You could CNAME the records to another PTR domain maintained by the
third server.
230.0.168.192.in-addr.arpa is an alias for 230.0-28.0.168.192.in-addr.arpa
230.0-28.0.168.192.in-addr.arpa domain name pointer host.domainname
On Tue, Nov 23, 2010 at 10:43 PM, Wilbert J. Rojas O.
wrote:
> Hi,
>
>
1 QuadCore Intel i7 920 on Fedora 11 x86_64 (can't remember the exact
kernel version) with and without hyperthreading and overclocked
ranging between 2.8 and 3.4GHz
On Thu, Sep 30, 2010 at 2:03 PM, Matus UHLAR - fantomas
wrote:
> On 29.09.10 10:43, Jonathan Petersson wrote:
>&
I did some benchmarking on this about 1.5 yrs ago, here's a graph
representing the results: http://sedoss.com/bind.png
On Wed, Sep 29, 2010 at 10:37 AM, wrote:
> Hi
>
> i read that 'old' bind version where better when threading was disabled. Load
> balancing
> between 2 processe was better. Is
Someone correct me if I'm wrong but using BIND you must have the full
zone, partial forwarding/proxying isn't built in so you would need to
download the zone and replace the data you need to change.
/Jonathan
On Fri, Nov 13, 2009 at 11:22 AM, Johan VAN RYSEGHEM
wrote:
> Hello all,
>
> my problem
The easiest workaround for this is either to use views or TSIG keys.
/Jonathan
On Thu, Oct 22, 2009 at 6:56 AM, Nelson Serafica wrote:
> I have multiple ip address on my primary ns server. (eth0 , eth0:1 ,
> eth0:2). Let's say eth0 is 1.2.3.4, eth0:1 is 2.3.4.5 and th0:2 is 3.4.5.6.
> I have a s
Hi all,
This is probably somewhat of an un-legit way of using whois but I'm
curious as to whether it would be possible to install an internal
whois server that responds with the appropriate prefix-data upon
request for internal ip-numbers/domains while forwarding unknown
requests to external whois
5:41:03 -0700,
> Jonathan Petersson wrote:
>
>> in light of this is it possible to tell BIND how many threads it
>> should utilize or is it a ALL or ONE case?
>
> Do you mean the -n command line option?
>
> usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g] [-n
Could you please provide a copy of your config, I'm guessing that you
have a general forwarder in place or haven't turned on recursion.
/Jonathan
On Sat, May 2, 2009 at 8:06 AM, Nelson Vale wrote:
> Hi all,
>
>
> I've been facing a problem in my private network which I was not able to fix
> yet.
Thanks for the feedback,
> 2 threads on 2 core: 45kqps
> 4 threads on 4 core: 108kkqps
> 8 threads on 4 core + HT: 75kqps
> 16 threads on 8 core + HT: 35kqps
>
> correct?
yes
in light of this is it possible to tell BIND how many threads it
should utilize or is it a ALL or ONE case?
/Jonathan
__
Hi all,
I've been running some dnsperf tests on a couple of servers I have
resulting in some interesting behaviors.
The test-bed that I have is 3 servers with the following CPUs: E3110
(DC @ 3.00GHz), i7 920 (QC 2...@3.20ghz) and E5520 (Dual QC @
2.27GHz), RAM is 6GB on each running at 800-1.6GHz
For those who's interested in the end-result I decided to post my code
on my blog.
http://garnser.blogspot.com/2009/04/dns-query-parser.html
The code creates a FIFO that BIND query-log writes to. Once the script
receives data it's parsed cached and written to a database.
I'll continue to make ad
ay help you with dealing
>> with the log ration issues. I only remember them vaguely, as they were not
>> applicable to what I was doing at the time.
>>
>> Hope this helps some.
>>
>> On Apr 27, 2009, at 10:26 PM, Jonathan Petersson wrote:
>>
>>
I would honestly look for a typo since you're saying that it does work
for some. Either way unless the admin turn it off you will get
zone-transfers, the question lies in wether your name-server accepts
them and propagates them down.
