date:20100207

mysql backend

2010-02-07 Thread fddi


Hello,
is anyone using a mysql backend for bind9 ?
how to setup it ?

thanks

Rick

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: mysql backend

2010-02-07 Thread Warren Kumari



On Feb 7, 2010, at 4:00 AM, fddi wrote:


Hello,
is anyone using a mysql backend for bind9 ?
how to setup it ?



http://lmgtfy.com/?q=mysql+backend+for+bind9


thanks

Rick

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: reverse Zone example!

2010-02-07 Thread Doug Barton


On 02/06/10 00:49, Alans wrote:

Hi everyone,

Anyone can give me an example of a reverse zone for a customer (have
their own DNS) from an ISP (own customers IP)?

Just want to make sure what is did is right or no? I’m a little confused
about the SOA and ns records in the zone file, should be ours (ISP) or
customers DNSs!


FYI, the reason that you haven't gotten a useful answer yet is that you 
haven't provided us enough information. 
http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames


In order to answer your question we need to know what kind of address 
blocks you're attempting to set up DNS for. I suspect that you're 
probably trying to set up DNS for something smaller than a /24, is that 
right? If you can respond with more details, it's likely we can help you.



Good luck,

Doug

--

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/

Computers are useless. They can only give you answers.
-- Pablo Picasso

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: reverse Zone example!

2010-02-07 Thread Alans

Hello,
I thought the reason is because it's weekend :)

I have a DNS for domain example.com
One of my customers have a domain customersdomain.com and they have their
own DNS (forward lookups)
They want me to add ptr (smaller than /24) for them

$TTL1W
$ORIGIN xx.yy.zz.IN-ADDR.ARPA.
@   IN  SOA ns1.example.com. root.example.com. ( << is
it correct?
2008082707
15M
10M
4W
1W )

xx.yy.zz.IN-ADDR.ARPA.  IN  NS  ns1.example.com.<<-
is it correct?

1 PTR ns1.customersdomain.com.
2 PTR ns2. customersdomain.com.

I only want to make sure that SOA and NS records are correct or is there any
wrong with above configuration?

Thanks,
Alans

-Original Message-
From: Doug Barton [mailto:do...@dougbarton.us] 
Sent: Sunday, February 07, 2010 10:13 PM
To: Alans
Cc: 'BIND Users Mailing List'
Subject: Re: reverse Zone example!

On 02/06/10 00:49, Alans wrote:
> Hi everyone,
>
> Anyone can give me an example of a reverse zone for a customer (have
> their own DNS) from an ISP (own customers IP)?
>
> Just want to make sure what is did is right or no? I'm a little confused
> about the SOA and ns records in the zone file, should be ours (ISP) or
> customers DNSs!

FYI, the reason that you haven't gotten a useful answer yet is that you 
haven't provided us enough information. 
http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames

In order to answer your question we need to know what kind of address 
blocks you're attempting to set up DNS for. I suspect that you're 
probably trying to set up DNS for something smaller than a /24, is that 
right? If you can respond with more details, it's likely we can help you.

Good luck,

Doug

-- 

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/

Computers are useless. They can only give you answers.
-- Pablo Picasso

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: reverse Zone example!

2010-02-07 Thread Doug Barton


On 02/07/10 12:03, Alans wrote:

Hello,
I thought the reason is because it's weekend :)


Hope springs eternal. :)


I have a DNS for domain example.com
One of my customers have a domain customersdomain.com and they have their
own DNS (forward lookups)


FYI, the forward domains have no relationship whatsoever to the reverses.


They want me to add ptr (smaller than /24) for them


You have now provided more information, but still not enough for a 
useful answer. Did you read the information at the web site I posted? 
There is no harm in just telling us what IP blocks you're working with, 
and if you don't, the answers we give you might not actually solve your 
problem.


