Re: BIND 9.4.x vs 9.6.x - pid-file check and creation
At 16:06 28/01/2009, Thomas Schulz wrote: >In article , >Jan Arild =?iso-8859-1?Q?Lindstr=F8m?= wrote: >> >>Hi, >> >>ah, of course. I did not think about it as a Solaris bug. >> >>I patched BIND 9.6.0-P1 os.c code so it first checks for the diretory >>before it tries the fast approach of just running mkdir. And that of >>course works fine. >> >>But, since I do not want to run a self-patch BIND in production, I will >>instead run with pid-file "/var/run/named/named/named.pid" and be happy >>with that. > >Just wondering. Since /var/run is a swap (memory) based file system, >do you have to recreate those directories on each reboot? Yes, e.g /var/run/named is created in the BIND init-script we run at boot. >>Thanks >>Jan Arild Lindstr >> >> >>At 15:35 27/01/2009, Mark Andrews wrote: >> >>>Looking at the publically available parts of SunSolve there are at least >>>bug reports about it. >>> >>>Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with oth= >>er xxxfs_mkdir() functions. | Open in a new window >>>bug 6253984 >>>http://sunsolve.sun.com/search/document.do?assetkey=3D1-1-6253984-1 - Sep = >>10, 2007 >>> = >> >>>Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with oth= >>er xxxfs_mkdir() functions. | Open in a new window >>>bug 2152581 >>>http://sunsolve.sun.com/search/document.do?assetkey=3D1-1-2152581-1 - Sep = >>10, 2007 = >> >>>I don't have a copy of the POSIX standard that covers mkdir(2) to >>>see what it has to say about it. Historically however EACCES on >>>search failure, EEXIST if the file/directory exists, then EACCES on >>>parent directory write permissions was the error determination order. >>> >>>Mark >>>-- = >> >>>Mark Andrews, ISC >>>1 Seymour St., Dundas Valley, NSW 2117, Australia >>>PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org >> >>___ >>bind-users mailing list >>bind-users@lists.isc.org >>https://lists.isc.org/mailman/listinfo/bind-users > > >-- >Tom Schulz >sch...@adi.com >___ >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users Jan Arild ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.4.x vs 9.6.x - pid-file check and creation
Mark Andrews wrote: Looking at the publically available parts of SunSolve there are at least bug reports about it. Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with other xxxfs_mkdir() functions. | Open in a new window bug 6253984 http://sunsolve.sun.com/search/document.do?assetkey=1-1-6253984-1 - Sep 10, 2007 FYI this has been fixed in OpenSolaris, alas it has not been fixed in Solaris 9 or 10 and currently there are no plans to do so. Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with other xxxfs_mkdir() functions. | Open in a new window bug 2152581 http://sunsolve.sun.com/search/document.do?assetkey=1-1-2152581-1 - Sep 10, 2007 This is the Solaris 10 reference, its closed (hence no plans to fix). With sufficient justification it could be re-opened. Stace I don't have a copy of the POSIX standard that covers mkdir(2) to see what it has to say about it. Historically however EACCES on search failure, EEXIST if the file/directory exists, then EACCES on parent directory write permissions was the error determination order. Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: wildcarding everything
I found the parking name servers for three domain parking companies, and every one of them returned a bogus address for my company's website (as well as every "major" website that I tried, such as IBM, Cisco, Yahoo, Google, and isc.org). So it certainly appears that they are in fact doing some sort of wildcarding. Maybe they have some sort of special arrangement with the domain registrars??? > -Original Message- > From: Scott Haneda [mailto:talkli...@newgeo.com] > Sent: Thursday, January 29, 2009 12:06 AM > To: Mark Andrews > Cc: Ben Bridges; > Subject: Re: wildcarding everything > > On Jan 28, 2009, at 3:34 PM, Mark Andrews wrote: > > > In message <30e0039f-b0fd-4322-b0e0-52eeefa76...