youtube.com/watch?v=eRbAigV2byE It might not give you a total insight on how to configure it step-by-step but enough On 08/06/2020 06:13, ShubhamGoyal wrote:  Dear all,    I want to ask about bind DoH Impl

Re: Static-stub server-addresses re-order

Don't suppose anyone knows this do they? Thanks On Wed, 19 Jun 2019, 16:21 Ben Lavender, wrote: > Hello, > > Quick question, if we have a number of these IPs that do not reply > (timeout), would BIND re-order these like it would with forwarder IPs? Or > would it fail if it

Static-stub server-addresses re-order

Hello, Quick question, if we have a number of these IPs that do not reply (timeout), would BIND re-order these like it would with forwarder IPs? Or would it fail if it used one that didn't reply? Thanks Regards Ben Lavender ___ Please visit

Re: Question about at zone transfer behaviour on slave

You are looking for the refresh timer in the SOA if you mean the timer for a slave to check the serial with the master. On Wed, Jun 5, 2019, 10:09 PM Techs-yama wrote: > Hi all, > > Have a question about at zone transfer behaviour on slave server. > > In case of slave zone configure and restarti

Re: Change DNS records automatically when a link is DOWN

If you can craft the monitor for the link it could call nsupdate to make the change On Wed, Jun 5, 2019, 11:16 AM Roberto Carna wrote: > Dear people, I have two sites: > > - Main site with an Internet link and two BIND services (DNS1 y DNS2) and > a /28 block, and web and mail services supported

Forwarders with static-stub

Hi, When I setup static-stub zones with the global forwarders options configured, BIND by design forwards the requests before using the stubs. What is the best way around this so the stubs and cache are consulted first? This is required for split-brain DNS. Thanks Regards Ben Lavender

Re: Issues with Stub Zone

a record in /etc/hosts. Also the stub zone file updates correctly. I have tested static-stubs and they work as expected but stubs don't when recursion is enabled on the BIND server. Ben On 08/05/2019 17:02, Chris Buxton wrote: Remembering that a stub zone is a cache hint, more inform

Issues with Stub Zone

Hi, I've been trying to configure a stub zone using both BIND 9.8x and 9.9x for some split-brain internal DNS. The problem I have is that any client that requests the NS or SOA records for this zone gets SERVFAIL. The BIND server populates the /var/named/slaves/benlavender.co.uk.DB file with

Empty .local zone

an NS record which returns either "localhost" (preferably) or the BIND server itself.) Thanks, Ben Bridges [City Utilities] [SpringNet]<http://www.springnet.net> Sales 417.575.7000 | Support 417.874.8000 | springnet.net<http://www.springnet.net> ___

Re: DNS Flag Day: I had to open the TCP/53 port

again over TCP for the full answer. The TC bit is also used in conjunction with RRL. On Mon, Feb 4, 2019, 8:57 AM Roberto Carna Thanks Ben for your response, can you tell me the types of TCP traffic I > have to expect in BIND, excepting Zone Tansfer? > > Thans a lot again!!! > >

Re: DNS Flag Day: I had to open the TCP/53 port

BIND has always required UDP and TCP 53 for proper functionality. It sometimes mistakenly believed that TCP is only for zone transfers but that is not the case. On Mon, Feb 4, 2019, 8:46 AM Roberto Carna Dear, I have a BIND 9.10 public server and I have delegated some public > domains. > > When I

Re: DNS flag day

I would imagine "its a hoax" is code for we dont want to bother remediating. On Fri, Jan 18, 2019, 3:20 PM Warren Kumari > > On Fri, Jan 18, 2019 at 2:58 PM Ben Croswell > wrote: > >> I would say we had one provider go as far as saying this whole flag day >>

Re: DNS flag day

I’ll not hear > back from them. > > Is there a list of known edns compliant Registrar name severs for the > larger Registrars? > > Is it possible the failures seen are false? If so, are there alternate > edns compliance checkers that might show different responses than > dnsf

Re: EDNS Compliance

:29 PM N. Max Pierson Thanks to the response Ben. After looking at the results, it seems we do > have a different firewall between the 4 servers and they have IPs out of > the same subnet for 2 of them which are failing. So this lets me know it is > firewall related and now I can check tha

