Re: Reverse address entries
On 02.07.13 08:53, Daniel McDonald wrote: I've had trouble with OSI-Soft PI historian without reverse entries. If there is no reverse, then the PI software would spend about 30 seconds looking in vain for a DNS answer before sending a SYN-ACK packet. If there is no reverse, the software should get NXDOMAIN answer. in such case there's nothing to wait for any longer. Are you sure that was not a case of unreachable servers? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: configure syslog prefix
On 02.07.13 13:49, Klaus Darilion wrote: Some software allows to configure the syslog prefix, but I couldn't find that for bind. Is there a workaround to get something like that? named-incoming[11926]: zone mydomain/IN: Transfer started. named-incoming[11926]: transfer of 'mydomain/IN' from 2.3.4.5#53: connected using 2.3.4.5#44224 named-outgoing[13479]: client 2.3.4.5#44224: transfer of 'mydomain/IN': AXFR-style IXFR started: TSIG mydomain named-outgoing[13479]: client 2.3.4.5#44224: transfer of 'mydomain/IN': AXFR-style IXFR ended You seem to want different process names for different log types. I'm afraid you can not do that and playing with named process name or links won't help However: you can use "print-category yes" which will give you a category name to which the particular logs belong to. http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#id2576269 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Service Hung
On 03.07.13 09:33, Arie Lendra Putra wrote: Now the problem is sometimes (not quite often, just seldomly) Named on one of this server is just plain not responding, the process is still there but just not responding to any queries, when this happened the only way to revive it is to kill the PID and restart the named service, plain service named restart not working. and nothing on logs. What seems to be the problem, is it because the bind version is too outdated? most probably. get a newer version within your package distribution, or try to upgrade the system if you can. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows." ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: configure syslog prefix
hhhmmm
I have not run multiple binds on the same box, but according to the man pages
for named.conf (assuming you have a different configuration file for each
instance) setup each to report to a different logging facility ie:
in named.conf:
logging {
channel default_syslog {
syslog local7;
severity info;
};
...
and in /etc/rsyslog.conf
# Save named messages firstnamedinstance.log
local7.*
/var/log/firstnamedinstance.log
(If you have logrotate installed)You may also want to add a file in
/etc/logrotate.d with the following info:
/var/log/firstnamedinstance.log {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null ||
true
endscript
}
So it will rotate the logs
> Date: Tue, 2 Jul 2013 13:49:35 +0200
> From: klaus.mailingli...@pernau.at
> To: bind-us...@isc.org
> Subject: configure syslog prefix
>
> Hi!
>
> I have several bind instances running on the same host. All of them use
> the same logging prefix, e.g:
>
> named[11926]: zone mydomain/IN: Transfer started.
> named[11926]: transfer of 'mydomain/IN' from 2.3.4.5#53: connected using
> 2.3.4.5#44224
> named[13479]: client 2.3.4.5#44224: transfer of 'mydomain/IN':
> AXFR-style IXFR started: TSIG mydomain
> named[13479]: client 2.3.4.5#44224: transfer of 'mydomain/IN':
> AXFR-style IXFR ended
>
>
> So I only have the PID to separate the different bind processes.
>
> Some software allows to configure the syslog prefix, but I couldn't find
> that for bind.
>
> Is there a workaround to get something like that?
>
> named-incoming[11926]: zone mydomain/IN: Transfer started.
> named-incoming[11926]: transfer of 'mydomain/IN' from 2.3.4.5#53:
> connected using 2.3.4.5#44224
> named-outgoing[13479]: client 2.3.4.5#44224: transfer of 'mydomain/IN':
> AXFR-style IXFR started: TSIG mydomain
> named-outgoing[13479]: client 2.3.4.5#44224: transfer of 'mydomain/IN':
> AXFR-style IXFR ended
>
> Thanks
> Klaus
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: configure syslog prefix
-Original Message-
From: Shawn Bakhtiar
Date: Wednesday, July 3, 2013 12:15 PM
To: "bind-us...@isc.org"
Subject: RE: configure syslog prefix
>hhhmmm
>
>I have not run multiple binds on the same box, but according to the man
>pages for named.conf (assuming you have a different configuration file
>for each instance) setup each to report to a different logging facility
>ie:
>
>in named.conf:
>
>
>logging {
> channel default_syslog {
>syslog local7;
>severity info;
> };
>
>...