@newgeo.com>, Scott > > Haneda writ > > es: > >> I can remove the entire DNS management, zone creation, and > deltion if > >> I wildcard. Any domain in which they enter in my clients ns's will > >> resolve automatically as soon as the whois updates. > > > > Actually you can't. You will end up returning answers that > > will be rejected. If the registrar does any sort of checking > > the registration will also be rejected. > > > Ok, thanks. So with this, it is a safe estimation, all these > domain parking systems actually create DNS records on the fly > for their users? I can not imagine someone as large as > godaddy with such inferior support, and a rather terrible web > interface, actually getting this right most of the time. > -- > Scott > > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
referral doubt
Hi all, I have a question related with the contacting external servers. If my server receives an referral answer from an external server with 3 NS records but just 1 A additional record, what is the normal behaviour? is the server supposed to resolve all 3 nameservers or continues with the iterative process contacting the server that have the additional A record. For example: Trying to resolve www.testing.server.com When contacting "server.com" nameserver I receive in the answer 3 NS and 1 A Additional record: testing.server.com NS ns1.testing.server.com testing.server.com NS ns2.testing.server.com testing.server.com NS ns3.testing.server.com ns1.testing.server.com A 192.123.123.23 Thanks in advance. Kind Regards, Luis ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
my DNS not resolving
BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: xx--begin pastexx iceman:/home/coldje # dig jatec.us ; <<>> DiG 9.5.0-P2 <<>> jatec.us ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.b iz. 2003490240 900 900 604800 86400 ;; Query time: 28 msec ;; SERVER: 205.171.3.65#53(205.171.3.65) ;; WHEN: Thu Jan 29 11:44:18 2009 ;; MSG SIZE rcvd: 91 xx--end paste-xx I don't think there's a problem with my zone files or my named.conf file. As the domain registrar, my ISP has a place for me to put the IP address for my server with the domain, but that's it.This URL works http://166.70.208.147/moodle/ , but http://www.jatec.us/moodle does not work. How can I get this to resolve? Jeff S. Jeff Cold, Associate Professor IS&T Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - office (801) 863-8522 - fax (801) 494-4793 - cell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9 query logging
I am trying to configure query logging on bind 9. Currently I have the
following in my configuration file:
logging {
channel warning_log
{
file "/var/adm/dns-logs/dns_warnings.log" versions 7 size
2G;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log
{
file "/var/adm/dns-logs/dns_query.log" versions 7 size 2G;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning_log; } ;
category queries { query_log; };
category lame-servers { null; };
category security { null; };
category unmatched { null; };
};
According to the O Reilly book DNS and Bind (4th Edition) and the Bind 9 web
docs the configuration above should log both the requested query and the
response. Currently all I get back is the query:
29-Jan-2009 14:15:00.666 queries: info: client xxx.xxx.xxx.xxx#56766: query:
49.105.135.67.in-addr.arpa IN PTR +
29-Jan-2009 14:15:00.730 queries: info: client xxx.xxx.xxx.xxx#45016: query:
m1.search.yahoo-ht3.akadns.net IN A +ED
29-Jan-2009 14:15:00.821 queries: info: client xxx.xxx.xxx.xxx#48060: query:
liveupdate.symantec.d4p.net IN A +ED
29-Jan-2009 14:15:00.882 queries: info: client xxx.xxx.xxx.xxx#62480: query:
businessweek.112.2o7.net IN A +ED
29-Jan-2009 14:15:00.891 queries: info: client xxx.xxx.xxx.xxx#22652: query:
a973.g.akamai.net IN A +ED
29-Jan-2009 14:15:00.900 queries: info: client xxx.xxx.xxx.xxx#49831: query:
stats.surfaid.ihost.com IN A +ED
29-Jan-2009 14:15:00.924 queries: info: client xxx.xxx.xxx.xxx#5606: query:
www.pic2009.org IN A +ED
29-Jan-2009 14:15:00.936 queries: info: client xxx.xxx.xxx.xxx#51641: query:
www.yopoll.com IN A +ED
29-Jan-2009 14:15:00.946 queries: info: client xxx.xxx.xxx.xxx#6002: query:
174.162.127.222.in-addr.arpa IN PTR +ED
Even when I start bind using the -d option I do not get what I want.
Can someone help me out.
