RNDC for 9.7.1 p2

[VERMA, ANAND (ANAND)]

Hi Experts,

After bind upgradation from 9.4.3p3 to 9.7.1p2 ,I am unable to check rndc 
status. Error Message:

rndc: connection to remote host closed
This may indicate that

* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.

Did I missed something?


Thanks and Regards

Anand 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: RNDC for 9.7.1 p2

[Cathy Almond]

Hi Anand.

It sounds like when did the upgrade that either you didn't install the 
new rndc utility, or it installed somewhere else rather than replacing 
the old one that you encounter first from your path variable?


If you did a make install, did you give configure the same parameters 
that you used when you built 9.4.3-P3?  I'd be inclined also to 
sanity-check that the newly running named is using the named.conf that 
you expected it to be using too.


Why 9.7.1-P2 rather than 9.7.2-P2 by the way?

Cathy

On 08/10/10 08:01, VERMA, ANAND (ANAND) wrote:

Hi Experts,

After bind upgradation from 9.4.3p3 to 9.7.1p2 ,I am unable to check rndc 
status. Error Message:

rndc: connection to remote host closed
This may indicate that

* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.

Did I missed something?


Thanks and Regards

Anand
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

[Sam Wilson]

In article ,
 David Miller  wrote:

> You can have a different TTL for each and every record, if you like, in 
> the same zone file with no includes (the $TTL directive can appear 
> multiple times).
> 
> e.g. :
> 
> $TTL 300; 5 mins
> *PTRhost-no-spec.example.com.
> $TTL 3600; 1 hour
> 17   PTR   mail.example.com.
> $TTL 1800; 30 mins
> 18   PTR   mail2.example.com.
> $TTL 86400;  1 day
> 19PTRwhatever.example.com
> 20PTRwhatever2.example.com
> 22PTRwhatever2.example.com

Or

$TTL 86400;  1 day
*300 PTRhost-no-spec.example.com.
17   3600PTR   mail.example.com.
18   1800PTR   mail2.example.com.
19   PTRwhatever.example.com
20   PTRwhatever2.example.com
22   PTRwhatever2.example.com

Or further variations.

Sam
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

dhcp Unable to add forward map from..connection refused

[tangonights]

hello everybody..

I was playing on my gentoo box: a couple of virtual machines, client and 
dhcp/bind server.
both services do their job - separately. I tried to configure the dynamic 
update, but my log said (weird things *highlighted):

named[17833]: starting BIND 9.4.3-P5 -u named -n 1
named[17833]: using up to 4096 sockets
named[17833]: loading configuration from '/etc/bind/named.conf'
*named[17833]: max open files (1024) is smaller than max sockets (4096)
named[17833]: listening on IPv4 interface lo, 127.0.0.1#53
*named[17833]: automatic empty zone: 0.IN-ADDR.ARPA
*named[17833]: automatic empty zone: 254.169.IN-ADDR.ARPA
*named[17833]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
*named[17833]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
*named[17833]: automatic empty zone: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
*named[17833]: automatic empty zone: 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
*named[17833]: automatic empty zone: D.F.IP6.ARPA
*named[17833]: automatic empty zone: 8.E.F.IP6.ARPA
*named[17833]: automatic empty zone: 9.E.F.IP6.ARPA
*named[17833]: automatic empty zone: A.E.F.IP6.ARPA
*named[17833]: automatic empty zone: B.E.F.IP6.ARPA
named[17833]: command channel listening on 127.0.0.1#953
named[17833]: zone 127.in-addr.arpa/IN: loaded serial 2008122601
amed[17833]: zone 1.168.192.in-addr.arpa/IN: loaded seril 50named[17833]: zone 
localarea.local/IN: NS 'localarea.local' has no address records (A or )
named[17833]: zone localarea.local/IN: loaded serial 50
named[17833]: zone localhost/IN: loaded serial 2008122601
named[17833]: running
*dhcpd: Unable to add forward map from pc-0251.localarea.local. to 
192.168.1.4: connection refused
dhcpd: dhcp.c(3998): non-null pointer
dhcpd: DHCPREQUEST for 192.168.1.4 from 08:00:27:aa:f6:64 (pc-0251) via eth0
dhcpd: DHCPACK on 192.168.1.4 to 08:00:27:aa:f6:64 (pc-0251) via eth0
dhcpd: Unable to add forward map from pc-0251.localarea.local. to 192.168.1.4: 
connection refused
dhcpd: dhcp.c(3998): non-null pointer
dhcpd: DHCPREQUEST for 192.168.1.4 from 08:00:27:aa:f6:64 (pc-0251) via eth0
dhcpd: DHCPACK on 192.168.1.4 to 08:00:27:aa:f6:64 (pc-0251) via eth0

