Re: Option in named to turn off EDNS Globally

2016-08-05 Thread Mark Andrews 

In message 
,
 Harshith Mulky writes:
> 
> I have tried enabling with the significant bits
> 
> server 0.0.0.0/0 { edns no; };
> server ::/0 { edns no; };
> 
> 
> But, I get the following Error
> 
> Error in named configuration:
> /etc/named.conf:120: '{' expected near '/'
> 
> Error in /var/log/messages
> 
> Aug  5 11:59:19 coorg named:  failed
> Aug  5 11:59:19 coorg named: /etc/named.conf:120: '{' expected near '/'

It looks like you are running pre-9.5.0 version of named which means
you are running a version of named that was end-of-lifed years ago.

> Thanks
> Harshith
> 
> 
> 
> From: Mark Andrews 
> Sent: Friday, August 5, 2016 11:11:01 AM
> To: Harshith Mulky
> Cc: bind-users@lists.isc.org
> Subject: Re: Option in named to turn off EDNS Globally
> 
> 
> In message  ROD.OUTLOOK
> .COM>, Harshith Mulky writes:
> > Hello,
> >
> > Is there a option in named to turn off EDNS Responses(not Requests) Globa=
> lly
> >
> > I have tried with this Option on named
> >
> > server 0.0.0.0
> > {
> > edns no;
> > };
> 
> You need specify the significant bits.  By default all the bits are signifi=
> cant.
> 
> server 0.0.0.0/0 { edns no; };
> server ::/0 { edns no; };
> 
> But why do you need to turn off EDNS?  Its almost always not what is needed=
> .
> 
> Mark
> 
> > But does not seem to work
> >
> > Any other options?
> >
> > Thanks
> >
> > Harshith
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Option in named to turn off EDNS Globally

2016-08-05 Thread Nico CARTRON 
Hi Harshith,

> On 05 Aug 2016, at 08:47, Harshith Mulky  wrote:
> 
> I have tried enabling with the significant bits
> 
> server 0.0.0.0/0 { edns no; };
> server ::/0 { edns no; };
> 
> But, I get the following Error
> Error in named configuration:
> /etc/named.conf:120: '{' expected near '/'
> 
> Error in /var/log/messages
> 
> Aug  5 11:59:19 coorg named:  failed
> Aug  5 11:59:19 coorg named: /etc/named.conf:120: '{' expected near '/'
> 
> 

You still didn't say why you want to turn off EDNS. 
That shouldn't be needed nowadays and could even cause problems...

-- 
Nico


> Thanks
> Harshith
> 
> From: Mark Andrews 
> Sent: Friday, August 5, 2016 11:11:01 AM
> To: Harshith Mulky
> Cc: bind-users@lists.isc.org
> Subject: Re: Option in named to turn off EDNS Globally
>  
> 
> In message 
>  .COM>, Harshith Mulky writes:
> > Hello,
> > 
> > Is there a option in named to turn off EDNS Responses(not Requests) Globally
> > 
> > I have tried with this Option on named
> > 
> > server 0.0.0.0
> > {
> > edns no;
> > };
> 
> You need specify the significant bits.  By default all the bits are 
> significant.
> 
> server 0.0.0.0/0 { edns no; };
> server ::/0 { edns no; };
>  
> But why do you need to turn off EDNS?  Its almost always not what is needed.
> 
> Mark
> 
> > But does not seem to work
> > 
> > Any other options?
> > 
> > Thanks
> > 
> > Harshith
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Option in named to turn off EDNS Globally

2016-08-05 Thread Nico CARTRON 
On 5 August 2016 at 09:15:29, Harshith Mulky (harshith.mu...@outlook.com) wrote:
Hello Nico,



This was only for Testing between 2 devices, 1 supporting edns and the other 
not supporting edns and checking how the Application behaves(lwresd and named)

OK.

Better also answering on the mailing list =)





Cheers,

-- 
Nico


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

help

2016-08-05 Thread RAM MOHAN, Hari Ganesh 
Hi There,

We have two DNS views (HDQ and softlayer), Softlayer DNS view is configured 
with forwarder as loopback. This is working for all zones except few zones (Ex. 
Mi-testq03.pt)

named.conf file,

view "softlayer" {

match-clients { "softlayer"; "softlayer-slaves"; "lnxd0006" };

forward only;
forwarders { 127.0.0.1; };

zone "." { type hint; file "db.cache"; };
zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0"; };

zone "marriott.com" { type slave; masters { 162.130.122.250 key 
softlayer_view.tsig; }; file "softlayer/db.marriott"; };

