Re: name server zone list

[Stephane Bortzmeyer]

On Fri, Apr 03, 2009 at 08:15:16AM -0500,
 Sandy Mackenzie  wrote 
 a message of 23 lines which said:

> I want to be able to produce a simple list of the zones on my DNS
> servers. 

There is work going on at the IETF on that subject. The requirments
document is almost done:

http://www.ietf.org/internet-drafts/draft-ietf-dnsop-name-server-management-reqs-02.txt
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

I:Couldn't start server ns1

[Erisan Nyamutenha]

Hi,

I'm installing Bind 9.6.0 on Suse Enterprise Linux 10 and I get this error 
message when iI do a make test

I:Couldn't start server ns1

Any ideas what I should do before I can install bind?

Regards

Erisan
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND and Solaris rand()

[Chris Thompson]

It turns out that rand(3c) in even recent Solaris versions returns
values in the range 0..32767 only. I suppose this is part of Sun's
rather extreme paranoia about backwards compatibility with programs
written before the flood.

The specific thing that brought this to my attention was that, when
using the -j option to dnssec-signzone, I couldn't get jitter of
more than a few hours however large I set the option. isc_random_jitter
in lib/isc/random.c has

   return (max - rand() % jitter);

and now it is obvious why that was. There are probably other bad
things happening elsewhere in BIND and its associated utilities.

Sun provided the drand48(3c) routines as an alternative to rand(3c),
even back in the SunOS 4.x days, and they have a better spec. I was
about to write a version of lib/isc/random.c using lrand48() instead
of rand(), but thought I would ask whether anyone has done the same
thing already. Also, a suggestion to ISC that they use lrand48() on
Solaris, in the same way as they use arc4random() if that is available.

--
Chris Thompson
Email: c...@cam.ac.uk

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

ip forwarding DNS 9.6.0

[myron]

I upgraded from 9.2.3.

I can't seem to do forwarding from a browser.

Everything works from 9.2.3. When I swap out to 9.6.0, from a command  
line I
can do: nslookup; ping outside the domain; traceroute outside the  
domain.


From a web browser I can get out if I use the ip address. However,  
when I

put in a canonical name get an rcode 5.

There's a barracuda spam firewall in the path. If I take it out, then  
everything works.
There's really nothing to change on the barracuda as far as dns is  
concerned, other

than pointing to a dns server.

snoop on the wire:
9.6.0
barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
   ns -> barracuda DNS R  Error: 5(Refused)

9.2.3
barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
   ns -> barracuda DNS R www22.verizon.com. Internet CNAME  
www22.verizon.com.edgekey.net.


I glanced through the archives and found some suggestions about  
recursions to ip forwarding. I think the

conf is set up correctly. At least, it works fine with 9.2.3.

Here's some of my named.conf edited.

acl mylab {
   10.0.0.0/8;
};
options {
   directory   "/etc/dns";
   auth-nxdomain   yes;
};
view "trusted" {
 match-clients { mylab; };
 recursion yes;
 zone "moravian.edu" in {
   type forward;
   forwarders { 10.22.5.32; 10.22.5.38; };
 };

Any help appreciated.

--myron
=
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
my...@cs.moravian.edu



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Fwd: ip forwarding DNS 9.6.0

[myron]

I gave the wrong view if that makes the difference. That was the  
internal network.


view "external" {
 match-clients { any; };
 recursion no;

--myron
=
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
my...@cs.moravian.edu



Begin forwarded message:


From: myron 
Date: April 6, 2009 12:00:55 PM EDT
To: bind-users@lists.isc.org
Subject: ip forwarding DNS 9.6.0

I upgraded from 9.2.3.

I can't seem to do forwarding from a browser.

Everything works from 9.2.3. When I swap out to 9.6.0, from a  
command line I
can do: nslookup; ping outside the domain; traceroute outside the  
domain.


From a web browser I can get out if I use the ip address. However,  
when I

put in a canonical name get an rcode 5.

There's a barracuda spam firewall in the path. If I take it out,  
then everything works.
There's really nothing to change on the barracuda as far as dns is  
concerned, other

than pointing to a dns server.

snoop on the wire:
9.6.0
barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
  ns -> barracuda DNS R  Error: 5(Refused)

9.2.3
barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
  ns -> barracuda DNS R www22.verizon.com. Internet CNAME  
www22.verizon.com.edgekey.net.


I glanced through the archives and found some suggestions about  
recursions to ip forwarding. I think the

conf is set up correctly. At least, it works fine with 9.2.3.

Here's some of my named.conf edited.

acl mylab {
  10.0.0.0/8;
};
options {
  directory   "/etc/dns";
  auth-nxdomain   yes;
};
view "trusted" {
match-clients { mylab; };
recursion yes;
zone "moravian.edu" in {
  type forward;
  forwarders { 10.22.5.32; 10.22.5.38; };
};

Any help appreciated.