For example, how many IP addresses are we talking about here, and how 
often might the reverse DNS information change? If you're only talking 
about a few addresses, and the forwards are not going to change often, 
it might be easier for you to just add the PTR records in your own 
reverse zone, assuming that the DNS information for that zone is 
delegated to you in the first place.


Assuming that you really do need to delegate the DNS for them, what you 
want is an "RFC 2317 delegation," which you can read about in, you 
guessed it, RFC 2317. :)  http://tools.ietf.org/html/rfc2317  If that 
doesn't answer all of your questions then to help you further we need 
you to provide us with the following:


1. What netblock is assigned to YOU?
2. What range do you want to delegate to the CUSTOMER?
3. Do you have a zone file for your netblock already?
4. What nameservers do you have the zone configured on now?

... and just in case it's not obvious yet, what you posted won't work, 
which is why we need to dig a little deeper.



hth,

Doug


-Original Message-
From: Doug Barton [mailto:do...@dougbarton.us]
Sent: Sunday, February 07, 2010 10:13 PM
To: Alans
Cc: 'BIND Users Mailing List'
Subject: Re: reverse Zone example!

On 02/06/10 00:49, Alans wrote:

Hi everyone,

Anyone can give me an example of a reverse zone for a customer (have
their own DNS) from an ISP (own customers IP)?

Just want to make sure what is did is right or no? I'm a little confused
about the SOA and ns records in the zone file, should be ours (ISP) or
customers DNSs!


FYI, the reason that you haven't gotten a useful answer yet is that you
haven't provided us enough information.
http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames

In order to answer your question we need to know what kind of address
blocks you're attempting to set up DNS for. I suspect that you're
probably trying to set up DNS for something smaller than a /24, is that
right? If you can respond with more details, it's likely we can help you.


Good luck,

Doug





--

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/

Computers are useless. They can only give you answers.
-- Pablo Picasso

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?

2010-02-07 Thread Ian B

The Bigpond nameserver server would now appear to be returning 'correct' data 
for the 'authority section'. Dig to my recursor gives:

$  dig dreamteam.afl.com.au

; <<>> DiG 9.3.4-P1 <<>> dreamteam.afl.com.au
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24819
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dreamteam.afl.com.au.  IN  A

;; ANSWER SECTION:
dreamteam.afl.com.au.   14  IN  CNAME   afl.virtualsports.com.au.
afl.virtualsports.com.au. 2997  IN  A   174.120.186.226
afl.virtualsports.com.au. 2997  IN  A   174.120.187.106
afl.virtualsports.com.au. 2997  IN  A   174.120.186.242
afl.virtualsports.com.au. 2997  IN  A   174.120.186.250
afl.virtualsports.com.au. 2997  IN  A   174.120.187.114
afl.virtualsports.com.au. 2997  IN  A   174.120.187.122
afl.virtualsports.com.au. 2997  IN  A   174.120.187.138
afl.virtualsports.com.au. 2997  IN  A   174.120.187.146
afl.virtualsports.com.au. 2997  IN  A   174.120.186.218
afl.virtualsports.com.au. 2997  IN  A   174.120.186.234
afl.virtualsports.com.au. 2997  IN  A   174.120.187.10
afl.virtualsports.com.au. 2997  IN  A   174.120.187.130

;; Query time: 1 msec
;; SERVER: 203.161.127.1#53(203.161.127.1)
;; WHEN: Mon Feb  8 09:15:24 2010
;; MSG SIZE  rcvd: 262



Dig off the authoratative nameserver for afl.com.au:

$ dig dreamteam.afl.com.au @ns1bpc.bigpond.com

; <<>> DiG 9.6.1-P2 <<>> dreamteam.afl.com.au @ns2bpc.bigpond.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33750
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dreamteam.afl.com.au.  IN  A

;; ANSWER SECTION:
dreamteam.afl.com.au.   30  IN  CNAME   afl.virtualsports.com.au.

