rndc stats - 9.5.0-p2
Hi, When I run "rndc stats" on two different servers with 9.5.0-p2, I am getting two different dumps of stats, one of them dumps the stats in very short format (7 lines), the other dumps it in very long format (50-60lines per dump)..What could be the difference on both? thank you SHORT +++ Statistics Dump +++ (1234821660) success 276836710 referral 161176 nxrrset 87427 nxdomain 17918582 recursion 190395 failure 40629328 LONG +++ Statistics Dump +++ (1234524979) ++ Incoming Requests ++ 12807 QUERY ++ Incoming Queries ++ 8373 A 96 NS 370 SOA 495 PTR 2420 MX 621 144 SRV 288 ANY ++ Outgoing Queries ++ ++ Name Server Statistics ++ 12807 IPv4 requests received 1 requests with EDNS(0) received 12597 responses sent 1 responses with EDNS(0) sent 2052 queries resulted in successful answer 638 queries resulted in authoritative answer 1861 queries resulted in non authoritative answer 1 queries resulted in referral answer 53 queries resulted in nxrrset 10098 queries resulted in SERVFAIL 393 queries resulted in NXDOMAIN 11649 queries caused recursion 186 duplicate queries received 4 queries dropped ++ Zone Maintenance Statistics ++ ++ Resolver Statistics ++ [Common] 72 mismatch responses received ++ Cache DB RRsets ++ [View: default] 3313 A 1855 NS 37 CNAME 12 PTR 550 MX 141 43 RRSIG 23 NSEC 6 !A 27 !MX 1 ! 176 NXDOMAIN [View: _bind] <>___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed
On Mon, 2009-02-16 at 12:17 +1100, Mark Andrews wrote: > It should be unrelated. I would however still upgrade. Thanks, Mark. If I don't see the same assertion failure with the current release, I guess that's closed. One advantage of upgrading is getting all those nice log entries reporting EDNS faults. 8-) /Niall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Exiting due to early fatal error
BIND 9.4.3-P1, Solaris 8 I'm trying to get a chroot setup to work following the instructions here http://www.boran.com/security/sp/bind9_20010430.html # /usr/sbin/named -g -t /var/named/chroot 17-Feb-2009 12:05:56.789 starting BIND 9.4.3-P1 -g -t /var/named/chroot 17-Feb-2009 12:05:56.790 found 2 CPUs, using 2 worker threads 17-Feb-2009 12:05:56.793 ./main.c:506: unexpected error: 17-Feb-2009 12:05:56.793 isc_socketmgr_create() failed: file not found 17-Feb-2009 12:05:56.794 create_managers() failed: unexpected error 17-Feb-2009 12:05:56.794 exiting (due to early fatal error) # The log gives no indication which file is not found, and truss doesn't help either: ... chroot("/var/named/chroot") = 0 chdir("/") = 0 brk(0x0025CEF8) = 0 brk(0x0025EEF8) = 0 pipe() = 6 [7] fork1() = 10598 lwp_sigredirect(0, SIGWAITING, 0x) Err#22 EINVAL lwp_cond_wait(0xFF275548, 0xFF275558, 0xFF26EDB0) = 0 lwp_mutex_wakeup(0xFF275558)= 0 lwp_mutex_lock(0xFF275558) = 0 lwp_mutex_wakeup(0xFF275558)= 0 lwp_mutex_lock(0xFF275558) = 0 close(7)= 0 read(6, 0xFFBEFC0F, 1) = 0 _exit(1) This bind was compiled for threads, and /dev/poll is not in the jail. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc stats - 9.5.0-p2
On Feb 17 2009, Cihan Subasi (Garanti Teknoloji) wrote: When I run "rndc stats" on two different servers with 9.5.0-p2, I am getting two different dumps of stats, one of them dumps the stats in very short format (7 lines), the other dumps it in very long format (50-60lines per dump)..What could be the difference on both? thank you Are you *sure* they are both running BIND 9.5.0-P2 ? Much the most likely explanation is that the one producing short statistics is a pre 9.5 version. I don't believe that BIND 9.5.x even includes any code to generate the old format. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: rndc stats - 9.5.0-p2