--myron
=
Myron Kowalski
MoCoSIN Network/Systems Administrator
Moravian College
my...@cs.moravian.edu



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind 9.4 acache crashes

[JINMEI Tatuya / 神明達哉]

At Fri, 03 Apr 2009 18:38:01 +0300,
Sotiris Tsimbonis  wrote:

> Anyone else seen crashes like these?

FWIW, I've never seen any of these.

> Linux 2.6.18, bind 9.4.3-P1
> 03-Apr-2009 15:17:21.307 general: acache.c:393: INSIST(result == 0) failed
> 03-Apr-2009 15:17:21.307 general: exiting (due to assertion failure)
> 
> Solaris 9, bind 9.4.3b2
> 03-Apr-2009 18:14:36.890 general: acache.c:1660: fatal error:
> 03-Apr-2009 18:14:36.891 general: 
> RUNTIME_CHECK(((pthread_mutex_lock(((&acache->entrylocks[entry->locknum]))) 
> == 0) ? 0 : 34) == 0) failed
> 03-Apr-2009 18:14:36.891 general: exiting (due to fatal error in library)

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Round robin load distribution among servers does not work properly

[Florian Weimer]

* Mallappa Pallakke:

> Can anybody tell me why this limitation and is there any sollution to
> resove this problem?

Does your dig call result in two lookups behind the scenes, perhaps?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: I:Couldn't start server ns1

[Mark Andrews]

In message <49da221b020100045...@gwiasmtp.uct.ac.za>, "Erisan Nyamutenha" w
rites:
> Hi,
> 
> I'm installing Bind 9.6.0 on Suse Enterprise Linux 10 and I get this error me
> ssage when iI do a make test
> 
> I:Couldn't start server ns1

Have you set up the test interfaces?

10.53.0.1 ... 10.53.0.7

This is from my FreeBSD box where I run make test pretty
reqularly.

lo0: flags=8049 mtu 16384
inet6 ::1 prefixlen 128 
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
inet 127.0.0.1 netmask 0xff00 
inet 10.53.0.1 netmask 0x 
inet 10.53.0.2 netmask 0x 
inet 10.53.0.3 netmask 0x 
inet 10.53.0.4 netmask 0x 
inet 10.53.0.5 netmask 0x 
inet 10.53.0.6 netmask 0x 
inet 10.53.0.7 netmask 0x 
inet 127.0.0.2 netmask 0x 
inet 127.0.0.3 netmask 0x 

> Any ideas what I should do before I can install bind?
> 
> Regards
> 
> Erisan
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fwd: ip forwarding DNS 9.6.0

[Mark Andrews]

allow-recursion and allow-query-cache have different defaults.

>From README

New option "allow-query-cache".  This lets "allow-query"
be used to specify the default zone access level rather
than having to have every zone override the global value.
"allow-query-cache" can be set at both the options and view
levels.  If "allow-query-cache" is not set then "allow-recursion"
is used if set, otherwise "allow-query" is used if set
unless "recursion no;" is set in which case "none;" is used,
otherwise the default (localhost; localnets;) is used.


