date:20090702

Re: IPv6 reverse delegation

2009-07-02 Thread Mark Andrews

In message <20090702083831.135ee95d.akolin...@gmx.net>, Akolinare writes:
> Hello,
> 
> I want to configure a reverse delegation of a IPv6 subnet to a different name
> server. I guess this is common use for IPv6 to provide customers the possibil
> ity to manage the reverse resolution on their own. But as long I search the i
> nternet and books for howtos, configuration examples or help I'm not able to 
> find anything. Furthermore I have to realize that it is quite difficult to re
> cognize which IPv6 DNS method is valid and which is out of date.
> 
> With IPv4 reverse delegation was quite simple:
> 64/26   NS  ns.example.com.
> $GENERATE 64-127 $ IN CNAME $.64/26
> 
> Is there any comparable use for IPv6?

It's not needed as you don't need to split the last octet
in the DNS name to match the amount of space you have been
given.

The address space given to you, as a end user site, will
usually be on a nibble boundary, /48, /52, /56, /60 or /64,
the latter only if your ISP is not following common/expected
practice.  This allows you to have 65536 /64 sized subnets
(the default size of a subnet) with a /48, down to 16 /64's
with a /60.

The zone name for a single /64 will be like something like
"0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".  The containing
/48 would be "0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".

Mark

> I would be appreciative for any advice/help.
>
> best regards
> 
>   Markus
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: IPv6 reverse delegation

2009-07-02 Thread Mark Andrews


In message <200907020659.n626xjlq033...@drugs.dv.isc.org>, Mark Andrews writes:
> 
> In message <20090702083831.135ee95d.akolin...@gmx.net>, Akolinare writes:
> > Hello,
> > 
> > I want to configure a reverse delegation of a IPv6 subnet to a different na
> me
> > server. I guess this is common use for IPv6 to provide customers the possib
> il
> > ity to manage the reverse resolution on their own. But as long I search the
>  i
> > nternet and books for howtos, configuration examples or help I'm not able t
> o 
> > find anything. Furthermore I have to realize that it is quite difficult to 
> re
> > cognize which IPv6 DNS method is valid and which is out of date.
> > 
> > With IPv4 reverse delegation was quite simple:
> > 64/26   NS  ns.example.com.
> > $GENERATE 64-127 $ IN CNAME $.64/26
> > 
> > Is there any comparable use for IPv6?
> 
>   It's not needed as you don't need to split the last octet
>   in the DNS name to match the amount of space you have been
>   given.
> 
>   The address space given to you, as a end user site, will
>   usually be on a nibble boundary, /48, /52, /56, /60 or /64,
>   the latter only if your ISP is not following common/expected
>   practice.  This allows you to have 65536 /64 sized subnets
>   (the default size of a subnet) with a /48, down to 16 /64's
>   with a /60.
> 
>   The zone name for a single /64 will be like something like
>   "0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".  The containing
>   /48 would be "0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".

And entries in the zone file will look like
"a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6 PTR sapphire.dv.isc.org."

I would let the machines add their own PTR records.

The corresponding forward record is 
sapphire.dv.isc.org  2001:470:1f00:820:6470:77b8:9184:406a
 
>   Mark
> 
> > I would be appreciative for any advice/help.
> >
> > best regards
> > 
> >   Markus
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: IPv6 reverse delegation

2009-07-02 Thread Akolinare

Hello Mark,

thank you very much for your quick answer.
I'm sorry for express unclear.

Creating of the reverse zone file is good documented and no problem. Both
nameserver are already set up and work fine, except that the queries for the
special subnets are not delegate from the Master to the "smaller" nameserver.
 
As I try to draft with the little picutre below, I have one registered
nameserver (NS Master) for the whole adress space. This server should delegate
queries for the subnets handelt by the NS Customers to their nameservers.

query from internet
   |
   \/
+---+ +---+
|   NS Master   | delegate|   NS Customer 1   |
| 2001:DB8::/32 |-->>>--+-| 2001:DB8:100::/48 |
+---+   | +---+
|
| +---+
| |   NS Customer 2   |
+-| 2001:DB8:200::/48 |
| +---+
|
+NS Customer N

The both IPv4 lines should only demonstrate the function I think to need.