;; AUTHORITY SECTION:
.   518400  IN  NS  E.ROOT-SERVERS.NET.
.   518400  IN  NS  F.ROOT-SERVERS.NET.
.   518400  IN  NS  G.ROOT-SERVERS.NET.
.   518400  IN  NS  H.ROOT-SERVERS.NET.
.   518400  IN  NS  I.ROOT-SERVERS.NET.
.   518400  IN  NS  J.ROOT-SERVERS.NET.
.   518400  IN  NS  K.ROOT-SERVERS.NET.
.   518400  IN  NS  L.ROOT-SERVERS.NET.
.   518400  IN  NS  M.ROOT-SERVERS.NET.
.   518400  IN  NS  A.ROOT-SERVERS.NET.
.   518400  IN  NS  B.ROOT-SERVERS.NET.
.   518400  IN  NS  C.ROOT-SERVERS.NET.
.   518400  IN  NS  D.ROOT-SERVERS.NET.

;; Query time: 53 msec
;; SERVER: 61.9.170.18#53(61.9.170.18)
;; WHEN: Mon Feb  8 08:57:31 2010
;; MSG SIZE  rcvd: 281


Ian.

--- On Fri, 5/2/10, Mark Andrews  wrote:

> From: Mark Andrews 
> Subject: Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
> To: "Ian B" 
> Cc: bind-users@lists.isc.org
> Received: Friday, 5 February, 2010, 2:47 PM
> 
> In message <260066.10841...@web63105.mail.re1.yahoo.com>,
> Ian B writes:
> > Hi All,
> > 
> > I found a post on this list from July 2009 with the
> subject:
> > "Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS
> problem?"
> > 
> > https://lists.isc.org/pipermail/bind-users/2009-July/077045.html
> > 
> > I'm having exactly the same issue but with hostname
> dreamteam.afl.com.au
> > 
> > A sample dig is as follows:
> > 
> > $ dig dreamteam.afl.com.au 
> > 
> > ; <<>> DiG 9.3.4-P1 <<>>
> dreamteam.afl.com.au
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status:
> NXDOMAIN, id: 22236
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
> ADDITIONAL: 0
> > 
> > ;; QUESTION SECTION:
> > ;dreamteam.afl.com.au.   
>     IN    A
> > 
> > ;; ANSWER SECTION:
> > dreamteam.afl.com.au.   
> 30    IN   
> CNAME    afl.virtualsports.com.au.
> > 
> > ;; AUTHORITY SECTION:
> > com.au.       
>     60    IN   
> SOA    stl-bpc-gslb1500-1.bigp
> > ond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 4
> 10800 3600 604800 60
> > 
> > ;; Query time: 53 msec
> > ;; SERVER: 203.161.127.1#53(203.161.127.1)
> > ;; WHEN: Fri Feb  5 11:29:24 2010
> > ;; MSG SIZE  rcvd: 147
> > 
> > 
> > My understanding of the issue is that the
> authoritative nameserver for dreamt
> > eam.afl.com.au is returning the incorrect data in the
> 'AUTHORITY SECTION' cau
> > sing PowerDNS to act unpredictably. Other DNS
> recursors may not have an issue
> > with this, as they overlook the error. Is that a
> correct understanding?
> 
> It looks like the two bigpond servers have been configured
> to serve
> a unofficial version of COM.AU.  Normal query
> processing then causes
> the servers to find the unofficial version o

A signed root zone and BIND

2010-02-07 Thread Mark Andrews


The root zone is in the process of being signed.  This is a staged
process, designed to allow end systems operators enough time to
detect and correct/replace any misconfigured/broken firewalls between
the recursive servers and the root servers.

When the root is signed, many of the responses will be larger than
some outdated firewalls will accept.  Named will still work through
such firewalls, but not as fast or as effectively as it should, as
it will need to adjust and retry queries multiple times in order
to determine what the firewall will allow through.

While signed zones have existed for some time (e.g. SE, BR, GOV and
ORG are all signed), with the root being signed all recursive
nameservers will now be potentially impacted.