I guess it was something wrong with my bind configuration, but google has not 
been my friend this time :-)

I post also my bind config files:

**
NAMED.CONF (192.168.1.0, domain localarea.local, server 192.168.1.250, client 
hostname pc-0251)
**
include "/etc/bind/rndc.key";

controls {
 inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
 };

options {
directory "/var/bind";

forwarders {
62.94.0.41;
62.94.0.42;
};
recursion   yes;
version "REFUSED";

listen-on-v6 { none; };
listen-on { 127.0.0.1; };

pid-file "/var/run/named/named.pid";
};

zone "." IN {
type hint;
file "named.cache";
};

zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};

zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};

zone "1.168.192.in-addr.arpa" {
type master;
file "pri/192.168.1.zone";
allow-update { key "rndc-key"; };
notify yes;
};

zone "localarea.local" {
type master;
file "pri/localarea.local.zone";
allow-update { key "rndc-key"; };
notify yes;
};

*
LOCALAREA.LOCAL.ZONE
*
$TTL 86400
@   IN  SOA localarea.local.root.localarea.local. ( 
50 28800 7200 
604800 86400 )
NS  localarea.local.
pc-0250 IN  A   192.168.1.250
ns  IN  A   192.168.1.250
ldapsrv IN  A   192.168.1.250

*
192.168.1.ZONE
*
$TTL 86400
@   IN  SOA localarea.local.root.localarea.local. ( 50 
28800 7200 604800 
86400 )
NS  localarea.local.
250 IN  PTR ns


and, just in case, my dhcpd.conf too:

server-identifier   server;
ddns-updateson;
ddns-update-style   interim;
ddns-domainname "localarea.local.";
ddns-rev-domainname "in-addr.arpa.";
ignore  client-updates;
include "/etc/bind/rndc.key";

zone localarea.local. {
primary 127.0.0.1;
key rndc-key;
}

option  domain-name "localarea.local.";
option  domain-name-servers 192.168.1.250, 62.94.0.41, 
62.94.0.42;
option  ip-forwarding   off;

default-lease-time  600;
max-lease-time  7200;

authoritative;
log-facilitylocal7;

subnet 192.168.1.0 netmask 255.255.255.0 {
range   192.168.1.251 192.168.1.254;
option  broadcast-address   192.168.1.255;
option  routers 192.168.1.254;
allow   u

Re: Performance hit on Query logging

[CT]

On 10/07/2010 05:40 PM, Eivind Olsen wrote:

--On 7. oktober 2010 16.55.54 -0500 groups  wrote:

One party thinks that disabling query logging will give enormous
performance gains, while 30% is a lot.. IMHO it is very negligible in CPU
cycles when the named process only is taking up > 10% CPU..
and less than 10% in RAM...
Just looking for any suggested tests..


I'm not an expert on this, so take whatever I say here with a grain of
salt :D

You could run some dnsperf / resperf
() ?
Do some runs without query logging, then some with it enabled. Do the
tests in the same way. A rather static way of doing it would be to run
resperf against something you _know_ you have in your cache (like,
looking up "localhost" or the reverse of 127.0.0.1 or whatever). Do it
from the same server, or from another server in the same subnet, so you
avoid network performance.
resperf has a report tool which can easily make some nice graphs for
you, showing when BIND starts to struggle with sending the replies, and
another graph to tell you the latency / delay in replies.
This should give you some numbers, to see how much query logging would
impact you.

Regards
Eivind Olsen

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Eivind

My servers run on ESX , wo I can clone the prod box and configure the 
tools..