As I read the DNAME record could/should be used for delegation. But I find
only further information for map different networks under one reverse file. 

best regards

  Markus



On Thu, 02 Jul 2009 17:14:03 +1000
Mark Andrews  wrote:

> 
> In message <200907020659.n626xjlq033...@drugs.dv.isc.org>, Mark Andrews 
> writes:
> > 
> > In message <20090702083831.135ee95d.akolin...@gmx.net>, Akolinare writes:
> > > Hello,
> > > 
> > > I want to configure a reverse delegation of a IPv6 subnet to a different 
> > > na
> > me
> > > server. I guess this is common use for IPv6 to provide customers the 
> > > possib
> > il
> > > ity to manage the reverse resolution on their own. But as long I search 
> > > the
> >  i
> > > nternet and books for howtos, configuration examples or help I'm not able 
> > > t
> > o 
> > > find anything. Furthermore I have to realize that it is quite difficult 
> > > to 
> > re
> > > cognize which IPv6 DNS method is valid and which is out of date.
> > > 
> > > With IPv4 reverse delegation was quite simple:
> > > 64/26   NS  ns.example.com.
> > > $GENERATE 64-127 $ IN CNAME $.64/26
> > > 
> > > Is there any comparable use for IPv6?
> > 
> > It's not needed as you don't need to split the last octet
> > in the DNS name to match the amount of space you have been
> > given.
> > 
> > The address space given to you, as a end user site, will
> > usually be on a nibble boundary, /48, /52, /56, /60 or /64,
> > the latter only if your ISP is not following common/expected
> > practice.  This allows you to have 65536 /64 sized subnets
> > (the default size of a subnet) with a /48, down to 16 /64's
> > with a /60.
> > 
> > The zone name for a single /64 will be like something like
> > "0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".  The containing
> > /48 would be "0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".
> 
>   And entries in the zone file will look like
>   "a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6 PTR sapphire.dv.isc.org."
> 
>   I would let the machines add their own PTR records.
> 
>   The corresponding forward record is 
>   sapphire.dv.isc.org  2001:470:1f00:820:6470:77b8:9184:406a
>  
> > Mark
> > 
> > > I would be appreciative for any advice/help.
> > >
> > > best regards
> > > 
> > >   Markus
> > > ___
> > > bind-users mailing list
> > > bind-users@lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> 
> 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind stops listening on TCP port 53 port 53

2009-07-02 Thread Jan Hansen


It happened again - the master stopped listening on TCP.

I added a new domain around 16:15, which caused the managemenet program 
to generate the zone file on the master, and re-generate an updated 
zones.conf on both the master and the slaves - then execute "rndc 
reconfig" on all servers.


From the slave-log, you can see that around 22:15 things start to fail, 
and I've just verified that the master doesn't respond to TCP queries 
anymore, so I'll restart the bind services and see if that helps.


Slave log
---
01-jul-2009 16:16:51.612 general: info: received control channel command 
'reconfig'
01-jul-2009 16:16:51.612 general: info: loading configuration from 
'C:\WINDOWS\system32\dns\etc\named.conf'
01-jul-2009 16:16:51.627 general: info: using default UDP/IPv4 port 
range: [1024, 65535]
01-jul-2009 16:16:51.627 general: info: using default UDP/IPv6 port 
range: [1024, 65535]

