William_D. Colburn wrote:
>
> What I want to know now: is there a better solution to that problem than
> what I did? Better practices for fixing that which I could have followed?
I think recovering from a secondary copy is about the best you can do.
The zone file and journal are no longer consis
While I was out sick a coworker hand edited a zone with dyanamic
updates. When I got back the server returned SERVFAIL for any queries
to it. I didn't know yet that it had been hand edited, so I did an rndc
freeze to look at the zone file, which claimed to have succeeded, but
didn't remove the jo
On 3/5/21 1:41 PM, Bruce Johnson wrote:
Turne out to be a dumdum mistake on my part. SELinux was set to
enforce…set it to permissive and voila! the .jnl file was created.
Ah.
That sounds like an SELinux policy problem. SELinux /should/ allow
named to create journal files.
A non-default loc
Turne out to be a dumdum mistake on my part. SELinux was set to enforce…set it
to permissive and voila! the .jnl file was created.
I coulda sworn I’d fixed that before...
> On Mar 5, 2021, at 12:39 PM, Grant Taylor via bind-users
> wrote:
>
> On 3/5/21 12:07 PM, Bruce Johnson wrote:
>> Fixin
named process is running as ’named’:
named 45631 1.0 11.8 411576 220744 ? Ssl 11:28 0:57
/usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
if I run su --shell=/bin/sh named
I can create files in the directory the journal file should be.
On Mar 5, 2021, at 12:39
On 3/5/21 12:07 PM, Bruce Johnson wrote:
Fixing the permissions and restarting named got dynamic updating
working again, but new systems (ie names that are NOT already in
the Zone file ) are throwing errors about the journal file: error:
journal open failed: unexpected error
It seems like you
I”m running it as named-chroot, and named is rw permissions at the /var/named
This is the directory listing:
[root@mydns named]# ls -l
total 16
drwxr-x---. 7 named named 61 Oct 9 13:30 chroot
drwxrwx---. 2 named named 127 Feb 28 03:27 data
drwxrwx---. 2 named named 60 Mar 4 13:57 dynamic
d
Fixing the permissions and restarting named got dynamic updating working again,
but new systems (ie names that are NOT already in the Zone file ) are throwing
errors about the journal file: error: journal open failed: unexpected error
Mar 5 11:44:34 mydns named[45631]: client @0x7fa31f4178d0
1
@inalco.fr
[ http://www.inalco.fr/ | www.inalco.fr ]
De: "Darcy Kevin (FCA)"
À: "bind-users"
Envoyé: Jeudi 3 Mai 2018 20:42:59
Objet: RE: Dynamic zone vs static records
“ We are aware that we should not mix the plain text configuration with these
dynamic records (and use
On 05/03/2018 12:42 PM, Darcy Kevin (FCA) wrote:
As far as I know, Domain Controllers still only maintain SRV records
DCs, likely all member servers, and possibly all workstations (or the
DHCP server on their behalf) will try to register A / and PTR
records too.
Also, updates to the AD
@lists.isc.org
Subject: Dynamic zone vs static records
Hello,
We are managing our DNS zone within LDAP through a 3rd party editor
(FusionDirectory). This software is configured to export the LDAP configuration
to plain text zone files, updated on the master (and a zone reload is made by
the software
Hello,
We are managing our DNS zone within LDAP through a 3rd party editor
(FusionDirectory). This software is configured to export the LDAP configuration
to plain text zone files, updated on the master (and a zone reload is made by
the software by calling rndc).
If we make this zone dynamic
On Wed, Jul 08, 2015 at 05:38:59PM +0200,
stefan.las...@t-systems.com wrote:
> Mark Andrews:
> >> By default, the bind daemon uses the "relative" style (or
> >> something similar) when writing dynamic zone files to disk.
> >> Guess what... all thos
-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of
stefan.las...@t-systems.com
Sent: Wednesday, July 08, 2015 11:39 AM
To: ma...@isc.org
Cc: bind-us...@isc.org
Subject: AW: dynamic zone file "style"
>> By default, the bind daemon uses the "relative"
>> By default, the bind daemon uses the "relative" style (or something
>> similar) when writing dynamic zone files to disk.
>> Guess what... all those "$ORIGIN" lines make it more difficult to
>> parse the f ile by a separate script... ;)
> Truly,
human-readable)
>
> By default, the bind daemon uses the "relative" style (or something similar)
> when writing dynamic zone files to disk.