I think you're rigth, when I check the file sizes they are not same but versions are matching... short -- #ls -la total 48166 drwxr-xr-x 2 root other512 Aug 15 2008 . drwxr-xr-x 13 root other512 Nov 21 14:02 .. -rwxr-xr-x 1 root other1199932 Aug 15 2008 dnssec-keygen -rwxr-xr-x 1 root other3675504 Aug 15 2008 dnssec-signzone -rwxr-xr-x 2 root other5134128 Aug 15 2008 lwresd -rwxr-xr-x 2 root other5134128 Aug 15 2008 named -rwxr-xr-x 1 root other3816336 Aug 15 2008 named-checkconf -rwxr-xr-x 1 root other3624412 Aug 15 2008 named-checkzone lrwxrwxrwx 1 root other 15 Aug 15 2008 named-compilezone -> named-checkzone -rwxr-xr-x 1 root other 847676 Aug 15 2008 rndc -rwxr-xr-x 1 root other1136800 Aug 15 2008 rndc-confgen /usr/local/sbin #named -v BIND 9.5.0-P2 /usr/local/sbin long-- [garanti2]ls -la total 158646 drwxr-xr-x 2 bin bin 512 Nov 26 17:10 . drwxr-xr-x 15 root other512 Nov 26 17:01 .. -rwxr-xr-x 1 root other3318808 Nov 26 17:10 dnssec-keygen -rwxr-xr-x 1 bin bin 5182984 Mar 25 2004 dnssec-makekeyset -rwxr-xr-x 1 bin bin 5184180 Mar 25 2004 dnssec-signkey -rwxr-xr-x 1 root other9997148 Nov 26 17:10 dnssec-signzone -rwxr-xr-x 2 root other15535428 Nov 26 17:10 lwresd -rwxr-xr-x 2 root other15535428 Nov 26 17:10 named -rwxr-xr-x 1 root other10443912 Nov 26 17:10 named-checkconf -rwxr-xr-x 1 root other9923952 Nov 26 17:10 named-checkzone lrwxrwxrwx 1 root other 15 Nov 26 17:10 named-compilezone -> named-checkzone -rwxr-xr-x 1 root other2917848 Nov 26 17:10 rndc -rwxr-xr-x 1 root other3061584 Nov 26 17:10 rndc-confgen [garanti2]named -v BIND 9.5.0-P2 -Original Message- From: Chris Thompson [mailto:c...@hermes.cam.ac.uk] On Behalf Of Chris Thompson Sent: Tuesday, February 17, 2009 2:40 PM To: Cihan Subasi (Garanti Teknoloji) Cc: Bind Users Mailing List Subject: Re: rndc stats - 9.5.0-p2 On Feb 17 2009, Cihan Subasi (Garanti Teknoloji) wrote: >When I run "rndc stats" on two different servers with 9.5.0-p2, I am >getting two different dumps of stats, one of them dumps the stats in >very short format >(7 lines), the other dumps it in very long format (50-60lines per >dump)..What could be the difference on both? thank you Are you *sure* they are both running BIND 9.5.0-P2 ? Much the most likely explanation is that the one producing short statistics is a pre 9.5 version. I don't believe that BIND 9.5.x even includes any code to generate the old format. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
client query logging (refused message)
In my logging global section I have: logging { channel audit_log { file "/var/log/named_audit.log" versions 128 size 4m; severity debug; print-time yes; print-category yes; }; ... category client { audit_log; }; ... }; and I get: ... 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view external-in: query: . IN NS + ... logged, and I have verified that the query is refused, but nothing in the log shows that it was refused. Is there anyway to log the success/failure of the queries? Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 Matthew Huff.vcf Description: Binary data smime.p7s Description: S/MIME cryptographic signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: rndc stats - 9.5.0-p2
There may be more than one "named" binary in your path. You may want to do an explicit reference to check the version (./named -V) or do a "which named" Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -Original Message- > From: bind-users-boun...@lists.isc.org [mailto:bind-users- > boun...@lists.isc.org] On Behalf Of Cihan Subasi (Garanti Teknoloji) > Sent: Tuesday, February 17, 2009 7:51 AM > To: bind-users@lists.isc.org > Cc: c...@hermes.cam.ac.uk > Subject: RE: rndc stats - 9.5.0-p2 > > I think you're rigth, when I check the file sizes they are not same but > versions are matching... > > short > > -- > #ls -la > total 48166 > drwxr-xr-x 2 root other512 Aug 15 2008 . > drwxr-xr-x 13 root other512 Nov 21 14:02 .. > -rwxr-xr-x 1 root other1199932 Aug 15 2008 dnssec-keygen > -rwxr-xr-x 1 root other3675504 Aug 15 2008 dnssec-signzone > -rwxr-xr-x 2 root other5134128 Aug 15 2008 lwresd > -rwxr-xr-x 2 root other5134128 Aug 15 2008 named > -rwxr-xr-x 1 root other3816336 Aug 15 2008 named-checkconf > -rwxr-xr-x 1 root other3624412 Aug 15 2008 named-checkzone > lrwxrwxrwx 1 root other 15 Aug 15 2008 named-compilezone > -> named-checkzone > -rwxr-xr-x 1 root other 847676 Aug 15 2008 rndc > -rwxr-xr-x 1 root other1136800 Aug 15 2008 rndc-confgen > /usr/local/sbin > #named -v > BIND 9.5.0-P2 > /usr/local/sbin > > long-- > [garanti2]ls -la > total 158646 > drwxr-xr-x 2 bin bin 512 Nov 26 17:10 . > drwxr-xr-x 15 root other512 Nov 26 17:01 .. > -rwxr-xr-x 1 root other3318808 Nov 26 17:10 dnssec-keygen > -rwxr-xr-x 1 bin bin 5182984 Mar 25 2004 dnssec-makekeyset > -rwxr-xr-x 1 bin bin 5184180 Mar 25 2004 dnssec-signkey > -rwxr-xr-x 1 root other9997148 Nov 26 17:10 dnssec-signzone > -rwxr-xr-x 2 root other15535428 Nov 26 17:10 lwresd > -rwxr-xr-x 2 root other15535428 Nov 26 17:10 named > -rwxr-xr-x 1 root other10443912 Nov 26 17:10 named-checkconf > -rwxr-xr-x 1 root other9923952 Nov 26 17:10 named-checkzone > lrwxrwxrwx 1 root other 15 Nov 26 17:10 named-compilezone > -> named-checkzone > -rwxr-xr-x 1 root other2917848 Nov 26 17:10 rndc > -rwxr-xr-x 1 root other3061584 Nov 26 17:10 rndc-confgen > [garanti2]named -v > BIND 9.5.0-P2 > > > > -Original Message- > From: Chris Thompson [mailto:c...@hermes.cam.ac.uk] On Behalf Of Chris > Thompson > Sent: Tuesday, February 17, 2009 2:40 PM > To: Cihan Subasi (Garanti Teknoloji) > Cc: Bind Users Mailing List > Subject: Re: rndc stats - 9.5.0-p2 > > On Feb 17 2009, Cihan Subasi (Garanti Teknoloji) wrote: > > >When I run "rndc stats" on two different servers with 9.5.0-p2, I am > >getting two different dumps of stats, one of them dumps the stats in > >very short format > >(7 lines), the other dumps it in very long format (50-60lines per > >dump)..What could be the difference on both? thank you > > Are you *sure* they are both running BIND 9.5.0-P2 ? Much the most > likely explanation is that the one producing short statistics is a pre > 9.5 version. > I don't believe that BIND 9.5.x even includes any code to generate the > old format. > > -- > Chris Thompson > Email: c...@cam.ac.uk > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Matthew Huff.vcf Description: Binary data smime.p7s Description: S/MIME cryptographic signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: rndc stats - 9.5.0-p2
One named and same version on both, but has a installation date august #ps -ef | grep named root 137 1 0 Dec 11 ? 4297:13 /usr/local/sbin/named -c /var/named/named.conf /usr/local/sbin #/usr/local/sbin/named -v BIND 9.5.0-P2 /usr/local/sbin -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Tuesday, February 17, 2009 3:17 PM To: Cihan Subasi (Garanti Teknoloji); 'bind-users@lists.isc.org' Cc: 'c...@hermes.cam.ac.uk' Subject: RE: rndc stats - 9.5.0-p2 There may be more than one "named" binary in your path. You may want to do an explicit reference to check the version (./named -V) or do a "which named" Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -Original Message- > From: bind-users-boun...@lists.isc.org [mailto:bind-users- > boun...@lists.isc.org] On Behalf Of Cihan Subasi (Garanti Teknoloji) > Sent: Tuesday, February 17, 2009 7:51 AM > To: bind-users@lists.isc.org > Cc: c...@hermes.cam.ac.uk > Subject: RE: rndc stats - 9.5.0-p2 > > I think you're rigth, when I check the file sizes they are not same > but versions are matching... > > short > > -- > #ls -la > total 48166 > drwxr-xr-x 2 root other512 Aug 15 2008 . > drwxr-xr-x 13 root other512 Nov 21 14:02 .. > -rwxr-xr-x 1 root other1199932 Aug 15 2008 dnssec-keygen > -rwxr-xr-x 1 root other3675504 Aug 15 2008 dnssec-signzone > -rwxr-xr-x 2 root other5134128 Aug 15 2008 lwresd > -rwxr-xr-x 2 root other5134128 Aug 15 2008 named > -rwxr-xr-x 1 root other3816336 Aug 15 2008 named-checkconf > -rwxr-xr-x 1 root other3624412 Aug 15 2008 named-checkzone > lrwxrwxrwx 1 root other 15 Aug 15 2008 named-compilezone > -> named-checkzone > -rwxr-xr-x 1 root other 847676 Aug 15 2008 rndc > -rwxr-xr-x 1 root other1136800 Aug 15 2008 rndc-confgen > /usr/local/sbin > #named -v > BIND 9.5.0-P2 > /usr/local/sbin > > long-- > [garanti2]ls -la > total 158646 > drwxr-xr-x 2 bin bin 512 Nov 26 17:10 . > drwxr-xr-x 15 root other512 Nov 26 17:01 .. > -rwxr-xr-x 1 root other3318808 Nov 26 17:10 dnssec-keygen > -rwxr-xr-x 1 bin bin 5182984 Mar 25 2004 dnssec-makekeyset > -rwxr-xr-x 1 bin bin 5184180 Mar 25 2004 dnssec-signkey > -rwxr-xr-x 1 root other9997148 Nov 26 17:10 dnssec-signzone > -rwxr-xr-x 2 root other15535428 Nov 26 17:10 lwresd > -rwxr-xr-x 2 root other15535428 Nov 26 17:10 named > -rwxr-xr-x 1 root other10443912 Nov 26 17:10 named-checkconf > -rwxr-xr-x 1 root other9923952 Nov 26 17:10 named-checkzone > lrwxrwxrwx 1 root other 15 Nov 26 17:10 named-compilezone > -> named-checkzone > -rwxr-xr-x 1 root other2917848 Nov 26 17:10 rndc > -rwxr-xr-x 1 root other3061584 Nov 26 17:10 rndc-confgen > [garanti2]named -v > BIND 9.5.0-P2 > > > > -Original Message- > From: Chris Thompson [mailto:c...