Re: How is a $ORIGIN directive used inside a DNS Zone File

[Mukund Sivaraman]

Hi Harshith

On Mon, Dec 14, 2015 at 07:36:15AM +, Harshith Mulky wrote:
> Why is a $ORIGIN directive used in DNS Zone Files?

$ORIGIN directive sets a name to be appended to relative names in the
zone file so that they can be made into absolute names. The current
origin is appended to such relatives names.

See the BIND ARM for syntax and an explanation.

It is also explained here: http://www.zytrax.com/books/dns/ch8/origin.html

> Would my Zone Files not work if I do not have $ORIGIN directive?

Zone files do not require use of $ORIGIN. It is in fact an extension to
the master format in RFC 1035.

See the pointers above for more details.

Mukund


signature.asc
Description: PGP signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: unalbe-to-query

[Niall O'Reilly]

On Mon, 14 Dec 2015 06:59:12 +,
Ejaz wrote:
> 
> Hi all, 
> 
> We are one of the leading ISP of Saudi Arabia. Installed latest
> version of bind and smbind inorder manage the zones over the Web
> interface. 
> 
> Wonder is that, the zones which configured through smbind cannot be
> seen from the outside world.. locally it is fine. For an example
> arabsat.com. 
> 
> Almost 1500 other zones on the same name server runs through bind 9.9.
> works perfectly internally and externally. Eg. Cyberia.net.sa. 
> 
> From Internally I can query it.. it is ok… 

  I'm not sure that you can safely say this.  From what I can see,
  you seem to be using nslookup, which (in trying to be "helpful")
  hides so much information that you cannot depend on the results
  it gives.

  I suggest you use the zonemaster tool (https://zonemaster.net/) to
  run a comprehensive series of tests against the zone(s) which are
  giving you trouble.

  Best regards,
  Niall O'Reilly
  
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: unalbe-to-query

[Ejaz]

Thank you so much for your  response.. see this the error what I have when I 
check from zonemaster.net

 

 

Name server ns1.cyberia.net.sa/212.119.92.5 did not return NS records. RCODE 
was REFUSED.

 

Whereas, when I check for SOA of arabsat.com from inside network. Seems 
everything is ok.. 

 

 

 

host -t soa arabsat.com

arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa. 2015121472 
43200 4320 1209600 600

 

 

Please advise  how can I trouble shoot. 

 

Thanks in advance… 

ejaz 

 

-Original Message-
From: Niall O'Reilly [mailto:niall.orei...@ucd.ie] 
Sent: Monday, December 14, 2015 12:13 PM
To: Ejaz 
Cc: bind-users@lists.isc.org
Subject: Re: unalbe-to-query

 

On Mon, 14 Dec 2015 06:59:12 +,

Ejaz wrote:

> 

> Hi all,

> 

> We are one of the leading ISP of Saudi Arabia. Installed latest 

> version of bind and smbind inorder manage the zones over the Web 

> interface.

> 

> Wonder is that, the zones which configured through smbind cannot be 

> seen from the outside world.. locally it is fine. For an example 

> arabsat.com.

> 

> Almost 1500 other zones on the same name server runs through bind 9.9.

> works perfectly internally and externally. Eg. Cyberia.net.sa. 

> 

> From Internally I can query it.. it is ok…

 

  I'm not sure that you can safely say this.  From what I can see,

  you seem to be using nslookup, which (in trying to be "helpful")

  hides so much information that you cannot depend on the results

  it gives.

 

  I suggest you use the zonemaster tool (  
https://zonemaster.net/) to

  run a comprehensive series of tests against the zone(s) which are

  giving you trouble.