C
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: my DNS not resolving
On 29-Jan-2009, at 13:49, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: [...] ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 Your domain doesn't appear to have been registered yet (or, perhaps, is registered but is simply not yet in the .us zone): ; <<>> DiG 9.5.0-P1 <<>> jatec.us @K.GTLD.BIZ ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17247 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.biz. 2003490289 900 900 604800 86400 ;; Query time: 20 msec ;; SERVER: 156.154.72.65#53(156.154.72.65) ;; WHEN: Thu Jan 29 14:48:05 2009 ;; MSG SIZE rcvd: 91 When did you register the domain? How often does .us update their zone? Matt PGP.sig Description: This is a digitally signed message part ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Disable cache in bind 9.6
В Пнд, 26/01/2009 в 16:16 -0800, JINMEI Tatuya / 神明達哉 пишет: > http://www.jinmei.org/patch/bind9-lrucache.diff > (should be cleanly applicable to 9.6). > and let me know if it mitigates the problem? > Oh, great work. I'll try tomorrow. > Other recommendations: > - I previously suggested using a separate cache-only view and forward > all recursive queries to that view. Have you tried that? If you > have, didn't it work as I hoped? Yes, I try it. But I can't set ttl to 0. It didn't work. Recursive query fails, and authoritative query back to clients with ttl 0 :( I increase memory on servers 2x QUAD CORE XEON up to 12Gb. PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 38634 bind11 40 3003M 2952M RUN2 159:28 46.44% named ~50 views, max-cache-size for most views 64M; bind uptime (after kernel: pid 667 (named), uid 53: exited on signal 11) - 2 days and 6 hours. built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/dev/random' '--d isable-openssl-version-check' '--without-openssl' '--with-libxml2=/usr/local' '--without-idn' '--enable-largefile' '--enable-threads' '--prefix=/usr/local' ' --mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=x86_64-portbld-freebsd7.1' 'build_alias=x86_64-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-st rict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe' rndc status: version: 9.6.0-P1 CPUs found: 8 worker threads: 8 On another server in same configuration bind works 2 days and die without core kernel: pid 682 (named), uid 53: exited on signal 11 Max memory per process - 12GB. May be FreeBSD x64 can't work more then X Gb per process? # cat /boot/loader.conf kern.maxdsiz="17179869184" # 16gb kern.dfldsiz="17179869184" # 16gb kern.maxssiz="134217728"# 128MB > - BIND 9.7 will have a new option "attach-cache" exactly for such an > extraordinary operational environment as yours: it allows multiple > views to share a single cache to save memory. I'll try to test 9.7 on one of the heavy load servers and post results to you. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: referral doubt
At Thu, 29 Jan 2009 15:39:01 +, Luis Silva wrote: > I have a question related with the contacting external servers. > If my server receives an referral answer from an external server with 3 NS > records but just 1 A additional record, what is the normal behaviour? is the > server supposed to resolve all 3 nameservers or continues with the iterative > process contacting the server that have the additional A record. I don't know what's "normal", but BIND9 should continue with the process with the server that has an address (while trying to resolve addresses of other NSes). > For example: > Trying to resolve www.testing.server.com > When contacting "server.com" nameserver I receive in the answer 3 NS and 1 A > Additional record: > testing.server.com NS ns1.testing.server.com > testing.server.com NS ns2.testing.server.com > testing.server.com NS ns3.testing.server.com > ns1.testing.server.com A 192.123.123.23 In this case BIND9 should immediately send a subsequent query to 192.123.123.23. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: my DNS not resolving
Did you give your registrar the IP address of your name server? They'll need to have that for the glue records since the name of your name server (iceman.jatec.us) is in your domain. When you issued the dig command on iceman, it queried 205.171.3.65. Is that iceman's address? If so, then iceman is misconfigured. Iceman should be authoritative for jatec.us. The PTR record for 205.171.3.65 says it is resolver1.qwest.net. What is the output of "dig @127.0.0.1 jatec.us"? Ben Bridges > -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Matthew Pounsett > Sent: Thursday, January 29, 2009 1:49 PM > To: S. Jeff Cold > Cc: bind-users@lists.isc.org > Subject: Re: my DNS not resolving > > > On 29-Jan-2009, at 13:49, S. Jeff Cold wrote: > > > BIND