Mark

In message , myron writes
:
> 
> --===0424927304202673050==
> Content-Type: multipart/alternative; boundary=Apple-Mail-233-881694232
> 
> 
> --Apple-Mail-233-881694232
> Content-Type: text/plain;
>   charset=US-ASCII;
>   format=flowed;
>   delsp=yes
> Content-Transfer-Encoding: 7bit
> 
> I gave the wrong view if that makes the difference. That was the  
> internal network.
> 
> view "external" {
>   match-clients { any; };
>   recursion no;
> 
> --myron
> =
> Myron Kowalski
> MoCoSIN Network/Systems Administrator
> Moravian College
> my...@cs.moravian.edu
> 
> 
> 
> Begin forwarded message:
> 
> > From: myron 
> > Date: April 6, 2009 12:00:55 PM EDT
> > To: bind-users@lists.isc.org
> > Subject: ip forwarding DNS 9.6.0
> >
> > I upgraded from 9.2.3.
> >
> > I can't seem to do forwarding from a browser.
> >
> > Everything works from 9.2.3. When I swap out to 9.6.0, from a  
> > command line I
> > can do: nslookup; ping outside the domain; traceroute outside the  
> > domain.
> >
> > From a web browser I can get out if I use the ip address. However,  
> > when I
> > put in a canonical name get an rcode 5.
> >
> > There's a barracuda spam firewall in the path. If I take it out,  
> > then everything works.
> > There's really nothing to change on the barracuda as far as dns is  
> > concerned, other
> > than pointing to a dns server.
> >
> > snoop on the wire:
> > 9.6.0
> > barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
> >   ns -> barracuda DNS R  Error: 5(Refused)
> >
> > 9.2.3
> > barracuda -> ns DNS C www22.verizon.com. Internet Addr ?
> >   ns -> barracuda DNS R www22.verizon.com. Internet CNAME  
> > www22.verizon.com.edgekey.net.
> >
> > I glanced through the archives and found some suggestions about  
> > recursions to ip forwarding. I think the
> > conf is set up correctly. At least, it works fine with 9.2.3.
> >
> > Here's some of my named.conf edited.
> >
> > acl mylab {
> >   10.0.0.0/8;
> > };
> > options {
> >   directory   "/etc/dns";
> >   auth-nxdomain   yes;
> > };
> > view "trusted" {
> > match-clients { mylab; };
> > recursion yes;
> > zone "moravian.edu" in {
> >   type forward;
> >   forwarders { 10.22.5.32; 10.22.5.38; };
> > };
> >
> > Any help appreciated.
> >
> > --myron
> > =
> > Myron Kowalski
> > MoCoSIN Network/Systems Administrator
> > Moravian College
> > my...@cs.moravian.edu
> >
> >
> >
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> --Apple-Mail-233-881694232
> Content-Type: text/html;
>   charset=US-ASCII
> Content-Transfer-Encoding: quoted-printable
> 
>  -webkit-line-break: after-white-space; ">I gave the wrong view if that =
> makes the difference. That was the internal network.view =
> "external" { match-clients { any; }; recursion =
> no; apple-content-edited=3D"true">  style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
> Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
> font-weight: normal; letter-spacing: normal; line-height: normal; =
> orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
> white-space: normal; widows: 2; word-spacing: 0px; =
> -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
> 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
> auto; -webkit-text-stroke-width: 0; "> break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
> after-white-space; =
> ">--myron=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DMyron =
> KowalskiMoCoSIN Network/Systems =
> AdministratorMoravian College href=3D"mailto:my...@cs.moravian.edu";>my...@cs.moravian.edu=
>  =
> Begin forwarded message: class=3D"Apple-interchange-newline"> style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
> margin-left: 0px; "> style=3D"font: 12.0px Helvetica; color: #00">From: =
>  Helvetica">myron < href=3D"mailto:kowal...@cs.moravian.edu";>kowal...@cs.moravian.edu> nt> margin-bottom: 0px; margin-left: 0px; "> size=3D"3" color=3D"#00" style=3D"font: 12.0px Helvetica; color: =
> #00">Date:  style=3D"font: 12.0px Helvetica">Apr

Re: Default Outgoing Policy

[John D. Vo]

What is the best course of action? I want to allow TCP and UDP for packets that 
do not already have a policy. 

Thanks 
--Original Message--
From: fw+misc Listmanager
To: (Recipients of 'fw+misc' suppressed)
ReplyTo: Miscellaneous Configuration Settings
Sent: Apr 6, 2009 5:14 PM
Subject: Default Outgoing Policy

From: "Bruce Briggs" (bruce.bri...@gmail.com  ) 
Yes, but if the Outgoing Policy ends up with a higher precedence than the 
TCP-UDP policy, then the Outgoing Policy will
 be used to allow out TCP packets which are not allowed out by a higher 
precedent policy.
 
 
 
--- 
To reply:fw+misc.107...@forum.watchguard.com 
 
 To start a new topic:fw+m...@forum.watchguard.com 
 
 To view discussion: 
http://www.watchguard.com/forum/?boardID=Fireware&action=9&read=23885&fid=52 
 
 To (un)subscribe:fw+misc.list-requ...@forum.watchguard.com 
 
 

__
John D. Vo
System-Network Administrator
j...@eagle.net
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Default Outgoing Policy

[John D. Vo]

Oops. Sorry. Plz ignore last post. 
__
John D. Vo
System-Network Administrator
j...@eagle.net

-Original Message-
From: "John D. Vo" 

Date: Mon, 6 Apr 2009 21:26:07 
To: 
Subject: Re: Default Outgoing Policy


What is the best course of action? I want to allow TCP and UDP for packets that 
do not already have a policy. 

Thanks 
--Original Message--
From: fw+misc Listmanager
To: (Recipients of 'fw+misc' suppressed)
ReplyTo: Miscellaneous Configuration Settings
Sent: Apr 6, 2009 5:14 PM
Subject: Default Outgoing Policy

From: "Bruce Briggs" (bruce.bri...@gmail.com  ) 
Yes, but if the Outgoing Policy ends up with a higher precedence than the 
TCP-UDP policy, then the Outgoing Policy will
 be used to allow out TCP packets which are not allowed out by a higher 
precedent policy.
 