 

  Best regards,

  Niall O'Reilly

  

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: unalbe-to-query

[Reindl Harald]

Am 14.12.2015 um 10:47 schrieb Ejaz:

Thank you so much for your  response.. see this the error what I have
when I check from zonemaster.net

Name server ns1.cyberia.net.sa/212.119.92.5 did not return NS records.
RCODE was REFUSED.


nameserver refuses to respond


[harry@rh:~]$ dig SOA arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> SOA arabsat.com 
@ns1.cyberia.net.sa.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51257
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com.   IN  SOA

;; Query time: 138 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mo Dez 14 10:52:50 CET 2015
;; MSG SIZE  rcvd: 40

[harry@rh:~]$ dig NS arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> NS arabsat.com 
@ns1.cyberia.net.sa.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58984
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com.   IN  NS

;; Query time: 104 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mo Dez 14 10:53:10 CET 2015
;; MSG SIZE  rcvd: 40


Whereas, when I check for SOA of arabsat.com from inside network. Seems
everything is ok..

host -t soa arabsat.com

arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
2015121472 43200 4320 1209600 600


get rid of "host" and "nslookup", i see the same result while the zone 
is *not* proper operational as you can see above with dig and "status: 
REFUSED"


[harry@rh:~]$ host -t soa arabsat.com
arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa. 
2015121472 43200 4320 1209600 600



Please advise  how can I trouble shoot


remove restrictions on your nameserver for public zones, if you don't 
know how it is configured or don't understand the config post it - we 
can't help when we don't have no insight



-Original Message-
From: Niall O'Reilly [mailto:niall.orei...@ucd.ie]
Sent: Monday, December 14, 2015 12:13 PM
To: Ejaz 
Cc: bind-users@lists.isc.org
Subject: Re: unalbe-to-query

On Mon, 14 Dec 2015 06:59:12 +,

Ejaz wrote:

 >

 > Hi all,

 >

 > We are one of the leading ISP of Saudi Arabia. Installed latest

 > version of bind and smbind inorder manage the zones over the Web

 > interface.

 >

 > Wonder is that, the zones which configured through smbind cannot be

 > seen from the outside world.. locally it is fine. For an example

 > arabsat.com.

 >

 > Almost 1500 other zones on the same name server runs through bind 9.9.

 > works perfectly internally and externally. Eg. Cyberia.net.sa.

 >

 > From Internally I can query it.. it is ok…

   I'm not sure that you can safely say this.  From what I can see,

   you seem to be using nslookup, which (in trying to be "helpful")

   hides so much information that you cannot depend on the results

   it gives.

   I suggest you use the zonemaster tool (https://zonemaster.net/) to

   run a comprehensive series of tests against the zone(s) which are

   giving you trouble.

   Best regards,

   Niall O'Reilly




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Did anyone try to extract query-rate etc using xml-stats?

[Tony Finch]

blrmaani  wrote:

> Latest version of BIND supports BIND stats via http i.e we can do this
> (assuming appropriate configs already done in named.conf for this to
> work):
>
> curl :   >  bind-stats.xml
>
> What other tools are available to read this XML file and extract stats?

I generally prefer to use the json version, e.g.
http://fanf.livejournal.com/134571.html

See also the recent discussion on this list:
https://lists.isc.org/pipermail/bind-users/2015-November/095977.html

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
Fitzroy, Sole: South 6 to gale 8, occasionally severe gale 9 at first, backing
southeast 5 or 6 later in Sole. Rough or very rough, occasionally high until
later. Occasional rain. Good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How is a $ORIGIN directive used inside a DNS Zone File

[Tony Finch]

Mukund Sivaraman  wrote:
>
> Zone files do not require use of $ORIGIN. It is in fact an extension to
> the master format in RFC 1035.

No, it is specified in RFC 1035 section 5.1:

: Two control entries are defined: $ORIGIN and $INCLUDE.  $ORIGIN is
: followed by a domain name, and resets the current origin for relative
: domain names to the stated name.

:  Domain names that end in a dot are called
: absolute, and are taken as complete.  Domain names which do not end in a
: dot are called relative; the actual domain name is the concatenation of
: the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as
: an argument to the master file loading routine.  A relative name is an
: error when no origin is available.

: @   A free standing @ is used to denote the current origin.

For BIND when you specify a zone you have to provide a zone file name and
zone apex name, and the origin defaults to the zone apex.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
Cromarty, Forth: Cyclonic becoming easterly 4 or 5, occasionally 6 later.
Slight or moderate. Occasional rain. Good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users