date:20120329

Re: slave not updating or creating ofd zone files

2012-03-29 Thread RYAN M. vAN GINNEKEN








Hello all i have what is to me a very strange bind 9 master slave transfer 
issue. 

When i update a zone file on the master the file updates correctly the notifies 
are sent and every thing seems to work perfectly except it transfers 0 bytes to 
the slave. Checking the slave confirms that indeed thier was no transfer and 
that the slave is still serving the old zone, i have gon as far as to 
completely delete the zone files from the slave and restart bind to my suprise 
it puts back all the old files. What is going on? Below is an example of one of 
the files that is not updating correctly there are many and some of file I have 
updated more recently are not even showing up in the logs of the server. 

On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted 
29-Mar-2012 06:03:39.461 general: info: zone jodygamracy.com/IN/external : 
loaded serial 2012031501 
29-Mar-2012 06:03:39.614 notify: info: zone jodygamracy.com/IN/external : 
sending notifies (serial 2012031501) 
29-Mar-2012 06:03:41.761 xfer-out: info: client 96.51.192.233#33074: view 
external: transfer of ' jodygamracy.com/IN ': IXFR ended 

On the slave Ubuntu 10.04 LTS BIND 9.7.0-P1 
29-Mar-2012 00:03:41.666 general: info: zone jodygamracy.com/IN/external : 
Transfer started. 
29-Mar-2012 00:03:41.706 xfer-in: info: transfer of ' 
jodygamracy.com/IN/external ' from 204.244.122.132#53: connected using 
96.51.192.233#33074 
29-Mar-2012 00:03:41.782 xfer-in: info: transfer of ' 
jodygamracy.com/IN/external ' from 204.244.122.132#53: Transfer completed: 0 
messages, 1 records, 0 bytes, 0.076 secs (0 bytes/sec) 

As a side not i have both machines firewalled, but have port 53 open on both 
machines, and have ports set using this in these lines in the named.conf. file 
query-source address * port 53; 
transfer-source * port 53; 
notify-source * port 53; 

and see this in the dameon logs 
/etc/named.conf:9: using specific query-source port suppresses port 
randomization and can be insecure. 


Computer King CaN-Mail Surveillance King 
http://computerking.ca http://canmail.org http://surveillanceking.net 

Surveillance - Sales Service - Hosting Backup 
Internet Based Surveillance Systems 
Custom Service Pac kages 
Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online ERP and 
Accounting Packages 


___ 
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list 

bind-users mailing list 
bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users 



Enlarge your serial! 

-- 
AP 

I've tried that had this problem for awhile that is why serial was not dated 
today just picked a random zone file anyways i updated the serial with todays 
date and still get the same behaviour. Strange but the times are messed up i 
checked the time/date on both machines they are very similar what is with the 
wierd log times? 
. 
29-Mar-2012 08:44:06.883 notify: info: zone jodygamracy.com/IN/external: 
sending notifies (serial 2012032901) 
29-Mar-2012 08:44:09.093 xfer-out: info: client 96.51.192.233#43819: view 
external: transfer of 'jodygamracy.com/IN': IXFR ended 



29-Mar-2012 02:41:45.829 xfer-in: info: transfer of 
'jodygamracy.com/IN/external' from 204.244.122.132#53: Transfer completed: 0 
messages, 1 records, 0 bytes, 0.072 secs (0 bytes/sec) 

I get lots of these 0 bytes transfers everytime i try to edit a zone file now 
they keep poping up and zones never get updated on the slave it just keeps 
trying and getting 0 bytes 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

query issue

2012-03-29 Thread Paul A

Hi hoping someone with more DNS experience then me can help me figure out
this strange issue.

 

I have a domain kingstonmass.org that I'm having problems resolving anything
for from one NS server but it work from the other. The issue seems to be
when I query for kingstonmass.org I get stuck on the org servers however
this only happens for that domain all other .org domains that I tried have
worked.

 

Here is an example from tcpdump

 

11:03:39.305895 IP ns1.frv.ma.meganet.net.43514 >
c0.org.afilias-nst.org.domain:  54553 [1au] A? www.dreamphotos.org. (48)

11:03:39.343982 IP c0.org.afilias-nst.org.domain >
ns1.frv.ma.meganet.net.43514:  54553- 0/6/1 (591)

 

However when I query kingstonmass.org I don't see any returned answer and it
eventually times out.

 

11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795 >
b2.org.afilias-nst.org.domain:  54297 NS? kingstonmass.org. (34)

 

Again when querying this with my other DNS server it works fine. On the
server I'm having issues with I can ping all the pingable org servers and
the NS servers for the domain in question. 

 

 

The odd thing is with host I can see the NS records for the domain but with
dig it doesn't work. I'm not sure what the difference is between the two
commands. Also using host I cant get an MX listing.  I'm hoping someone has
an idea.

 

Thanks, Paul

 

[root@ns1 ~]# host -v -t ns kingstonmass.org

Trying "kingstonmass.org"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51371

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4

 

;; QUESTION SECTION:

;kingstonmass.org.  IN  NS

 

;; ANSWER SECTION:

kingstonmass.org.   1932IN  NS  ns2.gis.net.

kingstonmass.org.   1932IN  NS  ns1.gis.net.

kingstonmass.org.   1932IN  NS  mns01.domaincontrol.com.

