Default Options

[Manson, John]

Is there a command for bind that will list all Options default names and 
settings in named.conf?
Might be helpful in understanding why bind is acting a certin way.

Thanks



John Manson
CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC 
20515
Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

TTL for name servers

[hugo hugoo]

Dear all,
 
Can anyone clarify to me the use of the TTL for a NS record?
Let’s take the example of a *.be domain.
 
A TTL value is present on both locations.
 
1)   
In a dns.be server (for example x.dns.be): in my example here below, value is
86400   

2)   
In the name server itself: in my example here below, value is
345600  

 
If we plan to change the name server to be used for a certain domain, do we 
have to change the TTL in the dns.be?
Is this possible?
 
Is this value that all the cache servers use?
If yes…what about the TTL value of the name server itself?
 
 
Thank in advance of any useful feedback,
 
Hugo,
 
 
Example:
 
 
dig @localhost google.be NS +trace
 
; <<>> DiG 9.6-ESV-R4 <<>> @localhost google.be NS +trace
; (1 server found)
;; global options: +cmd
.   502894  IN  NS  f.root-servers.net.
.   502894  IN  NS  g.root-servers.net.
.   502894  IN  NS  h.root-servers.net.
.   502894  IN  NS  a.root-servers.net.
.   502894  IN  NS  i.root-servers.net.
.   502894  IN  NS  b.root-servers.net.
.   502894  IN  NS  j.root-servers.net.
.   502894  IN  NS  c.root-servers.net.
.   502894  IN  NS  k.root-servers.net.
.   502894  IN  NS  l.root-servers.net.
.   502894  IN  NS  d.root-servers.net.
.   502894  IN  NS  m.root-servers.net.
.   502894  IN  NS  e.root-servers.net.
;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
 
be. 172800  IN  NS  m.ns.dns.be.
be. 172800  IN  NS  x.dns.be.
be. 172800  IN  NS  london.ns.dns.be.
be. 172800  IN  NS  prague.ns.dns.be.
be. 172800  IN  NS  brussels.ns.dns.be.
be. 172800  IN  NS  amsterdam.ns.dns.be.
;; Received 307 bytes from 198.41.0.4#53(a.root-servers.net) in 27 ms
 
google.be.  86400   IN  NS  ns2.google.com.
google.be.  86400   IN  NS  ns1.google.com.
google.be.  86400   IN  NS  ns4.google.com.
google.be.  86400   IN  NS  ns3.google.com.
;; Received 109 bytes from 193.190.135.4#53(brussels.ns.dns.be) in 1 ms
 
google.be.  345600  IN  NS  ns4.google.com.
google.be.  345600  IN  NS  ns1.google.com.
google.be.  345600  IN  NS  ns3.google.com.
google.be.  345600  IN  NS  ns2.google.com.
;; Received 173 bytes from 216.239.36.10#53(ns3.google.com) in 18 ms
  ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

VMware & Bind

[Manson, John]

Will bind run on VMware?


John Manson
CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC 
20515
Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Default Options

[Mike Hoskins]

i'd love to hear there is...  something like postconf.  :-)

in the past, i've always read through the options syntax section of each
version's ARM to determine current defaults.  documentation can get out of
date or have errors though, so a command that prints real values would be
a useful auditing tool.

-Original Message-
From: "Manson, John" 
Date: Tuesday, June 5, 2012 8:02 AM
To: "'bind-users@lists.isc.org'" 
Subject: Default Options

>Is there a command for bind that will list all Options default names and
>settings in named.conf?
>Might be helpful in understanding why bind is acting a certin way.
> 
>Thanks
> 
> 
> 
>John Manson 
>CAO/HIR/NI Data-Communications | U.S. House of Representatives |
>Washington, DC 20515
>Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
> 
> 
> 
> 
>
>
>___
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[SM]

Hi John,
At 09:58 05-06-2012, Manson, John wrote:

Will bind run on VMware?


Yes, if the guest operating system supports it.

Regards,
-sm 


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[Dennis Clarke]

I think you mean : will bind run within VMware ?

The answer from me is total yes.

