Re: problem with bind book example

2009-09-24 Thread John Horne 
On Wed, 2009-09-23 at 15:17 -0700, Linda W wrote:
>
> In my main config it's in the section:
> root "." IN {
>   type hint;
>   file "root.hint";
> };
>
I don't have the BIND book to hand, but that should be:

 zone "." IN {




John.

-- 
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: problem with bind book example

2009-09-24 Thread Kevin Darcy 


Linda W wrote:

I was trying to auto load the root hints file on a cron job.

In the bind 4th ed. book, p 157, there's and example to use dig to create a
a file it calls db.cache
  


Specifically, the example is

$ dig @a.root-servers.net . ns > db.cache

I wouldn't cron that _as_is_. You should at least put a wrapper script 
around it to ensure that the "dig" actually worked and produced a 
non-zero-length file. Bonus points for keeping several generations of 
the file so that if something goes wrong, you can do forensics on where 
things went awry.

>From the text I understood it to be a 'roots.hint' file for startup.
It seems to have the same information but in a different order as the root.hints
file, but when I try to use it my named won't start.  
  
The name of the file doesn't matter; there's nothing magical about it. 
We usually call our hints file just "hints". But you could call it "joe" 
if you wanted to, or "throat-warbler-mangrove".

In the log I have evil messages saying many things are refused:
20-Sep-2009 23:37:07.050 xfer-in: error: transfer of 'ARPA/IN' from 
198.41.0.4#53
: failed while receiving responses: REFUSED
21-Sep-2009 02:22:08.919 xfer-in: error: transfer of 'in-addr.arpa/IN' from 
198.4
1.0.4#53: failed while receiving responses: REFUSED
21-Sep-2009 11:07:16.575 xfer-in: error: transfer of 'ARPA/IN' from 
128.8.10.90#5
3: failed while receiving responses: REFUSED
21-Sep-2009 11:07:17.096 xfer-in: error: transfer of 'ARPA/IN' from 
192.203.230.1
0#53: failed while receiving responses: REFUSED
21-Sep-2009 14:34:40.774 xfer-in: error: transfer of 'in-addr.arpa/IN' from 
198.4
1.0.4#53: failed while receiving responses: REFUSED
22-Sep-2009 02:34:19.939 xfer-in: error: transfer of 'in-addr.arpa/IN' from 
198.4
1.0.4#53: failed while receiving responses: REFUSED
22-Sep-2009 07:40:59.577 xfer-in: error: transfer of 'ARPA/IN' from 
198.41.0.4#53
: failed while receiving responses: REFUSED
22-Sep-2009 11:08:30.583 xfer-in: error: transfer of 'ARPA/IN' from 
128.8.10.90#5
3: failed while receiving responses: REFUSED
22-Sep-2009 11:08:31.077 xfer-in: error: transfer of 'ARPA/IN' from 
192.203.230.1
0#53: failed while receiving responses: REFUSED
22-Sep-2009 14:12:11.720 xfer-in: error: transfer of 'in-addr.arpa/IN' from 
128.8
.10.90#53: failed while receiving responses: REFUSED
22-Sep-2009 14:12:12.217 xfer-in: error: transfer of 'in-addr.arpa/IN' from 
192.2
03.230.10#53: failed while receiving responses: REFUSED
23-Sep-2009 14:18:13.797 general: notice: stopping command channel on 
127.0.0.1#9
53
23-Sep-2009 14:18:13.814 general: notice: exiting
  
Those log messages indicate that you have configured named to slave arpa 
and in-addr.arpa. The servers for those zones don't allow zone 
transfers, so you're getting "REFUSED". Consequently, the zone transfers 
are failing.


I don't think that has anything to do with your hints file.

Also, named exited more than 24 hours after the last REFUSED message. 
How do you interpret this as "named won't start"? It looks like a 
deliberate, orderly shutdown to me, after running more than 24 hours 
without any errors whatsoever.


Maybe you need to tune your logging. It might not be giving you enough 
information to give you a proper picture.



--

The addresses in the two files appear to be the same...so I don't understand 
why one works and the other does not?


In my main config it's in the section:
root "." IN {
type hint;
file "root.hint";
};
--- I change the file to 'root.db' (also tried a different name, root.cache), 
and it fails.  The root.db file has in it:



; <<>> DiG 9.5.0-P2 <<>> +nocomments +noquestion +norecurse @a.root-servers.net 
.
 NS
; (1 server found)
;; global options:  printcmd
.   518400  IN  NS  D.ROOT-SERVERS.NET.
.   518400  IN  NS  L.ROOT-SERVERS.NET.
.   518400  IN  NS  G.ROOT-SERVERS.NET.
.   518400  IN  NS  F.ROOT-SERVERS.NET.
.   518400  IN  NS  H.ROOT-SERVERS.NET.
.   518400  IN  NS  C.ROOT-SERVERS.NET.
.   518400  IN  NS  J.ROOT-SERVERS.NET.
.   518400  IN  NS  B.ROOT-SERVERS.NET.
.   518400  IN  NS  E.ROOT-SERVERS.NET.
.   518400  IN  NS  A.ROOT-SERVERS.NET.
.   518400  IN  NS  K.ROOT-SERVERS.NET.
.   518400  IN  NS  I.ROOT-SERVERS.NET.
.   518400  IN  NS  M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 360 IN  A   198.41.0.4
A.ROOT-SERVERS.NET. 360 IN  2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 360 IN  A   192.228.79.201
C.ROOT-SERVERS.NET. 360 IN  A   192.33.4.12
D.ROOT-SERVERS.NET. 360 IN  A   128.8.10.90
E.ROOT-SERVERS.NET. 360 IN

SERVFAIL on Dig DKIM Record

2009-09-24 Thread brad 
Hello,

A user recently asked me to add this record for them:

bh._domainkey.edweek.org NS pdns1.ultradns.net

I've done so, however, BIND is kicking out SERVFAILS when I dig it. I'm
running 9.6.1-P1, do I need to add a setting for BIND to accept this
subdomain delegation?

