RE: about the dig
With "+trace" it still needs to know the list of root name servers to get started. Since that list is not built-in, it has to ask the local caching name server; as configured per /etc/resolv.conf ... (the list cannot be built-in, because some organisations work with an internal root. The local caching name server is the only one to know those "new" root's.) Kind regards, Marc Lampo -Original Message- From: Feng He [mailto:short...@gmail.com] Sent: 19 July 2011 07:54 AM To: Marc Lampo Cc: bind-users@lists.isc.org Subject: Re: about the dig at least from my point "dig hostname +trace" should work even if there is no resolv.conf entries. On Tue, Jul 19, 2011 at 1:39 PM, Marc Lampo wrote: > I guess not, since "it" does not work ;-) > > After deleting all entries, did you : > 1) dig @dns.name. ... > or > 2) dig @IP.address > or > 3) No "@..." argument used at all ? > > In cases 1 & 3, dig will need data from /etc/resolv.conf. > Only in case 2 dig can do without. > > Kind regards, > > Marc Lampo > > > -Original Message- > From: Feng He [mailto:short...@gmail.com] > Sent: 19 July 2011 07:33 AM > To: bind-users@lists.isc.org > Subject: about the dig > > Hi list, > > When I deleted all the entries in /etc/resolv.conf (I am using Linux), > dig can't work. > I was thinking since dig is a standard resolver, it should have the > capibility to follow the referrel from root, thus it will work fine > even there is no system dns resolving. > Am I right? > > Thanks. > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
On Tue, Jul 19, 2011 at 1:50 PM, Marc Lampo wrote: > the list cannot be built-in, because some organisations work with an > internal > root. The local caching name server is the only one to know those "new" > root's.) > I don't think so. BIND 9 has the built-in root list. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
Hi there, On Tue, 19 Jul 2011 wrote: > When I deleted all the entries in /etc/resolv.conf (I am using > Linux), dig can't work. > > I was thinking since dig is a standard resolver... man resolv.conf " If this file doesn't exist the only name server to be queried will be on the local machine; the domain name is determined from the hostname and the domain search path is constructed from the domain name." -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Patching bind for additional stats - any tips?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am very interested in hearing what you are looking for. I have some thoughts about "performance" measurements, mostly to answer the age-old question, "Are my servers working well?" Would you release the patches, and if so, would you be willing to work with the ISC BIND 9 team to see if we can find common ground and perhaps get your patches into BIND 9 releases quickly? - --Michael On 7/18/11 8:13 PM, Alex Kolchinski wrote: > Hi everyone - I'm at Google and currently starting on a mini-project to > get some more insight into how our BIND servers are performing. Our > first thoughts on how to add logging on metrics we're interested in are > currently to patch BIND to spit out the wanted stats directly from BIND > (data on each query, perhaps aggregated). An alternative to this would > be to try to match the incoming and outgoing request and response > packets and amass the data from that, but our attempts at data gathering > through sniffing have given unreliable results. (One alternative I've > stumbled upon is DSC - http://dns.measurement-factory.com/tools/dsc/ - > but I'm not sure yet how appropriate or effective it would be for our > needs, so if anyone has any thoughts, that would be much appreciated.) > > I've never worked with BIND before, so I'm looking over the code right > now figuring out which approach is going to be the most effective and > straightforward. Does anyone have any experience with something similar > and/or suggestions on approaches or considerations to think about? It's > looking like if the patch is going to be the way to go, simply modifying > BIND's stats-outputting functionality should be a good way to extend > what statistics we're getting, although I'm not sure on that count > either. Any thoughts? > > Thanks, everyone > -Alex > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOJTzQAAoJEDRzoY2A7tzbJqYH/1wfTSTp9VBz+VTurD4pJDpi Zsr2JY+jo/G6VPluAN5G1ZnjqvtVlmqoagSBy5nRtA0qkp9kGiWWboDA5b3uEnEK sqeAy7ns0j8Mp8Lp8i5WyxMSm1QiPQUO93sLoQqMcWwWVcVsw/oWM0OZnucvR/a2 puLR865BmFTtgp0gg/nzaCrls2J+8kY8nxmo2iSAEfn17v0H3T9DqHNwhFR3D4f6 /7V8nP8Ts0F0RRMPLLkx7K4qGNjTy7ha24P+2gzK/w/TkTbVLCXv8UJHK08f3TEM uW5LQJnsrOFxLDWHsXUrzS323sLQtQo616Rbw2PZwBM7Cx4x0UNgLFgAjlSzUU8= =D35/ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
authoritative server is not caching?