 
 
--- 
To reply:fw+misc.107...@forum.watchguard.com 
 
 To start a new topic:fw+m...@forum.watchguard.com 
 
 To view discussion: 
http://www.watchguard.com/forum/?boardID=Fireware&action=9&read=23885&fid=52 
 
 To (un)subscribe:fw+misc.list-requ...@forum.watchguard.com 
 
 

__
John D. Vo
System-Network Administrator
j...@eagle.net
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

[OT] zonedit.com and changing DNS servers from current provider

[Michelle Konzack]

Hello *,

My hosting contract is running out on 2009-04-16 and now I like  to  use
 to host my zones.  Unfortunately  I  have  not  found  the
answer to my qustion on there help page and they  do  not  reply  to  my
question per mail except an autoreply.

So does someone know, if I setup Zonedit how to eliminate the ZONE at my
current ISP and HOW to change the WHOIS record?

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   Apt. 917
   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strasbourg/France
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [OT] zonedit.com and changing DNS servers from current provider

[Scott Haneda]

On Apr 6, 2009, at 3:30 PM, Michelle Konzack wrote:

My hosting contract is running out on 2009-04-16 and now I like  to   
use
 to host my zones.  Unfortunately  I  have  not  found   
the
answer to my qustion on there help page and they  do  not  reply   
to  my

question per mail except an autoreply.


Maybe you should reconsider using them if you are already having  
support issues before you even use their services.


So does someone know, if I setup Zonedit how to eliminate the ZONE  
at my

current ISP and HOW to change the WHOIS record?


You should email your current ISP and ask them to delete the zone,  
unless you have a control panel in which you an do so yourself.  I can  
say, as a small ISP, this never happens, and we have developed tools  
to run on a schedule to let us know when a domain has been moved.


To update the WHOIS, you just login to the registrar (the place you  
purchased the domain for) and make a update in the NS section.

--
Scott * If you contact me off list replace talklists@ with scott@ *

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [OT] zonedit.com and changing DNS servers from current provider

[Dustin Lovell]

Michelle,
 
Do you own the domain? If so, the authoritative ns change will need to happen 
at the registrar level (Network Solutions, Tucows, etc.). You just need to 
ensure that zoneedit works the way you expect it to before you make the change. 
Once the change is made, a whois query against one of the root nameservers will 
tell you whether the change worked or not (I believe propagation to the root 
nameservers from most registrars is ~ 5 minutes). 48 hours later, feel free to 
turn off your old system or just let them shut you down at the end of your 
contract. If you don't own the domain, then this is a whole different issue.
 
Best regards,
Dustin Lovell
UNIX Administrator
America First Credit Union


>>> Michelle Konzack  4/6/2009 4:30 PM >>>
Hello *,

My hosting contract is running out on 2009-04-16 and now I like  to  use
 to host my zones.  Unfortunately  I  have  not  found  the
answer to my qustion on there help page and they  do  not  reply  to  my
question per mail except an autoreply.

So does someone know, if I setup Zonedit how to eliminate the ZONE at my
current ISP and HOW to change the WHOIS record?

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
# Debian GNU/Linux Consultant #
 Michelle Konzack
   Apt. 917
   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strasbourg/France
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [OT] zonedit.com and changing DNS servers from current provider

[Mark Andrews]

In message , Scott Haneda 
writes:
> On Apr 6, 2009, at 3:30 PM, Michelle Konzack wrote:
> 
> > My hosting contract is running out on 2009-04-16 and now I like  to   
> > use
> >  to host my zones.  Unfortunately  I  have  not  found   
> > the
> > answer to my qustion on there help page and they  do  not  reply   
> > to  my
> > question per mail except an autoreply.
> 
> Maybe you should reconsider using them if you are already having  
> support issues before you even use their services.
> 
> > So does someone know, if I setup Zonedit how to eliminate the ZONE  
> > at my
> > current ISP and HOW to change the WHOIS record?
> 
> You should email your current ISP and ask them to delete the zone,  
> unless you have a control panel in which you an do so yourself.  I can  
> say, as a small ISP, this never happens, and we have developed tools  
> to run on a schedule to let us know when a domain has been moved.
> 
> To update the WHOIS, you just login to the registrar (the place you  
> purchased the domain for) and make a update in the NS section.

If you want a smooth transition, the ISP should slave the
new zone content until the caches are cleared of the old
NS RRsets (parent and zone).

Mark
> --
> Scott * If you contact me off list replace talklists@ with scott@ *
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Round robin load distribution among servers does not work properly

[Mallappa Pallakke]

Hi,

 I tried with 9.5.1.P2, but still I am not getting the expected round
robin results:

 Please see below my named.conf and zone file:

named.conf:
=
options {
       directory "/var/named";

       // Uncommenting this might help if you have to go through a
       // firewall and things are not working out.  But you probably
       // need to talk to your firewall admin.