> Guess what... all those "$ORIGIN" lines make it more difficult to parse the f
> ile by a separate script... ;)
Truly, you do
yle (or something similar)
when writing dynamic zone files to disk.
Guess what... all those "$ORIGIN" lines make it more difficult to parse the
file by a separate script... ;)
Is there a way to change this into "full" style? I haven't found anything in
the doc's...
I know
nks,
Brian
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Thursday, January 29, 2015 4:15 PM
To: Cuttler, Brian (HEALTH)
Cc: Tony Finch; bind-users@lists.isc.org
Subject: Re: problem loading dynamic zone
In message , "Cuttler, Brian (HEALTH)" writes:
> Good q
In message , "Cuttler, Brian (HEALTH)" writes:
> Good question. Yes, as far as I can determine.
>
> # ps -ef | grep named
> Named 295341 0 10:27 ?00:00:00 /usr/sbin/named -u named
>
> Do I need to set some startup script action as well as the current config and
> directory pr
[mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch
Sent: Thursday, January 29, 2015 11:57 AM
To: Cuttler, Brian (HEALTH)
Cc: Alan Clegg; bind-users@lists.isc.org
Subject: RE: problem loading dynamic zone
Cuttler, Brian (HEALTH) wrote:
> Error: db.dynamic.jnl: create: permission denied
Cuttler, Brian (HEALTH) wrote:
> Error: db.dynamic.jnl: create: permission denied
Is named actually running as user/group named?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
East Dogger, Fisher, German Bight: Westerly or southwesterly 5 to 7,
occasionally gale 8 at first except in Fish
rom: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Alan Clegg
Sent: Thursday, January 29, 2015 10:25 AM
To: bind-users@lists.isc.org
Subject: Re: problem loading dynamic zone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Other people have taken on the que
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Other people have taken on the question in the Subject: line, so I'll
go off on a different tact and request that you remove the line:
> query-source address * port 53;
from your configuration, and if it part of a distribution's
named.conf, conside
niversity of Science and Technology
> On Jan 29, 2015, at 8:45 AM, Cuttler, Brian (HEALTH)
> wrote:
>
>
> Bind users list,
>
> I am having problems with dynamic DNS config. It 'looks' simple enough
> but I'm unable to load the dynamic zone.
>
>
Cuttler, Brian (HEALTH) wrote:
>
> I simply do not see where the error is.
You have an empty journal file and named-checkzone is complaining about
not being able to process it. Try removing the journal and see if it
works. The journal should be created as necessary.
Tony.
--
f.anthony.n.finch
Bind users list,
I am having problems with dynamic DNS config. It 'looks' simple enough
but I'm unable to load the dynamic zone.
I have stripped down my config, checked the protections on the data
directory and on the data files.
I simply do not see where the error is.
I have i
Le 08/11/2012 13:20, /dev/rob0 a écrit :
On Thu, Nov 08, 2012 at 09:23:05AM +1100, Mark Andrews wrote:
In message <509a8796.7060...@nryc.fr>, "Nicolas C." writes:
I have a dynamic zone on an external view, this zone is updated
with a TSIG key from outside of our network. Ther
On Thu, Nov 08, 2012 at 09:23:05AM +1100, Mark Andrews wrote:
> In message <509a8796.7060...@nryc.fr>, "Nicolas C." writes:
> > I have a dynamic zone on an external view, this zone is updated
> > with a TSIG key from outside of our network. There is a secondary
&
In message <509a8796.7060...@nryc.fr>, "Nicolas C." writes:
> Hello,
>
> I have a dynamic zone on an external view, this zone is updated with a
> TSIG key from outside of our network. There is a secondary DNS server,
> also outside our network on which zones
Hello,
I have a dynamic zone on an external view, this zone is updated with a
TSIG key from outside of our network. There is a secondary DNS server,
also outside our network on which zones transfers are working fine with
no key.
We would like to make one of our internal DNS secondary for
On 06/24/2011 10:47 PM, Brian J. Murrell wrote:
On 11-06-24 03:19 PM, David Sparro wrote:
Do you have control of the update process.
Sure.
You could potentially send
and update to both views (in other words, send two updates).
How do I, with nsupdate, specify which view's zone I want to u
On 11-06-24 03:19 PM, David Sparro wrote:
>
> Do you have control of the update process.
Sure.
> You could potentially send
> and update to both views (in other words, send two updates).