Re: DNS flag day

toria Risk > On Jan 18, 2019, at 9:09 AM, Ben Croswell wrote: > > Has ISC released minimum viable BIND version for flag day? > > > Most versions of BIND authoritative servers, going back years, are EDNS > compatible. Certainly ALL currently supported versions are compatible. I

DNS flag day

Has ISC released minimum viable BIND version for flag day? I looked around and couldn't find anything. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org htt

Re: EDNS Compliance

As long as all 4 DNS servers are running the same version, my first suggestion would be to check firewalls for dropped packets. Some FW/IPS drop packets with edns versions other 0 because they see it as an attack. On Fri, Jan 18, 2019, 12:02 PM N. Max Pierson Hi List, > > I am trying to ensure o

Re: BIND and UDP tuning

When we ran into UDP tuning issues on high traffic devices it presented as silent discards rather than SERVFAIL. On Thu, Sep 27, 2018, 12:04 PM Alex wrote: > Hi, > > > On Thu, Sep 27, 2018 at 10:53:25AM -0400, Alex wrote: > > > Many of these values I've already tweaked and have had no effect on

Re: DNS-Format-Eroor

tname and send all those customers a "your computer/network on IP $FOO has been compromised, you have X days to fix it or your connection will be suspended." Just warn your support staff before you do that because they're the ones who will rec

Re: Max slaves limit?

That is a valid consideration but being a slave doesn't always mean being in the NS records. On Dec 18, 2017 9:47 AM, "Barry S. Finkel" wrote: > On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy > wrote: > >> Hello folks, >> >> I'm trying to find more information on the practical limitations

Re: EDNS0 client subnet in BIND 9.10

o control every client side to send > > the client-subnet option. > > It would help if Ben provided more details about what he's trying to > achieve. > > I do have a draft that I'm trying to get adopted at IETF to allow > client-related information to be carried from

EDNS0 client subnet in BIND 9.10

I would like to use the client subnet option to overcome some hurdles related to proximity load-balancing. I have looked through the ARM and found references to setting the option in a dig. However I was not able locate options for sourcing that option on the DNS server. Is anyone using ECS curre

RE: Forwarding from delegated zone not working

A)" wrote: But surely you’d get an NXDOMAIN in that case, not a SERVFAIL. The assumption I made in my post was that the delegation was pointed to the forwarding BIND instance, which is a non-starter. - Kevin *From:* bind-users [mailto:bind-users-boun...@lists.isc.org] *On

Re: Forwarding from delegated zone not working

If the AD environment loads company.com you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist. On Oct 10, 2017 11:22 AM, "seanliam73" wrote: > Hi > > I have a subdomain delegated from AD to a bind9 instance I have running >

Re: strange problem with query being dropped/ignored by the BIND process

Have you checked deeper at the OS level? I have seen on Linux DNS servers silent drops of queries on very busy servers that were exhausting UDP receive buffers. On Jun 28, 2017 10:26 AM, "Marc Richter" wrote: Hi, we have a setup here consisting of a recursive DNS server and two monitoring serve

Re: Why would a master zone use forwarders ?

orward {} the global forward will be short circuited for foo.com and below resulting in a path of A > B On May 12, 2017 11:56 AM, "Mik J" wrote: Thank you Ben for your answer My server uses a global forwarding I don't understand what you wrote "If it is master for a foo.com a

Re: Why would a master zone use forwarders ?

This would only change behavior if the server has global forwarding. If it is master for a foo.com and also has global forwarding it will use the global forward for any delegated child domains under foo.com unless they are also loaded locally. The forward{} turns off global forwarding for that br

Re: Bind master keeps saying it is not authoritative

Ensure that the allow-query clause on the master includes the slave. If the slave can't query for the SOA on the zone it can't do an xfer. On Mar 2, 2017 6:34 AM, "Xavier Humbert" wrote: > The whole configuration, comments removed : > > -- Master -- > acl my-slaves {

Re: The DDOS attack on DYN & RRL ?

The other option being having a master owned by your company and then setting both external providers to secondary from your master. You to maintain control over data and hqve diversity. On Nov 1, 2016 10:42 AM, "Barry Margolin" wrote: > In article , > Ben Croswell wrote: &g

Re: The DDOS attack on DYN & RRL ?

