Re: problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((
In article , Mark Andrews wrote: > If it is not a local DPI problem then the only other thing > is that domaincontrol.com in using anycast and one or more > of the sites is using using nameservers that don't respond > to EDNS queries or has a firewall that blocks EDNS queries. A few minutes poking around with traceroute.org finds the same two destinations that Mark does, one apparently in Washington DC or close by accessed via AboveNet, GBLX, Level3 and maybe others, and the other in or around Singapore, accessed via SingTel. Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I fake a part of domain?
On Thu, Jun 24, 2010 at 12:38:35AM +0200, Warren Kumari wrote: > On Jun 23, 2010, at 11:06 PM, Peter Macko wrote: > > How can I "fake" a part of domain? ... > Erm, are you *sure* that you want to do this? > > Really really sure? > It's probably a bad idea, but > > Step 1: Make yourself authoritative for www2, www3 -- in named.conf: ... > Step 2: Make zone files www2.example.com (and obviously, www3): ... > Step 3: Repeat "This was a bad idea and I feel dirty..." ... If your recursive resolving name server is different from your authoritative name server - as it should be - then there is a Step 4, which is to insert "forward" zone declarations for these zones into your recursive resolving name server. Then again, since you're already munging the configuration anyway, you could insert the zone definitions into the resolving name server ... but, nahhh, that really defeats predictability ["if I got hit by a truck, could they figure it out?"]. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: strange (to me) dns resolution problem
The machine in question is running bind 9.2.1. Thanks. - Hoover Chanhc...@mail.ewind.com -or- hc...@well.com Eastwind Associates P.O. Box 16646 voice: 415-731-6019 -or- 415-565-8936 San Francisco, CA 94116 - "Toto" wrote: > Am 23.06.2010 22:01, schrieb Hoover Chan: > > I have a strange problem where most things are working (i.e. I can > query and get the correct answers from DNS) but a few domains which > worked before have stopped working. Yet, when I go to another DNS > server, they do get resolved. > > > > Any pointer to where I should look first? Get a newer list of root > name servers? > > > > Thanks in advance. > > > > > > It would be helpful to have some more details (Bind version used, > configuration, failing fqdn, ...) > > > Ciao > Toto ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named-checkzone
Hi, im trying to get some ideas how I can exec named-checkzone on a zone file that has just been executed. We have com users who edit zone files but forget to run the command when they are do editing the file. Trying to figure out if anyone has a good way of enforcing that the zone gets checked after its been edited. Thanks Paul. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: named-checkzone
My suggestion is to create a backup copy of the (current) zone files in another directory. Only allow the users to edit those files, then execute a shell script that checks them, and only moves them to the production directory once the named-checkzone (and named-checkconf) works correctly. Otherwise, returns an error. The only thing we don't check is that the SOA serial has been incremented because our DNS file editor does that automatically... From: bind-users-bounces+gord.taylor=rbc@lists.isc.org [mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A Sent: 2010, June, 24 3:47 PM To: bind-us...@isc.org Subject: named-checkzone Hi, im trying to get some ideas how I can exec named-checkzone on a zone file that has just been executed. We have com users who edit zone files but forget to run the command when they are do editing the file. Trying to figure out if anyone has a good way of enforcing that the zone gets checked after its been edited. Thanks Paul. ___ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courriel peut contenir des renseignements protégés et confidentiels. Lexpéditeur ne renonce pas aux droits et obligations qui sy rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements quil contient par une personne autre que le destinataire désigné est interdite. Si vous recevez ce courriel par erreur, veuillez men aviser immédiatement, par retour de courriel ou par un autre moyen. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named-checkzone