 

;; ADDITIONAL SECTION:

ns1.gis.net.561 IN  A   208.218.130.9

ns2.gis.net.561 IN  A   208.218.130.10

mns01.domaincontrol.com. 83692  IN  A   216.69.185.34

mns01.domaincontrol.com. 83692  IN  2607:f208:206::22

 

Received 190 bytes from 209.213.64.2#53 in 1 ms

 

 

; <<>> DiG 9.2.4 <<>> +trace +time=300 kingstonmass.org ns

;; global options:  printcmd

.   515761  IN  NS  e.root-servers.net.

.   515761  IN  NS  g.root-servers.net.

.   515761  IN  NS  f.root-servers.net.

.   515761  IN  NS  j.root-servers.net.

.   515761  IN  NS  l.root-servers.net.

.   515761  IN  NS  b.root-servers.net.

.   515761  IN  NS  i.root-servers.net.

.   515761  IN  NS  h.root-servers.net.

.   515761  IN  NS  a.root-servers.net.

.   515761  IN  NS  c.root-servers.net.

.   515761  IN  NS  m.root-servers.net.

.   515761  IN  NS  k.root-servers.net.

.   515761  IN  NS  d.root-servers.net.

;; Received 512 bytes from 209.213.64.2#53(209.213.64.2) in 1 ms

 

org.172800  IN  NS  a0.org.afilias-nst.info.

org.172800  IN  NS  a2.org.afilias-nst.info.

org.172800  IN  NS  b0.org.afilias-nst.org.

org.172800  IN  NS  b2.org.afilias-nst.org.

org.172800  IN  NS  c0.org.afilias-nst.info.

org.172800  IN  NS  d0.org.afilias-nst.org.

;; Received 439 bytes from 192.203.230.10#53(e.root-servers.net) in 11 ms

 

;; connection timed out; no servers could be reached

 

 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: query issue

2012-03-29 Thread Anand Buddhdev

On 29/03/2012 17:35, Paul A wrote:

Hi Paul,

> However when I query kingstonmass.org I don't see any returned answer and it
> eventually times out.
> 
> 11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795 >
> b2.org.afilias-nst.org.domain:  54297 NS? kingstonmass.org. (34)
> 
> Again when querying this with my other DNS server it works fine. On the
> server I'm having issues with I can ping all the pingable org servers and
> the NS servers for the domain in question. 

I notice that the query is going out with an IPv6 source address. Do you
have any firewalls or router ACLs blocking DNS back to IPv6 addresses in
your network?

I also note that kingstonmass.org has delegation to 2 name servers in
the ORG zone, but 3 name servers at its apex. The additional name
server, mns01.domaincontrol.com, gives a REFUSED response to a query for
the domain.

Regards,

Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: query issue

2012-03-29 Thread Paul A

Looking further into this I do have an ipv6 on that server, a 6to4 ip (which
I didn't configure and I have to figure out how it got there). 

However I notice sometimes the query goes out as ipv6 6to4 ip and sometimes
as an ipv4 but I'm not sure why that is if anyone can explain why some
queries are sourced from the 6to4 ipv6 instead of the ipv4 ip that would be
great.

Looks like when it goes out as a ipv6 6to4 ip I'm not getting a returned
answers which makes sense because I have no relay routers for ipv6 packets
coming in.  

paul

-Original Message-
From: bind-users-bounces+pamaral=meganet@lists.isc.org
[mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of
Anand Buddhdev
Sent: Thursday, March 29, 2012 11:46 AM
To: Paul A
Cc: bind-us...@isc.org
Subject: Re: query issue

On 29/03/2012 17:35, Paul A wrote:

Hi Paul,

> However when I query kingstonmass.org I don't see any returned answer 
> and it eventually times out.
> 
> 11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795 >
> b2.org.afilias-nst.org.domain:  54297 NS? kingstonmass.org. (34)
> 
> Again when querying this with my other DNS server it works fine. On 
> the server I'm having issues with I can ping all the pingable org 
> servers and the NS servers for the domain in question.

I notice that the query is going out with an IPv6 source address. Do you
have any firewalls or router ACLs blocking DNS back to IPv6 addresses in
your network?

I also note that kingstonmass.org has delegation to 2 name servers in the
ORG zone, but 3 name servers at its apex. The additional name server,
mns01.domaincontrol.com, gives a REFUSED response to a query for the domain.

Regards,

Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: slave not updating or creating ofd zone files

2012-03-29 Thread Sten Carlsen

It has sometimes been seen that the files that are updated are not the
files actually loaded, this could be such a case?