Hello, I want to make sure that if the authoritative server won't cache anything even if the authoritative answer from itself? Coz I saw the book Pro DNS and BIND says: The (authoritative) name server does not cache. thanks. Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
On Tue, Jul 19, 2011 at 2:47 PM, G.W. Haywood wrote: > > man resolv.conf > > " If this file doesn't exist the only name server to be queried will be on > the local machine; the domain name is determined from the > hostname and the domain search path is constructed from the domain > name." > Nothing around the resolv.conf, I was talking about dig. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
On 07/19/2011 06:32 AM, Feng He wrote: Hi list, When I deleted all the entries in /etc/resolv.conf (I am using Linux), dig can't work. I was thinking since dig is a standard resolver, it should have the capibility to follow the referrel from root, thus it will work fine even there is no system dns resolving. Am I right? No. "dig" is a test tool. It is not a recursive resolver. It does not contain a list of root hints, and always starts a query at a nameserver you give it, either explicitly via the @server command line, or implicitly via /etc/resolv.conf Even when doing +trace. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: authoritative server is not caching?
On 2011-07-19 11:40, pa...@laposte.net wrote: Hello, I want to make sure that if the authoritative server won't cache > anything even if the authoritative answer from itself? Coz I saw > the book Pro DNS and BIND says: The (authoritative) name server > does not cache. Authoritative server cannot cache anser from itself. Cache is for answers a server has received from somewhere, while authoritative answers come directly from zone data. Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: authoritative server is not caching?
On Tue, Jul 19, 2011 at 11:40:02AM +0200, pa...@laposte.net wrote a message of 11 lines which said: > I want to make sure that if the authoritative server won't cache > anything even if the authoritative answer from itself? I'm sorry but this sentence seems quite difficult to parse. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
On 7/19/2011 1:16 AM, Feng He wrote: On Tue, Jul 19, 2011 at 1:50 PM, Marc Lampo wrote: the list cannot be built-in, because some organisations work with an internal root. The local caching name server is the only one to know those "new" root's.) I don't think so. BIND 9 has the built-in root list. BIND is the name of a collection of DNS related software and consists of many pieces, which named and dig are but two of them. To the best of my knowledge, only named has a root list built-in, which can be overwritten by the proper use of config directives in named.conf. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind version problem
Hi, If Bind version of primary dns is "bind-libs-9.3.6-16.P1.el5" and for secondary dns "bind-9.5.0-29.b2.fc9.i386". Is there create any problem?? Is it mandatory the same version for primary and secondary DNS. Regards - Mahmud ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind version problem
On 7/19/11 9:30 AM, "almah...@ranksitt.net" wrote: > Hi, > > If Bind version of primary dns is "bind-libs-9.3.6-16.P1.el5" and for > secondary dns "bind-9.5.0-29.b2.fc9.i386". > > Is there create any problem?? In general, it creates no problem. If you happen to use an RR for which support was added in 9.5, then you might have odd results. > Is it mandatory the same version for > primary and secondary DNS. No. It's not even mandatory that the primary and secondary both be running bind. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the dig
Feng: I think G.W is pointing out that in the absence of resolv.conf, dig uses the localhost to connect to the bind server. Just tcpdump the loopback interface, and you will see it. So the reason resolution works is because you are running bind on that server. It would not work on any client which isn't running bind. We generally put the entry in so we know where our DNS requests are going, the loopback or a real interface. In doesn't have to be that way, you don't have to use the bind server on the box itself. On 7/19/11 3:54 AM, Feng He wrote: > On Tue, Jul 19, 2011 at 2:47 PM, G.W. Haywood wrote: > >> man resolv.conf >> >> " If this file doesn't exist the only name server to be queried will be on >> the local machine; the domain name is determined from the >> hostname and the domain search path is constructed from the domain >> name." >> > Nothing around the resolv.conf, I was talking about dig. > Thanks. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- eugene tsuno NOAA Boulder/NOC 325 broadway, boulder,co 80305 303-497-6392 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind version problem