01-jul-2009 16:16:51.627 network: info: no IPv6 interfaces found
01-jul-2009 16:16:51.659 general: info: reloading configuration succeeded
01-jul-2009 16:16:51.659 general: info: any newly configured zones are 
now loaded
01-jul-2009 16:16:51.674 general: info: zone malerfirmaet-worm.dk/IN: 
Transfer started.
01-jul-2009 16:16:51.690 xfer-in: info: transfer of 
'malerfirmaet-worm.dk/IN' from 213.173.250.146#53: connected using 
10.42.2.5#2882
01-jul-2009 16:16:51.924 general: info: zone malerfirmaet-worm.dk/IN: 
transferred serial 2009070101
01-jul-2009 16:16:51.924 xfer-in: info: transfer of 
'malerfirmaet-worm.dk/IN' from 213.173.250.146#53: Transfer completed: 1 
messages, 10 records, 271 bytes, 0.234 secs (1158 bytes/sec)
01-jul-2009 22:15:38.002 general: info: zone univision.dk/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:15:38.002 general: info: zone univision.dk/IN: Transfer 
started.
01-jul-2009 22:15:58.940 xfer-in: error: transfer of 'univision.dk/IN' 
from 213.173.250.146#53: failed to connect: timed out
01-jul-2009 22:15:58.940 xfer-in: info: transfer of 'univision.dk/IN' 
from 213.173.250.146#53: Transfer completed: 0 messages, 0 records, 0 
bytes, 20.937 secs (0 bytes/sec)
01-jul-2009 22:16:00.784 general: info: zone 6by-noegletal.dk/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)
01-jul-2009 22:16:01.784 general: info: zone xn--sloth-mller-mgb.com/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)
01-jul-2009 22:16:15.237 general: info: zone hjerteklinikken.dk/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)
01-jul-2009 22:16:21.987 general: info: zone telenyheder.dk/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:16:29.877 general: info: zone godnatlilleskat.dk/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)
01-jul-2009 22:16:37.018 general: info: zone enthuse.info/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:16:48.893 general: info: zone jakobkihl.dk/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:17:17.987 general: info: zone teamkgb.dk/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:17:18.487 general: info: zone sedac.dk/IN: refresh: retry 
limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:17:23.924 general: info: zone mcafee-ug.dk/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:32:27.987 general: info: zone tasteservice.dk/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)
01-jul-2009 22:32:31.784 general: info: zone all-ip.dk/IN: refresh: 
retry limit for master 213.173.250.146#53 exceeded (source 0.0.0.0#0)
01-jul-2009 22:32:32.284 general: info: zone holbaekcamii.dk/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)
01-jul-2009 22:32:36.721 general: info: zone liquidhammer.at/IN: 
refresh: retry limit for master 213.173.250.146#53 exceeded (source 
0.0.0.0#0)




Master log
---
01-jul-2009 16:14:46.518 general: info: received control channel command 
'reconfig'
01-jul-2009 16:14:46.533 general: info: loading configuration from 
'C:\Windows\system32\dns\etc\named.conf'
01-jul-2009 16:14:46.580 general: info: using default UDP/IPv4 port 
range: [1024, 65535]
01-jul-2009 16:14:46.580 general: info: using default UDP/IPv6 port 
range: [1024, 65535]

01-jul-2009 16:14:46.721 general: info: reloading configuration succeeded
01-jul-2009 16:14:46.721 general: info: zone malerfirmaet-worm.dk/IN: 
loaded serial 2009070101
01-jul-2009 16:14:46.721 general: info: any newly configured zones are 
now loaded
01-jul-2009 16:14:46.752 notify: in

Re: IPv6 reverse delegation

2009-07-02 Thread Niall O'Reilly


Akolinare wrote:

Hello Mark,

thank you very much for your quick answer.
I'm sorry for express unclear.

Creating of the reverse zone file is good documented and no problem. Both
nameserver are already set up and work fine, except that the queries for the
special subnets are not delegate from the Master to the "smaller" nameserver.


If you want to have delegation from the parent zone (not
"Master": that means something else), you need to place
NS records in the parent zone which refer to the particular
name servers which will serve the more specific reverse-DNS
zones.

/Niall
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

bind-users <-> comp.protocols.dns.bind stopped?