On 29/03/12 10:58, RYAN M. vAN GINNEKEN wrote:
>
> Hello all i have what is to me a very strange bind 9 master slave
> transfer issue.
>
> When i update a zone file on the master the file updates correctly
> the notifies are sent and every thing seems to work perfectly
> except it transfers 0 bytes to the slave.  Checking the slave
> confirms that indeed thier was no transfer and that the slave is
> still serving the old zone, i have gon as far as to completely
> delete the zone files from the slave and restart bind to my
> suprise it puts back all the old files.  What is going on?  Below
> is an example of one of the files that is not updating correctly
> there are many and some of file I have updated more recently are
> not even showing up in the logs of the server.
>
> On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted
> 29-Mar-2012 06:03:39.461 general: info: zone
> jodygamracy.com/IN/external :
> loaded serial 2012031501
> 29-Mar-2012 06:03:39.614 notify: info: zone
> jodygamracy.com/IN/external :
> sending notifies (serial 2012031501)
> 29-Mar-2012 06:03:41.761 xfer-out: info: client
> 96.51.192.233#33074: view external: transfer of
> 'jodygamracy.com/IN ': IXFR ended
>
> On the slave Ubuntu 10.04 LTS  BIND 9.7.0-P1
> 29-Mar-2012 00:03:41.666 general: info: zone
> jodygamracy.com/IN/external :
> Transfer started.
> 29-Mar-2012 00:03:41.706 xfer-in: info: transfer of
> 'jodygamracy.com/IN/external '
> from 204.244.122.132#53: connected using 96.51.192.233#33074
> 29-Mar-2012 00:03:41.782 xfer-in: info: transfer of
> 'jodygamracy.com/IN/external '
> from 204.244.122.132#53: Transfer completed: 0 messages, 1
> records, 0 bytes, 0.076 secs (0 bytes/sec)
>
> As a side not i have both machines firewalled, but have port 53
> open on both machines, and have ports set using this in these
> lines in the named.conf. file
>   query-source address * port 53;
> transfer-source * port 53;
> notify-source * port 53;
>
> and see this in the dameon logs
> /etc/named.conf:9: using specific query-source port suppresses
> port randomization and can be insecure.
>
> Computer King   CaN-Mail  
>  Surveillance King
> http://computerking.ca http://canmail.org
>  http://surveillanceking.net
>
> Surveillance - Sales Service - Hosting Backup
> Internet Based Surveillance Systems
> Custom Service Pac kages
> Secure IMAP Email - Automated Remote Backups - Photo Blogs -
> Online ERP and Accounting Packages
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org 
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> Enlarge your serial!
>
> -- 
> AP
>
> I've tried that had this problem for awhile that is why serial was not
> dated today just picked a random zone file anyways i updated the
> serial with todays date and still get the same behaviour.  Strange but
> the times are messed up i checked the time/date on both machines they
> are very similar what is with the wierd log times?
> .
> 29-Mar-2012 08:44:06.883 notify: info: zone
> jodygamracy.com/IN/external: sending notifies (serial 2012032901)
> 29-Mar-2012 08:44:09.093 xfer-out: info: client 96.51.192.233#43819:
> view external: transfer of 'jodygamracy.com/IN': IXFR ended
>
>
>
> 29-Mar-2012 02:41:45.829 xfer-in: info: transfer of
> 'jodygamracy.com/IN/external' from 204.244.122.132#53: Transfer
> completed: 0 messages, 1 records, 0 bytes, 0.072 secs (0 bytes/sec)
>
> I get lots of these 0 bytes transfers everytime i try to edit a zone
> file now they keep poping up and zones never get updated on the slave
> it just keeps trying and getting 0 bytes
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

   "MALE BOVINE MANURE!!!" 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: query issue

2012-03-29 Thread Kevin Darcy


On 3/29/2012 11:45 AM, Anand Buddhdev wrote:

On 29/03/2012 17:35, Paul A wrote:

Hi Paul,


However when I query kingstonmass.org I don't see any returned answer and it
eventually times out.

11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795>
b2.org.afilias-nst.org.domain:  54297 NS? kingstonmass.org. (34)

Again when querying this with my other DNS server it works fine. On the
server I'm having issues with I can ping all the pingable org servers and
the NS servers for the domain in question.

I notice that the query is going out with an IPv6 source address.
Specifically, a 6to4 address, with 198.144.140.198 (otherwise known as 
c690:8cc6) as the IPv4 endpoint of the tunnel. This was originally 
specified in RFC 3056 (http://www.rfc-editor.org/rfc/rfc3056.txt), but 
more recently there has been an informational RFC 
(http://www.rfc-editor.org/rfc/rfc6343.txt) enumerating the many 
problems associated with 6to4, and casting doubt on its long-term 
viability as an IPv4-to-IPv6 transition mechanism



- Kevin


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: query issue

2012-03-29 Thread SM


At 08:45 29-03-2012, Anand Buddhdev wrote:

I also note that kingstonmass.org has delegation to 2 name servers in
the ORG zone, but 3 name servers at its apex. The additional name
server, mns01.domaincontrol.com, gives a REFUSED response to a query for
the domain.


From mns01.domaincontrol.com:

;; ANSWER SECTION:
kingstonmass.org.   3600IN  NS  mns02.domaincontrol.com.
kingstonmass.org.   3600IN  NS  mns01.domaincontrol.com.

ns1.gis.net and ns2.gis.net return a different answer.

Regards,
-sm 


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: slave not updating or creating ofd zone files

2012-03-29 Thread Computer King

OK but how do I correct the issue 
Sent from my Nexus 1

Sten Carlsen  wrote:

It has sometimes been seen that the files that are updated are not the
files actually loaded, this could be such a case?