I was thinking more instantaneous without moving things around. I looked at vim vimrc autocmd but I couldn’t get named-checkzone to execute and I would still have to somehow have named-checkzone look at the last zone that was edited. Good suggestion though. From: Taylor, Gord [mailto:gord.tay...@rbc.com] Sent: Thursday, June 24, 2010 4:32 PM To: P.A; bind-us...@isc.org Subject: RE: named-checkzone My suggestion is to create a backup copy of the (current) zone files in another directory. Only allow the users to edit those files, then execute a shell script that checks them, and only moves them to the production directory once the named-checkzone (and named-checkconf) works correctly. Otherwise, returns an error. The only thing we don't check is that the SOA serial has been incremented because our DNS file editor does that automatically... _ From: bind-users-bounces+gord.taylor=rbc@lists.isc.org [mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A Sent: 2010, June, 24 3:47 PM To: bind-us...@isc.org Subject: named-checkzone Hi, im trying to get some ideas how I can exec named-checkzone on a zone file that has just been executed. We have com users who edit zone files but forget to run the command when they are do editing the file. Trying to figure out if anyone has a good way of enforcing that the zone gets checked after its been edited. Thanks Paul. ___ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courriel peut contenir des renseignements protégés et confidentiels. L’expéditeur ne renonce pas aux droits et obligations qui s’y rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements qu’il contient par une personne autre que le destinataire désigné est interdite. Si vous recevez ce courriel par erreur, veuillez m’en aviser immédiatement, par retour de courriel ou par un autre moyen. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: named-checkzone
I was thinking more instantaneous without moving things around. I looked at vim vimrc autocmd but I couldn’t get named-checkzone to execute and I would still have to somehow have named-checkzone look at the last zone that was edited. Good suggestion though. From: Taylor, Gord [mailto:gord.tay...@rbc.com] Sent: Thursday, June 24, 2010 4:32 PM To: P.A; bind-us...@isc.org Subject: RE: named-checkzone My suggestion is to create a backup copy of the (current) zone files in another directory. Only allow the users to edit those files, then execute a shell script that checks them, and only moves them to the production directory once the named-checkzone (and named-checkconf) works correctly. Otherwise, returns an error. The only thing we don't check is that the SOA serial has been incremented because our DNS file editor does that automatically... _ From: bind-users-bounces+gord.taylor=rbc@lists.isc.org [mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A Sent: 2010, June, 24 3:47 PM To: bind-us...@isc.org Subject: named-checkzone Hi, im trying to get some ideas how I can exec named-checkzone on a zone file that has just been executed. We have com users who edit zone files but forget to run the command when they are do editing the file. Trying to figure out if anyone has a good way of enforcing that the zone gets checked after its been edited. Thanks Paul. ___ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courriel peut contenir des renseignements protégés et confidentiels. L’expéditeur ne renonce pas aux droits et obligations qui s’y rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements qu’il contient par une personne autre que le destinataire désigné est interdite. Si vous recevez ce courriel par erreur, veuillez m’en aviser immédiatement, par retour de courriel ou par un autre moyen. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: named-checkzone
If you wanted to throw CVS into the mix, it would make all this pretty easy. You can have it run scripts on checkin, and you know all the files changed from a cvs diff, so it’s easy to run that through the named-checkzone. CVS doesn’t have to make things much more complicated. You could create a script that when run (ex: vizone zonename) would checkout the zonefiles project, and open a vi for the session. then, when closed, it would checkin the zonefile and run the verification script. Heck, you could just alias “vi” to your script if that is all your user does with vi, or if you use a unique account for DNS changes. t. From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of P.A Sent: Thursday, June 24, 2010 4:38 PM To: 'Taylor, Gord'; bind-us...