2009-07-02 Thread Sam Wilson

I note that the last posting in comp.protocols.dns.bind seems to have 
been on 4-Jun-09, both on my local news server and on Google Groups.  I 
can't see any relevant announcements in the archive.  What's happened?

Sam
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Options for timeout in Bind/DNS

2009-07-02 Thread Kevin Darcy


TPZ wrote:

Dnia 1-07-2009 o godz. 19:02 Kevin Darcy napisał(a):
  

TPZ wrote:


Are there any options for Bind to configure timeout for DNS requests?


  
  

Short answer: not as far as I know.

Hopefully you understand that it's the DNS clients, and not BIND itself,
that implement the main timeout/retry strategy for a DNS query
transaction. Send a request, if it times out, try another resolver in
the resolver list, or retry the request. The main determinant of whether
a request succeeds or fails, therefore, in the face of slow or
unavailable upstream nameservers, is the client resolver's
configuration, not BIND's. The applications which call the resolver
routines on those clients, may also have their own timeout values, which
can sometimes be significantly shorter than what is set in the client
resolver. Therefore they will timeout the lookup request before the
client resolver would have abandoned it.

BIND itself will time out and fail over quickly -- on the order of
milliseconds -- between the nameservers it talks to. It will also keep
track, in its cache, of what nameservers are responding slowly, or which
are giving invalid answers, and de-prioritize or avoid nameservers in
those respective categories. So, in practical terms, it is "self-tuning"
over time, and in a way that is far more sophisticated than setting a
single "timeout" value could ever hope to accomplish.

- Kevin

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



Thank you for explain.
I experienced some problems with i.e. SSH, because there is an option 
set by default #UseDNS yes. And when DNS is not available (ie via 
/etc/resolv.conf) it is about 30 seconds timeout. Even if you connect 
like this "ssh u...@192.168.100.12" (without DNS domain name) 
application trying contact DNS.

Are you agree with me?
  
That has very little to do with the timeouts set in BIND itself. You 
need to have multiple servers in /etc/resolv.conf, and an intelligent 
failover strategy. Typically, we put 2 local servers in /etc/resolv.conf 
(to deal with a single server failure at that location, the most common 
case), followed by an off-site server as the third entry (to deal with 
the less-common situation of the server farm being isolated from 
wherever the client is, at that location). You have to consider the 
failure scenarios, their relative likelihood, and always bear in mind 
that the further down the resolver list you go, the more likely the app 
will have already failed before you get there. Having 10 entries in 
/etc/resolv.conf, for instance, while it may give the superficial 
appearance of bullet-proofing your nameserver against any failure 
scenario, may actually add little or no value over 3 or 4 entries. And 
it would probably be somewhat harder to keep up to date, if you 
re-address nameservers frequently or semi-frequently, as we do.


Another approach to consider, if you have such facilities available, or 
can afford to build new infrastructure, is to put your nameservers 
behind hardware load-balancers. Or use the "anycast" approach as the 
Internet root and TLD nameservers do (I don't have any personal 
experience with "anycast", and I know that that approach has its 
detractors, I'm just throwing it out there as an idea to consider).


If your nameservers and/or network are unreliable, then you might 
consider fiddling with the timeout/retry parameters in /etc/resolv.conf, 
if the resolver library on your platform actually recognizes those 
options (check your man page for /etc/resolv.conf, or the equivalent 
documentation for your platform). But, again, this has very little to do 
with the configuration of BIND itself, and, ultimately, if your 
name-resolution architecture is unreliable, you're going to continue to 
have problems like this, and ssh is only going to be one the victims, 
albeit the one which might be most visible to you as a system administrator.



- Kevin


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: IPv6 reverse delegation

2009-07-02 Thread Mark Andrews


In message , "=?gbk?B?Z2VsZW5iZXJ0YW5n
?=" writes:
> I do a test in my DNS server.
>  
> [r...@local197 ~]# dig -x @localhost a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6
> ;; connection timed out; no servers could be reached

Bad command line.