Check in the log for transfer or notification refusals and make
re not
> applicable to what I was doing at the time.
>
> Hope this helps some.
>
> On Apr 27, 2009, at 10:26 PM, Jonathan Petersson wrote:
>
>> Hi all,
>>
>> I'm thinking of writing a quick tool to archive the query-log in a
>> database to allow for
.
/Jonathan
2009/4/28 Jeremy C. Reed :
> On Tue, 28 Apr 2009, Jonathan Petersson wrote:
>
>> I did try to run the following option:
>> syslog named;
>
> syslog should define a "syslog facility".
>
> Look in the openlog, syslog and/or syslog.conf manual pag
I did try to run the following option:
syslog named;
but when matching on named.* in syslog.conf there's no output.
/Jonathan
2009/4/28 JINMEI Tatuya / 神明達哉 :
> At Tue, 28 Apr 2009 10:01:02 -0700,
> Jonathan Petersson wrote:
>
>> So I gave tail a try in perl both via File:
> On Tue, Apr 28, 2009 at 10:05 AM, Alan Clegg wrote:
>> Jonathan Petersson wrote:
>>> So I gave tail a try in perl both via File::Tail and by putting tail
>>> -f in a pipe.
>>
>> As was stated previously in this thread, you are going down a bad path
>
I don't think the cost is that great having querylogging enabled,
running the same test using dnsperf there's a 43% performance-increase
but 70 000 queries per second is still acceptable with query-logging
enabled.
/Jonathan
On Tue, Apr 28, 2009 at 10:05 AM, Alan Clegg wrote:
tail -f straight or File::Tail without arguments just
stops once the log has rotated as it doesn't seam to figure out to
continue onto the new file.
/Jonathan
On Tue, Apr 28, 2009 at 8:52 AM, David Forrest wrote:
> On Tue, 28 Apr 2009, Gregory Hicks wrote:
>
>>
>>> Fro
Yeah I've thought about using tail but I'm not sure how locking would
be managed when logrotate kicks in, does anyone know?
On Tue, Apr 28, 2009 at 3:41 AM, Niall O'Reilly wrote:
> On Mon, 2009-04-27 at 22:26 -0700, Jonathan Petersson wrote:
>> The obvious question that
etc.
On Tue, Apr 28, 2009 at 2:33 AM, Chris Buxton wrote:
> On Apr 28, 2009, at 5:26 AM, Jonathan Petersson wrote:
>>
>> Hi all,
>>
>> I'm thinking of writing a quick tool to archive the query-log in a
>> database to allow for easier reports.
>
> If it
IIRC it's 3 seconds.
On Tue, Apr 28, 2009 at 12:42 AM, Jeff Pang wrote:
> When a Bind requests another Bind for a name resolving, what's the
> timeout value for this resuest?
> I mean, within how many seconds peer Bind doesn't answer it, this Bind
> will give up the query?
>
> Thanks.
> Regards.
Hi all,
I'm thinking of writing a quick tool to archive the query-log in a
database to allow for easier reports.
The obvious question that occurs is; What would be what's the best
approach to do this?
Running scripts that parses through the query-log would cause locking
essentially killing BIND
Thanks!
/Jonathan
On Tue, Apr 14, 2009 at 12:28 PM, Chris Thompson wrote:
> On Apr 14 2009, Jonathan Petersson wrote:
>
>> I was reading up on TSIG signed zone-transfers and gave it a try in my
>> lab this morning, successfully. However what I noticed (which makes
>>
Hi all,
I was reading up on TSIG signed zone-transfers and gave it a try in my
lab this morning, successfully. However what I noticed (which makes
sense based on my config) is that any host with the appropriate key is
allowed to perform a zone-transfer.
