Re: Version statement...

2012-08-20 Thread Tony Finch
sth...@nethelp.no  wrote:

> > I have since learned that you get different version output from dig,
> > named -v, and a dns query and the version statement only affects
> > specific outputs.
>
> What is the difference between using dig and a DNS query?

Dig reports its own version number in the comment at the start of its
output. "rndc status" and "named -v" report named's version. The "version"
configuration option affects responses to "version.bind ch txt" queries
but not other version number reporting mechanisms.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: 2 dns records for same server

2012-08-20 Thread WBrown
Dwayne wrote on 08/19/2012 07:37:39 PM:
> My hosts get the ip's of all 3 dns 
> servers when they recieve dhcp information. 

I think this is the issue.  The internal clients should only point to the 
internal DNS server.  They should never be querying the DNS that returns 
the public IP addresses EVER! 




Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


RE: 2 dns records for same server

2012-08-20 Thread Lightner, Jeff
That is to say don't put the external servers in /etc/resolv.conf on your 
clients - only put the internal one there.  (Or the Windows equivalent setup 
should only see your internal DNS server.)

I would correct the prior post not to say "EVER" but rather "not directly".   
Often in an internal/external configuration only the "external" server queries 
the internet and the internal one forwards requests it gets to the external 
one.   It doesn't matter if the external server the internal DNS server is 
pointing to also has records for the domains because the internal server would 
already have answered for the domains it is authoritative for before trying to 
forward.   We have internal/external setup here for one domain and have no 
problems doing this.   (Oddly enough we also have views but that's another 
story...)







-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org 
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of 
wbr...@e1b.org
Sent: Monday, August 20, 2012 8:24 AM
To: Dwayne Hottinger
Cc: bind-users@lists.isc.org
Subject: Re: 2 dns records for same server

Dwayne wrote on 08/19/2012 07:37:39 PM:
> My hosts get the ip's of all 3 dns
> servers when they recieve dhcp information.

I think this is the issue.  The internal clients should only point to the 
internal DNS server.  They should never be querying the DNS that returns the 
public IP addresses EVER!




Confidentiality Notice:
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that you 
may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or telephone 
and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

-
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
--

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: dns_query_createvia: failed address not available

2012-08-20 Thread Merton Campbell Crockett
Thanks for the hint.  I had a transfer-source defined that was correct for the 
IP address that the new system would be at but not for its current address.


On 19 Aug 2012, at 16:31 , SM wrote:

> Hi Merton,
> At 16:02 19-08-2012, Merton Campbell Crockett wrote:
>> Hopefully someone on this list can identify what is triggering the 
>> "dns_query_createvia" error.  I haven't encountered this particular error in 
>> the last 25 years of mucking with named.
>> 
>> The error results in named to fail to load slave zones when it is first 
>> loaded if the zone files are not present.  When the slave zone files are 
>> present, they are loaded but zone transfers are not performed to refresh the 
>> zone data.  The following named.log excerpt was created by using a "rndc 
>> refresh ad.gd-ais.com" command to force a refresh of the zone data.
>> 
>> 
>> 19-Aug-2012 18:28:48.575 general: info: received control channel command 
>> 'refresh ad.gd-ais.com'
>> 19-Aug-2012 18:28:48.575 general: debug 1: queue_soa_query: zone 
>> AD.GD-AIS.COM/IN: enter
>> 19-Aug-2012 18:28:48.575 general: debug 1: soa_query: zone AD.GD-AIS.COM/IN: 
>> enter
>> 19-Aug-2012 18:28:48.575 general: debug 3: dns_request_createvia
>> 19-Aug-2012 18:28:48.575 general: debug 3: req_destroy: request 0x3b7e18
>> 19-Aug-2012 18:28:48.575 general: debug 3: dns_request_createvia: failed 
>> address not available
> 
> Is an IP address specified for pulling the zone in the configuration file?  
> Is the IP address bound to one of the available interfaces?
> 
> Regards,
> -sm 

--
Merton Campbell Crockett
m.c.crock...@roadrunner.com




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: 2 dns records for same server

2012-08-20 Thread WBrown
"Lightner, Jeff"  wrote on 08/20/2012 08:56:56 AM:

> That is to say don't put the external servers in /etc/resolv.conf on
> your clients - only put the internal one there.  (Or the Windows 
> equivalent setup should only see your internal DNS server.)

Or push via DHCP as in this case.
 
> I would correct the prior post not to say "EVER" but rather "not 
> directly".   Often in an internal/external configuration only the 
> "external" server queries the internet and the internal one forwards
> requests it gets to the external one.   It doesn't matter if the 
> external server the internal DNS server is pointing to also has 
> records for the domains because the internal server would already 
> have answered for the domains it is authoritative for before trying 
> to forward.   We have internal/external setup here for one domain 
> and have no problems doing this.   (Oddly enough we also have views 
> but that's another story...)