On 29/03/12 10:58, RYAN M. vAN GINNEKEN wrote:
>
> Hello all i have what is to me a very strange bind 9 master slave
> transfer issue.
>
> When i update a zone file on the master the file updates correctly
> the notifies are sent and every thing seems to work perfectly
> except it transfers 0 bytes to the slave.  Checking the slave
> confirms that indeed thier was no transfer and that the slave is
> still serving the old zone, i have gon as far as to completely
> delete the zone files from the slave and restart bind to my
> suprise it puts back all the old files.  What is going on?  Below
> is an example of one of the files that is not updating correctly
> there are many and some of file I have updated more recently are
> not even showing up in the logs of the server.
>
> On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted
> 29-Mar-2012 06:03:39.461 general: info: zone
> jodygamracy.com/IN/external :
> loaded serial 2012031501
> 29-Mar-2012 06:03:39.614 notify: info: zone
> jodygamracy.com/IN/external :
> sending notifies (serial 2012031501)
> 29-Mar-2012 06:03:41.761 xfer-out: info: client
> 96.51.192.233#33074: view external: transfer of
> 'jodygamracy.com/IN ': IXFR ended
>
> On the slave Ubuntu 10.04 LTS  BIND 9.7.0-P1
> 29-Mar-2012 00:03:41.666 general: info: zone
> jodygamracy.com/IN/external :
> Transfer started.
> 29-Mar-2012 00:03:41.706 xfer-in: info: transfer of
> 'jodygamracy.com/IN/external '
> from 204.244.122.132#53: connected using 96.51.192.233#33074
> 29-Mar-2012 00:03:41.782 xfer-in: info: transfer of
> 'jodygamracy.com/IN/external '
> from 204.244.122.132#53: Transfer completed: 0 messages, 1
> records, 0 bytes, 0.076 secs (0 bytes/sec)
>
> As a side not i have both machines firewalled, but have port 53
> open on both machines, and have ports set using this in these
> lines in the named.conf. file
>   query-source address * port 53;
> transfer-source * port 53;
> notify-source * port 53;
>
> and see this in the dameon logs
> /etc/named.conf:9: using specific query-source port suppresses
> port randomization and can be insecure.
>
> Computer King   CaN-Mail  
>  Surveillance King
> http://computerking.ca http://canmail.org
>  http://surveillanceking.net
>
> Surveillance - Sales Service - Hosting Backup
> Internet Based Surveillance Systems
> Custom Service Pac kages
> Secure IMAP Email - Automated Remote Backups - Photo Blogs -
> Online ERP and Accounting Packages
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org 
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> Enlarge your serial!
>
> -- 
> AP
>
> I've tried that had this problem for awhile that is why serial was not
> dated today just picked a random zone file anyways i updated the
> serial with todays date and still get the same behaviour.  Strange but
> the times are messed up i checked the time/date on both machines they
> are very similar what is with the wierd log times?
> .
> 29-Mar-2012 08:44:06.883 notify: info: zone
> jodygamracy.com/IN/external: sending notifies (serial 2012032901)
> 29-Mar-2012 08:44:09.093 xfer-out: info: client 96.51.192.233#43819:
> view external: transfer of 'jodygamracy.com/IN': IXFR ended
>
>
>
> 29-Mar-2012 02:41:45.829 xfer-in: info: transfer of
> 'jodygamracy.com/IN/external' from 204.244.122.132#53: Transfer
> completed: 0 messages, 1 records, 0 bytes, 0.072 secs (0 bytes/sec)
>
> I get lots of these 0 bytes transfers everytime i try to edit a zone
> file now they keep poping up and zones never get updated on the slave
> it just keeps trying and getting 0 bytes
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

   "MALE BOVINE MANURE!!!" 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.o

Re: A large number of "ANY" query type queries

2012-03-29 Thread Stephane Bortzmeyer

On Wed, Mar 28, 2012 at 04:08:33PM +0800,
 ShanyiWan  wrote 
 a message of 104 lines which said:

> On the DNS server, a large number of "ANY" type queries occur,why?
> The same IP address, produced a large number of requests within a
> very short period of time. Can I block these IPs?

Many technical details at


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: query issue

2012-03-29 Thread Paul A

Aside from the NS issue the problem was def related to having an 6to4 ipv6
address on the eth0 interface of my name server. Once I removed that ipv6 ip
all is working well. 

Which leaves me with some questions, 

Does bind try on an ipv6 addr 1st? I suspect it does.

The name servers for the domain below on the whois are ns2/ns1/gis.net so I
should have been querying those servers which don't have ipv6 addr however
they have an NS record in the zone pointing to mns01.domaincontrol.com which
has an ipv6 addr but it's not listed on the whois output. 

Basically im not sure why my queries for kingstonmass.org where being
sourced from an ipv6. 

;; ANSWER SECTION:
kingstonmass.org.   3387IN  NS  ns2.gis.net.
kingstonmass.org.   3387IN  NS  ns1.gis.net.
kingstonmass.org.   3387IN  NS  mns01.domaincontrol.com.

;; ADDITIONAL SECTION:
mns01.domaincontrol.com. 67665  IN  A   216.69.185.34
mns01.domaincontrol.com. 67665  IN  2607:f208:206::22

thanks Paul

-Original Message-
From: bind-users-bounces+pamaral=meganet@lists.isc.org
[mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of
SM
Sent: Thursday, March 29, 2012 1:14 PM
To: bind-us...@isc.org
Subject: Re: query issue

At 08:45 29-03-2012, Anand Buddhdev wrote:
>I also note that kingstonmass.org has delegation to 2 name servers in 
>the ORG zone, but 3 name servers at its apex. The additional name 
>server, mns01.domaincontrol.com, gives a REFUSED response to a query 
>for the domain.

 From mns01.domaincontrol.com:

;; ANSWER SECTION:
kingstonmass.org.   3600IN  NS  mns02.domaincontrol.com.
kingstonmass.org.   3600IN  NS  mns01.domaincontrol.com.

ns1.gis.net and ns2.gis.net return a different answer.