Thank you for the link.. and response.

Charles
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dhcp Unable to add forward map from..connection refused

[Lyle Giese]

You are telling dhcp to talk to your DNS server at ip address
192.168.1.250 and it's not listening on that ip address. According to
your named.conf, it's only listening on 127.0.0.1.

Plus you need an A record for ns.localzone.local.

Lyle Giese
LCR Computer Services, Inc.

tangonig...@yahoo.it wrote:
> hello everybody..
>
> I was playing on my gentoo box: a couple of virtual machines, client and 
> dhcp/bind server.
> both services do their job - separately. I tried to configure the dynamic 
> update, but my log said (weird things *highlighted):
>
> named[17833]: starting BIND 9.4.3-P5 -u named -n 1
> named[17833]: using up to 4096 sockets
> named[17833]: loading configuration from '/etc/bind/named.conf'
> *named[17833]: max open files (1024) is smaller than max sockets (4096)
> named[17833]: listening on IPv4 interface lo, 127.0.0.1#53
> *named[17833]: automatic empty zone: 0.IN-ADDR.ARPA
> *named[17833]: automatic empty zone: 254.169.IN-ADDR.ARPA
> *named[17833]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
> *named[17833]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
> *named[17833]: automatic empty zone: 
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> *named[17833]: automatic empty zone: 
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> *named[17833]: automatic empty zone: D.F.IP6.ARPA
> *named[17833]: automatic empty zone: 8.E.F.IP6.ARPA
> *named[17833]: automatic empty zone: 9.E.F.IP6.ARPA
> *named[17833]: automatic empty zone: A.E.F.IP6.ARPA
> *named[17833]: automatic empty zone: B.E.F.IP6.ARPA
> named[17833]: command channel listening on 127.0.0.1#953
> named[17833]: zone 127.in-addr.arpa/IN: loaded serial 2008122601
> amed[17833]: zone 1.168.192.in-addr.arpa/IN: loaded seril 50named[17833]: 
> zone 
> localarea.local/IN: NS 'localarea.local' has no address records (A or )
> named[17833]: zone localarea.local/IN: loaded serial 50
> named[17833]: zone localhost/IN: loaded serial 2008122601
> named[17833]: running
> *dhcpd: Unable to add forward map from pc-0251.localarea.local. to 
> 192.168.1.4: connection refused
> dhcpd: dhcp.c(3998): non-null pointer
> dhcpd: DHCPREQUEST for 192.168.1.4 from 08:00:27:aa:f6:64 (pc-0251) via eth0
> dhcpd: DHCPACK on 192.168.1.4 to 08:00:27:aa:f6:64 (pc-0251) via eth0
> dhcpd: Unable to add forward map from pc-0251.localarea.local. to 
> 192.168.1.4: 
> connection refused
> dhcpd: dhcp.c(3998): non-null pointer
> dhcpd: DHCPREQUEST for 192.168.1.4 from 08:00:27:aa:f6:64 (pc-0251) via eth0
> dhcpd: DHCPACK on 192.168.1.4 to 08:00:27:aa:f6:64 (pc-0251) via eth0
>
> I guess it was something wrong with my bind configuration, but google has not 
> been my friend this time :-)
>
> I post also my bind config files:
>
> **
> NAMED.CONF (192.168.1.0, domain localarea.local, server 192.168.1.250, client 
> hostname pc-0251)
> **
> include "/etc/bind/rndc.key";
>
> controls {
>  inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
>  };
>
> options {
>   directory "/var/bind";
>
>   forwarders {
>   62.94.0.41;
>   62.94.0.42;
>   };
>   recursion   yes;
>   version "REFUSED";
>
>   listen-on-v6 { none; };
> listen-on { 127.0.0.1; };
>
>   pid-file "/var/run/named/named.pid";
> };
>
> zone "." IN {
>   type hint;
>   file "named.cache";
> };
>
> zone "localhost" IN {
>   type master;
>   file "pri/localhost.zone";
>   allow-update { none; };
>   notify no;
> };
>
> zone "127.in-addr.arpa" IN {
>   type master;
>   file "pri/127.zone";
>   allow-update { none; };
>   notify no;
> };
>
> zone "1.168.192.in-addr.arpa" {
>   type master;
>   file "pri/192.168.1.zone";
>   allow-update { key "rndc-key"; };
>   notify yes;
> };
>
> zone "localarea.local" {
>   type master;
>   file "pri/localarea.local.zone";
>   allow-update { key "rndc-key"; };
>   notify yes;
> };
>
> *
> LOCALAREA.LOCAL.ZONE
> *
> $TTL 86400
> @ IN  SOA localarea.local.root.localarea.local. ( 
> 50 28800 7200 
> 604800 86400 )
>   NS  localarea.local.
> pc-0250   IN  A   192.168.1.250
> nsIN  A   192.168.1.250
> ldapsrv   IN  A   192.168.1.250
>
> *
> 192.168.1.ZONE
> *
> $TTL 86400
> @ IN  SOA localarea.local.root.localarea.local. ( 50 
> 28800 7200 604800 
> 86400 )
>   NS  localarea.local.
> 250   IN  PTR ns
>
>
> and, just in case, my dhcpd.conf too:
>
> server-identifier server;
> ddns-updates  on;
> ddns-update-style interim;
> ddns-domainname   "localarea.local.";
> ddns-rev-domainname   "in-addr.arpa.";
> ignoreclient-updates;
> include   "/etc/bind/rndc.key";
>
> zone localarea.local. {
>   primary 127.0.0.1;
>   key rndc-key;
> }
>
> optiondoma