>
>
>and in /etc/rsyslog.conf
>
># Save named messages firstnamedinstance.log
>local7.*
>/var/log/firstnamedinstance.log
>
>(If you have logrotate installed)You may also want to add a file in
>/etc/logrotate.d with the following info:
>
>/var/log/firstnamedinstance.log {
>sharedscripts
>postrotate
>/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2>
>/dev/null || true
>endscript
>}
Good call, and if you're running rsyslog go to rsyslog.conf/doc and read
about templates... You can rewrite anything to your heart's content with
a little effort.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Service Hung
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/03/2013 05:09 AM, Matus UHLAR - fantomas wrote: > On 03.07.13 09:33, Arie Lendra Putra wrote: >> Now the problem is sometimes (not quite often, just seldomly) >> Named on one of this server is just plain not responding, the >> process is still there but just not responding to any queries, >> when this happened the only way to revive it is to kill the PID >> and restart the named service, plain service named restart not >> working. >> >> and nothing on logs. >> >> What seems to be the problem, is it because the bind version is >> too outdated? > > most probably. get a newer version within your package > distribution, or try to upgrade the system if you can. I don't think there is any evidence whatsoever that points in that direction. - -- *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |-*O*- ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer || \\ and Health | novos...@rutgers.edu - 973/972.0922 (2x0922) || \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark `' -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlHUU3MACgkQmb+gadEcsb5v9QCgykJvqdBQQVeOCC0GCJ3RuJta P3cAoKGzqCzzC3D9ZoJ0YrZrQFX7ab5L =uohA -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Service Hung
-Original Message- From: , Ryan Date: Wednesday, July 3, 2013 12:38 PM To: Matus UHLAR - fantomas Cc: "bind-users@lists.isc.org" Subject: Re: BIND Service Hung >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >On 07/03/2013 05:09 AM, Matus UHLAR - fantomas wrote: >> On 03.07.13 09:33, Arie Lendra Putra wrote: >>> Now the problem is sometimes (not quite often, just seldomly) >>> Named on one of this server is just plain not responding, the >>> process is still there but just not responding to any queries, >>> when this happened the only way to revive it is to kill the PID >>> and restart the named service, plain service named restart not >>> working. >>> >>> and nothing on logs. >>> >>> What seems to be the problem, is it because the bind version is >>> too outdated? >> >> most probably. get a newer version within your package >> distribution, or try to upgrade the system if you can. > >I don't think there is any evidence whatsoever that points in that >direction. sure but even in the commercial world, typical support model says "reproduce with latest version" -- even moreso with OSS. if you have a problem an on ancient version, there are too many variables. reproduce on an updated system and you are more likely to get help. not a perfect answer, but quite common. ultimately it is your problem so others might help but impetus ultimately yours. you really want to run an updated version anyway, have you read the CVEs? :-) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Service Hung
On Jul 2, 2013, at 7:33 PM, Arie Lendra Putra wrote: > PS: sometimes this happens when our upstream is down, many unanswered DNS > request sometimes trigger named not responding. Stop forwarding. Do your own recursion. Regards, Chris Buxton___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/03/2013 04:39 AM, Matus UHLAR - fantomas wrote: > On 02.07.13 08:53, Daniel McDonald wrote: >> I've had trouble with OSI-Soft PI historian without reverse >> entries. If there is no reverse, then the PI software would >> spend about 30 seconds looking in vain for a DNS answer before >> sending a SYN-ACK packet. > > If there is no reverse, the software should get NXDOMAIN answer. in > such case there's nothing to wait for any longer. Are you sure that > was not a case of unreachable servers? Something I just stumbled over today (funny that it was during this topic) is that there is a Cisco ASA issue that makes reverse queries against anything but in-addr.arpa fail with a timeout. Unfortunately, some things check IN-ADDR.ARPA (why on earth?) and the lack of that entry is apparently causing mail delivery problems. - -- *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |-*O*- ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer || \\ and Health | novos...