RE: Dual home DNS

2009-08-09 Thread Nasser Heidari 
Hay, 
I have solved my problem with query-source statement and bind view's.
Thanks you all .

-Original Message-
From: Doug Barton [mailto:do...@dougbarton.us] 
Sent: Sunday, August 09, 2009 12:15 AM
To: Nasser Heidari
Cc: bind-users@lists.isc.org
Subject: Re: Dual home DNS

Nasser Heidari wrote:
> Hi,
> 
> We have two sets of customer IP ranges, for example first one is
> 10.0.0.0 and second one is 20.0.0.0
> 
> I want to know is it possible that I have one DNS Server with two IP
> addresses in each range and whenever a client from 10.0.0.0 range send a
> DNS query, my DNS server uses it's 10.0.0.0 IP to send a recursive query
> out to resolve the address and vice versa?

It's not clear to me from your question whether you are talking about
a networking issue, or a dns answer issue. Can you clarify whether or
not you are trying to get named to send its answers out on the same
network as the question came from (which I believe it should do
automatically); or whether you are asking for named to change its
answers depending on what network the question came from.

If it's the latter question, the answer you already got here about
views is the right one.


hope this helps,

Doug


smime.p7s
Description: S/MIME cryptographic signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

name.c:1714: INSIST(nlabels == name->labels) failed

2009-08-09 Thread dinesh tech 
Hi All,

I have 3-servers all are running with the ISC-BIND-9.4.3-P1, two of are the
DNS master and slave server and third one is caching resolvers.

In Caching server I am seeing  below errors.

--
name.c:1714: INSIST(nlabels == name->labels) failed
named : exiting (due to assertion failure)
---

I have seen in the following link, in which for the same issue bug has
filed.

"https://lists.isc.org/pipermail/bind-users/2009-January/074573.html";


.Note: This same issue is also present on the BIND-9.6.1-P1 also


Could you please look at into this and when can we get the fix for this
issue.?

Regards
Dinesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Logging problem

2009-08-09 Thread Raven 
Hi all.
I have just deployed a bind installation (freebsd port v9.4.3-P2) and I
seem to be unable to have it log the queries.
This is the section I put in named.conf:

logging {
  channel munin_log {
file "/var/log/bind9/query.log" versions 7 size 100m;
severity dynamic;
print-time yes;  };

  category queries {
munin_log; };
};


What's weird is that if I start bind from the cli with 
"named -f -c /etc/namedb/named.conf -d 3"
then the queries are correctly logged to the desired file.
Any suggestions to fix this?

-RV

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging problem

2009-08-09 Thread Mark Andrews 

In message <1249836935.3123.24.ca...@osmosis.gnet.eu>, Raven writes:
> Hi all.
> I have just deployed a bind installation (freebsd port v9.4.3-P2) and I
> seem to be unable to have it log the queries.
> This is the section I put in named.conf:
> 
> logging {
>   channel munin_log {
> file "/var/log/bind9/query.log" versions 7 size 100m;
> severity dynamic;
> print-time yes;  };
> 
>   category queries {
> munin_log; };
> };
> 
> 
> What's weird is that if I start bind from the cli with 
> "named -f -c /etc/namedb/named.conf -d 3"
> then the queries are correctly logged to the desired file.
> Any suggestions to fix this?

Remove the severity clause.  "severity dynamic;" is only printed to when
debugging is enabled.

This is what I use.

channel query_channel { file "log/query" versions 5 size 1M; print-time yes; };
category queries { query_channel; };

Mark
> 
> -RV
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

A very basic question...

2009-08-09 Thread E Johnson 
From what I have read so far, I can see that this might be a very 
flame-worthy question, so please don't hurt me, I'm just a beginner...


I have read every howto that I can find on setting up a DNS server for a 
very small, 12 seats, network.  The DNS server just needs to be 
authoritative for the internal network and then it should forward 
external requests to the outside world.  Here is the question...


Most of the howtos say that I should setup a Root Zone so that I can 
access the Internet.  Then a small few of the howtos say that I should 
use the forwarder option to be able to access the Internet and they say 
that the Root Zone should not be used because the Root DNS servers 
aren't meant for that.


So, which is the best/proper way to do this?

Thanks,
Eric
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: A very basic question...

2009-08-09 Thread Doug Barton 
E Johnson wrote:
> From what I have read so far, I can see that this might be a very
> flame-worthy question, so please don't hurt me, I'm just a beginner...
> 
> I have read every howto that I can find on setting up a DNS server for a
> very small, 12 seats, network.  The DNS server just needs to be
> authoritative for the internal network and then it should forward
> external requests to the outside world.  Here is the question...
> 
> Most of the howtos say that I should setup a Root Zone so that I can
> access the Internet. 

You are either reading or mis-reading the wrong howtos. You don't have
to do anything special to enable recursion (looking up answers on the
wider Internet). Just configure your internal zone(s) and you should
be fine.

What you probably DO want to do is restrict recursion to your local
network. The easiest way to do that would be to add the following in
the options section of named.conf:

allow-query { localhost; localnets; };

Good luck,

Doug
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging problem

2009-08-09 Thread Doug Barton 
Raven wrote:
> Hi all.
> I have just deployed a bind installation (freebsd port v9.4.3-P2)

The port was updated to 9.4.3-P3 the same day it was released. That
version contains an important bug fix that you want. Please update
your ports tree and install the new version.

> and I
> seem to be unable to have it log the queries.
> This is the section I put in named.conf:
> 
> logging {
>   channel munin_log {
> file "/var/log/bind9/query.log" versions 7 size 100m;
> severity dynamic;

I agree with Mark that you don't want this. If all you're trying to
catch is queries you don't need to specify the severity at all.

> print-time yes;  };
> 
>   category queries {
> munin_log; };
> };
> 
> 
> What's weird is that if I start bind from the cli with 
> "named -f -c /etc/namedb/named.conf -d 3"
> then the queries are correctly logged to the desired file.

So I assume that when the logging is not working that you're using the
rc.d script? If you're not, you should be. That script runs named in a
chroot directory by default, and makes sure that all the necessary
subdirectories are created and have the right permissions. Make sure
you add:

named_enable=yes
named_program=/usr/local/sbin/named

to your /etc/rc.conf[.local] and then do '/etc/rc.d/named start' and
you should be fine.


Good luck,

Doug
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users