@isc.org Subject: named-checkzone I was thinking more instantaneous without moving things around. I looked at vim vimrc autocmd but I couldn’t get named-checkzone to execute and I would still have to somehow have named-checkzone look at the last zone that was edited. Good suggestion though. From: Taylor, Gord [mailto:gord.tay...@rbc.com] Sent: Thursday, June 24, 2010 4:32 PM To: P.A; bind-us...@isc.org Subject: RE: named-checkzone My suggestion is to create a backup copy of the (current) zone files in another directory. Only allow the users to edit those files, then execute a shell script that checks them, and only moves them to the production directory once the named-checkzone (and named-checkconf) works correctly. Otherwise, returns an error. The only thing we don't check is that the SOA serial has been incremented because our DNS file editor does that automatically... From: bind-users-bounces+gord.taylor=rbc@lists.isc.org [mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A Sent: 2010, June, 24 3:47 PM To: bind-us...@isc.org Subject: named-checkzone Hi, im trying to get some ideas how I can exec named-checkzone on a zone file that has just been executed. We have com users who edit zone files but forget to run the command when they are do editing the file. Trying to figure out if anyone has a good way of enforcing that the zone gets checked after its been edited. Thanks Paul. ___ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courriel peut contenir des renseignements protégés et confidentiels. Lexpéditeur ne renonce pas aux droits et obligations qui sy rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements quil contient par une personne autre que le destinataire désigné est interdite. Si vous recevez ce courriel par erreur, veuillez men aviser immédiatement, par retour de courriel ou par un autre moyen. - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ipv6 link-local addressing
Hi Folks, I am in the process of setting up an IPV6 testbed. It is comprised of w2k3r2 server vm's on an isolated virtual switch. As part of this process, i wish to confirm that bind (currently using 9.7.0-p2) can manage dns correctly for all ipv6 hosts. from ipconfig on each server, my ipv6 addresses appear as follows :- fe80::250:56ff:fea6:1dfc%4 fe80::250:56ff:fea6:236%5 fe80::250:56ff:fe97:233a%5 I have a test domain called ipv6.com in which I have the records defined like so in the zone file:- bind3600IN fe80::250:56ff:fea6:1dfc%4 www3600IN fe80::250:56ff:fea6:236%5 dba3600IN fe80::250:56ff:fe97:233a%5 This fails with errors like: 25-Jun-2010 7:58:17.284 dns_rdata_fromtext: C:\WINDOWS\system32\dns\etc\ipv6.com.db:46: near 'fe80::250:56ff:fea6:236%5': bad IPv6 address and the zone is not loaded due to errors. If i leave off the part on each from the % onwards, the zone loads up ok and names resolve, but of course can not be used to reach the intended devices as the resolved addresses are missing the "%5". I believe the "%5" part is called the "link-local" component of the address. Can you please advise the correct syntax to have bind9 return the full ipv6 address plus the link-local component. Kind Regards Rep ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ipv6 link-local addressing
On Fri, 2010-06-25 at 08:20 +1000, repudi8or repu wrote: > process, i wish to confirm that bind (currently using 9.7.0-p2) can > manage dns correctly for all ipv6 hosts. You don't really need to - it can. > If i leave off the part on each from the % onwards, the zone > loads up ok and names resolve, but of course can not be used to reach > the intended devices as the resolved addresses are missing the "%5". I > believe the "%5" part is called the "link-local" component of the > address. It's called the scope identifier. Link local addresses are not designed for this use - suggest you use static addressing (you have very few hosts), or put a DHCPv6 server or route advertiser into your little network and use DNS with global unicast addresses. The route advertiser would be simplest. As long as your network is truly isolated you can use whatever prefix you like, or if you wantto play safe go to sixxs and get a ULA prefix. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF signature.asc Description: This is a digitally signed message part ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: multi-master and ixfr-from-differences: failed: new serial (2010060900) out of range"