We're using different semantics here.  I meant that the workstation should 
only send queries to the internal server and get answers from same.  Where 
that data comes from, is not important, at least from the perspective of 
the workstation as long as it is correct. 

Put another way, packets are only exchanged between workstation and the 
internal name server. 

Also, this is only for normal operations.  Use of host/dig/nslookup 
directed at any specific DNS servers not included.



Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


repeated several times request

2012-08-20 Thread Jose Manuel Delgado G.
Bind 9.9.1-P2 I have installed on a server with Solaris 10, when a client
makes a query, this is repeated several times and it comes with the domain
installed in the client machine.

172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com. Internet
 ?
 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com.*
cwpanama.com*. Internet  ?
 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com. Internet
Addr ?
 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com.*
cwpanama.com*. Internet Addr ?
 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)

also happened with earlier versions of Bind
Thanks a lot!
JM
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: repeated several times request

2012-08-20 Thread Sten Carlsen

If I understand what your question is:
/etc/resolv.conf -> search / domain

Nothing to do with bind, local resolver appends search doamin to check 
if that gives an answer = if you use short form names.



On 20/08/12 16:03, Jose Manuel Delgado G. wrote:
Bind 9.9.1-P2 I have installed on a server with Solaris 10, when a 
client makes a query, this is repeated several times and it comes with 
the domain installed in the client machine.
172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
. Internet  ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
.*cwpanama.com 
*. Internet  ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
. Internet Addr ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
.*cwpanama.com 
*. Internet Addr ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
also happened with earlier versions of Bind
Thanks a lot!
JM


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
Best regards

Sten Carlsen

No improvements come from shouting:

   "MALE BOVINE MANURE!!!"

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: 2 dns records for same server

2012-08-20 Thread Dwayne Hottinger
in my case my clients are getting all dns servers.  which is what my issue
was.  glad for all the help.

thanks,

ddh


On Mon, Aug 20, 2012 at 9:33 AM,  wrote:

> "Lightner, Jeff"  wrote on 08/20/2012 08:56:56 AM:
>
> > That is to say don't put the external servers in /etc/resolv.conf on
> > your clients - only put the internal one there.  (Or the Windows
> > equivalent setup should only see your internal DNS server.)
>
> Or push via DHCP as in this case.
>
> > I would correct the prior post not to say "EVER" but rather "not
> > directly".   Often in an internal/external configuration only the
> > "external" server queries the internet and the internal one forwards
> > requests it gets to the external one.   It doesn't matter if the
> > external server the internal DNS server is pointing to also has
> > records for the domains because the internal server would already
> > have answered for the domains it is authoritative for before trying
> > to forward.   We have internal/external setup here for one domain
> > and have no problems doing this.   (Oddly enough we also have views
> > but that's another story...)
>
> We're using different semantics here.  I meant that the workstation should
> only send queries to the internal server and get answers from same.  Where
> that data comes from, is not important, at least from the perspective of
> the workstation as long as it is correct.
>
> Put another way, packets are only exchanged between workstation and the
> internal name server.
>
> Also, this is only for normal operations.  Use of host/dig/nslookup
> directed at any specific DNS servers not included.
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>



-- 
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: repeated several times request

2012-08-20 Thread Kevin Darcy
BIND does not control what DNS queries clients send to it. That's a 
client configuration issue. My preference is to not have any domain 
suffixing at all (the practice leads to waste and inefficiency on the 
infrastructure side, and potential security issues), but obviously not 
everyone shares that preference...


As for the  queries, I'd put that in a separate category. You 
shouldn't be trying to turn off IPv6 lookups in the client, because 
generally that means turning off dual-stack capability altogether, and 
that's a) highly *dis*-recommended by many vendors (e.g. Microsoft) and 
b) you'll regret that decision down the road when you want to implement 
IPv6 and you need a granular transition mechanism.


- Kevin

On 8/20/2012 10:03 AM, Jose Manuel Delgado G. wrote:
Bind 9.9.1-P2 I have installed on a server with Solaris 10, when a 
client makes a query, this is repeated several times and it comes with 
the domain installed in the client machine.
172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
. Internet  ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
.*cwpanama.com 
*. Internet  ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
. Internet Addr ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
  172.25.3.5 -> 172.25.3.11  DNS C samsungvuieventlog.vlingo.com 
.*cwpanama.com 
*. Internet Addr ?

 172.25.3.11 -> 172.25.3.5   DNS R  Error: 3(Name Error)
also happened with earlier versions of Bind
Thanks a lot!
JM


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users