On Tue, Jul 19, 2011 at 08:30:17PM +0600, almah...@ranksitt.net wrote a message of 18 lines which said: > Is it mandatory the same version for primary and secondary DNS. It is not even mandatory for all the authoritative name servers to run BIND. They can be of different brands. That's the beauty of standard protocols. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
AAAA type query invalidates A records in name server cache
All, anyone experiencing the same behavior? Seen on BIND 9.5.2-P2 and BIND 9.8.0-P4 ns11:~ # nslookup -querytype=A xserv.ins.dell.com. . Non-authoritative answer: Name: xserv.ins.dell.com Address: 143.166.148.118 All ok. ns11:~ # nslookup -querytype= xserv.ins.dell.com. . ** server can't find xserv.ins.dell.com.: NXDOMAIN Now even the A queries fail. ns11:~ # nslookup -querytype=A xserv.ins.dell.com. . ** server can't find xserv.ins.dell.com.: NXDOMAIN Keeps failing until TTL timeout or rndc flushname xserv.ins.dell.com. ns11:~ # nslookup -querytype=A xserv.ins.dell.com. . Non-authoritative answer: Name: xserv.ins.dell.com Address: 143.166.148.118 Thanks, Patrick -- This e-mail message and any attachments are of a confidential nature. The information is intended for the named addressee exclusively. If you are not the addressee, you may not electronically disseminate, otherwise distribute or copy this e-mail message, and you may also not use it for any purpose. Please notify the sender immediately if you have received this e-mail message by mistake, and delete this e-mail message and its attachments. E-mail transmissions could be lost, intercepted, corrupted or destroyed. They could arrive late or incomplete, or could even contain viruses. Confidentiality and reliability of the information so transmitted cannot be guaranteed. Rothschild Bank therefore does not accept any liability or responsibility for errors or omissions regarding the information transmitted through e-mail. If verification of the information transmitted through e-mail is required, please ask for postal delivery by contacting Rothschild Bank.. This e-mail message is provided for information purposes only. It should not be construed as an offer or solicitation to buy or sell any financial instruments or services. It is not to be made available to US persons and is not to be circulated within the USA. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind version problem
> If Bind version of primary dns is "bind-libs-9.3.6-16.P1.el5" and for > secondary dns "bind-9.5.0-29.b2.fc9.i386". Something wrong there: "libs" vs. "server", but I assume you mean server for both. > Is it mandatory the same version for > primary and secondary DNS. Not unless you rely on a particular feature of the higher version. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: about the dig
Or as previously pointed out it WILL work if you specify a name server at invocation. That is to say you MUST either do "dig @..." OR have a resolve.conf that specifies servers to attempt if not specified at invocation. (And before anyone else says it - You can of course still specify a server at invocation to bypass the ones in /etc/resolv.conf.) -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of eugene tsuno Sent: Tuesday, July 19, 2011 10:53 AM To: bind-users@lists.isc.org Subject: Re: about the dig Feng: I think G.W is pointing out that in the absence of resolv.conf, dig uses the localhost to connect to the bind server. Just tcpdump the loopback interface, and you will see it. So the reason resolution works is because you are running bind on that server. It would not work on any client which isn't running bind. We generally put the entry in so we know where our DNS requests are going, the loopback or a real interface. In doesn't have to be that way, you don't have to use the bind server on the box itself. On 7/19/11 3:54 AM, Feng He wrote: > On Tue, Jul 19, 2011 at 2:47 PM, G.W. Haywood wrote: > >> man resolv.conf >> >> " If this file doesn't exist the only name server to be queried will be on >> the local machine; the domain name is determined from the >> hostname and the domain search path is constructed from the domain >> name." >> > Nothing around the resolv.conf, I was talking about dig. > Thanks. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- eugene tsuno NOAA Boulder/NOC 325 broadway, boulder,co 80305 303-497-6392 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AAAA type query invalidates A records in name server cache
On Tue, Jul 19, 2011 at 04:58:53PM +0200, mailsecurity wrote:
> All,
>
> anyone experiencing the same behavior?