       //query-source port 53;

rrset-order {
        order cyclic;};    // fixed, random, cyclic
};

zone "mycompany.com" {
       type master;
//        notify no;
       file "db.mycompany.com";

       allow-update { any; };
//      allow-update { 127.0.0.1; };
notify yes;
};


db.mycompany.com:
===
$ORIGIN .
$TTL 0  ;
mycompany.com           IN SOA  www.mycompany.com. hostmaster.mycompany.com. (
                               199813404  ; serial
                               1          ; refresh (1 second)
                               1          ; retry (1 second)
                               1          ; expire (1 second)
                               1          ; minimum (1 second)
                               )
                       NS      www.mycompany.com.
$ORIGIN mycompany.com.
localhost               A       127.0.0.1
$TTL 0  ;
www                     A       10.10.68.1
                       A       10.10.68.2
                       A       10.10.68.3
                       A       10.10.68.4


I always get following answers repeatedly. Not getting 10.10.68.2 and
10.10.68.3 as top records in response messages:
=
atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com

; <<>> DiG 9.3.2 <<>> www.mycompany.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mycompany.com.             IN      A

;; ANSWER SECTION:
www.mycompany.com.      0       IN      A       10.10.68.4
www.mycompany.com.      0       IN      A       10.10.68.1
www.mycompany.com.      0       IN      A       10.10.68.2
www.mycompany.com.      0       IN      A       10.10.68.3

;; AUTHORITY SECTION:
mycompany.com.          0       IN      NS      www.mycompany.com.

;; Query time: 1 msec
;; SERVER: 10.10.68.1#53(10.10.68.1)
;; WHEN: Sun Apr  6 00:21:07 2008
;; MSG SIZE  rcvd: 113


=

atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com

; <<>> DiG 9.3.2 <<>> www.mycompany.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65208
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mycompany.com.             IN      A

;; ANSWER SECTION:
www.mycompany.com.      0       IN      A       10.10.68.2
www.mycompany.com.      0       IN      A       10.10.68.3
www.mycompany.com.      0       IN      A       10.10.68.4
www.mycompany.com.      0       IN      A       10.10.68.1

;; AUTHORITY SECTION:
mycompany.com.          0       IN      NS      www.mycompany.com.

;; Query time: 1 msec
;; SERVER: 10.10.68.1#53(10.10.68.1)
;; WHEN: Sun Apr  6 00:21:09 2008
;; MSG SIZE  rcvd: 113

==


Please let me know anything is missing.

Regards,
Mallappa Pallakke


On Sun, Apr 5, 2009 at 8:55 AM, Kirk  wrote:
> Mallappa Pallakke wrote:
>>
>> Hi,
>>
>>    I was trying to do load balancing of client request among
>> configured servers using internal DNS server, I get proper load
>> balaning (DNS response with top most IP address going with proper
>> round robin fashio) for odd number of IP addresses. But it does not
>> give same bevior for even number of IP addresses.
>>
>> For example:
>>
>>  If I have configured x.y.z.1, x.y.z.2, x.y.z.3, I get following
>> combinations in dig response:
>>
>>  x.y.z.1
>>  x.y.z.2
>>  x.y.z.3
>>
>>  x.y.z.2
>>  x.y.z.3
>>  x.y.z.1
>>
>>  x.y.z.3
>>  x.y.z.1
>>  x.y.z.2
>>
>> And this repeats, giving round robin distribution.
>>
>> However, if I add one more IP address to the zone list (x.y.z.4), I
>> get only following combinations:
>>
>> x.y.z.1
>> x.y.z.2
>> x.y.z.3
>> x.y.z.4
>>
>> and
>>
>> x.y.z.3
>> x.y.z.4
>> x.y.z.1
>> x.y.z.2
>>
>> It gets repeated. I will never get x.y.z.2 and x.y.z.4 as top entries
>> in this response.
>>
>> Can anybody tell me why this limitation and is there any sollution to
>> resove this problem?
>>
>> Thanks in advance.
>>
>> Mallappa
>
>
> Not sure what version of BIND you are using, but here I am using 9.5.1-P2.
>  I just loaded a zone with 10 www records and different IP's and they are
> handed out round robin just fine.
>
> The idea of using DNS for load balancing has been brought up here so many
> times its hard to count.  The answer is always the same. DNS was *never*
> meant to provide this functionality.  Spend the big bucks and get a device
> meant to do *load balancing*.
>
> Search the archive for previ

Re: Round robin load distribution among servers does not work properly

[Mark Andrews]