Regards,
-sm 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: slave not updating or creating ofd zone files

2012-03-29 Thread Sten Carlsen

First find out if that IS the case: on master, is SOA serial updated
when FILE serial is (after reload)? If so, no problem.

If not, chroot is oneof the usual culprits, you update file in
/var/named/..., but bind loads file in /var/named/chroot/var/named/data/...

So in your filesystem, find ALL "zone" files, check which are used by
bind and which you update.

This is not rocket science, just normal file management. Usually the
file in /var/named/... is a link to the file in
/var/named/chroot/var/named/... - maybe you managed to break that link
by editing the wrong file, go searchin your own file structure.



On 29/03/12 20:39, Computer King wrote:
> OK but how do I correct the issue 
> Sent from my Nexus 1
>
> Sten Carlsen  wrote:
>
> It has sometimes been seen that the files that are updated are not the
> files actually loaded, this could be such a case?
>
> On 29/03/12 10:58, RYAN M. vAN GINNEKEN wrote:
>> Hello all i have what is to me a very strange bind 9 master slave
>> transfer issue.
>>
>> When i update a zone file on the master the file updates correctly
>> the notifies are sent and every thing seems to work perfectly
>> except it transfers 0 bytes to the slave.  Checking the slave
>> confirms that indeed thier was no transfer and that the slave is
>> still serving the old zone, i have gon as far as to completely
>> delete the zone files from the slave and restart bind to my
>> suprise it puts back all the old files.  What is going on?  Below
>> is an example of one of the files that is not updating correctly
>> there are many and some of file I have updated more recently are
>> not even showing up in the logs of the server.
>>
>> On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted
>> 29-Mar-2012 06:03:39.461 general: info: zone
>> jodygamracy.com/IN/external :
>> loaded serial 2012031501
>> 29-Mar-2012 06:03:39.614 notify: info: zone
>> jodygamracy.com/IN/external :
>> sending notifies (serial 2012031501)
>> 29-Mar-2012 06:03:41.761 xfer-out: info: client
>> 96.51.192.233#33074: view external: transfer of
>> 'jodygamracy.com/IN ': IXFR ended
>>
>> On the slave Ubuntu 10.04 LTS  BIND 9.7.0-P1
>> 29-Mar-2012 00:03:41.666 general: info: zone
>> jodygamracy.com/IN/external :
>> Transfer started.
>> 29-Mar-2012 00:03:41.706 xfer-in: info: transfer of
>> 'jodygamracy.com/IN/external '
>> from 204.244.122.132#53: connected using 96.51.192.233#33074
>> 29-Mar-2012 00:03:41.782 xfer-in: info: transfer of
>> 'jodygamracy.com/IN/external '
>> from 204.244.122.132#53: Transfer completed: 0 messages, 1
>> records, 0 bytes, 0.076 secs (0 bytes/sec)
>>
>> As a side not i have both machines firewalled, but have port 53
>> open on both machines, and have ports set using this in these
>> lines in the named.conf. file
>>   query-source address * port 53;
>> transfer-source * port 53;
>> notify-source * port 53;
>>
>> and see this in the dameon logs
>> /etc/named.conf:9: using specific query-source port suppresses
>> port randomization and can be insecure.
>>
>> Computer King   CaN-Mail  
>>  Surveillance King
>> http://computerking.ca http://canmail.org
>>  http://surveillanceking.net
>>
>> Surveillance - Sales Service - Hosting Backup
>> Internet Based Surveillance Systems
>> Custom Service Pac kages
>> Secure IMAP Email - Automated Remote Backups - Photo Blogs -
>> Online ERP and Accounting Packages
>>
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org 
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> Enlarge your serial!
>>
>> -- 
>> AP
>>
>> I've tried that had this problem for awhile that is why serial was not
>> dated today just picked a random zone file anyways i updated the
>> serial with todays date and still get the same behaviour.  Strange but
>> the times are messed up i checked the time/date on both machines they
>> are very similar what is with the wierd log times?
>> .
>> 29-Mar-2012 08:44:06.883 notify: info: zone
>> jodygamracy.com/IN/external: sending notifies (serial 2012032901)
>> 29-Mar-2012 08:44:09.093 xfer-out: info: client 96.51.192.233#43819:
>> view external: transfer of 'jodygamracy.com/IN': IXFR ended
>>
>>
>>
>> 29-Mar-2012 02:41:45.829 xfer-in: info: transfer of
>> 'jodygamracy.com/IN/external' from 204.244.122.132#53: Transfer
>> completed: 0 messages, 1 records, 0 bytes, 0.0

Re: query issue

2012-03-29 Thread Mark Andrews


In message <012901cd0de7$fcf45590$f6dd00b0$@net>, "Paul A" writes:
> Aside from the NS issue the problem was def related to having an 6to4 ipv6
> address on the eth0 interface of my name server. Once I removed that ipv6 ip
> all is working well. 
> 
> 
> Which leaves me with some questions, 
> 
> Does bind try on an ipv6 addr 1st? I suspect it does.

All things being equal, yes it will try IPv6 first.  However most of the
time there is some history and it will make other decisions.
 