How do I, with nsupdate, specify which view's zone I want to update?
> I think
> you'd need separate zone f
On 6/24/2011 2:51 PM, Brian J. Murrell wrote:
The data really does need to be quite in sync though. I'm not sure a
period of less than a second or two is going to be acceptable.:-(
Do you have control of the update process. You could potentially send
and update to both views (in other words,
On 11-06-24 01:47 PM, Evan Hunt wrote:
>
> Do the internal and external versions *both* need to be dynamic?
No, only the internal in fact.
> I'd expect it to work okay if you had only one of them dynamic, and
> sent periodic reload commands to the other one.
Yeah. I got the master/slave appro
> But reload doesn't work for dynamic zones:
Do the internal and external versions *both* need to be dynamic?
I'd expect it to work okay if you had only one of them dynamic, and
sent periodic reload commands to the other one.
The master/slave approach really works better, though. Something like
On 11-06-24 12:39 PM, Evan Hunt wrote:
>
> You can specify the view in the reload command:
>
> $ rndc reload example.com in external
But reload doesn't work for dynamic zones:
# rndc reload rbl.interlinx.bc.ca in greatunwashed
rndc: 'reload' failed: dynamic
> A. I guess I had not considered how BIND handles "views" and that
> it's done with a separate process per view. But I only have one named
> process, so I suppose it's threading for each view.
No, the views will all share the same process and thread(s), but they are
separate chunks of memor
On 06/24/11 09:21, Brian J. Murrell wrote:
On 11-06-24 09:57 AM, Lyle Giese wrote:
It's expected behavior in a way.
Given your explanation, indeed. :-)
You are probably making this change in
the internal view and the internal named process knows about the change
and reloads the zone.
The
jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Brian J. Murrell
Sent: Friday, June 24, 2011 10:21 AM
To: bind-us...@isc.org
Subject: Re: bind restart needed to reflect changes to dynamic zone in
multipleviews
On 11-06-24 09:57 AM, Lyle Giese wrote:
>
On 11-06-24 09:57 AM, Lyle Giese wrote:
>
> It's expected behavior in a way.
Given your explanation, indeed. :-)
> You are probably making this change in
> the internal view and the internal named process knows about the change
> and reloads the zone.
>
> The external view's process is unaware
On 24/06/11 14:22, Brian J. Murrell wrote:
I am using BIND 9.7.2-P2.
I have two views, one "internal" and one for "external" queries. In
both of those views I have some zones which are common so I put them
into their own file "zones.common" and include that file in both of the
views.
The probl
On 06/24/11 08:22, Brian J. Murrell wrote:
I am using BIND 9.7.2-P2.
I have two views, one "internal" and one for "external" queries. In
both of those views I have some zones which are common so I put them
into their own file "zones.common" and include that file in both of the
views.
The probl
I am using BIND 9.7.2-P2.
I have two views, one "internal" and one for "external" queries. In
both of those views I have some zones which are common so I put them
into their own file "zones.common" and include that file in both of the
views.
The problem I am having is that when I make a dynamic
ne become
>> dynamic when you enable updates OR when you have actually done the first
>> update - i.e. created the .jnl file?
>
> A dynamic zone is a zone that allows dynamic updates, so the former.
> You don't need a .jnl file, and can remove it (provided you have
> flush
On 01/05/2011 11:45 AM, Sten Carlsen wrote:
Maybe just a detail without much significance. Will the zone become
dynamic when you enable updates OR when you have actually done the first
update - i.e. created the .jnl file?
A dynamic zone is a zone that allows dynamic updates, so the former
llo,
>>
>> When adding a statement of something like:
>>
>> allow-update { 127.0.0.1; };
>>
>> to the zone configuration, this zone will become a dynamic zone, is it?
>
> Yes.
>
> You can also do:
>
> allow-update { key NAME; };
>
> ...and in
On 01/05/2011 03:01 AM, p...@mail.nsbeta.info wrote:
Hello,
When adding a statement of something like:
allow-update { 127.0.0.1; };
to the zone configuration, this zone will become a dynamic zone, is it?
Yes.
You can also do:
allow-update { key NAME; };
...and in newer versions of bind
On 01/05/2011 03:32 AM, Paul Ooi Cong Jen wrote:
Hi,
Nope. Dynamic zone require keys exchange for zone transfer.