In message <96c8e9660904061734t61414549o22a535e681f58...@mail.gmail.com>, 
Mallappa Pallakke
 writes:
> Hi,
> 
>  I tried with 9.5.1.P2, but still I am not getting the expected round
> robin results:
> 
>  Please see below my named.conf and zone file:
> 
> named.conf:
> =
> options {
>directory "/var/named";
> 
>// Uncommenting this might help if you have to go through a
>// firewall and things are not working out.  But you probably
>// need to talk to your firewall admin.
> 
>//query-source port 53;
> 
> rrset-order {
> order cyclic;};// fixed, random, cyclic
> };
> 
> zone "mycompany.com" {
>type master;
> //notify no;
>file "db.mycompany.com";
> 
>allow-update { any; };
> //  allow-update { 127.0.0.1; };
> notify yes;
> };
> 
> 
> db.mycompany.com:
> ===
> $ORIGIN .
> $TTL 0  ;
> mycompany.com   IN SOA  www.mycompany.com. hostmaster.mycompany.com. (
>199813404 ; serial
>1 ; refresh (1 second)
>1 ; retry (1 second)
>1 ; expire (1 second)
>1 ; minimum (1 second)
>)
>NS  www.mycompany.com.
> $ORIGIN mycompany.com.
> localhost   A   127.0.0.1
> $TTL 0  ;
> www A   10.10.68.1
>A   10.10.68.2
>A   10.10.68.3
>A   10.10.68.4

Change the nameservers name to be something other than
www.mycompany.com.

www.mycompany.com is being retrieved twice once for the
answer section and once for the additional section.  Each
retrieval rotates the RRset once. The latter gets thrown
away when named supresses duplicate RRsets in the answer
so you see 2 rotations and 2 divides equally into 4.

B.T.W. one should choose "random" rather than "round-robin" if
you want uniform load on failure.

Mark
 
> I always get following answers repeatedly. Not getting 10.10.68.2 and
> 10.10.68.3 as top records in response messages:
> =
> atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com
> 
> ; <<>> DiG 9.3.2 <<>> www.mycompany.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13961
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;www.mycompany.com. IN  A
> 
> ;; ANSWER SECTION:
> www.mycompany.com.  0   IN  A   10.10.68.4
> www.mycompany.com.  0   IN  A   10.10.68.1
> www.mycompany.com.  0   IN  A   10.10.68.2
> www.mycompany.com.  0   IN  A   10.10.68.3
> 
> ;; AUTHORITY SECTION:
> mycompany.com.  0   IN  NS  www.mycompany.com.
> 
> ;; Query time: 1 msec
> ;; SERVER: 10.10.68.1#53(10.10.68.1)
> ;; WHEN: Sun Apr  6 00:21:07 2008
> ;; MSG SIZE  rcvd: 113
> 
> 
> =
> 
> atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com
> 
> ; <<>> DiG 9.3.2 <<>> www.mycompany.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65208
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;www.mycompany.com. IN  A
> 
> ;; ANSWER SECTION:
> www.mycompany.com.  0   IN  A   10.10.68.2
> www.mycompany.com.  0   IN  A   10.10.68.3
> www.mycompany.com.  0   IN  A   10.10.68.4
> www.mycompany.com.  0   IN  A   10.10.68.1
> 
> ;; AUTHORITY SECTION:
> mycompany.com.  0   IN  NS  www.mycompany.com.
> 
> ;; Query time: 1 msec
> ;; SERVER: 10.10.68.1#53(10.10.68.1)
> ;; WHEN: Sun Apr  6 00:21:09 2008
> ;; MSG SIZE  rcvd: 113
> 
> ===
> 
> 
> Please let me know anything is missing.
> 
> Regards,
> Mallappa Pallakke
> 
> 
> On Sun, Apr 5, 2009 at 8:55 AM, Kirk  wrote:
> > Mallappa Pallakke wrote:
> >>
> >> Hi,
> >>
> >>I was trying to do load balancing of client request among
> >> configured servers using internal DNS server, I get proper load
> >> balaning (DNS response with top most IP address going with proper
> >> round robin fashio) for odd number of IP addresses. But it does not
> >> give same bevior for even number of IP addresses.
> >>
> >> For example:
> >>
> >>  If I have configured x.y.z.1, x.y.z.2, x.y.z.3, I get following
> >> combinations in dig response:
> >>
> >>  x.y.z.1
> >>  x.y.z.2
> >>  x.y.z.3
> >>
> >>  x.y.z.2
> >>  x.y.z.3
> >>  x.y.z.1
> >>
> >>  x.y.z.3
> >>  x.y.z.1
> >>  x.y.z.2
> >>
> >> And this repeats, giving round robin distribution.
> >>
>

Re: Round robin load distribution among servers does not work properly

[Mallappa Pallakke]

Hi Mark,

   I do not see any additional section in the response. Can you please
tell me what exactly you are asking me to change?

   I selected cyclic instead of random since I want my client requests
to go to servers in exactly round-robin order. Please tell is there
anything wrong with this?