Re: dhcp Unable to add forward map from..connection refused

[tangonights]

GREAT!
it works like a charm now, thanks!

On Friday 8 October 2010 15:32:25 Lyle Giese wrote:
> You are telling dhcp to talk to your DNS server at ip address
> 192.168.1.250 and it's not listening on that ip address. According to
> your named.conf, it's only listening on 127.0.0.1.
> 
> Plus you need an A record for ns.localzone.local.
> 
> Lyle Giese
> LCR Computer Services, Inc.
> 
> tangonig...@yahoo.it wrote:
> > hello everybody..
> > 
> > I was playing on my gentoo box: a couple of virtual machines, client and
> > dhcp/bind server.
> > both services do their job - separately. I tried to configure the dynamic
> > update, but my log said (weird things *highlighted):
> > 
> > named[17833]: starting BIND 9.4.3-P5 -u named -n 1
> > named[17833]: using up to 4096 sockets
> > named[17833]: loading configuration from '/etc/bind/named.conf'
> > *named[17833]: max open files (1024) is smaller than max sockets (4096)
> > named[17833]: listening on IPv4 interface lo, 127.0.0.1#53
> > *named[17833]: automatic empty zone: 0.IN-ADDR.ARPA
> > *named[17833]: automatic empty zone: 254.169.IN-ADDR.ARPA
> > *named[17833]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
> > *named[17833]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
> > *named[17833]: automatic empty zone:
> > 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> > *named[17833]: automatic empty zone:
> > 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> > *named[17833]: automatic empty zone: D.F.IP6.ARPA
> > *named[17833]: automatic empty zone: 8.E.F.IP6.ARPA
> > *named[17833]: automatic empty zone: 9.E.F.IP6.ARPA
> > *named[17833]: automatic empty zone: A.E.F.IP6.ARPA
> > *named[17833]: automatic empty zone: B.E.F.IP6.ARPA
> > named[17833]: command channel listening on 127.0.0.1#953
> > named[17833]: zone 127.in-addr.arpa/IN: loaded serial 2008122601
> > amed[17833]: zone 1.168.192.in-addr.arpa/IN: loaded seril 50named[17833]:
> > zone localarea.local/IN: NS 'localarea.local' has no address records (A
> > or ) named[17833]: zone localarea.local/IN: loaded serial 50
> > named[17833]: zone localhost/IN: loaded serial 2008122601
> > named[17833]: running
> > *dhcpd: Unable to add forward map from pc-0251.localarea.local. to
> > 192.168.1.4: connection refused
> > dhcpd: dhcp.c(3998): non-null pointer
> > dhcpd: DHCPREQUEST for 192.168.1.4 from 08:00:27:aa:f6:64 (pc-0251) via
> > eth0 dhcpd: DHCPACK on 192.168.1.4 to 08:00:27:aa:f6:64 (pc-0251) via
> > eth0 dhcpd: Unable to add forward map from pc-0251.localarea.local. to
> > 192.168.1.4: connection refused
> > dhcpd: dhcp.c(3998): non-null pointer
> > dhcpd: DHCPREQUEST for 192.168.1.4 from 08:00:27:aa:f6:64 (pc-0251) via
> > eth0 dhcpd: DHCPACK on 192.168.1.4 to 08:00:27:aa:f6:64 (pc-0251) via
> > eth0
> > 
> > I guess it was something wrong with my bind configuration, but google has
> > not been my friend this time :-)
> > 
> > I post also my bind config files:
> > 
> > **
> > NAMED.CONF (192.168.1.0, domain localarea.local, server 192.168.1.250,
> > client hostname pc-0251)
> > **
> > include "/etc/bind/rndc.key";
> > 
> > controls {
> > 
> >  inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> >  };
> > 
> > options {
> > 
> > directory "/var/bind";
> > 
> > forwarders {
> > 
> > 62.94.0.41;
> > 62.94.0.42;
> > 
> > };
> > recursion   yes;
> > version "REFUSED";
> > 
> > listen-on-v6 { none; };
> > 
> > listen-on { 127.0.0.1; };
> > 
> > pid-file "/var/run/named/named.pid";
> > 
> > };
> > 
> > zone "." IN {
> > 
> > type hint;
> > file "named.cache";
> > 
> > };
> > 
> > zone "localhost" IN {
> > 
> > type master;
> > file "pri/localhost.zone";
> > allow-update { none; };
> > notify no;
> > 
> > };
> > 
> > zone "127.in-addr.arpa" IN {
> > 
> > type master;
> > file "pri/127.zone";
> > allow-update { none; };
> > notify no;
> > 
> > };
> > 
> > zone "1.168.192.in-addr.arpa" {
> > 
> > type master;
> > file "pri/192.168.1.zone";
> > allow-update { key "rndc-key"; };
> > notify yes;
> > 
> > };
> > 
> > zone "localarea.local" {
> > 
> > type master;
> > file "pri/localarea.local.zone";
> > allow-update { key "rndc-key"; };
> > notify yes;
> > 
> > };
> > 
> > *
> > LOCALAREA.LOCAL.ZONE
> > *
> > $TTL 86400
> > @   IN  SOA localarea.local.root.localarea.local. ( 
> > 50 28800 
7200
> > 604800 86400 )
> > 
> > NS  localarea.local.
> > 
> > pc-0250 IN  A   192.168.1.250
> > ns  IN  A   192.168.1.250
> > ldapsrv IN  A   192.168.1.250
> > 
> > *
> > 192.168.1.ZONE
> > *
> > $TTL 86400
> > @   IN  SOA localarea.local.root.localarea.local. ( 50 
> > 28800 7200 
604800
> > 86400 )
> > 
> > NS  localarea.local.
> > 
> > 250 IN  PTR ns
> > 
> > 
> > and, jus

Logging SERVFAIL Errors

[Barry Finkel]

On BIND 9.7.1-P2 I have in named.conf:

 channel query-errors-log {
 file "/var/log/named.query-errors.log" versions 3 size 200k;
 print-category yes;
 print-severity yes;
 print-time yes;
 severity info;
 };

 category query-errors { query-errors-log; };  // no default_syslog

Is this correct for logging queries that produce SERVFAIL?

I ran this query on the DNS server:

dns# dig klyuniv.ernet.in @t1dns2.anl.gov

; <<>> DiG 9.7.1-P2 <<>> klyuniv.ernet.in @t1dns2.anl.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7278
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;klyuniv.ernet.in.  IN  A

;; Query time: 1860 msec
;; SERVER: 130.202.101.37#53(130.202.101.37)
;; WHEN: Fri Oct  8 09:06:04 2010
;; MSG SIZE  rcvd: 34

dns# 

and there is nothing logged in

 /var/log/named.query-errors.log

Am I doing something wrong?  Thanks.
--
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory  Phone:+1 (630) 252-7277
9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
Argonne, IL   60439-4828 IBMMAIL:  I1004994

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging SERVFAIL Errors

[Torsten]

You have to set a debug level of at least 1 to capture SERVFAIL errors
in your logfile.


