I migrated our bind resolvers to a new config (new named.conf) and I see
delegation broken. How do I trouble-shoot?
- The resolvers (are slaves) and are authoritative for zone1.example.com and
example.com
- the resolvers forward queries to our companies DNS to resolve external names
like micros
:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Sun, 2016-11-20 at 16:12 -0800, blrmaani wrote:
> > I am trying to build BIND 9.11 on RHEL linux host and see this error.
> > What am I missing?
>
> I am not sure, but you might want to build a full RPM,
port for GOST.
>
> Mark
>
> In message <800c7d82-63b4-4aec-9f12-5e259f48c...@googlegroups.com>, blrmaani
> wr
> ites:
> > I am trying to build BIND 9.11 on RHEL linux host and see this error.
> > What am I missing?
> >
> > ./configure
> > mak
I am trying to build BIND 9.11 on RHEL linux host and see this error. What am I
missing?
./configure
make
make[4]: Leaving directory
`/root/BIND911ETC/bind-9.11.0-P1/lib/isc/x86_32/include'
make[3]: Leaving directory `/root/BIND911ETC/bind-9.11.0-P1/lib/isc/x86_32'
gcc -I/root/BIND911
On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote:
> We have hosts in two different zones but use same subnet. Zone1 is generated
> by Master1 and Zone2 is generated by Master2.
>
> Slave1 runs BIND and would like to merge the reverses generated on Master1
> and Ma
We have hosts in two different zones but use same subnet. Zone1 is generated by
Master1 and Zone2 is generated by Master2.
Slave1 runs BIND and would like to merge the reverses generated on Master1 and
Master2. How do I do this?
thanks
Blr
___
Please
On Wednesday, September 21, 2016 at 8:10:16 AM UTC-7, Graham Clinch wrote:
> >>> I have a DNS server (which is both forwarder and authoritative NS) and I
> >>> see this odd behavior locally on the host:
> >>>
> >>> dig @localhost # returns immediately with right response
> >>>
> >>> dig @
We have a DNS server setup where all zones are either slaves or forwards to a
internal DNS servers which resolves external names.
Questions:
1. Do we still need a root zone (type=hint) ?
2. What is the side effect of having root zone when our nameserver cannot reach
root servers? (additional loa
On Wednesday, September 21, 2016 at 1:04:50 AM UTC-7, Matus UHLAR - fantomas
wrote:
> On 20.09.16 20:27, blrmaani wrote:
> >I have a DNS server (which is both forwarder and authoritative NS) and I see
> >this odd behavior locally on the host:
> >
> >dig @localhost
I have a DNS server (which is both forwarder and authoritative NS) and I see
this odd behavior locally on the host:
dig @localhost # returns immediately with right response
dig @ # returns sometimes, timesout most of
the time
I have allow-query {any;} in BIND config and the above i
0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html
> IIRC, rate-limiting for authoritative queries (called "Response rate
> limiting" or "RRL") wasn't enabled by default until BIND 9.10.x, and
> required a specific build in BIND 9.9.x. It's not
I inherited a DNS server which is running BIND 9.8.x. There was a DNS incident
where our customers complained that they saw query timeouts intermittently (Our
customers run cassandra/hadoop applications and send same queries repeatedly).
They also run nscd on their hosts but I was told all have
t 11:14:19 AM UTC+5:30, blrmaani wrote:
> We slave a zone and would like to override default TTL for bunch of
> resource-records. What is the right way to do it?
>
> For example, here are few records for which we have to customize TTLs:
>
> host1.zone1.com.:
> default_ttl
We slave a zone and would like to override default TTL for bunch of
resource-records. What is the right way to do it?
For example, here are few records for which we have to customize TTLs:
host1.zone1.com.:
default_ttl = 300
preferred_ttl = 3600
host2.zone1.com:
default_ttl = 300
pref
> From: "John W. Blue"
> To: "A. Renald Niswady" , "blrmaani"
> Cc: comp-protoc...@isc.org
> Sent: Wednesday, March 2, 2016 2:27:49 PM
> Subject: RE: what does "max-ncache-ttl 0;" mean?
>
>
>
>
>
>
>
>
>
>
>
man pages for named.conf says "max-ncache-ttl " and only talks about
default values and max values - no mention of minimum-value.
Does "max-ncache-ttl 0;" mean never cache negative queries (queries resulting
in NXDOMAIN) or does it mean cache negative queries forever?
Too lazy to test this opt
On Sunday, February 21, 2016 at 8:46:19 PM UTC-8, Mark Andrews wrote:
> In message <2f868c2b-d04b-4caf-abd7-8176352cc...@googlegroups.com>, blrmaani
> wr
> ites:
> > On Friday, February 19, 2016 at 5:09:02 PM UTC-8, blrmaani wrote:
> > > We have a DNS setup where w
On Friday, February 19, 2016 at 5:09:02 PM UTC-8, blrmaani wrote:
> We have a DNS setup where we forward a name in one domain to 5 external
> nameservers. We see NXDOMAIN error intermittently (once in couple of weeks).