@hermes.cam.ac.uk] On Behalf Of Chris > Thompson > Sent: Tuesday, February 17, 2009 2:40 PM > To: Cihan Subasi (Garanti Teknoloji) > Cc: Bind Users Mailing List > Subject: Re: rndc stats - 9.5.0-p2 > > On Feb 17 2009, Cihan Subasi (Garanti Teknoloji) wrote: > > >When I run "rndc stats" on two different servers with 9.5.0-p2, I am > >getting two different dumps of stats, one of them dumps the stats in > >very short format > >(7 lines), the other dumps it in very long format (50-60lines per > >dump)..What could be the difference on both? thank you > > Are you *sure* they are both running BIND 9.5.0-P2 ? Much the most > likely explanation is that the one producing short statistics is a pre > 9.5 version. > I don't believe that BIND 9.5.x even includes any code to generate the > old format. > > -- > Chris Thompson > Email: c...@cam.ac.uk > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users This message and attachments are confidential and intended solely for the individual(s) stated in this message. If you received this message although you are not the addressee, you are responsible to keep the message confidential. The sender has no responsibility for the accuracy or correctness of the information in the message and its attachments. Our company shall have no liability for any changes or late receiving, loss of integrity and confidentiality, viruses and any damages caused in anyway to your computer system. Bu mesaj ve ekleri, mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir. Bu mesajin muhatabi olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune uyulmasi zorunlulugu tarafiniz icin
NOTAUTH on dynamic zone update
Hello everyone, I use nsupdate to dynamically update a reverse lookup zone hosted by my BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys, added an appropriate "key" section to my configuration, added the updating host to the "controls" section, and added an "allow-update" parameter to the zone configuration like this: zone "[...]" in { type master; [...] allow-update { key "key-name"; }; }; I pass the key to nsupdate using one (either) of the keyfiles generated by dnssec-keygen with the -k parameter. Unfortunately this doesn't work. When running nsupdate, I get a "failed: not authoritative for update zone (NOTAUTH)" error in my server log file, and no updating is done. I'm confused about the error message because both the BIND configuration file and the SOA record of the zone state that the server indeed is authoritative for the update zone. Also, this configuration works fine with a dhcpd updating a different zone hosted by the same server. Googling yields a few people with similar problems but no real solution. Any hints on what I might be doing wrong are appreciated. Benedikt ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: rndc stats - 9.5.0-p2
Make sure you are really talking to the correct named. Maybe a you have a rndc.conf file. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Too long stats on version: 9.6.0-P1 - windows
