Re: Dig shows wrong ip
On Aug 3 2009, JINMEI Tatuya / 神明達哉 wrote:
At 03 Aug 2009 11:52:10 +0100,
Chris Thompson wrote:
will believe this answer (and cache it). This would only be proper
behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
potomacnetworks.com - which of course they aren't, but how is the poor
recursive nameserver to know that?
By seeing the aa bit of the response. We're aware of this problem and
have a patch to fix the behavior at the resolver side. The fix will
(hopefully) appear in next release versions of BIND9.
That will work nicely for the *.gtld-servers.net nameservers, but there
are others out there with even worse properties. I am thinking, for
example, of {a,b,c,d}.gtld.pro. To be honest, I don't know whether they
"promote glue to answer", but like the *.gtld-servers.net lot they
certainly "promote the delegation NS records to answer", and unlike
those they mark their responses as authoritative. Compare
$ dig +nocmd +nostats +norec ns advocaat.pro @a.gtld.pro
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60662
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;advocaat.pro. IN NS
;; ANSWER SECTION:
advocaat.pro. 14400 IN NS a.xtld.cz.
advocaat.pro. 14400 IN NS a.xtld.se.
advocaat.pro. 14400 IN NS b.xtld.cz.
advocaat.pro. 14400 IN NS b.xtld.se.
with
$ dig +nocmd +nostats +norec ns stanford.edu @a.gtld-servers.net
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21908
;; flags: qr; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;stanford.edu. IN NS
;; ANSWER SECTION:
stanford.edu. 172800 IN NS aerathea.stanford.edu.
stanford.edu. 172800 IN NS argus.stanford.edu.
stanford.edu. 172800 IN NS atalante.stanford.edu.
stanford.edu. 172800 IN NS avallone.stanford.edu.
;; ADDITIONAL SECTION:
aerathea.stanford.edu. 172800 IN A 152.3.104.250
argus.stanford.edu. 172800 IN A 171.64.7.115
atalante.stanford.edu. 172800 IN A 171.64.7.61
avallone.stanford.edu. 172800 IN A 171.64.7.88
and with the correct behavior
$ dig +nocmd +nostats +norec ns ac.uk @ns1.nic.uk
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2597
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
;ac.uk. IN NS
;; AUTHORITY SECTION:
ac.uk. 172800 IN NS ns.uu.net.
ac.uk. 172800 IN NS ws-fra1.win-ip.dfn.de.
ac.uk. 172800 IN NS ns0.ja.net.
ac.uk. 172800 IN NS ns3.ja.net.
ac.uk. 172800 IN NS sunic.sunet.se.
ac.uk. 172800 IN NS ns2.ja.net.
ac.uk. 172800 IN NS ns4.ja.net
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
cache vs acache in bind 9.4.3
Hello, Can you pls explain the difference between cache and acache (additional cache) under bind 9.4.3? Is it possible to see the content of each and how? Thank you ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.5.1-P3 upgrade woes?
Hi List, Has anyone experienced any instability with 9.5.1-P3? Specifically: socket.c:2413: INSIST(!sock->pending_recv) failed That occurred about 18hrs after an upgrade from 9.5.0-P2. I'm seeing it on more than one server (but same OS/pkgs). Am working it as a local server/OS issue but wanted to put out a feeler to see if anyone else has seen the same error since upgrading. This is on Solaris 9 x86 (I didn't pick it) using pkgs from SunFreeware. Thank you, -Gordon ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Questions: BIND Dynamic Update DoS
If you're running BIND 8 you're probably rooted anyway, a DoS just puts the nameserver out of its misery. - Kevin MontyRee wrote: The dynamic update vulnerability affects all BIND 9 versions, but what about BIND 8? Is it not affected or not tested? As I know, there is no effect at bind 8 version. Thanks. _ 메신저 10살 생일도 축하해 주시고,이벤트도 참여하세요~! http://im.msn.co.kr/im/main/mainCoverDetail.asp?BbsCode=bbs01&Seq=2688 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns zone delegation
The error message implies that "child.dns.com" is not a descendant of this zone's origin. You'd need to delegate "child.dns.com" from the "dns.com" zone, the "com" zone, or the root zone, depending on how your internal namespace is structured. Note that you can check a zone's validity without reloading/restarting the whole nameserver, via the named-checkzone utility in the BIND distribution. - Kevin Gopinath Achari wrote: Hi, i have configured a Master DNS server, i have also created records to delegate a zone to child dns server But when named service is started it says Jul 31 14:33:30 localhost named[21581]: dns.zone:9: ignoring out-of-zone data (child.dns.com) I am using bind-9.3.4-10.P1.el5_3.3. on Centos 5.2 Please help. Thanks in advance. how to delegate the zone, is there any other configuration needed my zone file ... $TTL86400 @ IN SOA dns.com. root.dns.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 360; Expire 86400 ); Minimum IN NS dns.com. child.dns.com. IN NS ns.child.dns.com. 101 IN PTR dns.com. @ IN A 192.168.1.101 ns.childIN A 192.168.1.107 www 0 IN A 192.168.1.101 www 0 IN A 192.168.1.102 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cache vs acache in bind 9.4.3
At 04 Aug 2009 12:49:41 -0400, "LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN" wrote: > Can you pls explain the difference between cache and acache > (additional cache) under bind 9.4.3? Is it possible to see the > content of each and how? "cache" is a widely-common DNS cache (I believe you can use google it, for example). The content of "cache" can be dumped via 'rndc dumpdb'. "acache" is BIND9's internal hot-spot cache to optimize building authoritative responses. There's currently no interface to view acache content. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: looking for libbind 6.0 prebuild for windows
dong wrote: > Hi All, > > I am working on a project need libresolv support on windows, and I tried > to build libbind 6.0 using mingw but failed. > So anyone know where to find a libbind 6.0 prebuild for windows? Or give > me some hints how to build libbind on windows. The last time I built this library was for BIND 8. I'd start with the last version of BIND 8 and build from there. There may even be a prebuilt binary. I suspect the dsp file for libbind in BIND 8 would be sufficient to build the newer library you'd probably need to make changes to it. Danny -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.5.1-P3 upgrade woes?
Hello, I think 9.5.0.x versions needed to be compiled with additional file descriptors; otherwise, socket issues were common on "busy" servers. Perhaps test bind-9.5.1p3 or bind-9.6.1p1, which I see listed for Sol9/x86 on sunfreeware. HTH From: "Ewasiuk, Gordon" To: bind-users@lists.isc.org Sent: Tuesday, August 4, 2009 1:46:44 PM Subject: 9.5.1-P3 upgrade woes? 9.5.1-P3 upgrade woes? Hi List, Has anyone experienced any instability with 9.5.1-P3? Specifically: socket.c:2413: INSIST(!sock->pending_recv) failed That occurred about 18hrs after an upgrade from 9.5.0-P2. I'm seeing it on more than one server (but same OS/pkgs). Am working it as a local server/OS issue but wanted to put out a feeler to see if anyone else has seen the same error since upgrading. This is on Solaris 9 x86 (I didn't pick it) using pkgs from SunFreeware. Thank you, -Gordon___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
