Re: dynamic update to SOA records
On 04/27/2012 02:37 AM, cloud cache wrote: Hello, How to use nsupdate to dynamic update the SOA records? For example, I want to update the zone's contact email and main NS As others have pointed out, you just need to use "nsupdate" and send a valid SOA. NOTE: "valid" means "must have a serial number > current". Bind won't do this for you - you need to choose an appropriate, higher, SOA serial in the new record you send. Adding 1 is fine. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 04/30/2012 10:56 PM, Augie Schwer wrote: I must be doing something wrong, because what I want to do doesn't seem that difficult. I have a range of IPs bound to a local interface: lo:1 Link encap:Local Loopback inet addr:10.0.0.1 Mask:255.255.255.224 And I want to convince Bind to listen on sub-set of the given range ( 10.0.0.2 for example ), yet when I configure that IP: Which operating system are you running? Contrary to what a lot of other people have suggested, it is in fact possible using the socket API to bind() to IPs which aren't explicitly created, due to special handling on the loopback interface. This can certainly be done under Linux, for example., and I have just re-confirmed that to myself. I assume, because of the phrasing of your question, that your OS does indeed have this feature, and you've tested it working with other applications (even if as simple as netcat)? Unfortunately, it seems likely that named is using the normal socket APIs to first enumerate the list of IPs on the box, and then filter those through listen-on statements to get the final list of IPs to pass to a bind() socket call - this would be a sensible way to implement the CIDR listen functionality. If so, then if the IP isn't *explicitly* on an interface, it won't appear in the final output set, regardless of the fact a bind() call will succeed. So you might be being a bit too clever, and foxing the named socket code I'm afraid. Cheers, Phil ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 05/01/2012 10:00 AM, Phil Mayers wrote: So you might be being a bit too clever, and foxing the named socket code I'm afraid. That should of course be "the named socket code is foxing you". Sigh. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
On 01/05/12 11:20, cloud cache wrote:
But, how will I know the current serial number of the zone, if the zone
has been changing frequently?
In the past, I've used a script that queries the SOA just before doing
the update (which is safe, because in a race condition you'll be "too
low" and fail)
e.g.
#!/bin/sh
ZONE="example.com"
SERVER="192.0.2.1"
TTL=3600
SOA_SERIAL=`dig @$SERVER +short $ZONE SOA | awk '{ print $3 }'
BUF=`mktemp`
trap "rm -f $BUF" EXIT
cat <$BUF
server $SERVER
zone $ZONE
update add $ZONE $TTL SOA your.values. go.here. $(( SOA_SERIAL+1 )) ...
show
send
answer
EOF
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
In article , Larry Brower wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 04/30/2012 07:13 PM, Augie Schwer wrote: > > Thanks for the reply, please see my previous e-mail about the address > > being perfectly pingable on that interface. > > > > Whats that have to do with anything? It being pingable only means > something is responding for it. This does NOT mean it is on THAT > specific server. If it is not on THAT server then bind cant use it. It's the loopback network. What other server could it be? As others pointed out, this is apparently a Linux extension to the loopback interface -- giving it a wider subnet mask automatically aliases the other addresses in the range. But this is done in a way that BIND can't take advantage of through the normal socket calls. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
On May 1 2012, Phil Mayers wrote: On 01/05/12 11:20, cloud cache wrote: But, how will I know the current serial number of the zone, if the zone has been changing frequently? In the past, I've used a script that queries the SOA just before doing the update (which is safe, because in a race condition you'll be "too low" and fail) Our regular DNS changes (via [scripted] nsupdate) always add the SOA explicitly (it's going to change anyway, after all), setting the serial to the Unix time(2) value. BIND may have been incrementing the serial itself as a result of re-signing activity, but we assume it hasn't been doing so as often as once a second... -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
On 01/05/2012 16:36, Chris Thompson wrote: > Our regular DNS changes (via [scripted] nsupdate) always add the SOA > explicitly (it's going to change anyway, after all), setting the serial > to the Unix time(2) value. BIND may have been incrementing the serial > itself as a result of re-signing activity, but we assume it hasn't > been doing so as often as once a second... At our request, ISC added an option to BIND 9.9, which allows it to automatically set the serial number to unix time, so that we don't have to explicitly set the SOA record each time. If multiple updates arrive within the same second, then BIND just adds +1 to the existing serial number, so that for brief periods, the unix time will be in the "future". However, as time advances, the serial number will soon be in the past, allowing new updates to set the serial back to current unix time. Regards, Anand Buddhdev RIPE NCC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