Thanks,
Mallappa Pallakke


On Mon, Apr 6, 2009 at 6:55 PM, Mark Andrews  wrote:
>
> In message <96c8e9660904061734t61414549o22a535e681f58...@mail.gmail.com>, 
> Mallappa Pallakke
>  writes:
>> Hi,
>>
>>  I tried with 9.5.1.P2, but still I am not getting the expected round
>> robin results:
>>
>>  Please see below my named.conf and zone file:
>>
>> named.conf:
>> =
>> options {
>>        directory "/var/named";
>>
>>        // Uncommenting this might help if you have to go through a
>>        // firewall and things are not working out.  But you probably
>>        // need to talk to your firewall admin.
>>
>>        //query-source port 53;
>>
>> rrset-order {
>>         order cyclic;};    // fixed, random, cyclic
>> };
>>
>> zone "mycompany.com" {
>>        type master;
>> //        notify no;
>>        file "db.mycompany.com";
>>
>>        allow-update { any; };
>> //      allow-update { 127.0.0.1; };
>> notify yes;
>> };
>>
>>
>> db.mycompany.com:
>> ===
>> $ORIGIN .
>> $TTL 0  ;
>> mycompany.com           IN SOA  www.mycompany.com. hostmaster.mycompany.com. 
>> (
>>                                199813404 ; serial
>>                                1         ; refresh (1 second)
>>                                1         ; retry (1 second)
>>                                1         ; expire (1 second)
>>                                1         ; minimum (1 second)
>>                                )
>>                        NS      www.mycompany.com.
>> $ORIGIN mycompany.com.
>> localhost               A       127.0.0.1
>> $TTL 0  ;
>> www                     A       10.10.68.1
>>                        A       10.10.68.2
>>                        A       10.10.68.3
>>                        A       10.10.68.4
>
>        Change the nameservers name to be something other than
>        www.mycompany.com.
>
>        www.mycompany.com is being retrieved twice once for the
>        answer section and once for the additional section.  Each
>        retrieval rotates the RRset once. The latter gets thrown
>        away when named supresses duplicate RRsets in the answer
>        so you see 2 rotations and 2 divides equally into 4.
>
>        B.T.W. one should choose "random" rather than "round-robin" if
>        you want uniform load on failure.
>
>        Mark
>
>> I always get following answers repeatedly. Not getting 10.10.68.2 and
>> 10.10.68.3 as top records in response messages:
>> =
>> atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com
>>
>> ; <<>> DiG 9.3.2 <<>> www.mycompany.com
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13961
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.mycompany.com.             IN      A
>>
>> ;; ANSWER SECTION:
>> www.mycompany.com.      0       IN      A       10.10.68.4
>> www.mycompany.com.      0       IN      A       10.10.68.1
>> www.mycompany.com.      0       IN      A       10.10.68.2
>> www.mycompany.com.      0       IN      A       10.10.68.3
>>
>> ;; AUTHORITY SECTION:
>> mycompany.com.          0       IN      NS      www.mycompany.com.
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 10.10.68.1#53(10.10.68.1)
>> ;; WHEN: Sun Apr  6 00:21:07 2008
>> ;; MSG SIZE  rcvd: 113
>>
>>
>> =
>>
>> atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com
>>
>> ; <<>> DiG 9.3.2 <<>> www.mycompany.com
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65208
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.mycompany.com.             IN      A
>>
>> ;; ANSWER SECTION:
>> www.mycompany.com.      0       IN      A       10.10.68.2
>> www.mycompany.com.      0       IN      A       10.10.68.3
>> www.mycompany.com.      0       IN      A       10.10.68.4
>> www.mycompany.com.      0       IN      A       10.10.68.1
>>
>> ;; AUTHORITY SECTION:
>> mycompany.com.          0       IN      NS      www.mycompany.com.
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 10.10.68.1#53(10.10.68.1)
>> ;; WHEN: Sun Apr  6 00:21:09 2008
>> ;; MSG SIZE  rcvd: 113
>>
>> ===
>>
>>
>> Please let me know anything is missing.
>>
>> Regards,
>> Mallappa Pallakke
>>
>>
>> On Sun, Apr 5, 2009 at 8:55 AM, Kirk  wrote:
>> > Mallappa Pallakke wrote:
>> >>
>> >> Hi,
>> >>
>> >>    I was trying to do load balancing of client request among
>> >> configured servers using internal DNS server, I get proper load
>> >> balaning (DNS response with top mos

Re: Round robin load distribution among servers does not work properly

[Kevin Darcy]

Mallappa Pallakke wrote:

Hi Mark,

   I do not see any additional section in the response. Can you please
tell me what exactly you are asking me to change?
  
You're delegating the zone to the same name you're trying to 
round-robin. Named is therefore fetching the name multiple times 
internally whenever it responds to queries, and thus "rotating" the 
response multiple times. You can't really see this "multiple fetching", 
because, as Mark pointed out, the Resource Records that were fetched for 
the Additional Section were suppressed later in the algorithm, because 
they would have been duplicates of what is in the Answer Section. But 
they still "rotate" the RRset when the fetches occur. Since it's 
"invisible", the only way to know that the "multiple fetching" is 
occurring is to be intimately familiar with named's resolver algorithm, 
which Mark is.