I have multiple systems in vSphere and running fine with bind 9.8.x


Dennis

- Original Message -
From: "Manson, John" 
Date: Tuesday, June 5, 2012 1:28 pm
Subject: VMware & Bind
To: "'bind-users@lists.isc.org'" 


> Will bind run on VMware?
> 
> 
> John Manson
> CAO/HIR/NI Data-Communications | U.S. House of Representatives | 
> Washington, DC 20515
> Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
> 
> 
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[jcarroll65]

Technically VMware is not the OS but the hypervisor that controls other OS's, 
such as Windows or Linux. I've implemented BIND 9 on Solaris 10 x86 running on 
a VMware with no issues.

JC
 "Manson wrote: 
> Will bind run on VMware?
> 
> 
> John Manson
> CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, 
> DC 20515
> Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
> 
> 
> 
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: VMware & Bind

[JeanPaul Thomsin]

Yes, it will.


From: bind-users-bounces+jeanpaul.thomsin=perficient@lists.isc.org 
[mailto:bind-users-bounces+jeanpaul.thomsin=perficient@lists.isc.org] On 
Behalf Of Manson, John
Sent: Tuesday, June 05, 2012 12:58 PM
To: 'bind-users@lists.isc.org'
Subject: VMware & Bind

Will bind run on VMware?


John Manson
CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC 
20515
Desk: 202-226-4244 | Team: 202-225-5552 | 
john.man...@mail.house.gov




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[Mike Hoskins]

absolutely -- after a few weeks of migration effort (my own choice to move
clients in phases to mitigate risk), i have moved several thousand clients
from bare metal + tinydns to ucs/vmware/bind with no reported issues.

many of these are demanding "power users" (developers with what i'd often
categorize as "insane" workloads, firing off queries in batches of 10's of
thousands of uncached forward/reverse RRs).

that said, we were fairly cautious and chose to deploy load balanced vips
as our nameservers in resolv.conf.  this imposes a slight hit as each
cache must be warmed independently (some sort of mechanism allowing a
single cache to be shared amongst a cluster of binds via rpc or similar
would be cool, while imposing it's own overhead), but gave desired
resilience in the case of individual virtual machines getting overloaded
or ucs chassis/switches/etc requiring maintenance.  each vip has a set of
virtual machines on separate power sources, network uplink, etc.

we also use cfengine to creatively alternate odd/even-numbered hosts
across vips (you could do this with any DNS software, and i recommend it
along with the use of 'options' -- if you don't have legacy clients which
won't support it -- so failure of a single VIP/server won't maim entire
clusters), and got better monitoring thanks to statistics-channels.

-Original Message-
From: "Manson, John" 
Date: Tuesday, June 5, 2012 9:58 AM
To: "'bind-users@lists.isc.org'" 
Subject: VMware & Bind

>Will bind run on VMware?
> 
> 
>John Manson 
>CAO/HIR/NI Data-Communications | U.S. House of Representatives |
>Washington, DC 20515
>Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
> 
> 
> 
> 
>
>
>___
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[Chris Buxton]

On Jun 5, 2012, at 9:58 AM, Manson, John wrote:

> Will bind run on VMware?

Yes.

Chris Buxton
BlueCat Networks

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[Joshua Smith]

Yes. 

--
Josh Smith
KD8HRX

Email/jabber: juice...@gmail.com
Phone: 304.237.9369(c)

Sent from my iPhone

On Jun 5, 2012, at 12:58 PM, "Manson, John"  wrote:

> Will bind run on VMware?
>  
>  
> John Manson
> CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, 
> DC 20515
> Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov
>  
>  
>  
>  
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Recommended value for max-cache-size for cache-only shared hosts..

[JINMEI Tatuya / 神明達哉]

At Mon, 04 Jun 2012 12:53:31 -0700,
Doug Barton  wrote:

> >> If your cache is too small the CPU will peg when the cleaning-interval 
> >> goes.  Maybe that's changed but the behavior still exists in the 9.7 
> >> branch.  Setting your cache size really depends on your query load.  On a 
> >> resolver doing 15,000/qps having a cache of 256M will cause a problem 
> >> during the cleaning-interval whereas if it's 2G you won't notice the 
> >> interval at all.  Also on a busy resolver expect BIND to use about twice 
> >> as much as where you set your limits.
> > 
> > Hmm, looking into the code again, I realized my memory was slightly
> > incorrect: "cleaning interval has been effectively no-op since BIND
> > 9.5" should have been "cleaning interval has been effectively
> > meaningless and therefore disabled by default since BIND 9.5", and if
> > you explicitly enable it by setting cleaning-interval to a non 0
> > value, it will still do meaningless but expensive operations.
> > 
> > So, in conclusion, my main point should still stand: "Tweaking it
> > (cleaning-interval) won't improve performance".  And, it could
> > actually do harm.
> 
> Thanks, I learned something today! But that sort of prompts the question
> in my mind, why does the option still exist?

