Re: [bind-users] DNS weirdness
Hello Doc,
Wanted to see if you were able to resolve your issue.
I have seen this issue occur in the past also.
Jerry
On 01/ 6/15 12:50 PM, The Doctor wrote:
Help needed.
This morning my primary DNS server locked.
No worries, the backup will kick in.
Wrong
!!
The Secondary DNS server cannot resolve properly unless
the 'real' primary is working.
All right, why is the secondary server behaving this way?
Satrt of secondary DNS server named.conf file
//Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "7ZbGK94NdSa2WACxx72W1w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
// generated by named-bootconf.pl
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
dump-file "/etc/namedb/named.core";
max-ncache-ttl 86400;
recursive-clients 100;
reserved-sockets 128;
tcp-clients 40;
tcp-listen-queue 14;
zone-statistics yes;
forwarders { 208.67.222.222; 208.67.220.220; };
blackhole {
65.94.172.87;
67.68.204.41;
74.15.184.13;
65.94.173.208;
};
allow-transfer {
204.209.81.1;
204.209.81.8;
204.209.81.14;
};
allow-notify {
204.209.81.1;
204.209.81.8;
204.209.81.14;
};
also-notify {
204.209.81.1 port 53;
204.209.81.8 port 53;
204.209.81.14 port 53;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Too many connections on the same IP
Hello, during a massive DNS utilization our Bind 9.10.1-P1 seems not to resolve anymore, neither local zone. We shutdown one of the two nodes and all queries arrived only on one node. CPU and memory load were not too overloaded, machine was quite fine. After some fast tests, i noticed that if from clients i used an ip alias of Bind server, it worked perfectly! Only on main ip there were congestion problems, but resolving on ip aliases worked fastly! Where was i wrong? Thank you! Francesco ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [bind-users] DNS weirdness
On Tue, Mar 03, 2015 at 03:47:58AM -0600, Jerry K wrote:
> Hello Doc,
>
> Wanted to see if you were able to resolve your issue.
>
> I have seen this issue occur in the past also.
>
Not yet.
Still the problem with the original server was a dying power supply.
> Jerry
>
>
> On 01/ 6/15 12:50 PM, The Doctor wrote:
> >Help needed.
> >
> >This morning my primary DNS server locked.
> >
> >No worries, the backup will kick in.
> >
> >Wrong
> >
> >!!
> >
> >The Secondary DNS server cannot resolve properly unless
> >the 'real' primary is working.
> >
> >All right, why is the secondary server behaving this way?
> >
> >Satrt of secondary DNS server named.conf file
> >
> >//Use with the following in named.conf, adjusting the allow list as needed:
> >key "rndc-key" {
> > algorithm hmac-md5;
> > secret "7ZbGK94NdSa2WACxx72W1w==";
> >};
> >
> >controls {
> > inet 127.0.0.1 port 953
> > allow { 127.0.0.1; } keys { "rndc-key"; };
> >};
> >
> >
> >
> >
> >// generated by named-bootconf.pl
> >
> >options {
> > directory "/etc/namedb";
> > pid-file "/var/run/named.pid";
> > dump-file "/etc/namedb/named.core";
> > max-ncache-ttl 86400;
> > recursive-clients 100;
> > reserved-sockets 128;
> > tcp-clients 40;
> > tcp-listen-queue 14;
> > zone-statistics yes;
> > forwarders { 208.67.222.222; 208.67.220.220; };
> > blackhole {
> > 65.94.172.87;
> > 67.68.204.41;
> > 74.15.184.13;
> > 65.94.173.208;
> > };
> > allow-transfer {
> > 204.209.81.1;
> > 204.209.81.8;
> > 204.209.81.14;
> > };
> > allow-notify {
> > 204.209.81.1;
> > 204.209.81.8;
> > 204.209.81.14;
> > };
> > also-notify {
> > 204.209.81.1 port 53;
> > 204.209.81.8 port 53;
> > 204.209.81.14 port 53;
> > };
> > /*
> > * If there is a firewall between you and nameservers you want
> > * to talk to, you might need to uncomment the query-source
> > * directive below. Previous versions of BIND always asked
> >
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
You know everybody is ignorant, only on different subjects. -Will Rogers
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Config large tuning and out of memory
Hello, i recompiled Bind 9.10.1-P1 with system large tuning enabled. I have some hundreds of view (with DLZ) in our system. With this feature compiled in, bind does not start: Mar 3 16:50:45 cloud02gw named[13338]: reloading configuration failed: out of memory I have 16 Gb of RAM, and about 14 almost free! Where is the matter? Thank you Francesco ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Config large tuning and out of memory
Is your binary 64 bit, or 32? Rich > On Mar 3, 2015, at 9:54 AM, Job wrote: > > Hello, > > i recompiled Bind 9.10.1-P1 with system large tuning enabled. > I have some hundreds of view (with DLZ) in our system. > > With this feature compiled in, bind does not start: > > Mar 3 16:50:45 cloud02gw named[13338]: reloading configuration failed: out > of memory > > I have 16 Gb of RAM, and about 14 almost free! > > Where is the matter? > > Thank you > Francesco > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Too many connections on the same IP