I hope so, because that's the correct behavior. Dell's nameserver is broken:
http://tools.ietf.org/html/rfc4074
Common Misbehavior Against DNS Queries for IPv6 Addresses - May 2005
4.2. Return "Name Error"
This type of server returns a response with RCODE 3 ("Name Error") to
a query for an RR, indicating that it does not have any RRs of
any type for the queried name.
With this response, the stub resolver may immediately give up and
never fall back. Even if the resolver retries with a query for an A
RR, the negative response for the name has been cached in the caching
server, and the caching server will simply return the negative
response. As a result, the stub resolver considers this to be a
fatal error in name resolution.
fpdns says that Dell's servers are BIND, wonder if that's accurate, and if so,
how ancient a release, to have this bug?
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: AAAA type query invalidates A records in name server cache
This is because Dell has incorrectly configured their F5 GTM load balancers to return NXDOMAIN on a query instead of NOERROR (this is configurable on a per-wideip basis in the GTM configuration - at least in present versions. In earlier versions you had to ensure that you had a record of some type matching the wideip name in the BIND configuration so that when the GTM passed the query back to BIND it would return NOERROR). -Tim On Tue, Jul 19, 2011 at 7:58 AM, mailsecurity wrote: > All, > > anyone experiencing the same behavior? > > Seen on > > BIND 9.5.2-P2 and BIND 9.8.0-P4 > > > > ns11:~ # nslookup -querytype=A xserv.ins.dell.com. > > ….. > > Non-authoritative answer: > > Name: xserv.ins.dell.com > > Address: 143.166.148.118 > > > > All ok. > > > > ns11:~ # nslookup -querytype= xserv.ins.dell.com. > > ….. > > ** server can't find xserv.ins.dell.com.: NXDOMAIN > > > > Now even the A queries fail. > > ns11:~ # nslookup -querytype=A xserv.ins.dell.com. > > ….. > > ** server can't find xserv.ins.dell.com.: NXDOMAIN > > > > Keeps failing until TTL timeout or rndc flushname xserv.ins.dell.com. > > > > ns11:~ # nslookup -querytype=A xserv.ins.dell.com. > > ….. > > Non-authoritative answer: > > Name: xserv.ins.dell.com > > Address: 143.166.148.118 > > > > Thanks, > > Patrick > > -- > This e-mail message and any attachments are of a confidential nature. The > information is intended for the named addressee exclusively. If you are not > the addressee, you may not electronically disseminate, otherwise distribute > or copy this e-mail message, and you may also not use it for any purpose. > Please notify the sender immediately if you have received this e-mail > message by mistake, and delete this e-mail message and its attachments. > E-mail transmissions could be lost, intercepted, corrupted or destroyed. > They could arrive late or incomplete, or could even contain viruses. > Confidentiality and reliability of the information so transmitted cannot be > guaranteed. Rothschild Bank therefore does not accept any liability or > responsibility for errors or omissions regarding the information transmitted > through e-mail. > If verification of the information transmitted through e-mail is required, > please ask for postal delivery by contacting Rothschild Bank. > This e-mail message is provided for information purposes only. It should not > be construed as an offer or solicitation to buy or sell any financial > instruments or services. It is not to be made available to US persons and is > not to be circulated within the USA. > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AAAA type query invalidates A records in name server cache
On Jul 19 2011, mailsecurity wrote: All, anyone experiencing the same behavior? Seen on BIND 9.5.2-P2 and BIND 9.8.0-P4 ns11:~ # nslookup -querytype=A xserv.ins.dell.com. . Non-authoritative answer: Name: xserv.ins.dell.com Address: 143.166.148.118 All ok. ns11:~ # nslookup -querytype= xserv.ins.dell.com. . ** server can't find xserv.ins.dell.com.: NXDOMAIN Now even the A queries fail. ns11:~ # nslookup -querytype=A xserv.ins.dell.com. . ** server can't find xserv.ins.dell.com.: NXDOMAIN Keeps failing until TTL timeout or rndc flushname xserv.ins.dell.com. ns11:~ # nslookup -querytype=A xserv.ins.dell.com. . Non-authoritative answer: Name: xserv.ins.dell.com Address: 143.166.148.118 Yes, we had this reported last month (for premier.dell.co.uk which CNAME chains to vandom.ins.dell.com, but the effect is exactly the same). We reported it to dnsad...@dell.com on 28 June. Deafening silence. They should be returning "nodata" rather than NXDOMAIN for the query, of course. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: AAAA type query invalidates A records in name server cache