> [r...@local197 ~]# dig -x @localhost 2001:470:1f00:820:6470:77b8:9184:406a

Bad command line.

dig @localhost -x 2001:470:1f00:820:6470:77b8:9184:406a

is what you wanted. The address should be immediately after
the -x.

; <<>> DiG 9.3.6-P1 <<>> -x 2001:470:1f00:820:6470:77b8:9184:406a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18291
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN 
PTR

;; ANSWER SECTION:
a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 
IN PTR sapphire.dv.isc.org.

;; AUTHORITY SECTION:
0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN NS ns-ext.isc.org.
0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN NS ns-int.isc.org.

;; ADDITIONAL SECTION:
ns-ext.isc.org. 41002   IN  A   204.152.184.64
ns-ext.isc.org. 41002   IN  2001:4f8:0:2::13

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul  3 09:08:28 2009
;; MSG SIZE  rcvd: 209

> [r...@local197 ~]# dig @localhost 2001:470:1f00:820:6470:77b8:9184:406a ptr
>  
> ; <<>> DiG 9.3.3rc2 <<>> @localhost 2001:470:1f00:820:6470:77b8:9184:406a ptr
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached

Bad command line.  Missing the -x.
  
> Why I can't query the correct result?
>  
> My configuration look like follows:
>  
>   1 $TTL86400
>   2 @   IN SOA  tzqian.com.   root (
>   3 2009042105  ; serial (d. 
> adams)
>   4 3H  ; refresh
>   5 15M ; retry
>   6 1W  ; expiry
>   7 1D ); minimum
>   8
>   9 IN NS   localhost.
>  10 @   IN MX   10 mail.tzqian.com.
>  11 IN A192.168.0.197
>  12 ;   IN  ::1
>  13 www IN A192.168.0.197
>  14 mailIN A192.168.0.197
>  15 64/26   IN NS   ns.example.com.
>  16 $GENERATE 64-127 $ IN CNAME $.64/25
>  17 $GENERATE 1-20 $ IN A 121.14.2.111
>  18 ;And entries in the zone file will look like
>  19 a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6 PTR sapphire.dv.tzqian.com.
>  20
>  21 ;I would let the machines add their own PTR records.
>  22
>  23 ;The corresponding forward record is
>  24 sapphire.dv  2001:470:1f00:820:6470:77b8:9184:406a

You have a mix of forward and reverse zones here.

Here is a complete reverse zone.

$TTL 3600   ; 1 hour
$ORIGIN 0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
@   SOA bsdi.dv.isc.org. marka.isc.org. (
2008052600 ; serial
3600   ; refresh (1 hour)
1200   ; retry (20 minutes)
2419200; expire (4 weeks)
3600   ; minimum (1 hour)
)
@   NS  ns-ext.isc.org.
@   NS  ns-int.isc.org.
8.e.f.3.8.5.e.f.f.f.f.8.0.0.2.0 PTR freebsd.dv.isc.org.
c.d.b.f.9.d.e.f.f.f.2.2.4.1.2.0 PTR drugs.dv.isc.org.
d.2.0.c.9.1.e.f.f.f.9.2.0.e.2.0 PTR bsdi.dv.isc.org.
a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6 PTR sapphire.dv.isc.org.

The corresponding forward zone would be like this.

$TTL 3600
$ORIGIN dv.isc.org.
@   SOA bsdi.dv.isc.org. marka.isc.org. (
2007103995 86400 21600 2419200 86400 )
@   NS  ns-ext.isc.org.
@   NS  ns-int.isc.org.
localhost   A   127.0.0.1
localhost   ::1
bsdiA   211.30.172.21
bsdi2001:470:1f00:820:2e0:29ff:fe19:c02d
bsdi2001:470:1f00:::5a1
drugs   2001:470:1f00:820:214:22ff:fed9:fbdc
drugs   fd92:7065:b8e:0:214:22ff:fed9:fbdc
drugs   fe80::214:22ff:fed9:fbdc
freebsd 2001:470:1f00:820:200:8fff:fe58:3fe8
sapphire2001:470:1f00:820:6470:77b8:9184:406a