I think what we see as a result of this attack is DNS provider diversity being the new buzz phrase. The same as not relying on a single ISP link i see more people using multiple DNS providers. The size of these attacks will grow as IoT continues to grow. It makes sense to have diverse providers to

Re: bind caching data from additional section in responses

On Oct 07, 2016, at 05.44, Tony Finch wrote: > > ben thielsen via bind-users wrote: >> >> zone "example.com" { >> type stub; >> masters { >> "example.com" ; >> }; >> }; >> >> maste

bind caching data from additional section in responses

t. 292 NS ns1.example.com. 292 NS ns2.he.net. 292 NS ns3.he.net. [...] ; glue ns1.example.com.172791 A 192.0.2.1 ; glue [...] is my perception accurate? is bind c

Re: statistics-channels not serving rdtype records

Uh, user error. Turns out they aren't created until the server actually received requests. I started testing the server for completeness, and the records started showing up! In any case: statistics-channels { inet * port 8053 allow { any; }; }; Thanks! Ben On Thu, Apr 7, 2016 at 4:

statistics-channels not serving rdtype records

BIND ii libbind9-90 1:9.9.5.dfsg-3ubuntu0.8 amd64 BIND9 Shared Library used by BIND Any idea's what I'm missing here? Thanks! Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns

RE: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

I tend to agree with you about the overloading of TXT records. Thanks, Ben -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ray Bellis Sent: Thursday, March 24, 2016 11:22 AM To: bind-users@lists.isc.org Subject: Re

RE: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

longer TTL for most records (including other TXT records) in order to reduce the query load on our servers. It would be nice to be able to set a short TTL for the Office 365 record but a longer TTL for other TXT records for the same domain name. Thanks, Ben From: bind-users-boun...@lis

Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

for all five records to 300 (or more specifically, the TTL of the first one of the RRs in the file). I looked for a BIND directive in the manual to change this behavior but could find no obvious candidate. Thanks, Ben Bridges Springfield, MO ___ P

Re: CVE-2015-7547: getaddrinfo() stack-based buffer overflow

Cyber folks asked if there was any way for the DNS servers to "protect" the vulnerable clients. The only thing i could see from the explanation was disabling or limiting edns0 sizes. That is obviously not a long term option. On Feb 17, 2016 11:39 AM, "Alan Clegg" wrote: > On 2/17/16, 11:34 AM,

Re: About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

> On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote: > > Is it safe to say the only vulnerable hosts would be those > > accepting queries from the outside world, or would this also > > pertain servers getting responses from the outside world with > > no inboun

Re: About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

Is it safe to say the only vulnerable hosts would be those accepting queries from the outside world, or would this also pertain servers getting responses from the outside world with no inbound queries? On Jul 28, 2015 5:42 PM, "Michael McNally" wrote: > As the security incident manager for this

Re: Diagnostic help

The default for allow query is local host local nets. Basically the server itself and directly connected networks On Sep 29, 2014 8:03 PM, "Bill Christensen" wrote: > Hi folks, > > Something got sideways on one of my DNS servers, and I would appreciate > some help in figuring out what's going o

Re: Slave zero-TTL on CNAMES

Cisco routers do have the ability to "doctor" DNS packets when doing NAT. When it doctors it sets the TTL to 0 but I dont know why it would only do it on CNAME records. On Jun 5, 2014 12:43 PM, "Reindl Harald" wrote: > > > Am 05.06.2014 17:58, schrieb /dev/rob0: > > On Thu, Jun 05, 2014 at 05:21:

Re: Bind 9.9.1 forward zone "local"

I would imagine your issue is a lack of an NS delegation in the root zone you are slaving. If you load a parent and then try to forward a child of that parent you must have a delegation in the parent. The delegation doesn't have to match the forwarders but it must exist. On Mar 25, 2014 1:57 PM, "

Re: which Name sever is selected?

back to being slower. On Mar 3, 2014 8:24 AM, "houguanghua" wrote: > Hi Ben, > > What's the meaning of bind "decaying"? Where can I find the detailed > description? Thanks! > > Guanghua > > > ---- > Date

Re: which Name sever is selected?