On 03.03.15 11:43, Job wrote: during a massive DNS utilization our Bind 9.10.1-P1 seems not to resolve anymore, neither local zone. We shutdown one of the two nodes and all queries arrived only on one node. CPU and memory load were not too overloaded, machine was quite fine. After some fast tests, i noticed that if from clients i used an ip alias of Bind server, it worked perfectly! Only on main ip there were congestion problems, but resolving on ip aliases worked fastly! do you have any firewall in front of your DNS server? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Config large tuning and out of memory
Job, I won’t go in to this in detail, as it’s more complicated than “your 32 bit system can’t address more than 4GB of RAM”, but your 32 bit OS is almost certainly your problem. Most of your 16GB of RAM is unused due to OS limitations. I’d recommend upgrading to a 64 bit OS, then compile a 64 bit version of BIND with your compile time options. -Rich > On Mar 3, 2015, at 10:05 AM, Job wrote: > > Hello Rich, > we are on 32 bit system, CentOS 5.2 > > Thank you > > > Da: Rich Goodson [rgood...@gronkulator.com] > Inviato: martedì 3 marzo 2015 17.01 > A: Job > Cc: bind-users@lists.isc.org > Oggetto: Re: Config large tuning and out of memory > > Is your binary 64 bit, or 32? > > Rich > >> On Mar 3, 2015, at 9:54 AM, Job wrote: >> >> Hello, >> >> i recompiled Bind 9.10.1-P1 with system large tuning enabled. >> I have some hundreds of view (with DLZ) in our system. >> >> With this feature compiled in, bind does not start: >> >> Mar 3 16:50:45 cloud02gw named[13338]: reloading configuration failed: out >> of memory >> >> I have 16 Gb of RAM, and about 14 almost free! >> >> Where is the matter? >> >> Thank you >> Francesco >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Config large tuning and out of memory
CentOS 5.x does have a 64 bit version. 5.2 is quite old - they're up to 5.10 or 5.11 these days. I don't think you can just change from 32 bit to 64 bit - I think it requires a reinstall from the 64 bit installation media. If you have do a reinstall you're better off going to at least CentOS 6 because RHEL5 (and therefore CentOS 5) should be nearing end of life. Even better would be to go to CentOS 7 given it is the latest release so will have a much longer lifespan.. If you're running any other applications on the server you'd want to verify they don't have a problem running on a 64 bit OS before doing any upgrade. Some applications are 32 bit only and may run fine on a 64 bit OS (you can usually install both 32 bit and 64 bit versions of most RPMs).However, 32 bit applications may have reduced performance on a 64 bit OS. If you do have to reinstall and choose to go to later release you'd of course want to be sure any applications will run on that later release. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Rich Goodson Sent: Tuesday, March 03, 2015 11:44 AM To: Job Cc: bind-users@lists.isc.org Subject: Re: Config large tuning and out of memory Job, I won't go in to this in detail, as it's more complicated than "your 32 bit system can't address more than 4GB of RAM", but your 32 bit OS is almost certainly your problem. Most of your 16GB of RAM is unused due to OS limitations. I'd recommend upgrading to a 64 bit OS, then compile a 64 bit version of BIND with your compile time options. -Rich > On Mar 3, 2015, at 10:05 AM, Job wrote: > > Hello Rich, > we are on 32 bit system, CentOS 5.2 > > Thank you > > > Da: Rich Goodson [rgood...@gronkulator.com] > Inviato: martedì 3 marzo 2015 17.01 > A: Job > Cc: bind-users@lists.isc.org > Oggetto: Re: Config large tuning and out of memory > > Is your binary 64 bit, or 32? > > Rich > >> On Mar 3, 2015, at 9:54 AM, Job wrote: >> >> Hello, >> >> i recompiled Bind 9.10.1-P1 with system large tuning enabled. >> I have some hundreds of view (with DLZ) in our system. >> >> With this feature compiled in, bind does not start: >> >> Mar 3 16:50:45 cloud02gw named[13338]: reloading configuration failed: out >> of memory >> >> I have 16 Gb of RAM, and about 14 almost free! >> >> Where is the matter? >> >> Thank you >> Francesco >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
R: Config large tuning and out of memory