-- Original --  

>   
> From:  "Mark Andrews";
>   Dat

dns zone delegation

2009-07-02 Thread jittin...@gmail.com


Dear All

Domain "bluewin.ch" have registed 4  zone authoritative servers as follow

[Querying whois.nic.ch]
[whois.nic.ch]
whois: This information is subject to an Acceptable Use Policy.
See http://www.switch.ch/id/terms/aup.html


Domain name:
bluewin.ch

Holder of domain name:
Swisscom (Schweiz) AG
SCS-NIT-NIO-SVO-DNW Invoice Center
zuh. Matthias Leisi
Alte Tiefenaustr. 6
CH-3050 Bern
Switzerland
Contractual Language: German

Technical contact:
Swisscom (Schweiz) AG
SCS-NIT-NIO-SVO-DNW Invoice Center
zuh. Matthias Leisi
Alte Tiefenaustr. 6
CH-3050 Bern
Switzerland

*Name servers:
dns1.bluewin.ch [195.186.1.110]
dns2.bluewin.ch [195.186.1.111]
dns3.bluewin.ch [195.186.4.110]
dns4.bluewin.ch [195.186.4.111]*/
/

I have executed following command:

#nslookup
> server dns1.bluewin.ch
Default server: dns1.bluewin.ch
Address: 195.186.1.110#53
> set debug
> set norecure
> set type=ns
> bluewin.ch
Server: dns1.bluewin.ch
Address:195.186.1.110#53


   QUESTIONS:
   bluewin.ch, type = NS, class = IN
   ANSWERS:
   ->  bluewin.ch
   nameserver = dns2.bluewin.ch.
   ->  bluewin.ch
   nameserver = dns3.bluewin.ch.
   ->  bluewin.ch
   nameserver = dns1.bluewin.ch.
   ->  bluewin.ch
   nameserver = dns4.bluewin.ch.
   AUTHORITY RECORDS:
   ADDITIONAL RECORDS:

bluewin.ch  nameserver = dns2.bluewin.ch.
bluewin.ch  nameserver = dns3.bluewin.ch.
bluewin.ch  nameserver = dns1.bluewin.ch.
bluewin.ch  nameserver = dns4.bluewin.ch.

Zone Authorize server(dns1.bluewin.ch) has replied that there are 4  
zone authorize servers as in whois database


> set type=a
> www.bluewin.ch
Server: dns1.bluewin.ch
Address:195.186.1.110#53


   QUESTIONS:
   www.bluewin.ch, type = A, class = IN
   ANSWERS:
   AUTHORITY RECORDS:
   ->  www.bluewin.ch
   nameserver = zhbdzgss01.bluewin.ch.
   ->  www.bluewin.ch
   nameserver = zhhdzgss02.bluewin.ch.
   ->  www.bluewin.ch
   nameserver = zhbdzgss02.bluewin.ch.
   ->  www.bluewin.ch
   nameserver = zhhdzgss01.bluewin.ch.
   ADDITIONAL RECORDS:
   ->  zhbdzgss01.bluewin.ch
   internet address = 195.186.26.21
   ->  zhbdzgss02.bluewin.ch
   internet address = 195.186.26.22
   ->  zhhdzgss01.bluewin.ch
   internet address = 195.186.154.21
   ->  zhhdzgss02.bluewin.ch
   internet address = 195.186.154.22

Non-authoritative answer:
*** Can't find www.bluewin.ch: No answer

I  have queied a name www.bluewin.ch  type A  but it send back 4 
referrals in Authority Record then I change server to zhhdzgss02.bluewin.ch


> server zhhdzgss02.bluewin.ch
Default server: zhhdzgss02.bluewin.ch
Address: 195.186.154.22#53
> www.bluewin.ch
Server: zhhdzgss02.bluewin.ch
Address:195.186.154.22#53