Ciao
Torsten


Am Fri,  8 Oct 2010 09:09:16 -0500 (CDT)
schrieb b19...@anl.gov (Barry Finkel):

> On BIND 9.7.1-P2 I have in named.conf:
> 
>  channel query-errors-log {
>  file "/var/log/named.query-errors.log" versions 3 size
> 200k; print-category yes;
>  print-severity yes;
>  print-time yes;
>  severity info;
>  };
> 
>  category query-errors { query-errors-log; };  // no
> default_syslog
> 
> Is this correct for logging queries that produce SERVFAIL?
> 
> I ran this query on the DNS server:
> 
> dns# dig klyuniv.ernet.in @t1dns2.anl.gov
> 
> ; <<>> DiG 9.7.1-P2 <<>> klyuniv.ernet.in @t1dns2.anl.gov
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7278
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;klyuniv.ernet.in.  IN  A
> 
> ;; Query time: 1860 msec
> ;; SERVER: 130.202.101.37#53(130.202.101.37)
> ;; WHEN: Fri Oct  8 09:06:04 2010
> ;; MSG SIZE  rcvd: 34
> 
> dns# 
> 
> and there is nothing logged in
> 
>  /var/log/named.query-errors.log
> 
> Am I doing something wrong?  Thanks.
> --
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory  Phone:+1 (630) 252-7277
> 9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
> Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
> Argonne, IL   60439-4828 IBMMAIL:  I1004994
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging SERVFAIL Errors

[Barry Finkel]

Am Fri,  8 Oct 2010 09:09:16 -0500 (CDT)
schrieb b19...@anl.gov (Barry Finkel):

>> On BIND 9.7.1-P2 I have in named.conf:
>> 
>>  channel query-errors-log {
>>  file "/var/log/named.query-errors.log" versions 3 size
>> 200k; print-category yes;
>>  print-severity yes;
>>  print-time yes;
>>  severity info;
>>  };
>> 
>>  category query-errors { query-errors-log; };  // no
>> default_syslog
>> 
>> Is this correct for logging queries that produce SERVFAIL?
>> 
>> I ran this query on the DNS server:
>> 
>> dns# dig klyuniv.ernet.in @t1dns2.anl.gov
>> 
>> ; <<>> DiG 9.7.1-P2 <<>> klyuniv.ernet.in @t1dns2.anl.gov
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7278
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>> 
>> ;; QUESTION SECTION:
>> ;klyuniv.ernet.in.  IN  A
>> 
>> ;; Query time: 1860 msec
>> ;; SERVER: 130.202.101.37#53(130.202.101.37)
>> ;; WHEN: Fri Oct  8 09:06:04 2010
>> ;; MSG SIZE  rcvd: 34
>> 
>> dns# 
>> 
>> and there is nothing logged in
>> 
>>  /var/log/named.query-errors.log
>> 
>> Am I doing something wrong?  Thanks.


and Torsten  replied:
>You have to set a debug level of at least 1 to capture SERVFAIL errors
>in your logfile.

I did

 ./rndc trace

and re-issued my query.  There was nothing in the

 /var/log/named.query-errors.log

log.  I then did another "trace" command to increase the debug level to
2, and a subsequent query command put nothing in the log.
--
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory  Phone:+1 (630) 252-7277
9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
Argonne, IL   60439-4828 IBMMAIL:  I1004994

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

test. please ignore

[alans]

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Equivalent query verbosity Bind vs Microsoft DNS (2008 Server)

[CT]

All..
We have 2008 M$ dns servers (running M$ DNS ) and bind servers on Linux
We are looking to tweak the M$ servers down to the same "level" as
the bind servers.. if possible..

the bind logging statement
-
 category lame-servers   { null; };
 category resolver { null; };
 category queries{ log_requests; };

channel log_requests
{
file "/var/log/named/queries.log" versions 10 size 100m;
print-time yes;
print-category yes;
print-severity yes;
};
-

So far, we have found the Microsoft KB198408 that says:

"The DNS server can generate a more detailed log than is practical to 
include in the Windows NT event log. This includes everything from 
simply including events excluded from the event log, to a summary of 
every packet in and out of the server."