This is not correct.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi,
Nope. Dynamic zone require keys exchange for zone transfer.
--
Paul Ooi
On 05-Jan-2011, at 11:01 AM, p...@mail.nsbeta.info wrote:
>
> Hello,
> When adding a statement of something like:
> allow-update { 127.0.0.1; };
> to the zone configuration, this zone will become
Hello,
When adding a statement of something like:
allow-update { 127.0.0.1; };
to the zone configuration, this zone will become a dynamic zone, is it?
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
On 12/31/2010 9:59 PM, Lyle Giese wrote:
> My approach would be to use a dynamic host service like dyndns.com.
>
> I setup a remote1.homedns.org with a cname in my zone:
>
> remote.abc.com 3600 in cname remote1.homedns.org
>
> And use a dynamic dns client on the laptop. Then you don't even car
On 12/31/2010 5:46 AM, G.W. Haywood wrote:
Hi there,
On Fri, 31 Dec 2010 Jeff Justice wrote:
...
I have a computer on a remote network that gets its IP dynamically
from the ISP. I need to always know where that computer is.
...
if my main domain for our company were:
abc.com
then it would b
Hi there,
On Fri, 31 Dec 2010 Jeff Justice wrote:
> ...
> I have a computer on a remote network that gets its IP dynamically
> from the ISP. I need to always know where that computer is.
> ...
> if my main domain for our company were:
>
> abc.com
>
> then it would be nice to have:
>
> remote.abc
DHCPCD gets an IP from upstream - it uses nsupdate to send
> this info to a dynamic zone hosted on your side.
> Problems: The zone on your side needs to be dynamic - so should be
> separate from your normal "static" zone, The comms should really be
> secure - so you're g
dynamic zone hosted on your side.
Problems: The zone on your side needs to be dynamic - so should be
separate from your normal "static" zone, The comms should really be
secure - so you're going to learn a little about dnssec-keygen and
signatures.
This is actually an exercise that we
I apologize in advance for my limited understanding of BIND. I know
just enough to have our primary and secondary running without any
problems, but I am needing to do something new. I searched this list
for anything about dynamically updating a zone, but to be honest, it
all seems over my
> Date: Tue, 23 Feb 2010 16:02:27 -0500
> From: Alan Clegg
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
> Nicholas Wheeler wrote:
> > On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote:
> >> (Well, for now the plan is to do it once a year by hand. Then, we'll
> >> see...)
>
On Tue, 23 Feb 2010, Alan Clegg wrote:
For the record, NIST recommends to roll the ZSK every three months, and
the KSK every two years.
And there are lots of other opinions on this timing as well.
Note that you cannot really talk about rolling key recommendations without
mentioning the key s
Nicholas Wheeler wrote:
> On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote:
>> (Well, for now the plan is to do it once a year by hand. Then, we'll see...)
>
> For the record, NIST recommends to roll the ZSK every three months, and
> the KSK every two years.
And there are lots of other op
On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote:
> (Well, for now the plan is to do it once a year by hand. Then, we'll see...)
For the record, NIST recommends to roll the ZSK every three months, and
the KSK every two years.
Thanks,
-- Nicholas
signature.asc
Description: This is a
Stephane Bortzmeyer wrote:
> There is nothing about key rollover, it seems? How do you handle it?
I don't.
(Well, for now the plan is to do it once a year by hand. Then, we'll see...)
Regards,
Eugene
signature.asc
Description: OpenPGP digital signature
__
On Mon, Feb 22, 2010 at 11:40:49AM +0300,
Eugene Crosser wrote
a message of 49 lines which said:
> Reviewed version placed here: http://www.average.org/dnssec/
There is nothing about key rollover, it seems? How do you handle it?
___
bind-users mail
> HOW TO CONFIGURE AUTO-SIGNED DYNAMIC ZONES WITH BIND9
>
> This document describes how to configure bind9 to
> automatically sign zones as they are being modified
> by dynamic update mechanism.
Reviewed version placed here: http://www.average.org/dnssec/
Eugene
the line
'file "/var/cache/bind/dyn.example.com";'
to
'file "/var/cache/bind/dyn.example.com.signed";'
In the 'options' section, add this lines:
'sig-validity-interval 2400;'
'key-di
d do this in
> an
> > another way. I need that all views could reach the dynamic zone...