   QUESTIONS:
   www.bluewin.ch, type = A, class = IN
   ANSWERS:
   ->  www.bluewin.ch
   internet address = 195.186.17.33
   AUTHORITY RECORDS:
   ADDITIONAL RECORDS:

Name:   www.bluewin.ch
Address: 195.186.17.33

It has replied an ip of www.bluewin.ch but if I send a query  name 
bluewin.ch type ns


> set type=ns
> bluewin.ch
Server: zhhdzgss02.bluewin.ch
Address:195.186.154.22#53


   QUESTIONS:
   bluewin.ch, type = NS, class = IN
   ANSWERS:
   AUTHORITY RECORDS:
   ADDITIONAL RECORDS:

*** Can't find bluewin.ch: No answer
>
It has replied that can not find


domain bluewin.ch have registered 4 zone authorize dns but when I query 
name www.bluewin.ch it send referral to others 4 .I have change to query 
from zhhdzgss02.bluewin.ch it can answer corretly but can not find ns  
record of bluewin.ch.Actually ns type and a of zone should be in same 
file of same dns server but in this case why dns1.bluewin.ch can replie 
ns but can not reply a record bluewin.ch and zhhdzgss02.bluewin.ch can 
reply a record of www.bluewin.ch but can not reply ns



Jittinan Suwanrueangsri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dns zone delegation

2009-07-02 Thread Mark Andrews


In message <4a4d98d9.3030...@gmail.com>, "jittin...@gmail.com" writes:
> This is a multi-part message in MIME format.
> Dear All
> 
> Domain "bluewin.ch" have registed 4  zone authoritative servers as follow
> 
> [Querying whois.nic.ch]
> [whois.nic.ch]
> whois: This information is subject to an Acceptable Use Policy.
> See http://www.switch.ch/id/terms/aup.html
> 
> 
> Domain name:
> bluewin.ch
> 
> Holder of domain name:
> Swisscom (Schweiz) AG
> SCS-NIT-NIO-SVO-DNW Invoice Center
> zuh. Matthias Leisi
> Alte Tiefenaustr. 6
> CH-3050 Bern
> Switzerland
> Contractual Language: German
> 
> Technical contact:
> Swisscom (Schweiz) AG
> SCS-NIT-NIO-SVO-DNW Invoice Center
> zuh. Matthias Leisi
> Alte Tiefenaustr. 6
> CH-3050 Bern
> Switzerland
> 
> *Name servers:
> dns1.bluewin.ch [195.186.1.110]
> dns2.bluewin.ch [195.186.1.111]
> dns3.bluewin.ch [195.186.4.110]
> dns4.bluewin.ch [195.186.4.111]*/
> /
> 
> I have executed following command:
> 
> #nslookup
>  > server dns1.bluewin.ch
> Default server: dns1.bluewin.ch
> Address: 195.186.1.110#53
>  > set debug
>  > set norecure
>  > set type=ns
>  > bluewin.ch
> Server: dns1.bluewin.ch
> Address:195.186.1.110#53
> 
> 
> QUESTIONS:
> bluewin.ch, type = NS, class = IN
> ANSWERS:
> ->  bluewin.ch
> nameserver = dns2.bluewin.ch.
> ->  bluewin.ch
> nameserver = dns3.bluewin.ch.
> ->  bluewin.ch
> nameserver = dns1.bluewin.ch.
> ->  bluewin.ch
> nameserver = dns4.bluewin.ch.
> AUTHORITY RECORDS:
> ADDITIONAL RECORDS:
> 
> bluewin.ch  nameserver = dns2.bluewin.ch.
> bluewin.ch  nameserver = dns3.bluewin.ch.
> bluewin.ch  nameserver = dns1.bluewin.ch.
> bluewin.ch  nameserver = dns4.bluewin.ch.
> 
> Zone Authorize server(dns1.bluewin.ch) has replied that there are 4  
> zone authorize servers as in whois database
> 
>  > set type=a
>  > www.bluewin.ch
> Server: dns1.bluewin.ch
> Address:195.186.1.110#53
> 
> 
> QUESTIONS:
> www.bluewin.ch, type = A, class = IN
> ANSWERS:
> AUTHORITY RECORDS:
> ->  www.bluewin.ch
> nameserver = zhbdzgss01.bluewin.ch.
> ->  www.bluewin.ch
> nameserver = zhhdzgss02.bluewin.ch.
> ->  www.bluewin.ch
> nameserver = zhbdzgss02.bluewin.ch.
> ->  www.bluewin.ch
> nameserver = zhhdzgss01.bluewin.ch.
> ADDITIONAL RECORDS:
> ->  zhbdzgss01.bluewin.ch
> internet address = 195.186.26.21
> ->  zhbdzgss02.bluewin.ch
> internet address = 195.186.26.22
> ->  zhhdzgss01.bluewin.ch
> internet address = 195.186.154.21
> ->  zhhdzgss02.bluewin.ch
> internet address = 195.186.154.22
> 
> Non-authoritative answer:
> *** Can't find www.bluewin.ch: No answer
>
> I  have queied a name www.bluewin.ch  type A  but it send back 4 
> referrals in Authority Record then I change server to zhhdzgss02.bluewin.ch