Another attempt. We get these quite often. Any idea where could be the problem? On 10.06.10 09:34, Matus UHLAR - fantomas wrote: > I run slaves for root zone on two machines, they behave as one of masters > for each other and for all our resurcive servers providing ixfr > (I work for an ISP so I think > it's feasible for us) and I ocationally get these error in log file: > > Jun 9 23:11:58 mydb02 named[1427]: general: error: zone ./IN: > ixfr-from-differences: failed: new serial (2010060900) out of range > [2010060901 - 4157544547] > Jun 9 23:11:58 mydb02 named[1427]: xfer-in: error: transfer of './IN' from > 192.228.79.201#53: failed while receiving responses: out of range > Jun 9 23:11:58 mydb02 named[1427]: xfer-in: info: transfer of './IN' from > 192.228.79.201#53: Transfer completed: 2 messages, 3564 records, 112157 > bytes, 1.812 secs (61896 bytes/sec) > > Jun 9 23:11:59 mydb02 named[1427]: general: info: zone ./IN: transferred > serial 2010060901 > Jun 9 23:11:59 mydb02 named[1427]: xfer-in: info: transfer of './IN' from > 192.5.5.241#53: Transfer completed: 3 messages, 3564 records, 125268 bytes, > 0.522 secs (239977 bytes/sec) > Jun 9 23:11:59 mydb02 named[1427]: notify: info: zone ./IN: sending notifies > (serial 2010060901) > > I wonder what should this mean. I have turned multi-master yes for this zone > so I expected that BIND should be quiet if the SOA on master is "smaller". > > However this looks like BIND notices higher serial on one of masters, but > then tried to fetch from different master where the SOA hasn't changed yet. > > Is ther an bug/issue with multiple masters configuration? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Quantum mechanics: The dreams stuff is made of. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: multi-master and ixfr-from-differences: failed: new serial (2010060900) out of range"
In message <20100625060415.ga18...@fantomas.sk>, Matus UHLAR - fantomas writes: > Another attempt. > > We get these quite often. Any idea where could be the problem? Turn off try-tcp-refresh. > > On 10.06.10 09:34, Matus UHLAR - fantomas wrote: > > I run slaves for root zone on two machines, they behave as one of masters > > for each other and for all our resurcive servers providing ixfr > > (I work for an ISP so I think > > it's feasible for us) and I ocationally get these error in log file: > > > > Jun 9 23:11:58 mydb02 named[1427]: general: error: zone ./IN: ixfr-from-di > fferences: failed: new serial (2010060900) out of range [2010060901 - 4157544 > 547] > > Jun 9 23:11:58 mydb02 named[1427]: xfer-in: error: transfer of './IN' from > 192.228.79.201#53: failed while receiving responses: out of range > > Jun 9 23:11:58 mydb02 named[1427]: xfer-in: info: transfer of './IN' from > 192.228.79.201#53: Transfer completed: 2 messages, 3564 records, 112157 bytes > , 1.812 secs (61896 bytes/sec) > > > > Jun 9 23:11:59 mydb02 named[1427]: general: info: zone ./IN: transferred s > erial 2010060901 > > Jun 9 23:11:59 mydb02 named[1427]: xfer-in: info: transfer of './IN' from > 192.5.5.241#53: Transfer completed: 3 messages, 3564 records, 125268 bytes, 0 > .522 secs (239977 bytes/sec) > > Jun 9 23:11:59 mydb02 named[1427]: notify: info: zone ./IN: sending notifi > es (serial 2010060901) > > > > I wonder what should this mean. I have turned multi-master yes for this zon > e > > so I expected that BIND should be quiet if the SOA on master is "smaller". > > > > However this looks like BIND notices higher serial on one of masters, but > > then tried to fetch from different master where the SOA hasn't changed yet. > > > > Is ther an bug/issue with multiple masters configuration? > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Quantum mechanics: The dreams stuff is made of. > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: strange (to me) dns resolution problem
> > Am 23.06.2010 22:01, schrieb Hoover Chan: > > > I have a strange problem where most things are working (i.e. I can > > query and get the correct answers from DNS) but a few domains which > > worked before have stopped working. Yet, when I go to another DNS > > server, they do get resolved. > > > > > > Any pointer to where I should look first? Get a newer list of root > > name servers? > > > > > > Thanks in advance. > - "Toto" wrote: > > It would be helpful to have some more details (Bind version used, > > configuration, failing fqdn, ...) On 24.06.10 09:29, Hoover Chan wrote: > The machine in question is running bind 9.2.1. There is your problem. You should upgrade to at least 9.4. If you want better answer, you must provide more information than just the firsst one. And, please, configure your mailer to wrap lines below 80 characters per line. 72 to 75 is usually OK. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