RTT banding was removed in early versions of 9.8 due to the performance hit being larger than any security benefit. So it would depend what version of bind is being used in this case. https://www.isc.org/blogs/rtt-banding-removal-from-bind-9/ It is important to note that all ns records will take s

Re: Bind vs flood

Ah I see you are in provider situation. Shows my assumption you were in an enclosed enterprise environment. On Feb 27, 2014 10:57 AM, "Ivo" wrote: > Ben, > > No, our server is not an open resolver, we have a large user community > and the problem is that users install t

Re: Bind vs flood

I guess I am missing why anyone on the internet should be able to open queries against your caching resolver. Why would in bound queries be allowed to servers that are for your people to get out? On Feb 27, 2014 10:13 AM, "Ivo" wrote: > Hi Dmitry, > > We observed that similar requests are landi

Re: how to modify the cache

What you say is true, but the OP wasn't clear in who owned the record he wanted to override. I assumed it was someone else's or you would just change authoritative source that you own. On Feb 14, 2014 10:20 AM, "Barry Margolin" wrote: > In article , > Ben Croswe

Re: how to modify the cache

You can't modify cache. If that was allowed you could cache poison any domain you wanted. On Feb 14, 2014 8:52 AM, "houguanghua" wrote: > Hi all, > Bind provides rndc tools to operate the cache. But how to change a record > in the cache. For example: > to modify origin record " *www.abc.com*

Re: I may be confused regarding sub delegated zone

A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, "Blason R" wrote: > Hello friends, > > I may sound like novice but have

Re: Delegation and Forwarding

The basic answer is that you use null forwarders for any domains that you want to turn off the global forwarders. If you have a global forwarder and then you have bob.com with a null forwarder, bob.com and the domains below is will follow delegation. On Dec 11, 2013 7:10 AM, "Bob McDonald" wrote:

Re: Confused about a basic concept

Bryan > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users &g

Re: BIND 9.4.x and check-names

d check-names Message-ID: <20130417155830.ga14...@fantomas.sk> Content-Type: text/plain; charset=us-ascii; format=flowed On 17.04.13 06:39, Ben-Eliezer, Tal (ITS) wrote: >Subject: BIND 9.4.x and check-names Isn't it time to upgrade? >I recently implemented a change in our DNS

BIND 9.4.x and check-names

sdcs./A: bad owner name (check-names) default.log:12-Apr-2013 00:45:37.447 general: warning: zone /IN: gc._msdcs./A: bad owner name (check-names) Best Regards, Tal Ben-Eliezer ___ Please visit https://lists.isc.org/mai

RE: bind-users Digest, Vol 1485, Issue 1

nt-Type: text/plain; charset=UTF-8; format=flowed On 3/29/2013 6:12 PM, Lawrence K. Chen, P.Eng. wrote: > - Original Message - >> On Mar 28, 2013, at 12:28 PM, Ben-Eliezer, Tal (ITS) wrote: >> >>> I?ve spent hours researching a way to accomplish this without any >&

RE: Forward First on Master Zone (bypass SOA)

Hi Chris, this looks interesting, I'll do some testing and report back! Thank you, Tal -Original Message- From: Chris Buxton [mailto:cli...@buxtonfamily.us] Sent: Thursday, March 28, 2013 5:02 PM To: Ben-Eliezer, Tal (ITS) Cc: bind-users@lists.isc.org Subject: Re: Forward Fir

Re: Forward First on Master Zone (bypass SOA)

A server will not forward a zone it is also authoritative for. On Mar 28, 2013 3:33 PM, "Ben-Eliezer, Tal (ITS)" < tal.ben-elie...@its.ny.gov> wrote: > Hello, > > ** ** > > My organization is evaluating the use of split-view DNS in our environment. > >

Forward First on Master Zone (bypass SOA)

any luck. Is there any way to accomplish what I'm trying to do? Thanks, Tal Ben-Eliezer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Most specific match on PTR records

You need to ensure if the resolver that is doing the forwarding also loads the blank 10/8 that you have the smaller /24 delegated in the 10/8. The reason being if it loads the /8 with no /24 delegation it will ignore the forward because it believes the /24 doesn't exist. On Feb 21, 2013 1:21 PM, "N

Re: What causes 'zone transfer setup failed' ?