> The name servers for the domain below on the whois are ns2/ns1/gis.net so I
> should have been querying those servers which don't have ipv6 addr however
> they have an NS record in the zone pointing to mns01.domaincontrol.com which
> has an ipv6 addr but it's not listed on the whois output. 
> 
> Basically im not sure why my queries for kingstonmass.org where being
> sourced from an ipv6. 

The queries are sent to that address because named has learnt that
mns01.domaincontrol.com has a IPv6 address.  mns01.domaincontrol.com
isn't responding to me over IPv6 either.

> ;; ANSWER SECTION:
> kingstonmass.org.   3387IN  NS  ns2.gis.net.
> kingstonmass.org.   3387IN  NS  ns1.gis.net.
> kingstonmass.org.   3387IN  NS  mns01.domaincontrol.com.
> 
> ;; ADDITIONAL SECTION:
> mns01.domaincontrol.com. 67665  IN  A   216.69.185.34
> mns01.domaincontrol.com. 67665  IN  2607:f208:206::22
> 
> 
> thanks Paul
> 
> 
> 
> -Original Message-
> From: bind-users-bounces+pamaral=meganet@lists.isc.org
> [mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of
> SM
> Sent: Thursday, March 29, 2012 1:14 PM
> To: bind-us...@isc.org
> Subject: Re: query issue
> 
> At 08:45 29-03-2012, Anand Buddhdev wrote:
> >I also note that kingstonmass.org has delegation to 2 name servers in 
> >the ORG zone, but 3 name servers at its apex. The additional name 
> >server, mns01.domaincontrol.com, gives a REFUSED response to a query 
> >for the domain.
> 
>  From mns01.domaincontrol.com:
> 
> ;; ANSWER SECTION:
> kingstonmass.org.   3600IN  NS  mns02.domaincontrol.com.
> kingstonmass.org.   3600IN  NS  mns01.domaincontrol.com.
> 
> ns1.gis.net and ns2.gis.net return a different answer.
> 
> Regards,
> -sm 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: slave not updating or creating ofd zone files

2012-03-29 Thread Mark Andrews


In message , Computer
 King writes:
> OK but how do I correct the issue 
> Sent from my Nexus 1

First of all you need to find out what the issue is.  One way to do
this is to simulate what the slave is doing. Use dig to make a ixfr
request from the slave and report what it returns to the list.  If
you are using TSIG then also specify that on the command like.

dig ixfr= zone @master

 
> Sten Carlsen  wrote:
> 
> It has sometimes been seen that the files that are updated are not the
> files actually loaded, this could be such a case?
> 
> On 29/03/12 10:58, RYAN M. vAN GINNEKEN wrote:
> >
> > Hello all i have what is to me a very strange bind 9 master slave
> > transfer issue.
> >
> > When i update a zone file on the master the file updates correctly
> > the notifies are sent and every thing seems to work perfectly
> > except it transfers 0 bytes to the slave.  Checking the slave
> > confirms that indeed thier was no transfer and that the slave is
> > still serving the old zone, i have gon as far as to completely
> > delete the zone files from the slave and restart bind to my
> > suprise it puts back all the old files.  What is going on?  Below
> > is an example of one of the files that is not updating correctly
> > there are many and some of file I have updated more recently are
> > not even showing up in the logs of the server.
> >
> > On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted
> > 29-Mar-2012 06:03:39.461 general: info: zone
> > jodygamracy.com/IN/external :
> > loaded serial 2012031501
> > 29-Mar-2012 06:03:39.614 notify: info: zone
> > jodygamracy.com/IN/external :
> > sending notifies (serial 2012031501)
> > 29-Mar-2012 06:03:41.761 xfer-out: info: client
> > 96.51.192.233#33074: view external: transfer of
> > 'jodygamracy.com/IN ': IXFR ended
> >
> > On the slave Ubuntu 10.04 LTS  BIND 9.7.0-P1
> > 29-Mar-2012 00:03:41.666 general: info: zone
> > jodygamracy.com/IN/external :
> > Transfer started.
> > 29-Mar-2012 00:03:41.706 xfer-in: info: transfer of
> > 'jodygamracy.com/IN/external '
> > from 204.244.122.132#53: connected using 96.51.192.233#33074
> > 29-Mar-2012 00:03:41.782 xfer-in: info: transfer of
> > 'jodygamracy.com/IN/external '
> > from 204.244.122.132#53: Transfer completed: 0 messages, 1
> > records, 0 bytes, 0.076 secs (0 bytes/sec)
> >
> > As a side not i have both machines firewalled, but have port 53
> > open on both machines, and have ports set using this in these
> > lines in the named.conf. file
> >   query-source address * port 53;
> > transfer-source * port 53;
> > notify-source * port 53;
> >
> > and see this in the dameon logs
> > /etc/named.conf:9: using specific query-source port suppresses
> > port randomization and can be insecure.
> >
> > Computer King   CaN-Mail  
> >  Surveillance King
> > http://computerking.ca http://canmail.org
> >  http://surveillanceking.net
> >
> > Surveillance - Sales Service - Hosting Backup
> > Internet Based Surveillance Systems
> > Custom Service Pac kages
> > Secure IMAP Email - Automated Remote Backups - Photo Blogs -
> > Online ERP and Accounting Packages
> >
> >
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org 
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> > Enlarge your serial!
> >
> > -- 
> > AP
> >
> > I've tried that had this problem for awhile that is why serial was not
> > dated today just picked a random zone file anyways i updated the
> > serial with todays date and still get the same behaviour.  Strange but
> > the times are messed up i checked the time/date on both machines they
> > are very similar what is with the wierd log times?
> > .
> > 29-Mar-2012 08:44:06.883 notify: info: zone
> > jodygamracy.com/IN/external: sending notifies (serial 2012032901)
> > 29-Mar-2012 08:44:09.093 xfer-out: info: client 96.51.192.233#43819:
> > view external: transfer of 'jodygamracy.com/IN': IXFR ended
> >
> >
> >
> > 29-Mar-2012 02:41:45.829 xfer-in: info: transfer of
> > 'jodygamracy.com/IN/external' from 204.244.122.132#53: Transfer
> > completed: 0 messages, 1 records, 0 bytes, 0.072 secs (0 bytes/sec)
> >
> > I get lots of these 0 bytes transfers everytime i try to edit a zone
> > file now they keep poping up and zones never get updated on the slave
> > it just keeps trying and getting 0 bytes
> >
> >