List, > > > > I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. > > This server has a dedicated IP address from my ISP. I want this > > server to resolve my registered domain jatec.us. The server has > > internet connectivity. If I dig jatec.us, I get: > > > [...] > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2074 > ;; flags: qr > > rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > Your domain doesn't appear to have been registered yet (or, > perhaps, is registered but is simply not yet in the .us zone): > > ; <<>> DiG 9.5.0-P1 <<>> jatec.us @K.GTLD.BIZ ;; global > options: printcmd ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17247 ;; > flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, > ADDITIONAL: 0 ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;jatec.us.IN A > > ;; AUTHORITY SECTION: > us. 900 IN SOA a.gtld.biz. > hostmaster.neustar.biz. 2003490289 900 > 900 604800 86400 > > ;; Query time: 20 msec > ;; SERVER: 156.154.72.65#53(156.154.72.65) ;; WHEN: Thu Jan > 29 14:48:05 2009 ;; MSG SIZE rcvd: 91 > > > When did you register the domain? > How often does .us update their zone? > > Matt > > > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: my DNS not resolving
$ whois jatec.us --snip-- Domain Status: inactive Name Server: ICEMAN.JATEC.US --snip-- Domain Registration Date:Fri Oct 03 21:05:39 GMT 2008 Domain Expiration Date: Fri Oct 02 23:59:59 GMT 2009 Domain Last Updated Date:Sun Nov 23 06:34:22 GMT 2008 --snip-- Check with your registrar. Your domain has not expired, but some registrars will set your domain to inactive status if you don't have at least two name servers listed. -rich On Jan 29, 2009, at 12:49 PM, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: xx--begin pastexx iceman:/home/coldje # dig jatec.us ; <<>> DiG 9.5.0-P2 <<>> jatec.us ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.b iz. 2003490240 900 900 604800 86400 ;; Query time: 28 msec ;; SERVER: 205.171.3.65#53(205.171.3.65) ;; WHEN: Thu Jan 29 11:44:18 2009 ;; MSG SIZE rcvd: 91 xx--end paste-xx I don't think there's a problem with my zone files or my named.conf file. As the domain registrar, my ISP has a place for me to put the IP address for my server with the domain, but that's it.This URL works http://166.70.208.147/moodle/ , but http://www.jatec.us/moodle does not work. How can I get this to resolve? Jeff S. Jeff Cold, Associate Professor IS&T Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - office (801) 863-8522 - fax (801) 494-4793 - cell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9 query logging
At Thu, 29 Jan 2009 14:33:31 -0500,
cod3fr3ak wrote:
> channel query_log
> {
> file "/var/adm/dns-logs/dns_query.log" versions 7 size 2G;
> severity debug 3;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> According to the O Reilly book DNS and Bind (4th Edition) and the Bind 9 web
> docs the configuration above should log both the requested query and the
> response. Currently all I get back is the query:
What exactly do you mean by 'BIND 9 web doc', and which specific part
of it are you referring to? Whatever the docs or books say, the fact
is that BIND9 doesn't log replies.
BTW, next version(s) of BIND9 (at least 9.7, perhaps next minor
versions of current releases) will have the ability to log query
errors, which include logs about responses indicating an error (such
as NXDOMAINs or SERVFAILs). So, if you're particularly interested in
such unusual responses, you'll probably be happy with that.
We previously discussed in this mailing list whether we want to have
the ability of logging any responses. Opinions varied: some said that
would be great, others said "don't complicate the implementation any
more, and let packet capture tools do the job". I see the point of
both sides, and at the moment we're simply keeping the current
behavior (i.e, not logging responses).
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.4.x vs 9.6.x - pid-file check and creation
In message <4981c105.8080...@sun.com>, Stacey Jonathan Marshall writes: > Mark Andrews wrote: > > Looking at the publically available parts of SunSolve there are at least > > bug reports about it. > > > > Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with othe > r xxxfs_mkdir() functions. | Open in a new window > > bug 6253984 > > http://sunsolve.sun.com/search/document.do?assetkey=1-1-6253984-1 - Sep 10, > 2007 > > > > FYI this has been fixed in OpenSolaris, alas it has not been fixed in > Solaris 9 or 10 and currently there are no plans to do so. > > > > Requires Support Contract tmp_mkdir()/xmemfs_mkdir() inconsistent with othe > r xxxfs_mkdir() functions. | Open in a new window > > bug 2152581 > > http://sunsolve.sun.com/search/document.do?assetkey=1-1-2152581-1 - Sep 10, > 2007 > > > This is the Solaris 10 reference, its