Thank you for the excellent reply! Francesco Da: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] per conto di Lightner, Jeff [jlight...@dsservices.com] Inviato: martedì 3 marzo 2015 19.10 A: bind-users@lists.isc.org Oggetto: RE: Config large tuning and out of memory CentOS 5.x does have a 64 bit version. 5.2 is quite old - they're up to 5.10 or 5.11 these days. I don't think you can just change from 32 bit to 64 bit - I think it requires a reinstall from the 64 bit installation media. If you have do a reinstall you're better off going to at least CentOS 6 because RHEL5 (and therefore CentOS 5) should be nearing end of life. Even better would be to go to CentOS 7 given it is the latest release so will have a much longer lifespan.. If you're running any other applications on the server you'd want to verify they don't have a problem running on a 64 bit OS before doing any upgrade. Some applications are 32 bit only and may run fine on a 64 bit OS (you can usually install both 32 bit and 64 bit versions of most RPMs).However, 32 bit applications may have reduced performance on a 64 bit OS. If you do have to reinstall and choose to go to later release you'd of course want to be sure any applications will run on that later release. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Rich Goodson Sent: Tuesday, March 03, 2015 11:44 AM To: Job Cc: bind-users@lists.isc.org Subject: Re: Config large tuning and out of memory Job, I won't go in to this in detail, as it's more complicated than "your 32 bit system can't address more than 4GB of RAM", but your 32 bit OS is almost certainly your problem. Most of your 16GB of RAM is unused due to OS limitations. I'd recommend upgrading to a 64 bit OS, then compile a 64 bit version of BIND with your compile time options. -Rich > On Mar 3, 2015, at 10:05 AM, Job wrote: > > Hello Rich, > we are on 32 bit system, CentOS 5.2 > > Thank you > > > Da: Rich Goodson [rgood...@gronkulator.com] > Inviato: martedì 3 marzo 2015 17.01 > A: Job > Cc: bind-users@lists.isc.org > Oggetto: Re: Config large tuning and out of memory > > Is your binary 64 bit, or 32? > > Rich > >> On Mar 3, 2015, at 9:54 AM, Job wrote: >> >> Hello, >> >> i recompiled Bind 9.10.1-P1 with system large tuning enabled. >> I have some hundreds of view (with DLZ) in our system. >> >> With this feature compiled in, bind does not start: >> >> Mar 3 16:50:45 cloud02gw named[13338]: reloading configuration failed: out >> of memory >> >> I have 16 Gb of RAM, and about 14 almost free! >> >> Where is the matter? >> >> Thank you >> Francesco >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
R: Too many connections on the same IP
I tried to tune kernel, with SOMAXCONN but with no solutions! When DNS queries raise up over 300 queries per second, bind has huge timeouts and often does not respond. If i work on an ip alias, everything is right! it seems bind has some limit based on local ip address. is there any solutions? Thank you again! Francesco Da: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] per conto di Job [j...@colliniconsulting.it] Inviato: martedì 3 marzo 2015 11.43 A: bind-users@lists.isc.org Oggetto: Too many connections on the same IP Hello, during a massive DNS utilization our Bind 9.10.1-P1 seems not to resolve anymore, neither local zone. We shutdown one of the two nodes and all queries arrived only on one node. CPU and memory load were not too overloaded, machine was quite fine. After some fast tests, i noticed that if from clients i used an ip alias of Bind server, it worked perfectly! Only on main ip there were congestion problems, but resolving on ip aliases worked fastly! Where was i wrong? Thank you! Francesco ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: R: Too many connections on the same IP
Have you checked to see if there is another machine using the same IP? > On Mar 3, 2015, at 4:40 PM, Job wrote: > > I tried to tune kernel, with SOMAXCONN but with no solutions! > When DNS queries raise up over 300 queries per second, bind has huge timeouts > and often does not respond. > If i work on an ip alias, everything is right! > > it seems bind has some limit based on local ip address. > > is there any solutions? > > Thank you again! > Francesco > > > Da: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] per > conto di Job [j...@colliniconsulting.it] > Inviato: martedì 3 marzo 2015 11.43 > A: bind-users@lists.isc.org > Oggetto: Too many connections on the same IP > > Hello, > > during a massive DNS utilization our Bind 9.10.1-P1 seems not to resolve > anymore, neither local zone. > We shutdown one of the two nodes and all queries arrived only on one node. > > CPU and memory load were not too overloaded, machine was quite fine. > > After some fast tests, i noticed that if from clients i used an ip alias of > Bind server, it worked perfectly! > > Only on main ip there were congestion problems, but resolving on ip aliases > worked fastly! > > Where was i wrong? > > Thank you! > Francesco > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