Good question, I wonder the same thing:-) I don't remember the
original plan, but I guess it was actually planned to be deprecated
but it has just been forgotten or left as a lower priority thing since
then.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[Michael Sinatra]

On Tue, 5 Jun 2012, Manson, John wrote:


Will bind run on VMware?


Yes.  I have a few machines running BIND 9.9.x on FreeBSD as a guest os on 
vmware.


michael
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Recommended value for max-cache-size for cache-only shared hosts..

[Doug Barton]

On 6/5/2012 11:30 AM, JINMEI Tatuya / 神明達哉 wrote:
> Good question, I wonder the same thing:-) I don't remember the
> original plan, but I guess it was actually planned to be deprecated
> but it has just been forgotten or left as a lower priority thing since
> then.

So, get busy! It's not like you have nothing else to do ... :)

Doug

-- 
If you're never wrong, you're not trying hard enough
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Default Options

[Evan Hunt]

>Is there a command for bind that will list all Options default names and
>settings in named.conf?
>Might be helpful in understanding why bind is acting a certin way.

Not really...  if you download and build source, there's a tool that
will print all the supported options (bin/tests/cfg_test --named --grammar)
but it doesn't print the default settings.

But, if you've downloaded the source anyway, the defaults for nearly every
option are set in bin/named/config.c -- scroll down to where it says
"default configuration" and read from there.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Default Options

[Manson, John]

Very helpful.
The search word in the file is 'options'.
Snippet:

options {\n\
#   blackhole {none;};\n"
#ifndef WIN32
"   coresize default;\n\
datasize default;\n\
files default;\n\
stacksize default;\n"
#endif
"   deallocate-on-exit true;\n\
#   directory \n\
dump-file \"named_dump.db\";\n\
fake-iquery no;\n\
has-old-clients false;\n\
heartbeat-interval 60;\n\
host-statistics no;\n\
interface-interval 60;\n\
listen-on {any;};\n\
listen-on-v6 {none;};\n\
.
.
.
.
The file also includes defaults for 'view' and 'zone'.
Thanks


-Original Message-
From: Evan Hunt [mailto:e...@isc.org]
Sent: Tuesday, June 05, 2012 3:04 PM
To: Mike Hoskins
Cc: Manson, John; 'bind-users@lists.isc.org'
Subject: Re: Default Options

>Is there a command for bind that will list all Options default names and
>settings in named.conf?
>Might be helpful in understanding why bind is acting a certin way.

Not really...  if you download and build source, there's a tool that
will print all the supported options (bin/tests/cfg_test --named --grammar)
but it doesn't print the default settings.

But, if you've downloaded the source anyway, the defaults for nearly every
option are set in bin/named/config.c -- scroll down to where it says
"default configuration" and read from there.

--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Transfer the same zone from a split-view master

[Carlos Raúl Laguna Mendoza]

Hi everyone still stuck with this can anyone through some light here i 
need transfer a several iqual zone from two views in my master server 
but the slave server only has one ip so i read something about using 
TSIG to get this done but so far nothing, can anyone explain to me how 
should look the config of the view and zone in the master and slave 
server.Regards and thanks

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: TTL for name servers

[Peter Andreev]

Just to clarify, let's assume that you maintain zone example.be. Let's also
say that in .be zone TTL for your NS'es is 86400 and TTL for NS'es in your
zone is 345600.

In such scenario the latter will be cached by resolver because it is the
authoritative data. For some resolver implementations this behaviour can be
overrided.

To replace nameserver with new one I would do the following:
1. set up new server;
2. send updates to parent zone;
3. wait for TTL mentioned in my zone (for example above - 345600);
4. shut down old server(s).