closed (hence no plans to fix). > With sufficient justification it could be re-opened. The problem isn't that you can't work around it. The problem is that every application that calls mkdir(2) or mkdir will eventually discovery it the hard way by having something break that shouldn't. The net cost involved will far exceed the cost to fix. I would argue that it already has past that point. I programed for the expected error behaviour and did not get it. Error behavior that goes back to the initial creation of the open(2) system call. That the error heirarchy on all file system system calls is access, existance, write. I learn't about this well before POSIX was even thought about. I called mkdir(2) knowing that I would effectively get the stat(2) call for free. Now I need to call stat(2) then call mkdir(2) on ENOENT to work around this bug. Every programer in the world that has worked with mkdir(2) should know what I knew. We don't do looking for gotcha's in really on system calls. We just program for the known interface. I would ask that Sun re-think this decision not to fix the bug. Mark > Stace > > I don't have a copy of the POSIX standard that covers mkdir(2) to > > see what it has to say about it. Historically however EACCES on > > search failure, EEXIST if the file/directory exists, then EACCES on > > parent directory write permissions was the error determination order. > > > > Mark > > > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: wildcarding everything
In message <56561f93336c3146836fdde78316154653c...@springnet-ex.springnet.local >, "Ben Bridges" writes: > I found the parking name servers for three domain parking companies, and > every one of them returned a bogus address for my company's website (as > well as every "major" website that I tried, such as IBM, Cisco, Yahoo, > Google, and isc.org). So it certainly appears that they are in fact > doing some sort of wildcarding. Maybe they have some sort of special > arrangement with the domain registrars??? Yes. Lots of them *are* domain registrar and don't care about about meeting the standard. They do anything to reduce their costs. The don't care that some of the answers being returned are wrong and are being rejected. They don't care that programers have had to code around their lack of conformance. Domain parkers that do this are as bad as load balancer vendors that only handle A queries. Mark > > -Original Message- > > From: Scott Haneda [mailto:talkli...@newgeo.com]=20 > > Sent: Thursday, January 29, 2009 12:06 AM > > To: Mark Andrews > > Cc: Ben Bridges; > > Subject: Re: wildcarding everything=20 > >=20 > > On Jan 28, 2009, at 3:34 PM, Mark Andrews wrote: > >=20 > > > In message <30e0039f-b0fd-4322-b0e0-52eeefa76...@newgeo.com>, Scott=20 > > > Haneda writ > > > es: > > >> I can remove the entire DNS management, zone creation, and=20 > > deltion if=20 > > >> I wildcard. Any domain in which they enter in my clients ns's will=20 > > >> resolve automatically as soon as the whois updates. > > > > > > Actually you can't. You will end up returning answers that > > > will be rejected. If the registrar does any sort of checking > > > the registration will also be rejected. > >=20 > >=20 > > Ok, thanks. So with this, it is a safe estimation, all these=20 > > domain parking systems actually create DNS records on the fly=20 > > for their users? I can not imagine someone as large as=20 > > godaddy with such inferior support, and a rather terrible web=20 > > interface, actually getting this right most of the time. > > -- > > Scott > >=20 > >=20 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
where is libbind???
configure: error: 'libbind' is no longer part of the BIND 9 distribution. It is available from http://www.isc.org as a separate download. %< I'm unable to locate libbind on www.isc.org. Can someone point at the tarball? Thanks! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where is libbind???
One spot is http://ftp.isc.org/isc/libbind/6.0b1/libbind-6.0b1.tar.gz - Original Message From: David Sparks To: "bind-us...@isc.org" Sent: Thursday, January 29, 2009 3:22:47 PM Subject: where is libbind??? configure: error: 'libbind' is no longer part of the BIND 9 distribution. It is available from http://www.isc.org as a separate download. %< I'm unable to locate libbind on www.isc.org. Can someone point at the tarball? Thanks! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where is libbind???