> How do I debug this issue?
>
> I took a cache dump on our D
We have a DNS setup where we forward a name in one domain to 5 external
nameservers. We see NXDOMAIN error intermittently (once in couple of weeks).
How do I debug this issue?
I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in
"Unassociated entries" when the problem happens.
On Wednesday, January 13, 2016 at 11:34:16 AM UTC-8, blrmaani wrote:
> Hi,
> I am trying to get Ipv4 query rate for our DNS server. I am taking 2
> snapshots with a delay of 60 seconds between these snapshots.
>
> curl : > /tmp/snapshot1.xml
> sleep 60
> curl
Hi,
I am trying to get Ipv4 query rate for our DNS server. I am taking 2
snapshots with a delay of 60 seconds between these snapshots.
curl : > /tmp/snapshot1.xml
sleep 60
curl : > /tmp/snapshot2.xml
I am calculating queryrate as below
query_rate = (Queryv4_value2 - Queryv4_value1) / (cu
Latest version of BIND supports BIND stats via http i.e we can do this
(assuming appropriate configs already done in named.conf for this to work):
curl : > bind-stats.xml
What other tools are available to read this XML file and extract stats?
___
Pl
On Thursday, December 3, 2015 at 2:30:24 AM UTC-8, manasa gowda wrote:
> Hi,
>
>
> Bind version used is 9.6.2-P2.
> Named crashed (In panic State) with INSIST Assertion error. The following is
> backtrace
>
>
>
> #2 0x0041b635 in assertion_failed (file=0x5b2e78
> "src/contrib/bind9
On Thursday, December 10, 2015 at 9:04:48 AM UTC-8, Bob Harold wrote:
> On Wed, Dec 9, 2015 at 6:32 PM, blrmaani wrote:
> Hi,
>
> I would like to put 4 DNS masters behind a vip and have several slaves
> doing the zone transfer from the VIP-IP. Is this normal?
>
>
>
Hi,
I would like to put 4 DNS masters behind a vip and have several slaves doing
the zone transfer from the VIP-IP. Is this normal?
The usual approach is to have slaves getting zone transfers from multiple
masters. What is the disadvantage of having slaves using just the vip and have
all mast
Hi,
named exits with failure on my host when I try to use same physical file for
multiple zones:
/var/log/all look something like below ... -
starting BIND 9.10.2rc1 -u bind -t /var/named -f
...
writeable file 'slave/zone1.txt': already in use: name.conf:1221
writeable file '
Our nameservers take upto 10KQPS (mostly NOERROR type most of the time).
Twice or thrice a week, I have seen upto 10% of the queries are SERVFAIL and we
have started exceeding the default value of 2000 for recursive-clients settings
in BIND 9.9.x.
Is there a recommended value for recursive-cli
Thanks.
ok, so, If I have mysql DNS tables converted to sqlite3 format (binary files)
and then upload to BIND10, how do I do it?
I will also try digging code meanwhile ..
Thanks
Blr
On Monday, December 16, 2013 3:08:13 PM UTC-8, Jeremy C. Reed wrote:
> On Mon, 16 Dec 2013, blrmaani wr
Is there a easy way to import zone files stored in Mysql DB to Bind10? I
checked for all the commands available here:
http://bind10.isc.org/docs/bind10-guide.html
and didn't find anything.
Thanks
Blr
___
Please visit https://lists.isc.org/mailman/lis
We are noticing that a handful of our domains are being used for amplification
attacks and we would like to reduce outgoing (DNS response) packet size.
One solution is to reduce the additional sections in the response for these
handful zones and I would like to know if there is any way to add s
tional-from-auth can be used in global or view scope.
>
>
>
> - Original Message -
>
> > On 21.06.13 02:00, blrmaani wrote:
>
> > >The additional-from-auth yes_or_no ; option is a global option. I
>
> > >would
>
> > >
The additional-from-auth yes_or_no ; option is a global option. I would like to
know if there is a per-zone configuration to do the same in BIND9
configuration? I couldn't find it in BIND9 ARM.
Thanks!
Blr
___
Please visit https://lists.isc.org/mailm
re for their
> service to limit, especially when too much limitations are added.
>
>
>
>
>
> Liu Mingxing
>
>
>
>
>
>
>
> From: blrmaani
>
> Date: 2013-03-25 07:55
>
> To: comp-protocols-dns-bind
>
> Subject: querying TLD
On Wednesday, February 27, 2013 8:41:08 PM UTC-8, Abdul Khader wrote:
> Dear All,
> Is there a way to flush MX records from the cache of a caching DNS server ?