2012/6/5 hugo hugoo 

>  Dear all,
>
>
>
> Can anyone clarify to me the use of the TTL for a NS record?
>
> Let’s take the example of a *.be domain.
>
>
>
> A TTL value is present on both locations.
>
>
>
> 1)In a dns.be server (for example x.dns.be): in my example here
> below, value is 86400
>
> 2)In the name server itself: in my example here below, value is 345600
>
>
>
>
> If we plan to change the name server to be used for a certain domain, do
> we have to change the TTL in the dns.be?
>
> Is this possible?
>
>
>
> Is this value that all the cache servers use?
>
> If yes…what about the TTL value of the name server itself?
>
>
>
>
>
> Thank in advance of any useful feedback,
>
>
>
> Hugo,
>
>
>
>
>
> *Example:*
>
>
>
>
>
> dig @localhost google.be NS +trace
>
>
>
> ; <<>> DiG 9.6-ESV-R4 <<>> @localhost google.be NS +trace
>
> ; (1 server found)
>
> ;; global options: +cmd
>
> .   502894  IN  NS  f.root-servers.net.
>
> .   502894  IN  NS  g.root-servers.net.
>
> .   502894  IN  NS  h.root-servers.net.
>
> .   502894  IN  NS  a.root-servers.net.
>
> .   502894  IN  NS  i.root-servers.net.
>
> .   502894  IN  NS  b.root-servers.net.
>
> .   502894  IN  NS  j.root-servers.net.
>
> .   502894  IN  NS  c.root-servers.net.
>
> .   502894  IN  NS  k.root-servers.net.
>
> .   502894  IN  NS  l.root-servers.net.
>
> .   502894  IN  NS  d.root-servers.net.
>
> .   502894  IN  NS  m.root-servers.net.
>
> .   502894  IN  NS  e.root-servers.net.
>
> ;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
>
>
> be. 172800  IN  NS  m.ns.dns.be.
>
> be. 172800  IN  NS  x.dns.be.
>
> be. 172800  IN  NS  london.ns.dns.be.
>
> be. 172800  IN  NS  prague.ns.dns.be.
>
> be. 172800  IN  NS  brussels.ns.dns.be.
>
> be. 172800  IN  NS  amsterdam.ns.dns.be.
>
> ;; Received 307 bytes from 198.41.0.4#53(a.root-servers.net) in 27 ms
>
>
>
> google.be.  86400   IN  NS  ns2.google.com.
>
> google.be.  86400   IN  NS  ns1.google.com.
>
> google.be.  86400   IN  NS  ns4.google.com.
>
> google.be.  86400   IN  NS  ns3.google.com.
>
> ;; Received 109 bytes from 193.190.135.4#53(brussels.ns.dns.be) in 1 ms
>
>
>
> google.be.  345600  IN  NS  ns4.google.com.
>
> google.be.  345600  IN  NS  ns1.google.com.
>
> google.be.  345600  IN  NS  ns3.google.com.
>
> google.be.  345600  IN  NS  ns2.google.com.
>
> ;; Received 173 bytes from 216.239.36.10#53(ns3.google.com) in 18 ms
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
AP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

transfer the same zone from a split-view master

[Carlos Raúl Laguna Mendoza]

Hi everyone still stuck with this can anyone through some light here i 
need transfer a several iqual zone from two views in my master server 
but the slave server only has one ip so i read something about using 
TSIG to get this done but so far nothing, can anyone explain to me how 
should look the config of the view and zone in the master and slave 
server.Regards and thanks

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: TTL for name servers

[Alexander Gurvitz]

Hi.

TTL returned by YOUR zone authoritative server will (at least should) be
preferred by caches.

Matt Larson from verisign explained on these:

http://www.merit.edu/mail.archives/nanog/2004-07/msg00255.html

Regards,
Alexander Gurvitz,
net-me.net
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Recommended value for max-cache-size for cache-only shared hosts..

[Mike Hoskins]

-Original Message-
From: Doug Barton 
Organization: http://SupersetSolutions.com/
Date: Tuesday, June 5, 2012 11:49 AM
To: JINMEI Tatuya / 神明達哉 
Cc: 
Subject: Re: Recommended value for max-cache-size for cache-only shared
hosts..

