Jinmei - Thank you.
As a follow up question, the stats "queries resulted in successful answer" -
does this counter only cover queries that were answered with DNS data?
how about DNS queries that where the responded with SERVFAIL, NXDOMAIN,
timed-out due to delegation, dropped, or non-successful
Hi Bind Users,
Good day. I wish to know what is the industry standard when dealing with the
"TOTAL QPS" and how do we calculate this with BIND?
My understanding of "QPS" is the queries that a DNS server has received
regardless if it was dealt with a successful response, nxdomain or timed-out
hi all,
is there a built-in ACL that represents "any" IPv6 connection?
I have some experiment with allow-query { aclhere; };
where aclhere represents any IPv6 network, anywhere from the Internet.
If there's no built-in, what is the best way to come up with an equivalent?
Thanks!
_
To BIND-USERS:
I'm not sure if I got GSS-TSIG working correctly 'yet'... however it will work
if i use "allow-update { any; };"
and logs shows "28-Aug-2009 21:20:46.813 security: debug 3: client
172.17.1.2#62729: request has valid signature"
The difference...
THIS WORKS FOR ME:
tkey-
Hi!
I have a DNSSEC isolated testlab and we simulated signining of a ccTLD. I and
my friends already finished setting up the following:
1. client (resolvers)
2. DNS cache server (having a customized ROOT HINTS)
3. ROOT server (without root hints and with "." zone)
4. primary DNS server for "tld
maybe this will help
http://peppyheppy.com/2008/1/18/bulk-zone-file-serial-number-increment
--- On Tue, 1/27/09, Barry Margolin wrote:
> From: Barry Margolin
> Subject: Re: Forcing a secondary update...
> To: comp-protocols-dns-b...@isc.org
> Date: Tuesday, January 27, 2009, 2:12 PM
> In artic
I have confirmed that the ARCH=x86_64 trick resolved the issues with my
configuration. I have tested this with an authoritative and recursive
dns/bind95 port with modified Makefile.
I have not fully tested the acl.c and iptable.c since the patch suit my need.
Thanks!
--- On Tue, 12/23/08, Dou
Hi,
is it possible to see your named.conf
what is the methodology of the test? is it for authoritative queries?
recursive? or both? at the same time?
my patch for the port is the same as yours...
thanks!
===
.if ${ARCH} == "amd64"
ARCH=x86_64
.endif
--- On Thu, 12/11/08, Dmitry R
Hi
can you verify if you're using the newly installed named.
did you configure your options to replace the base?
can you give us:
ldd /usr/sbin/named
ldd /usr/local/sbin/named
to my understanding, there should be no memory leak issue at all if you disable
threads..
this post has always been
refer to 'split' DNS using views
here's something:
http://www.zytrax.com/books/dns/ch7/view.html
in a nutshell.. you have to
- have 2 views, same zone per view
- either have two different zone files... and maintain it separately. (or you
may have two zone files and segregate the differences, whi
how about llnwd.net
can you ping dns11.llnwd.net from that box?
I believe there's that routing issue, I've troubleshooted this kind of problem
in one ISP, my immediate resolution is to have a conditional forwarding for
that domain only to openDNS.
Thanks!
--- On Wed, 12/3/08, JINMEI Tatuya
hi all,
what about performance issues? if BIND considers additional logging and DNS
admins unwittingly turn ON logging of queries (just by issuing rndc querylog)
and other future logging categories, it somehow degrades the performance of
BIND.
as i've tested BIND 9.5.0-P2 with authoritative q
this might also help..
http://code.google.com/p/google-dnswall
in a nutshell, its like a DNS proxy server, you can use this to forward to
BIND. between your clients and your internal BIND servers.
it filters:
- Invalid IP address: an IP address that starts with 0; i.e. 0.x.x.x
- Node-Local IP a
and why not use..
https://www.dns-oarc.net/tools/dnscap
dnscap -m q -e y -c 100 -w /path/file
captures:
- queries only
- errors only
- after 100 packets where conditions are met
- write it to a file..
Enjoy!
--- On Sat, 11/29/08, ivan jr sy <[EMAIL PROTECTED]> wrote:
> From: i
looks like an OK config for me.
- you should be able to view the name being queried and from what source IP
- debug10 = view the actual query (similar to dig)
so you can grep the NXDOMAIN or the ANSWER
are you able to view the log file? did it log the start-up processes of BIND?
you should be abl
o" <[EMAIL PROTECTED]>, "[EMAIL
> PROTECTED]" <[EMAIL PROTECTED]>
> Date: Friday, November 28, 2008, 10:09 PM
> At Thu, 27 Nov 2008 23:35:30 -0800 (PST),
> ivan jr sy <[EMAIL PROTECTED]> wrote:
>
> > so does this memory leak only occur if
&g
sperf and BIND memory consumption
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED], "Vinny Abello" <[EMAIL PROTECTED]>, "[EMAIL
> PROTECTED]" <[EMAIL PROTECTED]>
> Date: Friday, November 28, 2008, 8:21 PM
> At Thu, 27 Nov 2008 23:04:58 -0800 (PST),
>
ith x number of AMD64 cores...
- ivan
--- On Thu, 11/27/08, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> wrote:
> From: JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]>
> Subject: Re: dnsperf and BIND memory consumption
> To: [EMAIL PROTECTED]
> Cc: "Vinny Abello" <[EMAIL
--- On Thu, 11/27/08, David Sparks <[EMAIL PROTECTED]> wrote:
> From: David Sparks <[EMAIL PROTECTED]>
> Subject: Re: rfc1918 ns records coming from internet are queried?
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Date: Thursday, November 27, 2008, 7:43 AM
> >> I'm looking for a way to set
Hi all,
I know this is a an old thread, but I wish to resurrect this in hopes to find
answers..
9.5 + threads on FreeBSD 7 is better performance wise, but there is this
problem.
9.4 + threads on FreeBSD 7 is almost 50% of the performance, but there is no
issues like this. 9.5 without threads
20 matches
Mail list logo