> >
> > Jean
>
> transfer the zone between views.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742
In message <9fe68cb21002170541n3938e4f2r2cbc494f798b7...@mail.gmail.com>, Jean
Chiappini writes:
> Hello,
>
> thank you for your reply, but I don't understand how I could do this in an
> another way. I need that all views could reach the dynamic zone...
>
> Je
Hello,
thank you for your reply, but I don't understand how I could do this in an
another way. I need that all views could reach the dynamic zone...
Jean
2010/2/17 Mark Andrews
>
> My bet is that you are sharing the master file of the zone being updated
> between views/zones.
My bet is that you are sharing the master file of the zone being updated
between views/zones. Don't do that.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
dynamic zone inside. When I do this, I see in the syslog message 4 requests
to add the dns entry in the zone file and 4 errors in the specific bind file
log as follow :
*
general: error: malformed transaction: /var/zones/example.com.jnl last
serial 2008198936 != transaction first serial 2008198864
On 2010-02-16 13:32, Eugene Crosser wrote:
> Do you think there is an appropriate place somewhere for a small
> one-page HOWTO? I could document what I did and submit the result...
>
I for one would be interested!
Niobos
___
bind-users mailing list
bi
Mark Andrews wrote:
>> I would like to make dynamic zone automatically signed.
> Firstly upgrade to BIND 9.6.0 or later as it supports re-signing
[etc]
Thanks Mark!
With your directions, I got the system airborne in no time.
Do you think there is an appropriate place somewhere for a
mic updates, and that is currently not signed. Bind version
> is 9.5.1. (debian stable).
>
> I would like to make dynamic zone automatically signed.
> I did not find any documentation about how to do that, but from reading
> the manuals and other people's notes in this maillist,
dynamic zone automatically signed.
I did not find any documentation about how to do that, but from reading
the manuals and other people's notes in this maillist, I figured that I
probably need to put both private and public keys for the zone in a
directory configured as "key-directory"
Mark Andrews wrote:
> In message , Benedikt Gollatz writes:
>> Unfortunately this doesn't work. When running nsupdate, I get a "failed:
>> not authoritative for update zone (NOTAUTH)" error in my server log file,
>> and no updating is done.
>
> The zone section in the update message does NOT match
In message , Benedikt Gollatz writes:
> Hello everyone,
>
> I use nsupdate to dynamically update a reverse lookup zone hosted by my
> BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys,
> added an appropriate "key" section to my configuration, added the updating
> host to the
Hello everyone,
I use nsupdate to dynamically update a reverse lookup zone hosted by my
BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys,
added an appropriate "key" section to my configuration, added the updating
host to the "controls" section, and added an "allow-update" par
On Mon, 5 Jan 2009, Adam Tkac wrote:
> Btw setup with slave zone in second view is described in FAQ as well:
> - https://www.isc.org/faq/bind
> - Configuration and Setup Questions -> "How do I share a dynamic zone
> between multiple views?"
Cool, thanks for the pointe
w where
> > the "shared" zone is a secondary of the real dynamic zone in the other
> > view, or a forward zone for which all queries to be forwarded to the real
> > zone. (I've not tried this configuration by myself, so I'm not 100% sure
> > if this can
On Tue, 30 Dec 2008, [iso-2022-jp] JINMEI Tatuya / wrote:
> So, you at least need to fix one on-memory zone image that can be
> dynamically updated. You'll then have to configure the other view where
> the "shared" zone is a secondary of the real dynamic zone i
emory zone image that can be
dynamically updated. You'll then have to configure the other view
where the "shared" zone is a secondary of the real dynamic zone in the
other view, or a forward zone for which all queries to be forwarded to
the real zone. (I've not tried this configurati
On Tue, 30 Dec 2008, [iso-2022-jp] JINMEI Tatuya / wrote:
> Is your goal something like this?
>
> - the server has an authority for a zone, e.g., "example.com".
> - example.com is defined for both the internal and external views, and
> these views share the content of the example.com zo
At Mon, 29 Dec 2008 20:51:26 -0800 (PST),
"Paul B. Henson" wrote:
> Is there any way to configure a dynamic zone which is shared between both
> views, where an update from a box with an "internal" ip is seen by a query
> from a box with an "external" ip
in each view, which has worked out fine for static zones.
However, now I want to implement a dynamic zone. The data in this zone
should be the same for both the external and internal views, and I'm just
not seeing a way to accomplish that.
I tried configuring a zone in both views pointing t
83 matches
Mail list logo