>On 6/5/2012 11:30 AM, JINMEI Tatuya / 神明達哉 wrote:
>> Good question, I wonder the same thing:-) I don't remember the
>> original plan, but I guess it was actually planned to be deprecated
>> but it has just been forgotten or left as a lower priority thing since
>> then.
>
>So, get busy! It's not like you have nothing else to do ... :)

sorry to waste bandwidth, but just wanted to point out this statement is
more true than expected in jest...with the double negative (nothing vs
anything).

i hate english...  ;-)


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VMware & Bind

[Mark Elkins]

Just make sure you have an adequate supply of Randomness if playing with
DNSSEC (or any key generation stuff).

On Tue, 2012-06-05 at 13:33 -0400, jcarrol...@cfl.rr.com wrote:
> Technically VMware is not the OS but the hypervisor that controls other OS's, 
> such as Windows or Linux. I've implemented BIND 9 on Solaris 10 x86 running 
> on a VMware with no issues.
> 
> JC
>  "Manson wrote: 
> > Will bind run on VMware?

-- 
  .  . ___. .__  Posix Systems - (South) Africa
 /| /|   / /__   m...@posix.co.za  -  Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496



smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: transfer the same zone from a split-view master

[Chris Buxton]

On Jun 5, 2012, at 1:50 PM, Carlos Raúl Laguna Mendoza wrote:

> Hi everyone still stuck with this can anyone through some light here i need 
> transfer a several iqual zone from two views in my master server but the 
> slave server only has one ip so i read something about using TSIG to get this 
> done but so far nothing, can anyone explain to me how should look the config 
> of the view and zone in the master and slave server.Regards and thanks

Check the FAQ.

In short:

- Create two TSIG keys, one per view.
- Configure those keys on each server (master and slave).
- In each view on the master, use match-clients to match one key and not the 
other -- put the TSIG keys first, before any IP addresses.
- In each view on each server (master and slave), use a server statement 
referencing the other server and designating the key for that view.
- Remove the zone files from the slave server.
- 'rndc reload' on both servers.
- Check the logs and the slave's zone files.

Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: transfer the same zone from a split-view master

[Carlos Raúl Laguna Mendoza]

El 05/06/12 20:24, Chris Buxton escribió:

On Jun 5, 2012, at 1:50 PM, Carlos Raúl Laguna Mendoza wrote:


Hi everyone still stuck with this can anyone through some light here i need 
transfer a several iqual zone from two views in my master server but the slave 
server only has one ip so i read something about using TSIG to get this done 
but so far nothing, can anyone explain to me how should look the config of the 
view and zone in the master and slave server.Regards and thanks

Check the FAQ.

In short:

- Create two TSIG keys, one per view.
- Configure those keys on each server (master and slave).
- In each view on the master, use match-clients to match one key and not the 
other -- put the TSIG keys first, before any IP addresses.
- In each view on each server (master and slave), use a server statement 
referencing the other server and designating the key for that view.
- Remove the zone files from the slave server.
- 'rndc reload' on both servers.
- Check the logs and the slave's zone files.

Chris Buxton
BlueCat Networks
It work like a charm* this small detail was missing (put the TSIG key 
first) the rest was already on,

thank you so much really. Best regards

Carlos R Laguna
NDC TINONET
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: TTL for name servers

[Mark Andrews]

In message 
, Alexander Gurvitz writes:
> Hi.
> 
> TTL returned by YOUR zone authoritative server will (at least should) be
> preferred by caches.
> 
> Matt Larson from verisign explained on these:
> 
> http://www.merit.edu/mail.archives/nanog/2004-07/msg00255.html
> 
> Regards,
> Alexander Gurvitz,
> net-me.net

TTL of NS records are complicated as the existance of the delegation
is covered by the parents NS records but the contents of the NS
records comes from the child zone.  Named looks at both TTLs to
determine when to remove the NS RRset.

https://deepthought.isc.org/article/AA-00691/

If you are wanting to workout when to decommission a nameserver take the
maximum of the two NS rrset after they have both been updated as when it
is safe to decommission.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users