Now is the time to test whether you are ready or not.  

L.ROOT-SERVERS.NET is the first of the root servers to switch to a
signed copy of the root zone.  This version of the root zone has
been made deliberately non validatable.  Its purpose is to allow
operators to test whether they can receive signed responses cleanly.

You can see whether your firewall will pass such responses by running
a series of queries using "dig" to mimic what named does on the
recursive server.

First, you should verify that you can talk to L.ROOT-SERVERS.NET
using plain DNS.  This will ensure that failures in the subsequent
tests are meaningful.

e.g.
dig +nodnssec +norec +ignore ns . @L.ROOT-SERVERS.NET

; <<>> DiG 9.3.6-P1 <<>> +nodnssec +norec +ignore ns . @L.ROOT-SERVERS.NET
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39974
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15

;; QUESTION SECTION:
;.  IN  NS

;; ANSWER SECTION:
.   518400  IN  NS  a.root-servers.net.
.   518400  IN  NS  b.root-servers.net.
.   518400  IN  NS  c.root-servers.net.
.   518400  IN  NS  d.root-servers.net.
.   518400  IN  NS  e.root-servers.net.
.   518400  IN  NS  f.root-servers.net.
.   518400  IN  NS  g.root-servers.net.
.   518400  IN  NS  h.root-servers.net.
.   518400  IN  NS  i.root-servers.net.
.   518400  IN  NS  j.root-servers.net.
.   518400  IN  NS  k.root-servers.net.
.   518400  IN  NS  l.root-servers.net.
.   518400  IN  NS  m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 518400  IN  A   198.41.0.4
b.root-servers.net. 518400  IN  A   192.228.79.201
c.root-servers.net. 518400  IN  A   192.33.4.12
d.root-servers.net. 518400  IN  A   128.8.10.90
e.root-servers.net. 518400  IN  A   192.203.230.10
f.root-servers.net. 518400  IN  A   192.5.5.241
g.root-servers.net. 518400  IN  A   192.112.36.4
h.root-servers.net. 518400  IN  A   128.63.2.53
i.root-servers.net. 518400  IN  A   192.36.148.17
j.root-servers.net. 518400  IN  A   192.58.128.30
k.root-servers.net. 518400  IN  A   193.0.14.129
l.root-servers.net. 518400  IN  A   199.7.83.42
m.root-servers.net. 518400  IN  A   202.12.27.33
a.root-servers.net. 518400  IN  2001:503:ba3e::2:30
f.root-servers.net. 518400  IN  2001:500:2f::f

;; Query time: 189 msec
;; SERVER: 2001:500:3::42#53(2001:500:3::42)
;; WHEN: Mon Feb  8 13:05:49 2010
;; MSG SIZE  rcvd: 492






Next we will see whether you can receive an answer that is greater than
512 bytes.  This test simulates how named makes its initial queries.
Most signed responses fit between 512 bytes and 1500 bytes and are
returned in a single un-fragmented UDP packet.  This test is designed
to check this case.

e.g.
dig +dnssec +norec +ignore ns . @L.ROOT-SERVERS.NET

; <<>> DiG 9.3.6-P1 <<>> +dnssec +norec +ignore ns . @L.ROOT-SERVERS.NET
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 381
;; flags: qr aa; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 21

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.  IN  NS

;; ANSWER SECTION:
.   518400  IN  NS  a.root-servers.net.
.   518400  IN  NS  b.root-servers.net.
.   518400  IN  NS  c.root-servers.net.
.   518400  IN  NS  d.root-servers.net.
.   518400  IN  NS  e.root-servers.net.
.   518400  IN  NS  f.root-servers.net.
.   518400  IN  NS  g.root-servers.net.
.   518400  IN

mysql backend

Re: mysql backend

Re: reverse Zone example!

RE: reverse Zone example!

Re: reverse Zone example!

Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?

A signed root zone and BIND

7 matches

Site Navigation

Mail list logo

Footer information