Thanks,
Brad
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread Kevin Darcy 

pdns1.ultradns.net is returning the SERVFAIL:

$ dig bh._domainkey.edweek.org any @pdns1.ultradns.net

; <<>> DiG 9.3.0 <<>> bh._domainkey.edweek.org any @pdns1.ultradns.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 384
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

I get the same thing for other types too (NS, TXT).

So, either it's a problem that ultradns.net needs to correct, or the 
user gave you the wrong information.



- Kevin


brad wrote:

Hello,

A user recently asked me to add this record for them:

bh._domainkey.edweek.org  NS 
pdns1.ultradns.net 


I've done so, however, BIND is kicking out SERVFAILS when I dig it. 
I'm running 9.6.1-P1, do I need to add a setting for BIND to accept 
this subdomain delegation?


Thanks,
Brad


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread brad 
Thanks Kevin, but shouldn't I be able to get info from my DNS server for
this record? I'm doing this and getting the SERVFAIL:

dig @dns1.irides.com bh._domainkey.edweek.org NS

On Thu, Sep 24, 2009 at 12:14 PM, Kevin Darcy  wrote:

> pdns1.ultradns.net is returning the SERVFAIL:
>
> $ dig bh._domainkey.edweek.org any @pdns1.ultradns.net
>
> ; <<>> DiG 9.3.0 <<>> bh._domainkey.edweek.org any @pdns1.ultradns.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 384
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> I get the same thing for other types too (NS, TXT).
>
> So, either it's a problem that ultradns.net needs to correct, or the user
> gave you the wrong information.
>
>
>- Kevin
>
> brad wrote:
>
>> Hello,
>>
>> A user recently asked me to add this record for them:
>>
>> bh._domainkey.edweek.org  NS
>> pdns1.ultradns.net 
>>
>> I've done so, however, BIND is kicking out SERVFAILS when I dig it. I'm
>> running 9.6.1-P1, do I need to add a setting for BIND to accept this
>> subdomain delegation?
>>
>> Thanks,
>> Brad
>>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread Matthew Horsfall 
brad wrote:
> Thanks Kevin, but shouldn't I be able to get info from my DNS server for
> this record? I'm doing this and getting the SERVFAIL:
>
> dig @dns1.irides.com  bh._domainkey.edweek.org

That's most likely because your nameserver is trying to recurse for you.
 Try this:

dig @dns1.irides.com bh._domainkey.edweek.org +norecurse

-- Matt
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread Bradley Caricofe 
Thanks guys...  :^ )

On Thu, Sep 24, 2009 at 12:32 PM, Matthew Horsfall wrote:

> brad wrote:
> > Thanks Kevin, but shouldn't I be able to get info from my DNS server for
> > this record? I'm doing this and getting the SERVFAIL:
> >
> > dig @dns1.irides.com  bh._domainkey.edweek.org
>
> That's most likely because your nameserver is trying to recurse for you.
>  Try this:
>
> dig @dns1.irides.com bh._domainkey.edweek.org +norecurse
>
> -- Matt
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread Kevin Darcy 
The info from the zone itself is always considered "better" than the 
same information from a delegation, so named is going out and trying to 
fetch it. When it encounters the SERVFAIL it passes it back to the invoker.


If you want to see the delegation record, put a +norec ("no recurse") on 
the dig command line. That prevents it from going out and fetching anything.



 - Kevin


brad wrote:
Thanks Kevin, but shouldn't I be able to get info from my DNS server 
for this record? I'm doing this and getting the SERVFAIL:


dig @dns1.irides.com  bh._domainkey.edweek.org 
 NS


On Thu, Sep 24, 2009 at 12:14 PM, Kevin Darcy > wrote:


pdns1.ultradns.net  is returning the
SERVFAIL:

$ dig bh._domainkey.edweek.org  any
@pdns1.ultradns.net 

; <<>> DiG 9.3.0 <<>> bh._domainkey.edweek.org
 any @pdns1.ultradns.net

;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 384
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

I get the same thing for other types too (NS, TXT).

So, either it's a problem that ultradns.net 
needs to correct, or the user gave you the wrong information.

 
 - Kevin


brad wrote:

Hello,

A user recently asked me to add this record for them:

bh._domainkey.edweek.org 
 NS pdns1.ultradns.net
 


I've done so, however, BIND is kicking out SERVFAILS when I
dig it. I'm running 9.6.1-P1, do I need to add a setting for
BIND to accept this subdomain delegation?

Thanks,
Brad




___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users