Will escalate via our Dell contact. Keep you posted about my success. Regards, Patrick -- This e-mail message and any attachments are of a confidential nature. The information is intended for the named addressee exclusively. If you are not the addressee, you may not electronically disseminate, otherwise distribute or copy this e-mail message, and you may also not use it for any purpose. Please notify the sender immediately if you have received this e-mail message by mistake, and delete this e-mail message and its attachments. E-mail transmissions could be lost, intercepted, corrupted or destroyed. They could arrive late or incomplete, or could even contain viruses. Confidentiality and reliability of the information so transmitted cannot be guaranteed. Rothschild Bank therefore does not accept any liability or responsibility for errors or omissions regarding the information transmitted through e-mail. If verification of the information transmitted through e-mail is required, please ask for postal delivery by contacting Rothschild Bank.. This e-mail message is provided for information purposes only. It should not be construed as an offer or solicitation to buy or sell any financial instruments or services. It is not to be made available to US persons and is not to be circulated within the USA. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: sort list and view
On 7/18/2011 11:42 PM, AMANI MOHAMED BIN SUWAIF wrote:
Hi,
I have the below scenario
_TCP.EXAMPLE.COMIN SRV1005060primary-sbg.example.com
_TCP.EXAMPLE.COMIN SRV2005060
secondary-sbg.example.com
I have 2 IP ranges and 2 SBGs host, my intention is
for client in IP range1
primary-sbg INA1.1.1.1
secondary-sbgINA2.2.2.2
for client in IP range2
primary-sbg INA2.2.2.2
secondary-sbgINA1.1.1.1
can this be achieved without using a views?
I thought this can be solved just by a sortlist, where
primary-sbgINA1.1.1.1
primary-sbgINA2.2.2.2
secondary-sbgINA2.2.2.2
secondary-sbgINA1.1.1.1
and then introduce the sortlist, which sorts the position of IP
addresses based on the IP range client comes from?
something like,
sortlist {
{
IPRANGE1; // 1st client IP selection matches any of these
{1.1.1.1; // return any of these response IPs as 1st preference
};
{
IPRANGE2; // 1st client IP selection matches any of these
{2.2.2.2; // return any of these response IPs as 1st preference
};
};
but in this case,
client from IPRANGE1 receive 1.1.1.1 as a first choice for both
primary-sbg and secondary-sbg
and
client from IPRANGE2 receive 2.2.2.2 as a first choice for both
primary-sbg and secondary-sbg
which is not the intention. sortlist doesn't not consider domain name.
The intention is to have primary SBG for first iprange act as a
secondary SBG for the second ip range and vice verse and in similar
manner for multiple IP ranges and SBGs. Problem with views is that
anytime this setup gets bigger and we will have additional ip ranges
and additional SBGs, it will require additional views...
(LOC)RANGEPRIMARY(LOC) SECONDARY(LOC)
(L1)IPRANGE1 SBG1(L1) SBG6(L2)
(L1)IPRANGE2 SBG2(L1) SBG7(L2)
(L1)IPRANGE3 SBG3(L1) SBG8(L2)
(L1)IPRANGE4 SBG4(L1) SBG9(L2)
(L1)IPRANGE5 SBG5(L1) SBG10(L2)
(L2)IPRANGE6 SBG6(L2) SBG1(L1)
(L2)IPRANGE7 SBG7(L2) SBG2(L1)
(L2)IPRANGE8 SBG8(L2) SBG3(L1)
(L2)IPRANGE9 SBG9(L2) SBG4(L1)
(L2)IPRANGE10 SBG10(L2) SBG5(L1)
half of the SBGs is in one location (L1) and half in other (L2),
that's why it is important that for clients from ranges in one
location, first half of SBGs is preferred, and for other clients from
second location other half of SBGs is preferred. Client configuration
should be uniformed (same SRV) regardless the location.