In message <795605.17453...@web55604.mail.re4.yahoo.com>, Leonard Mills writes: > One spot is http://ftp.isc.org/isc/libbind/6.0b1/libbind-6.0b1.tar.gz The release announcement for libbind-6.0b1 should be out shortly. The whole process took a bit longer than we were expecting. We were trying to get libbind out before BIND 9.6.0 got out. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Analyze this. Query MX dns.com Response MX nullmx.domainmanager.com Query A nullmx.domainmanager.com Response CNAME mta.dewile.net, A 64.40.103.249 See attached network trace. No. TimeSourceDestination Protocol Info 1 0.00192.168.1.16 64.40.103.249 DNS Standard query MX dns.com Frame 1 (67 bytes on wire, 67 bytes captured) Ethernet II, Src: Usi_de:94:de (00:10:c6:de:94:de), Dst: Actionte_51:fa:72 (00:18:01:51:fa:72) Internet Protocol, Src: 192.168.1.16 (192.168.1.16), Dst: 64.40.103.249 (64.40.103.249) User Datagram Protocol, Src Port: ltp (4044), Dst Port: domain (53) Domain Name System (query) [Response In: 2] Transaction ID: 0x0008 Flags: 0x0100 (Standard query) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries dns.com: type MX, class IN Name: dns.com Type: MX (Mail exchange) Class: IN (0x0001) No. TimeSourceDestination Protocol Info 2 0.01677664.40.103.249 192.168.1.16 DNS Standard query response MX 0 nullmx.domainmanager.com Frame 2 (104 bytes on wire, 104 bytes captured) Ethernet II, Src: Actionte_51:fa:72 (00:18:01:51:fa:72), Dst: Usi_de:94:de (00:10:c6:de:94:de) Internet Protocol, Src: 64.40.103.249 (64.40.103.249), Dst: 192.168.1.16 (192.168.1.16) User Datagram Protocol, Src Port: domain (53), Dst Port: ltp (4044) Domain Name System (response) [Request In: 1] [Time: 0.016776000 seconds] Transaction ID: 0x0008 Flags: 0x8500 (Standard query response, No error) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries dns.com: type MX, class IN Name: dns.com Type: MX (Mail exchange) Class: IN (0x0001) Answers dns.com: type MX, class IN, preference 0, mx nullmx.domainmanager.com Name: dns.com Type: MX (Mail exchange) Class: IN (0x0001) Time to live: 1 hour Data length: 25 Preference: 0 Mail exchange: nullmx.domainmanager.com No. TimeSourceDestination Protocol Info 3 2.478114192.168.1.16 64.40.103.249 DNS Standard query A nullmx.domainmanager.com Frame 3 (84 bytes on wire, 84 bytes captured) Ethernet II, Src: Usi_de:94:de (00:10:c6:de:94:de), Dst: Actionte_51:fa:72 (00:18:01:51:fa:72) Internet Protocol, Src: 192.168.1.16 (192.168.1.16), Dst: 64.40.103.249 (64.40.103.249) User Datagram Protocol, Src Port: acp-proto (4046), Dst Port: domain (53) Domain Name System (query) [Response In: 4] Transaction ID: 0x0006 Flags: 0x0100 (Standard query) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries nullmx.domainmanager.com: type A, class IN Name: nullmx.domainmanager.com Type: A (Host address) Class: IN (0x0001) No. TimeSourceDestination Protocol Info 4 0.01682064.40.103.249 192.168.1.16 DNS Standard query response CNAME mta.dewile.net A 64.40.103.249 Frame 4 (128 bytes on wire, 128 bytes captured) Ethernet II, Src: Actionte_51:fa:72 (00:18:01:51:fa:72), Dst: Usi_de:94:de (00:10:c6:de:94:de) Internet Protocol, Src: 64.40.103.249 (64.40.103.249), Dst: 192.168.1.16 (192.168.1.16) User Datagram Protocol, Src Port: domain (53), Dst Port: acp-proto (4046) Domain Name System (response) [Request In: 3] [Time: 0.01682 seconds] Transaction ID: 0x0006 Flags: 0x8500 (Standard query response, No error) Questions: 1 Answer RRs: 2 Authority RRs: 0 Additional RRs: 0 Queries nullmx.domainmanager.com: type A, class IN Name: nullmx.domainmanager.com Type: A (Host address) Class: IN (0x0001) Answers nullmx.domainmanager.com: type CNAME, class IN, cname mta.dewile.net Name: nullmx.domainmanager.com Type: CNAME (Canonical name for an alias) Class: IN (0x0001) Time to live: 1 minute Data length: 16 Primary name: mta.dewile.net mta.dewile.net: type A, class IN, addr 64.40.103.249 Name: mta.dewile.net Type: A (Host address) Class: IN (0x0001) Time to live: 1 hour Data length: 4 Addr: 64.40.103.249 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Disable cache in bind 9.6
> В Пнд, 26/01/2009 в 16:16 -0800, JINMEI Tatuya / 神明達哉 пишет: > > http://www.jinmei.org/patch/bind9-lrucache.diff > > (should be cleanly applicable to 9.6). > > and let me know if it mitigates the problem? On 29.01.09 22:50, Dmitry Rybin wrote: > Oh, great work. I'll try tomorrow. > > Other recommendations: > > - I previously suggested using a separate cache-only view and forward > > all recursive queries to that view. Have you tried that? If you > > have, didn't it work as I hoped? > Yes, I try it. But I can't set ttl to 0. It didn't work. Recursive query > fails, and authoritative query back to clients with ttl 0 :( Yes, that is what "Setting TTL to 0" means. > ~50 views, can't you really lower the views count? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
On 29.01.09 22:33, Al Stu wrote: > Analyze this. Why? > Query MX dns.com > > Response MX nullmx.domainmanager.com > > > > Query A nullmx.domainmanager.com > > Response CNAME mta.dewile.net, A 64.40.103.249 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