It looks like there is a registry tweak needed..

Value:  LogLevel
   Added:SP4 (April 98)
   Type: DWORD (Bitfield)
   Default:  NoKey (Zero -- No logging)

   Function: Determines level of logging to file (Dns.log).
   #define DNS_LOG_LEVEL_ALL_PACKETS  0x
   #define DNS_LOG_LEVEL_NON_QUERY0x00fe
#define DNS_LOG_LEVEL_QUERY0x0001
   #define DNS_LOG_LEVEL_NOTIFY   0x0010
   #define DNS_LOG_LEVEL_UPDATE   0x0020
   #define DNS_LOG_LEVEL_QUESTIONS0x0100
   #define DNS_LOG_LEVEL_ANSWERS  0x0200
   #define DNS_LOG_LEVEL_SEND 0x1000
   #define DNS_LOG_LEVEL_RECV 0x2000
   #define DNS_LOG_LEVEL_UDP  0x4000
   #define DNS_LOG_LEVEL_TCP  0x8000
   #define DNS_LOG_LEVEL_DS_WRITE 0x0001
   #define DNS_LOG_LEVEL_DS_UPDATE0x0002
   #define DNS_LOG_LEVEL_FULL_PACKETS 0x0100
   #define DNS_LOG_LEVEL_WRITE_THROUGH0x8000

We will continue to search but hoped there might be some help on the list..

VR
Charles
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging SERVFAIL Errors

[Mark Andrews]

In message <20101008163912.378754d...@britaine.cis.anl.gov>, Barry Finkel write
s:
> Am Fri,  8 Oct 2010 09:09:16 -0500 (CDT)
> schrieb b19...@anl.gov (Barry Finkel):
> 
> >> On BIND 9.7.1-P2 I have in named.conf:
> >> 
> >>  channel query-errors-log {
> >>  file "/var/log/named.query-errors.log" versions 3 size
> >> 200k; print-category yes;
> >>  print-severity yes;
> >>  print-time yes;
> >>  severity info;
> >>  };
> >> 
> >>  category query-errors { query-errors-log; };  // no
> >> default_syslog
> >> 
> >> Is this correct for logging queries that produce SERVFAIL?
> >> 
> >> I ran this query on the DNS server:
> >> 
> >> dns# dig klyuniv.ernet.in @t1dns2.anl.gov
> >> 
> >> ; <<>> DiG 9.7.1-P2 <<>> klyuniv.ernet.in @t1dns2.anl.gov
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7278
> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >> 
> >> ;; QUESTION SECTION:
> >> ;klyuniv.ernet.in.  IN  A
> >> 
> >> ;; Query time: 1860 msec
> >> ;; SERVER: 130.202.101.37#53(130.202.101.37)
> >> ;; WHEN: Fri Oct  8 09:06:04 2010
> >> ;; MSG SIZE  rcvd: 34
> >> 
> >> dns# 
> >> 
> >> and there is nothing logged in
> >> 
> >>  /var/log/named.query-errors.log
> >> 
> >> Am I doing something wrong?  Thanks.
> 
> 
> and Torsten  replied:
> >You have to set a debug level of at least 1 to capture SERVFAIL errors
> >in your logfile.
> 
> I did
> 
>  ./rndc trace
> 
> and re-issued my query.  There was nothing in the
> 
>  /var/log/named.query-errors.log
> 
> log.  I then did another "trace" command to increase the debug level to
> 2, and a subsequent query command put nothing in the log.

Because your logging clause says to filter at "info".

> --
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory  Phone:+1 (630) 252-7277
> 9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
> Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
> Argonne, IL   60439-4828 IBMMAIL:  I1004994
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users