Hi all. I just upgraded my Bind 9.4.2 to 9.6.0-P1 without changing anything in the named.conf file. Now my named.stats has changed in his structure from the short one: +++ Statistics Dump +++ (1211013000) success 664883 referral 127191 nxrrset 147535 nxdomain 183023 recursion 442326 failure 11897 --- Statistics Dump --- (1211013000) to the extended one: +++ Statistics Dump +++ (1234878900) ++ Incoming Requests ++ 24196 QUERY 1391 NOTIFY 18 UPDATE ++ Incoming Queries ++ 11377 A 3150 NS 318 CNAME 428 SOA 4956 PTR 2194 MX 418 TXT 971 52 SRV 111 A6 54 SPF 3 TKEY 119 IXFR 46 ANY ++ Outgoing Queries ++ [View: internal] 7967 A 25 NS 285 CNAME 84 SOA 4998 PTR 590 MX 118 TXT 49 26 SRV 1 ANY [View: external] 3 A 1 NS 3 Is there a way to come back to the first structure? The dns server send the file to a statistic server but now it doesn't undestand the structure any more... Thanks in advance... Stefano. C:\bind\bin>rndc status version: 9.6.0-P1 CPUs found: 2 worker threads: 2 number of zones: 683 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: 2/0/1000 tcp clients: 1/100 server is up and running Stefano Chiesa Wolters Kluwer Italia 20090 Milanofiori Assago (Mi) Strada 1, Palazzo F6 Phone +39 0282476279 (20279 Voip) Fax +39 0282476633 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed
In message <1234867921.16690.43.ca...@d410-heron>, "Niall O'Reilly" writes: > On Mon, 2009-02-16 at 12:17 +1100, Mark Andrews wrote: > > It should be unrelated. I would however still upgrade. > > Thanks, Mark. > > If I don't see the same assertion failure with > the current release, I guess that's closed. > > One advantage of upgrading is getting all those nice > log entries reporting EDNS faults. 8-) No. You get log entries reporting TIMEOUTS. Using EDNS is only one possible reason for the timeout and it is one we have control over so that is why it is mentioned. Mark > /Niall > > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed
On Wed, 18 Feb 2009, Mark Andrews wrote: In message <1234867921.16690.43.ca...@d410-heron>, "Niall O'Reilly" writes: On Mon, 2009-02-16 at 12:17 +1100, Mark Andrews wrote: It should be unrelated. I would however still upgrade. Thanks, Mark. If I don't see the same assertion failure with the current release, I guess that's closed. One advantage of upgrading is getting all those nice log entries reporting EDNS faults. 8-) No. You get log entries reporting TIMEOUTS. Using EDNS is only one possible reason for the timeout and it is one we have control over so that is why it is mentioned. Mark /Niall To get rid of all those "nice" log entries, I have this in my named.conf: channel edns-disabled { file "/dev/null"; }; category edns-disabled { null; }; -- David Forrest St. Louis, Missouri ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Exiting due to early fatal error
In message <20090217121007.91cf14e...@cork.irdesign.cypress.com>, Lars Hecking writes: > > BIND 9.4.3-P1, Solaris 8 > > I'm trying to get a chroot setup to work following the instructions here > http://www.boran.com/security/sp/bind9_20010430.html > > # /usr/sbin/named -g -t /var/named/chroot > 17-Feb-2009 12:05:56.789 starting BIND 9.4.3-P1 -g -t /var/named/chroot > 17-Feb-2009 12:05:56.790 found 2 CPUs, using 2 worker threads > 17-Feb-2009 12:05:56.793 ./main.c:506: unexpected error: > 17-Feb-2009 12:05:56.793 isc_socketmgr_create() failed: file not found > 17-Feb-2009 12:05:56.794 create_managers() failed: unexpected error > 17-Feb-2009 12:05:56.794 exiting (due to early fatal error) > # > > The log gives no indication which file is not found, and truss doesn't > help either: > ... > chroot("/var/named/chroot") = 0 > chdir("/") = 0 > brk(0x0025CEF8) = 0 > brk(0x0025EEF8) = 0 > pipe() = 6 [7] > fork1() = 10598 > lwp_sigredirect(0, SIGWAITING, 0x) Err#22 EINVAL > lwp_cond_wait(0xFF275548, 0xFF275558, 0xFF26EDB0) = 0 > lwp_mutex_wakeup(0xFF275558)= 0 > lwp_mutex_lock(0xFF275558) = 0 > lwp_mutex_wakeup(0xFF275558)= 0 > lwp_mutex_lock(0xFF275558) = 0 > close(7)= 0 > read(6, 0xFFBEFC0F, 1) = 0 > _exit(1) > > This bind was compiled for threads, and /dev/poll is not in the jail. Well add /dev/poll/. Things have changed since 2001 when that advice was written. > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NOTAUTH on dynamic zone update