dns1.bluewin.ch does NOT serve www.bluewin.ch so it returned
a referral to the machines which do.  There is nothing wrong
with this answer.
 
>  > server zhhdzgss02.bluewin.ch
> Default server: zhhdzgss02.bluewin.ch
> Address: 195.186.154.22#53
>  > www.bluewin.ch
> Server: zhhdzgss02.bluewin.ch
> Address:195.186.154.22#53
> 
> 
> QUESTIONS:
> www.bluewin.ch, type = A, class = IN
> ANSWERS:
> ->  www.bluewin.ch
> internet address = 195.186.17.33
> AUTHORITY RECORDS:
> ADDITIONAL RECORDS:
> 
> Name:   www.bluewin.ch
> Address: 195.186.17.33
> 
> It has replied an ip of www.bluewin.ch but if I send a query  name 
> bluewin.ch type ns
> 
>  > set type=ns
>  > bluewin.ch
> Server: zhhdzgss02.bluewin.ch
> Address:195.186.154.22#53
> 
> 
> QUESTIONS:
> bluewin.ch, type = NS, class = IN
> ANSWERS:
> AUTHORITY RECORDS:
> ADDITIONAL RECORDS:
> 
> *** Can't find bluewin.ch: No answer
>  >
> It has replied that can not find

zhhdzgss02.bluewin.ch is a load balancer and it does NOT
fully implement the DNS protocol.  Basically the vendor
decided to cut corners and not do a proper job.  This causes
interoperability problems with nameservers which depend on
proper behaviour.  It also causes interoperability problems
with programs which check delegations.

It really isn't that hard to make a load balancer return
SOA and NS records for the zones delegated to it.

Mark
 
> domain bluewin.ch have registered 4 zone authorize dns but when I query 
> name www.bluewin.ch it send referral to others 4 .I have change to query 
> from zhhdzgss02.bluewin.ch it can answer corretly but can not find ns  
> record of bluewin.ch.Actually ns type and a of zone should be in same 
> file of same dns server but in this case why dns1.bluewin.ch can replie 
> ns but can not reply a re

Re: IPv6 reverse delegation

Re: IPv6 reverse delegation

Re: IPv6 reverse delegation

Re: Bind stops listening on TCP port 53 port 53

Re: IPv6 reverse delegation

bind-users <-> comp.protocols.dns.bind stopped?

Re: Options for timeout in Bind/DNS

Re: IPv6 reverse delegation

dns zone delegation

Re: dns zone delegation

10 matches

Site Navigation

Mail list logo

Footer information