Re: slave not updating or creating ofd zone files

2012-03-29 Thread RYAN M. vAN GINNEKEN

Not sure what serial to use the one on the master or the one on the slave so i 
did both

here is the serial that is on the master note this command has been run on the 
slave.
dig ixfr=2012032802 computerking.ca @ns1.canmail.org

; <<>> DiG 9.7.0-P1 <<>> ixfr=2012032802 computerking.ca @ns1.canmail.org
;; global options: +cmd
computerking.ca.3600IN  SOA ns1.computerking.ca. 
admin.computerking.ca. 2012022801 1200 120 2419200 38400
;; Query time: 36 msec
;; SERVER: 204.244.122.132#53(204.244.122.132)
;; WHEN: Thu Mar 29 18:45:48 2012
;; XFR size: 1 records (messages 1, bytes 79)

here is the serial that the slave is using also this command was run on the 
slave
dig ixfr=2012022801 computerking.ca @ns1.canmail.org

; <<>> DiG 9.7.0-P1 <<>> ixfr=2012022801 computerking.ca @ns1.canmail.org
;; global options: +cmd
computerking.ca.3600IN  SOA ns1.computerking.ca. 
admin.computerking.ca. 2012022801 1200 120 2419200 38400
;; Query time: 35 msec
;; SERVER: 204.244.122.132#53(204.244.122.132)
;; WHEN: Thu Mar 29 18:52:48 2012
;; XFR size: 1 records (messages 1, bytes 79)


here is an exept from the zone file that keeps appearing on the slave
$ORIGIN .
$TTL 3600   ; 1 hour
computerking.ca IN SOA  ns1.computerking.ca. admin.computerking.ca. (
2012022801 ; serial
1200   ; refresh (20 minutes

- Original Message -
From: "Mark Andrews" 
To: "Computer King" 
Cc: "Sten Carlsen" , bind-us...@isc.org
Sent: Thursday, 29 March, 2012 4:21:11 PM
Subject: Re: slave not updating or creating ofd zone files


In message , Computer
 King writes:
> OK but how do I correct the issue 
> Sent from my Nexus 1

First of all you need to find out what the issue is.  One way to do
this is to simulate what the slave is doing. Use dig to make a ixfr
request from the slave and report what it returns to the list.  If
you are using TSIG then also specify that on the command like.

dig ixfr= zone @master

 
> Sten Carlsen  wrote:
> 
> It has sometimes been seen that the files that are updated are not the
> files actually loaded, this could be such a case?
> 
> On 29/03/12 10:58, RYAN M. vAN GINNEKEN wrote:
> >
> > Hello all i have what is to me a very strange bind 9 master slave
> > transfer issue.
> >
> > When i update a zone file on the master the file updates correctly
> > the notifies are sent and every thing seems to work perfectly
> > except it transfers 0 bytes to the slave.  Checking the slave
> > confirms that indeed thier was no transfer and that the slave is
> > still serving the old zone, i have gon as far as to completely
> > delete the zone files from the slave and restart bind to my
> > suprise it puts back all the old files.  What is going on?  Below
> > is an example of one of the files that is not updating correctly
> > there are many and some of file I have updated more recently are
> > not even showing up in the logs of the server.
> >
> > On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted
> > 29-Mar-2012 06:03:39.461 general: info: zone
> > jodygamracy.com/IN/external :
> > loaded serial 2012031501
> > 29-Mar-2012 06:03:39.614 notify: info: zone
> > jodygamracy.com/IN/external :
> > sending notifies (serial 2012031501)
> > 29-Mar-2012 06:03:41.761 xfer-out: info: client
> > 96.51.192.233#33074: view external: transfer of
> > 'jodygamracy.com/IN ': IXFR ended
> >
> > On the slave Ubuntu 10.04 LTS  BIND 9.7.0-P1
> > 29-Mar-2012 00:03:41.666 general: info: zone
> > jodygamracy.com/IN/external :
> > Transfer started.
> > 29-Mar-2012 00:03:41.706 xfer-in: info: transfer of
> > 'jodygamracy.com/IN/external '
> > from 204.244.122.132#53: connected using 96.51.192.233#33074
> > 29-Mar-2012 00:03:41.782 xfer-in: info: transfer of
> > 'jodygamracy.com/IN/external '
> > from 204.244.122.132#53: Transfer completed: 0 messages, 1
> > records, 0 bytes, 0.076 secs (0 bytes/sec)
> >
> > As a side not i have both machines firewalled, but have port 53
> > open on both machines, and have ports set using this in these
> > lines in the named.conf. file
> >   query-source address * port 53;
> > transfer-source * port 53;
> > notify-source * port 53;
> >
> > and see this in the dameon logs
> > /etc/named.conf:9: using specific query-source port suppresses
> > port randomization and can be insecure.
> >
> > Computer King   CaN-Mail  
> >  Surveillance King
> > http://computerking.ca http://canmail.org
> >  http://surveillanceking.net
> >
> > Surveilla