>
> Thanks
> Abdul Khader
Also, just try 'rndc' on command prompty - it shows various rndc options for
flush subcommand.
___
I am developing a monitoring script for internal use and this requires
extensive querying of TLD nameservers (a .. m).tld servers.
Questions:
1. Are there any rate limitations imposed by TLD servers i.e these servers
allows only certain number of DNS queries per IP per second?
2. Are there othe
Our development team complains about waiting for an hour for the deleted
resource records to disappear from recursive resolver cache.
I thought of changing the $TTL value to 1 for that zone but realize that its
not efficient.
Are there any BIND specific options to support this? I know I can ha
On Wednesday, December 14, 2011 4:36:24 PM UTC-8, Barry Margolin wrote:
> In article ,
>
:
>
>
>
> > Our email group have been complaining about a issue of email sent by
>
> > certain users bouncing and I started debugging and found out that
>
> > those users are using email-servers in subnet
I
On Thursday, July 12, 2012 3:49:27 AM UTC-7, Niall O'Reilly wrote:
> On 12 Jul 2012, at 03:21, blrmaani wrote:
>
> > I searched earlier posts but noticed that people are recommending it to
> just increase it to suppress the errors in log.
> >
> > Any pointers
Sorry for the repeat post.. but I know that the value of 'recursive-clients'
option is based on:
1. Query rate
2. RAM size
and various other factors. I vaguely recollect that it is
90 x x , but I forgot why...
I searched earlier posts but noticed that people are recommending it to just
incr
We are planning to use cache-only BIND configuration on our hosts.
These hosts are shared hosts i.e BIND runs along with other
applications on these hosts. RAM size on these hosts = 8GB and hard-
disk size=500GB.
Question:
what is the recommended configuration for 'max-cache-size' for optimum
usag
Our email group have been complaining about a issue of email sent by
certain users bouncing and I started debugging and found out that
those users are using email-servers in subnet1. Emails sent out by
users in subnet2 were OK.
The email-client-hosts use dns-recursive-resolvers depending on their
What is the best approach to control 100s of DNS servers using rndc ?
All these servers run BIND 9.3.x and are unix hosts.
I was thinking about a script which does a ssh to each of these hosts
in sequence and execute 'rndc '. But I was looking for much
more efficient/parallel way to do this..
tho
I see a peculiar behavior on my DNS server. The named CPU reaches 90%
+ every 10 minutes and my monitoring software keeps paging me.
I have a DNS host running FreeBSD 7.x, running BIND 9.4.x on a 2-CPU
machine with 4GB RAM. It is a recursive DNS server.
Any pointers on how to find out the reason
gt; On 10.01.09 14:04, blrmaani wrote:
>
> > When we delegate a subdomain, should the nameserver to which we delegate
> > be AUTHORITATIVE?
>
> yes
>
> > What happens if the nameserver to which we delegate the subdomain is a
> > NON-AUTHORITATIVE nameserver (
Actually the question is not clear to me. Do you intend to know the
options in named.conf to allow
dynamic update or is it you are trying to find out how to add NS
entries to the existing named using
nsupdate?
please clarify..
cheers
Maani
On Jan 8, 10:09 am, Oliver Block wrote:
> Hello everybo
Can't see what you posted.. can you post as a text?
>From subject message it appears that you see /dev/random failure in
syslog. What is the impact?
Do you see issues in dnssec-keygen etc?
On Jan 8, 10:47 pm, "Fuhua Zhang" wrote:
> This is a multi-part message in MIME format.
>
> --
I have configured my named (BIND-9) to delegate a subdomain owned by
our partner company. The queries in the subdomain are failing
intermittently.
Our partner company IT team is not ready to reveal their DNS
configuration.
When we delegate a subdomain, should the nameserver to which we
delegate
b
I did have this issue on Linux. Check the permission of the file
(db.lxatemplar.com) and retry. ALso if you
have syslog message that would help.
cheers
Blr
On Dec 24, 8:47 am, "Robert G. Brown" wrote:
> BIND 9.2.4 on CentOS 4.3. running with 173 domains, and just encountered a
> problem when add
Did anyone try restricting nsupdate by using tcp-wrappers? I heard
that we can restrict nsupdate using tcp-wrapper
Anyone tried this?
cheers
Maani
On Nov 17, 9:06 pm, "Jonathan Petersson"
wrote:
> --===7939338197629145746==
> Content-Type: multipart/alternative;
> boundary="
All,
I use BIND 9.2 on Linux. I was experimenting with a feature to allow
dynamic updates based on
BOTH the following:
1. Secret key ( TSIG )
2. Subnet.
Unfortunately, I realized that we can specify only one of the above in
allow-update {} ACL.
If I specify both, it doesn't work as expected.
Qu
50 matches
Mail list logo