In message , Benedikt Gollatz writes: > Hello everyone, > > I use nsupdate to dynamically update a reverse lookup zone hosted by my > BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys, > added an appropriate "key" section to my configuration, added the updating > host to the "controls" section, and added an "allow-update" parameter to the > zone configuration like this: > > zone "[...]" in { > type master; > [...] > allow-update { key "key-name"; }; > }; > > I pass the key to nsupdate using one (either) of the keyfiles generated by > dnssec-keygen with the -k parameter. > > Unfortunately this doesn't work. When running nsupdate, I get a "failed: not > authoritative for update zone (NOTAUTH)" error in my server log file, and no > updating is done. The zone section in the update message does NOT match a master/slave zone configured in the view that the update message matched. Mark > I'm confused about the error message because both the BIND configuration file > and the SOA record of the zone state that the server indeed is authoritative > for the update zone. > > Also, this configuration works fine with a dhcpd updating a different zone > hosted by the same server. > > Googling yields a few people with similar problems but no real solution. Any > hints on what I might be doing wrong are appreciated. > > Benedikt > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ResendRE: ns_type question
At Sun, 15 Feb 2009 00:34:38 -0800, Jack Tavares wrote: > Any suggestions on this? [snip] > I have downloaded libbind6.0b1 > > My question is; > > the arpa/nameser.h file included does not include > type definitions for DNSKEY (or other dnssec rr types) > in the ns_type enum. > > am I looking in the wrong place? No, you're looking at the right place, and libbind isn't supposed to provide any new feature regarding the new DNSSEC spec. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: client query logging (refused message)
At Tue, 17 Feb 2009 08:15:39 -0500, Matthew Huff wrote: > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view > external-in: query: . IN NS + > ... > > logged, and I have verified that the query is refused, but nothing in the > log shows that it was refused. Is there anyway to log the success/failure of > the queries? Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5) will provide a new logging category that can log the information you seem to want: 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) for ./IN/NS at query.c:3887 --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Too long stats on version: 9.6.0-P1 - windows
At Tue, 17 Feb 2009 15:44:44 +0100, "Chiesa Stefano" wrote: > I just upgraded my Bind 9.4.2 to 9.6.0-P1 without changing anything in > the named.conf file. > Now my named.stats has changed in his structure from the short one: [snip] > Is there a way to come back to the first structure? No with 9.6, sorry. This is a backward incompatible change in 9.5 and onward. If this is crucial for you and you don't need other new features in 9.5 or 9.6, please use 9.4.3-P1. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Where to find Class Cs for sale or rent in North America
Anyone with pointers on this? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Christian(n): A Jew that believe Christ is Messiah and Saviour and alive -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Where to find Class Cs for sale or rent in North America
https://www.arin.net/ -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of The Doctor Sent: Wednesday, 18 February 2009 10:48 AM To: comp-protocols-dns-b...@isc.org Subject: Where to find Class Cs for sale or rent in North America Anyone with pointers on this? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Christian(n): A Jew that believe Christ is Messiah and Saviour and alive -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind Patch for Solaris 10