Re: slave not updating or creating ofd zone files

2012-03-29 Thread RYAN M. vAN GINNEKEN

I think what you are asking is if i update a file (changing a serial #) on the 
master does it get updated on the master? if this is the question then yes the 
file on the master updates correctly. So i do not think i have to go searchin 
my file system but i might just to make sure as both machines do run chroot 

- Original Message -

From: "Sten Carlsen"  
To: "Computer King"  
Cc: bind-users@lists.isc.org 
Sent: Thursday, 29 March, 2012 3:59:25 PM 
Subject: Re: slave not updating or creating ofd zone files 

First find out if that IS the case: on master, is SOA serial updated when FILE 
serial is (after reload)? If so, no problem. 

If not, chroot is oneof the usual culprits, you update file in /var/named/..., 
but bind loads file in /var/named/chroot/var/named/data/... 

So in your filesystem, find ALL "zone" files, check which are used by bind and 
which you update. 

This is not rocket science, just normal file management. Usually the file in 
/var/named/... is a link to the file in /var/named/chroot/var/named/... - maybe 
you managed to break that link by editing the wrong file, go searchin your own 
file structure. 

On 29/03/12 20:39, Computer King wrote: 

OK but how do I correct the issue 
Sent from my Nexus 1

Sten Carlsen  wrote:

It has sometimes been seen that the files that are updated are not the
files actually loaded, this could be such a case?

On 29/03/12 10:58, RYAN M. vAN GINNEKEN wrote: 

Hello all i have what is to me a very strange bind 9 master slave
transfer issue.

When i update a zone file on the master the file updates correctly
the notifies are sent and every thing seems to work perfectly
except it transfers 0 bytes to the slave.  Checking the slave
confirms that indeed thier was no transfer and that the slave is
still serving the old zone, i have gon as far as to completely
delete the zone files from the slave and restart bind to my
suprise it puts back all the old files.  What is going on?  Below
is an example of one of the files that is not updating correctly
there are many and some of file I have updated more recently are
not even showing up in the logs of the server.

On the server Ubuntu 8.04 LTS running BIND 9.4.2-P2.1 chrooted
29-Mar-2012 06:03:39.461 general: info: zone
jodygamracy.com/IN/external  :
loaded serial 2012031501
29-Mar-2012 06:03:39.614 notify: info: zone
jodygamracy.com/IN/external  :
sending notifies (serial 2012031501)
29-Mar-2012 06:03:41.761 xfer-out: info: client
96.51.192.233#33074: view external: transfer of
'jodygamracy.com/IN  ': IXFR ended

On the slave Ubuntu 10.04 LTS  BIND 9.7.0-P1
29-Mar-2012 00:03:41.666 general: info: zone
jodygamracy.com/IN/external  :
Transfer started.
29-Mar-2012 00:03:41.706 xfer-in: info: transfer of
'jodygamracy.com/IN/external  '
from 204.244.122.132#53: connected using 96.51.192.233#33074
29-Mar-2012 00:03:41.782 xfer-in: info: transfer of
'jodygamracy.com/IN/external  '
from 204.244.122.132#53: Transfer completed: 0 messages, 1
records, 0 bytes, 0.076 secs (0 bytes/sec)

As a side not i have both machines firewalled, but have port 53
open on both machines, and have ports set using this in these
lines in the named.conf. file
  query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;

and see this in the dameon logs
/etc/named.conf:9: using specific query-source port suppresses
port randomization and can be insecure.

Computer King   CaN-Mail  
 Surveillance King http://computerking.ca http://canmail.org 
http://surveillanceking.net Surveillance - Sales Service - Hosting Backup
Internet Based Surveillance Systems
Custom Service Pac kages
Secure IMAP Email - Automated Remote Backups - Photo Blogs -
Online ERP and Accounting Packages

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list bind-users@lists.isc.org 

https://lists.isc.org/mailman/listinfo/bind-users Enlarge your serial!

-- 
AP

I've tried that had this problem for awhile that is why serial was not
dated today just picked a random zone file anyways i updated the
serial with todays date and still get the same behaviour.  Strange but
the times are messed up i checked the time/date on both machines they
are very similar what is with the wierd log times?
.
29-Mar-2012 08:44:06.883 notify: info: zone
jodygamracy.com/IN/external: sending notifies (serial 2012032901)
29-Mar-2012 08:44:09.093 xfer-out: info: client

Re: slave not updating or creating ofd zone files

query issue

Re: query issue

RE: query issue

Re: slave not updating or creating ofd zone files

Re: query issue

Re: query issue

Re: slave not updating or creating ofd zone files

Re: A large number of "ANY" query type queries

RE: query issue

Re: slave not updating or creating ofd zone files

Re: query issue

Re: slave not updating or creating ofd zone files

Re: slave not updating or creating ofd zone files

Re: slave not updating or creating ofd zone files

15 matches

Site Navigation

Mail list logo

Footer information