Is there any way to limit the zone-transfer
allow-transfer { slaveip; };
On Wed, Apr 8, 2009 at 11:42 PM, Jeff Pang wrote:
> hello,
>
> I have two bind-9.6 (one master one slave) for product application.
> how to set allow-transfer in master's named.conf?
> shall it be:
>
> allow-transfer { none; };
>
> or:
>
> allow-transfer { all; };
>
>
> On Apr 8, 2009, at 3:21 PM, Kevin Darcy wrote:
>>
>> I'm not a big fan of allowing users to enter Resource Records verbatim.
>> Most users aren't that sophisticated, or, if they are, they can do their
>> nsupdates directly, if they have been given access to the relevant TSIG key
>> (how's that fo
eve it would be a better thing if the tool itself gave this to
prevent sending incorrect data to begin with.
/Jonathan
On Wed, Apr 8, 2009 at 3:09 PM, Kevin Darcy wrote:
> Jonathan Petersson wrote:
>>
>> Hi all,
>>
>> I got some time over so I decide to hack a bit on a
Hi all,
I got some time over so I decide to hack a bit on a DNS management
tool for my home-server.
I'm curious as to wether someone knows of a list of regexps that can
be used to match RR's.
Thx
/Jonathan
___
bind-users mailing list
bind-users@lists.
I'm not clear what you're trying to achieve her but if you don't want
the servers to update the zones you're fine as it is. You may want to
look at the hosts that is trying to make updates and make changes on
those accordingly.
If you do want them to be able to update just add allow-update { ip;
}
You can use BIND itself as a load-balancer.
What's your goal?
What's your current load?
What's your anticipated load 12 months from now?
What kind of equipment do you have available?
/Jonathan
On Fri, Apr 3, 2009 at 2:37 PM, Mallappa Pallakke wrote:
> Hi,
> Is there any C/C++ version load bal
Hi Terry,
Each view has to be independently notified if an update takes place.
/Jonathan
On Thu, Mar 26, 2009 at 4:46 PM, wrote:
> This question is related to the prior "Internal and External view on same
> slave server? - RESOLVED" thread, but seems to be a different situation in
> which the
You need to enable recursion in options.
/Jonathan
2009/3/26 ARMSTRONG, KENNETH :
> OK, I've been trying my hardest to figure this out.
>
> I have BIND9 installed and set up as a slave to one of our Domain
> Controllers (so we can at least still get DNS if it were to go down). It
> works fine for
I've seen similar behaviors in earlier versions of BIND as well. Since
it doesn't seam to impact performance etc I haven't really bothered
with it. What you can do is to run an rndc freeze/thaw, this will
check out the journal file.
/Jonathan
On Wed, Jan 7, 2009 at 10:30 AM, Nicholas F Miller
wr
In general I would think that it isn't recommended unless it's
intended, you probably don't want random client querying your servers
for content you don't control.
To kill this add "recursion no;" in options, if you do want this
enables for certain prefixes have a look at "allow-recursion".
Good
Thanks for your input
/Jonathan
On Jan 3, 2009, at 16:13, Mark Andrews wrote:
In message
,
"Jonathan Petersson"
writes:
Hi all,
Hopefully this post wont cause as much SPAM as my last one. About a
year ago I started looking into DNSSEC and how to work with it for
dynamic u
Hi all,
Hopefully this post wont cause as much SPAM as my last one. About a
year ago I started looking into DNSSEC and how to work with it for
dynamic updates etc. Since only NSEC was supported, allowing whomever
to do a unauthorized zone-transfer I canceled my projects later
finding out that NSEC
Sorry for all the spamming, I forgot doing a distclean between the
builds, it's working now.
/Jonathan
On Sat, Jan 3, 2009 at 9:51 AM, Jonathan Petersson
wrote:
> Also:
> [r...@localhost bind-9.6.0]# ./configure --with-libxml2 --enable-pthread
> .