On Thu, Feb 12, 2009 at 04:01:56AM -0800, Worrell, James J Mr CIV US DISA GS4T1 wrote: > Thanks Ray! Any information would be greatly appreciated. Applied the patch but ran into one "gotcha". The server wasn't starting up properly after applyign the patch. I tried running the binary in the foreground and turns out it was complaining about not being able to find /dev/poll in the chroot environment. I ran: # cd /var/named/dev # mknod poll c 138 0 # chmod 666 poll And everything worked fine. I'm not sure if Sun built things differently or there is a new requirement on this /dev/poll file. Regardless all seems to be working OK now. Ray > > -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ray Van Dolson > Sent: Wednesday, February 11, 2009 14:35 > To: bind-users@lists.isc.org > Subject: Re: Bind Patch for Solaris 10 > > On Wed, Feb 11, 2009 at 12:30:19PM -0800, Worrell, James J Mr CIV US > DISA GS4T1 wrote: > > > > Greeting! > > > > I am trying to load bind patch 119783-10 on a Solaris 10 system > running > > DNS 9.35-p2 and ran into several problems. I suspect that the root > > cause is due to the security posture that we have in place that > prevents > > a compiler from being loaded on the systems. Has anyone loaded this > > patch to a system without a compiler and if so did you experience any > > issues. > > > > Hmm, don't understand why a compiler would be necessary? > > I'll be trying this patch shortly on several Solaris 10 systems, so > will let you know. > > Ray ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Catch ALL Setup
Dear list, I tried googling about a Catch-All setup for a DNS, with little success. I tried messing around with some zone/hint files in an isolated setup, but without any success. What I am trying to achieve is the following: No matter which host/name is looked up, the DNS should spit out the same IP address. The intention is to bring the users to a specific webserver/webpage, not matter what web page the intend to surf to, for the easiness of setting up their connection. The basic idea is, unauthenticated clients will be put in an isolated network, users then pop up their web browser, will land on a specific webpage with instructions on which steps they need to take, to get proper access. I tried to create a "*" zone, which seems to be ignored by bind, or rather bind doesn't like the contents of the zone file. I'd appreciate any pointer to some information, how I can tweak bind to do such a thing. With best regards -Sven ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Catch ALL Setup
$ORIGIN . @ 0 SOA ... @ 0 NS ... * 0 A 1.2.3.4 In message <499b8e5a.5010...@whgl.uni-frankfurt.de>, Sven Eschenberg writes: > Dear list, > > I tried googling about a Catch-All setup for a DNS, with little success. > I tried messing around with some zone/hint files in an isolated setup, > but without any success. > > What I am trying to achieve is the following: > > No matter which host/name is looked up, the DNS should spit out the same > IP address. The intention is to bring the users to a specific > webserver/webpage, not matter what web page the intend to surf to, for > the easiness of setting up their connection. The basic idea is, > unauthenticated clients will be put in an isolated network, users then > pop up their web browser, will land on a specific webpage with > instructions on which steps they need to take, to get proper access. > > I tried to create a "*" zone, which seems to be ignored by bind, or > rather bind doesn't like the contents of the zone file. > > I'd appreciate any pointer to some information, how I can tweak bind to > do such a thing. > > With best regards > > -Sven > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed
On Tue, 2009-02-17 at 14:09 -0600, David Forrest wrote: > To get rid of all those "nice" log entries, I have this in my > named.conf: Thanks, David. For now, they're not so frequent as to be a nuisance. /Niall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: ResendRE: ns_type question
From: JINMEI Tatuya / 神明達哉 [jinmei_tat...@isc.org] > I have downloaded libbind6.0b1 > > My question is; > > the arpa/nameser.h file included does not include > type definitions for DNSKEY (or other dnssec rr types) > in the ns_type enum. > > am I looking in the wrong place? > No, you're looking at the right place, and libbind isn't supposed to > provide any new feature regarding the new DNSSEC spec. Ok. So is there a 'C' api for dealing with DNSSEC in this regard? -- jack. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users