@rutgers.edu - 973/972.0922 (2x0922) || \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark `' -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlHU400ACgkQmb+gadEcsb6VMgCgrly3VyQLx5LOMo/9+A69amDr rQoAoN3gMhd2zQuQaozh2+/gJ05XUZNb =DJTm -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/03/2013 07:52 PM, Novosielski, Ryan wrote: | On 07/03/2013 04:39 AM, Matus UHLAR - fantomas wrote: |> On 02.07.13 08:53, Daniel McDonald wrote: |>> I've had trouble with OSI-Soft PI historian without reverse |>> entries. If there is no reverse, then the PI software would |>> spend about 30 seconds looking in vain for a DNS answer before |>> sending a SYN-ACK packet. | |> If there is no reverse, the software should get NXDOMAIN answer. in |> such case there's nothing to wait for any longer. Are you sure that |> was not a case of unreachable servers? | | Something I just stumbled over today (funny that it was during this | topic) is that there is a Cisco ASA issue that makes reverse queries | against anything but in-addr.arpa fail with a timeout. Unfortunately, | some things check IN-ADDR.ARPA (why on earth?) and the lack of that | entry is apparently causing mail delivery problems. It's not clear what distinction you're making. DNS should not be case sensitive, or is that what you're saying the problem is? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCAAGBQJR1O0LAAoJEFzGhvEaGryEY2IH/0KZLIRqq9OW7VnALaQmUZoZ OXFsDx3z44KgQtmRve2TJdDWmJXj7gSqnufdti1Ah4fi+ay1nfNBt2Zp4IHvQAKq +/Eatorenr0nEUaRDwG/WEJrx4+2Hj8nvEQUbm1NdCP24d1zKI4Vhb0y01xx2JoN +r80HJXu4AYIA4IU65jAgBZpMMvLtHcWYawqs/f+YKvchoK/Hqw9ELGisHLaAB5k UnXyRPmo4bNP2eisH0CsY8rgVdRcY38rSM11O924cwupFxwTk6Ex7mnPaTUL3iOf 7diG4sAVSZxVJ1NCC+0Am3ATDXjDBnAACEE/XakEAGKOqYcBuUUR9ndzoFvFQXM= =wuuQ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse address entries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/03/2013 11:33 PM, Doug Barton wrote: > On 07/03/2013 07:52 PM, Novosielski, Ryan wrote: | On 07/03/2013 > 04:39 AM, Matus UHLAR - fantomas wrote: |> On 02.07.13 08:53, > Daniel McDonald wrote: |>> I've had trouble with OSI-Soft PI > historian without reverse |>> entries. If there is no reverse, > then the PI software would |>> spend about 30 seconds looking in > vain for a DNS answer before |>> sending a SYN-ACK packet. | |> If > there is no reverse, the software should get NXDOMAIN answer. in |> > such case there's nothing to wait for any longer. Are you sure > that |> was not a case of unreachable servers? | | Something I just > stumbled over today (funny that it was during this | topic) is that > there is a Cisco ASA issue that makes reverse queries | against > anything but in-addr.arpa fail with a timeout. Unfortunately, | > some things check IN-ADDR.ARPA (why on earth?) and the lack of > that | entry is apparently causing mail delivery problems. > > It's not clear what distinction you're making. DNS should not be > case sensitive, or is that what you're saying the problem is? Sorry I wasn't that clear -- the issue that we're having is that the reverse DNS is not available. The reason happens to be case sensitivity and problem with the Cisco firewall we're using -- not a choice not to include those entries -- but in any case, it is an example of what can happen when your reverse entries are not properly configured. - -- *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |-*O*- ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer || \\ and Health | novos...@rutgers.edu - 973/972.0922 (2x0922) || \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark `' -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlHU/5AACgkQmb+gadEcsb46cwCcD8sE/fwK5DHkkcr9u3uAxzKp qigAoJuE7fYTDLGfkRjM6k9op1SSg5lP =xykF -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