> checking for libxm
Also:
[r...@localhost bind-9.6.0]# ./configure --with-libxml2 --enable-pthread
.
checking for libxml2 library... yes
.
config.status: executing chmod commands
[r...@localhost bind-9.6.0]#
On Sat, Jan 3, 2009 at 9:46 AM, Jonathan Petersson
wrote:
> So I did find the reason:
> Jan
nd is compiled from source with --with-libxml2 --enable-threads
Thanks
/Jonathan
On Sat, Jan 3, 2009 at 9:41 AM, Jonathan Petersson
wrote:
> Hi everyone,
>
> Could someone give me a quick pointer what to look for if I get "No
> such URL" when trying to access the statistics web-
Hi everyone,
Could someone give me a quick pointer what to look for if I get "No
such URL" when trying to access the statistics web-site.
Thx
/Jonathan
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-use
What I've done is that I maintain a "master-slave" zone on my master,
if any new zones are manipulated I push out an updated config to my 20
or so slave-servers, once pushed out a trigger a sudo script via ssh
that reloads bind with the new config and viola.
/Jonathan
On Wed, Dec 24, 2008 at 7:38
You want to manipulate the "." zone. The config you have should be valid,
just point your "." zone in named.conf to the zone file.
/Jonathan
On Thu, Dec 11, 2008 at 1:08 AM, Chris Henderson <[EMAIL PROTECTED]>wrote:
> I am trying to setup a default DNS server for one of my restricted
> network s
On Wed, Dec 10, 2008 at 4:00 PM, Mark Andrews <[EMAIL PROTECTED]> wrote:
>
> In message <[EMAIL PROTECTED]>, Nicholas F
> Mille
> r writes:
> > I have a couple of questions regarding how a Microsoft domain
> > controller updates a dynamic zone.
> >
> > 1 ) When a domain controller tries to update
I did some testing with this couple a months ago and it seams like AD is
following the NS directive in the SOA.
The design I used in my test-case was to put AD as an authoritative updater
of the specified zone on my master, once updated the BIND master was
responsible for updating the slaves.
Som
Shouldn't the "server" statement in options/view do the trick?
/Jonathan
On Wed, Dec 3, 2008 at 12:04 PM, Todd Snyder <[EMAIL PROTECTED]> wrote:
> Try the "listen-on" directive.
>
> Read more here:
>
> http://books.google.com.hk/books?id=zkZN52WhG8sC&printsec=frontcover&dq=
> dns&ei=dA-3SJ7XEaWi
Guess I should start digging in the code then :)
On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt <[EMAIL PROTECTED]> wrote:
> > IIRC update-policy cannot be used in congestion with the allow-update
> > statement.
>
> My bad--you're right. There's code I'd never noticed before that says
> allow-update
Yeah it would most likely be a feature request/change.
IIRC update-policy cannot be used in congestion with the allow-update
statement. Personally I prefer the usage of update-policy as I can assign
different business units within my organization to take responsibility for
certain records/record t
Actually, to take this a step further, is there any remote possibility to
combine this with update-policy as well?
I know both questions has been mentioned on the list before with varied
answers but I wanted to raise it again since this was finally figured out.
/Jonathan
On Mon, Nov 17, 2008 at
Yeah, kinda makes sense, thanks!
/Jonathan
On Mon, Nov 17, 2008 at 11:28 AM, Evan Hunt <[EMAIL PROTECTED]> wrote:
> > > allow-update { !{!10/8;any;}; key update-key; };
> >
> > Wouldn't this still permit any client on the 10/8 subnet to update the
> > zones?
>
> It's very confusing syntax, but
On Sun, Nov 16, 2008 at 1:28 PM, Chris Thompson <[EMAIL PROTECTED]> wrote:
> On Nov 14 2008, blrmaani wrote:
>
> I use BIND 9.2 on Linux.
>>
>
> Horribly old. But I doubt whether anything has changed in the ACL logic
> since then.
>
> I was experimenting with a feature
51 matches
Mail list logo