On 5/1/12 8:10 AM, "Anand Buddhdev" wrote: > On 01/05/2012 16:36, Chris Thompson wrote: > >> Our regular DNS changes (via [scripted] nsupdate) always add the SOA >> explicitly (it's going to change anyway, after all), setting the serial >> to the Unix time(2) value. BIND may have been incrementing the serial >> itself as a result of re-signing activity, but we assume it hasn't >> been doing so as often as once a second... > > At our request, ISC added an option to BIND 9.9, which allows it to > automatically set the serial number to unix time, so that we don't have > to explicitly set the SOA record each time. > > If multiple updates arrive within the same second, then BIND just adds > +1 to the existing serial number, so that for brief periods, the unix > time will be in the "future". However, as time advances, the serial > number will soon be in the past, allowing new updates to set the serial > back to current unix time. Thanks for requesting it, and thanks to ISC for implementing. Like many others, we have wrappers which do this today...getting it as an official feature will be great. -- Men use thought only to justify their wrong doings, and speech only to conceal their thoughts. -- Voltaire ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Increasing forwarder timeout
Hello, I am trying to increase forwarder timeout in bind 9 (recursive query). Does anyone know which part of code is dealing with timeouts? I was unable to conclude by quick look at the source. I will appreciate any hints. Regards, -- Stefan Certic Routo Telecommunications Ltd 2nd Floor Kingsgate House, 115 High Holborn London WC1V 6JJ United Kingdom http://www.routomessaging.com GSMA Associate Member Switchboard +44 (0) 870 231 Fax + 44 (0) 870 231 7775 Email : ste...@routotelecom.com MSN ID : ste...@routotelecom.com DISCLAIMER This email contains information provided by Routo Telecommunications Ltd, which may be privileged or confidential. It is meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. Routo Telecommunications Ltd may not be held responsible for the content of this email as it may reflect the personal view of the sender and not that of the company. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. We monitor our email system and may record your emails. Routo Telecommunications Ltd Registration Number 04546322 has its principal place of business at 48 Charlotte Street, London, W1T 2NS, United Kingdom. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dynamic update to SOA records
Chris Thompson wrote: > Our regular DNS changes (via [scripted] nsupdate) always add the SOA > explicitly (it's going to change anyway, after all), setting the serial > to the Unix time(2) value. BIND may have been incrementing the serial > itself as a result of re-signing activity, but we assume it hasn't > been doing so as often as once a second... My nsdiff script can set the serial number to unix time or MMDDNN; if that's too small it falls back to increment mode. There's still a bug, though: lack of support for proper modulo semantics :-) It also uses the SOA record as an update prerequisite for detecting races and other inconsistencies. (The system Chris is responsible for uses an HINFO record for this purpose.) http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff Tony. -- f.anthony.n.finchhttp://dotat.at/ Hebrides: North or northeast 4 or 5. Slight or moderate. Fair. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On Tue, May 1, 2012 at 2:00 AM, Phil Mayers wrote: > Which operating system are you running? Linux, I'm sorry I did not mention that earlier as it may have saved some confusion. > Contrary to what a lot of other people have suggested, it is in fact > possible using the socket API to bind() to IPs which aren't explicitly > created, due to special handling on the loopback interface. This can > certainly be done under Linux, for example., and I have just re-confirmed > that to myself. Thank you for confirming for others that this is a real feature. > Unfortunately, it seems likely that named is using the normal socket APIs to > first enumerate the list of IPs on the box, and then filter those through > listen-on statements to get the final list of IPs to pass to a bind() socket > call - this would be a sensible way to implement the CIDR listen > functionality. > If so, then if the IP isn't *explicitly* on an interface, it won't appear in > the final output set, regardless of the fact a bind() call will succeed. OK, that makes sense, I have found that the following work-around does work: sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 sudo ifconfig lo:2 10.0.0.2 netmask 255.255.255.255 I get the full usable range on my loop-back interface, and Bind will happily now listen-on the 10.0.0.2 address. -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 5/1/12 2:32 PM, "Augie Schwer" wrote: >> Contrary to what a lot of other people have suggested, it is in fact >> possible using the socket API to bind() to IPs which aren't explicitly >> created, due to special handling on the loopback interface. This can >> certainly be done under Linux, for example., and I have just re-confirmed >> that to myself. > > Thank you for confirming for others that this is a real feature. The feature wasn't argued, I even showed it working with 127/8, but rather what BIND will listen-on... >> Unfortunately, it seems likely that named is using the normal socket APIs to >> first enumerate the list of IPs on the box, and then filter those through >> listen-on statements to get the final list of IPs to pass to a bind() socket >> call - this would be a sensible way to implement the CIDR listen >> functionality. >> If so, then if the IP isn't *explicitly* on an interface, it won't appear in >> the final output set, regardless of the fact a bind() call will succeed. > > OK, that makes sense, I have found that the following work-around does work: > > sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > sudo ifconfig lo:2 10.0.0.2 netmask 255.255.255.255 > > I get the full usable range on my loop-back interface, and Bind will > happily now listen-on the 10.0.0.2 address. Exactly what was answered by multiple people... you need an alias with the IP you want BIND to listen-on! Alas, the English language is such that some times the same thing needs said several different ways to be fully understood. Glad you got it working. -- For men use, if they have an evil turn, to write it in marble: and whoso doth us a good turn we write it in dust. -- Sir Thomas More ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