A common issue is the secondary not being allowed to query the master for the SOA of the zone. Ensure the master has an allow-query that includes the secondary. On Jan 25, 2013 6:06 AM, "Jan-Piet Mens" wrote: > Hello, > > I'm seeing quite a number of messages like > > xfer-out: debug 3: c

Re: Define an internal zone with only a couple of A records, then forward to an external dns server

If you load the zone your server will believe it knows everything about the zone and not forward anything below it. If you load foo.com with two records, nothing but those two records will ever resolve on that server for foo.com. One way to make it work would be to load two zones. Vpn1.foo.com an

Re: MNAME not a listed NS record

There is no issue with a configuration like this. It is the very definition of a stealth master and is a very common configuration. Any DDNS updates will continue to reach the stealth master via the mname and no resolvers will find the master via NS records so it won't be queried. On Jan 16, 2013 3

Re: Name resolution fails if not forwarding

My first thought would be lack of firewall rules and connectivity to the Internet. On Jan 8, 2013 9:35 AM, "Daniele" wrote: > If I use BIND9 forwarding all the queries not belonging to my local zones, > it works. > > But if I don't forward those queries, `dig` sometimes (and this is weird) > fail

Re: Bind not forwarding all requests

It is probably related to forward first versus forward only. Forward first is default but will fall back to no forwarding if the forwarders fail. On Dec 7, 2012 12:06 PM, "Romgo" wrote: > Hello, > > I am currently running two bind9 server on Debian Squeeze. > 1:9.7.3.dfsg-1~squeeze8 > > Server 1

RE: Performance tuning

I did digs to both names from my work DNS infrastructure. The response was 58ms to resolve the WWW entry and 44ms for the non WWW entry. Would not appear to be a resolution related slow down. -Ben Croswell On Nov 26, 2012 1:25 PM, "Lightner, Jeff" wrote: > For question 1: >

Re: forwarder is ignored when authoritative zone is added

The thing that brings me back to a delegation issue is the statement of slaving an external version of the second level domain the internal DNS server. I know if I was splitting a domain I would not put internal only delegations external. -Ben Croswell On Oct 26, 2012 7:23 AM, "Sten Ca

Re: forwarder is ignored when authoritative zone is added

on. I assume the logic is, why would I forward a subdomain I know doesn't exist. -Ben Croswell On Oct 26, 2012 2:17 AM, "Frank Even" wrote: > I've recently had an issue that I'm having some issues finding > information on solving. > > I have internal DNS resolver

Re: Queries aborted due to Quota

or link from which, we can read about rndc stats commands in deep or any FAQ/Information about general error messages regarding bind services. Best Regards, Ben Hi, I am monitoring rndc stats output and got ++ Resolver Statistics ++ [Common] 82121 queries aborted due to quota

Queries aborted due to Quota

resource limitation or ? BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: global forwarders - current BIND9 behaviour documentation

x27;s the method for retrying a forwarder after it was set high due to a timeout etc. -Ben Croswell On Jul 25, 2012 2:36 PM, "ip admin" wrote: > Hi, > > anybody there who can provide a definitive answer on the current BIND 9.7 > (or higher) global forwarder behaviour? > &

Re: rndc stats command

output from it by any command or something? My concern is that to find QPS / no. of queries per RR / hit ratio. Best Regards, Ben On Jul 18 2012, Ben wrote: Hi, As per man page and my understanding rndc stats writes a current named statistics into defined file in named.conf so suppose, if i

rndc stats command

append fresh/new named statistics to defined fiel, is it so? Or is there any interval for rndc / named to generate fresh/new statistics.? Kindly correct me if I am missing something... Regards, Ben ___ Please visit https://lists.isc.org/mailman

Re: Operation Cancelled Error

How to check from 10 queries, which are on cache and which are not ? Still, my question is open.. Dear ISC team, can you please suggest what happend with my caching DNS load test.? I mean, want to find root cause of it. Den 12. juli 2012 kl. 01:49 skrev Ben : If someone share his

Re: Operation Cancelled Error

misconfiguration or something else? If someone share his experience with it, What are the maximum QPS handled by bind? that is good to understand more. Regards, Ben Hi Ben, At 05:37 11-07-2012, Ben wrote: Actually, I am doing load testing with my CACHING DNS SERVER, and for that i setup one

Re: Operation Cancelled Error

Hi, On Jul 10, 2012, at 2:25 AM, Ben wrote: Hi, We deploy BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 and trying to do load test while doing it we got so many erros logs in named.run. I must admit to being a little confused… It *looks* to me like you are forwarding all queries to 8.8.8.8? (If

  1   2   3   >