Are you over-engineering this? If the A-record failover by your client
is fast enough you might only need 1 SRV record, and then sortlisting
will work fine (subject to the usual caveats: as long as you can control
the sortlist config of every resolver your clients will use, and keep
them in sync).
- Kevin
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: sort list and view
Hi,
The problem is that fail-over between A records is not standard and
might/might not work with various SIP clients. On the other hand SRV in
my opinion has been designed with that in mind, that's why the
additional complexity with 2 SRV records.
Thanks & Regards,
*Amani*
On 7/20/2011 2:50 AM, Kevin Darcy wrote:
On 7/18/2011 11:42 PM, AMANI MOHAMED BIN SUWAIF wrote:
Hi,
I have the below scenario
_TCP.EXAMPLE.COMIN SRV1005060primary-sbg.example.com
_TCP.EXAMPLE.COMIN SRV2005060
secondary-sbg.example.com
I have 2 IP ranges and 2 SBGs host, my intention is
for client in IP range1
primary-sbg INA1.1.1.1
secondary-sbgINA2.2.2.2
for client in IP range2
primary-sbg INA2.2.2.2
secondary-sbgINA1.1.1.1
can this be achieved without using a views?
I thought this can be solved just by a sortlist, where
primary-sbgINA1.1.1.1
primary-sbgINA2.2.2.2
secondary-sbgINA2.2.2.2
secondary-sbgINA1.1.1.1
and then introduce the sortlist, which sorts the position of IP
addresses based on the IP range client comes from?
something like,
sortlist {
{
IPRANGE1; // 1st client IP selection matches any of these
{1.1.1.1; // return any of these response IPs as 1st preference
};
{
IPRANGE2; // 1st client IP selection matches any of these
{2.2.2.2; // return any of these response IPs as 1st preference
};
};
but in this case,
client from IPRANGE1 receive 1.1.1.1 as a first choice for both
primary-sbg and secondary-sbg
and
client from IPRANGE2 receive 2.2.2.2 as a first choice for both
primary-sbg and secondary-sbg
which is not the intention. sortlist doesn't not consider domain name.
The intention is to have primary SBG for first iprange act as a
secondary SBG for the second ip range and vice verse and in similar
manner for multiple IP ranges and SBGs. Problem with views is that
anytime this setup gets bigger and we will have additional ip ranges
and additional SBGs, it will require additional views...
(LOC)RANGEPRIMARY(LOC) SECONDARY(LOC)
(L1)IPRANGE1 SBG1(L1) SBG6(L2)
(L1)IPRANGE2 SBG2(L1) SBG7(L2)
(L1)IPRANGE3 SBG3(L1) SBG8(L2)
(L1)IPRANGE4 SBG4(L1) SBG9(L2)
(L1)IPRANGE5 SBG5(L1) SBG10(L2)
(L2)IPRANGE6 SBG6(L2) SBG1(L1)
(L2)IPRANGE7 SBG7(L2) SBG2(L1)
(L2)IPRANGE8 SBG8(L2) SBG3(L1)
(L2)IPRANGE9 SBG9(L2) SBG4(L1)
(L2)IPRANGE10 SBG10(L2) SBG5(L1)
half of the SBGs is in one location (L1) and half in other (L2),
that's why it is important that for clients from ranges in one
location, first half of SBGs is preferred, and for other clients from
second location other half of SBGs is preferred. Client configuration
should be uniformed (same SRV) regardless the location.
Are you over-engineering this? If the A-record failover by your client
is fast enough you might only need 1 SRV record, and then sortlisting
will work fine (subject to the usual caveats: as long as you can
control the sortlist config of every resolver your clients will use,
and keep them in sync).
- Kevin
___
Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Help with an error
Hi guys, I recently implemented an ordering of my own by providing an option similar to random and cyclic in the 'towiresorted' function and setting that order in the named.conf file by using rrset-order. The named binary is running fine and giving me the correct result while i use dig for eg. dig www.abcd.com. But while compiling using 'make' it gives me an error saying "undefined reference to 'my_function' " and "Leaving directory 'bind-9.8.0-P2/bin/dig' ". What may be wrong over here? Kindly help.. Regards, Vignesh. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