You need to get www.mycompany.com out of the zone delegation if you want 
to prevent this "multiple fetching" phenomenon. It's generally bad form 
anyway to use the same device for DNS infrastructure and 
application-level content. If you absolutely must, you could give 
different names to the same IP address, thus preventing the "multiple 
fetch" problem, while still using the device for hosting the zone. This 
might complicate your forward/reverse record consistency however.

   I selected cyclic instead of random since I want my client requests
to go to servers in exactly round-robin order. Please tell is there
anything wrong with this?
  
Consider what happens when one of the nodes fails. Every time that node 
is given as the first A record in the set, clients will, presumably, 
fail over to the *next* node in the sequence. This is in addition to the 
regular traffic that that "next" node gets whenever its address is first 
in the sequence. So, basically, you shift all (or at least _most_, 
depending on the failover capabilities and/or timeout settings of the 
clients) of the traffic from the failed node to the next node in the 
sequence, which is not very balanced.


When you choose "random", then, in the case of node failure, the load 
gets more evenly -- albeit less predictably -- distributed among the 
remaining nodes.



   - Kevin



Thanks,
Mallappa Pallakke


On Mon, Apr 6, 2009 at 6:55 PM, Mark Andrews  wrote:
  

In message <96c8e9660904061734t61414549o22a535e681f58...@mail.gmail.com>, 
Mallappa Pallakke
 writes:


Hi,

 I tried with 9.5.1.P2, but still I am not getting the expected round
robin results:

 Please see below my named.conf and zone file:

named.conf:
=
options {
   directory "/var/named";

   // Uncommenting this might help if you have to go through a
   // firewall and things are not working out.  But you probably
   // need to talk to your firewall admin.

   //query-source port 53;

rrset-order {
order cyclic;};// fixed, random, cyclic
};

zone "mycompany.com" {
   type master;
//notify no;
   file "db.mycompany.com";

   allow-update { any; };
//  allow-update { 127.0.0.1; };
notify yes;
};


db.mycompany.com:
===
$ORIGIN .
$TTL 0  ;
mycompany.com   IN SOA  www.mycompany.com. hostmaster.mycompany.com. (
   199813404 ; serial
   1 ; refresh (1 second)
   1 ; retry (1 second)
   1 ; expire (1 second)
   1 ; minimum (1 second)
   )
   NS  www.mycompany.com.
$ORIGIN mycompany.com.
localhost   A   127.0.0.1
$TTL 0  ;
www A   10.10.68.1
   A   10.10.68.2
   A   10.10.68.3
   A   10.10.68.4
  

   Change the nameservers name to be something other than
   www.mycompany.com.

   www.mycompany.com is being retrieved twice once for the
   answer section and once for the additional section.  Each
   retrieval rotates the RRset once. The latter gets thrown
   away when named supresses duplicate RRsets in the answer
   so you see 2 rotations and 2 divides equally into 4.

   B.T.W. one should choose "random" rather than "round-robin" if
   you want uniform load on failure.

   Mark



I always get following answers repeatedly. Not getting 10.10.68.2 and
10.10.68.3 as top records in response messages:
=
atcafs-n4s1:/kwlogs/msp# dig www.mycompany.com

; <<>> DiG 9.3.2 <<>> www.mycompany.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mycompany.com. IN  A

;; ANSWER SECTION:
www.m

nameserver not responding (servfail)

[David Cake]

	I have a standard debian bind9 installation. It is on a 
virtual server, so it is possible ram and disk are a bit tight, but 
the box is doing very little else apart from running bind currently. 
It is serving a bunch of domain names, about 60, a lot of them from 
zone files I've generated with a script.
	It loads all domains fine on startup, and sends and receives 
notifies, but any attempts to lookup domains from the server itself 
seem to fail, returning servfail.
	Nothing in the logs. I've tried turning debugging on, didn't 
seem to help, I might be doing it wrong.
	Every so often I can coax it into temporary life, with 
various voodoo methods, but nothing seems to work consistently or for 
long. I suspect I am running out of some resource, but what?

Cheers
David
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

rdataset.c:652: REQUIRE(dbp != ((void *)0) && *dbp == ((void *)0)) failed

[Howard Wilkinson]

We have had a failure of one of our BIND installations this morning. The 
failure happened at 01:51:45 BST on a machine that was effectively idle 
at the time.


The previous messages logged by 'named' were 30 seconds before the crash 
and were a zone transfer from a Microsoft 2003 DNS server of an AD 
integrated zone.


I can provide config files if they are useful. The version of BIND is a 
stock build from Fedora 9 - bind-9.5.1-2.P2.fc9.i386.


Is this a known problem, should we upgrade to get away from it, any advice?

Regards, HOward.


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users