};

view "hdq" {

match-clients { "any"; };

transfer-source 10.224.5.117; // ALIAS IP FOR HDQ DNS XFERS

zone "." { type hint; file "db.cache"; };
zone "0.0.127.in-addr.arpa" { type master; file "db.127.0.0"; };

zone "marriott.com" { type slave; masters { 162.130.122.250; }; file 
"hdq/db.marriott"; };
zone "mi-testq03.pt" { type slave; masters { 162.130.122.250; }; file 
"hdq/db.mi-testq03.pt"; };
zone "mi-testq03.fr" { type slave; masters { 162.130.122.250; }; file 
"hdq/db.mi-testq03.fr"; };

};

nslookup resutls,
softlayer view,
[root@lnxd0006 ~]# nslookup mi-testq03.pt
Server: 162.130.128.167
Address: 162.130.128.167#53

** server can't find mi-testq03.pt: NXDOMAIN

[root@lnxd0006 ~]# nslookup mi-testq03.fr
Server: 162.130.128.167
Address: 162.130.128.167#53

Non-authoritative answer:
Name: mi-testq03.fr
Address: 10.224.8.221

dig resutls,

[root@lnxd0006 ~]# dig mi-testq03.pt

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60677
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mi-testq03.pt. IN A

;; AUTHORITY SECTION:
pt. 211 IN SOA curiosity.dns.pt. request.dns.pt. 2016080407 21600 7200 2592000 
300

;; Query time: 17 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Thu Aug 4 08:14:48 2016
;; MSG SIZE rcvd: 89

[root@lnxd0006 ~]# dig mi-testq03.fr

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.fr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25974
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mi-testq03.fr. IN A

;; ANSWER SECTION:
mi-testq03.fr. 1735 IN A 10.224.8.221

;; Query time: 16 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Thu Aug 4 08:14:52 2016
;; MSG SIZE rcvd: 47

We are not able to understand that why we are not able to resolve mi-testq03.pt 
whereas mi-testq03.fr is just working fine.

please help us.

Thanks
HariGanesh

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: help

2016-08-05 Thread S Carr 
On 5 August 2016 at 17:21, RAM MOHAN, Hari Ganesh
 wrote:
> We are not able to understand that why we are not able to resolve
> mi-testq03.pt whereas mi-testq03.fr is just working fine.

There is an A record at the apex of the mi-testq03.pt zone, right?
What do you get if you try to dig for the SOA record?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

resigning of zones

2016-08-05 Thread Andreas Meyer 
Hello!

After what amount of time a zone is resigned by named when
it was edited?

Regards

  Andreas
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: help

2016-08-05 Thread RAM MOHAN, Hari Ganesh 
Yes. You are right there is A record at the apex.

Dig SOA gives two different results, It tells SERVFAIL and then NXDOMAIN

[dns@lnxd0006 ~]$ dig mi-testq03.pt SOA

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt SOA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8450
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mi-testq03.pt. IN  SOA

;; Query time: 291 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Fri Aug  5 14:20:54 2016
;; MSG SIZE  rcvd: 31

[dns@lnxd0006 ~]$ dig mi-testq03.pt SOA

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> mi-testq03.pt SOA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18621
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mi-testq03.pt. IN  SOA

;; AUTHORITY SECTION:
pt. 294 IN  SOA curiosity.dns.pt. 
request.dns.pt. 2016080510 21600 7200 2592000 300

;; Query time: 19 msec
;; SERVER: 162.130.128.167#53(162.130.128.167)
;; WHEN: Fri Aug  5 14:21:00 2016
;; MSG SIZE  rcvd: 89


Thanks & Regards,
Hari Ganesh


-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of S Carr
Sent: Friday, August 05, 2016 10:29 PM
To: bind-users@lists.isc.org
Subject: Re: help

On 5 August 2016 at 17:21, RAM MOHAN, Hari Ganesh  
wrote:
> We are not able to understand that why we are not able to resolve 
> mi-testq03.pt whereas mi-testq03.fr is just working fine.

There is an A record at the apex of the mi-testq03.pt zone, right?
What do you get if you try to dig for the SOA record?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: help

2016-08-05 Thread S Carr 
On 5 August 2016 at 19:26, RAM MOHAN, Hari Ganesh
 wrote:
>
> Dig SOA gives two different results, It tells SERVFAIL and then NXDOMAIN
>

Check your BIND logs to make sure the zone has been successfully
transferred from the master.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: help

2016-08-05 Thread RAM MOHAN, Hari Ganesh 
Yes, zone has transferred successfully.

Aug  5 18:44:16 ncldl38037 named[8532]: client 162.130.128.167#33747 
(mi-testq03.pt): view hdq: transfer of 'mi-testq03.pt/IN': AXFR-style IXFR 
started
Aug  5 18:44:16 ncldl38037 named[8532]: client 162.130.128.167#33747 
(mi-testq03.pt): view hdq: transfer of 'mi-testq03.pt/IN': AXFR-style IXFR ended

Thanks & Regards,

Hari Ganesh Ram Mohan



-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of S Carr
Sent: Saturday, August 06, 2016 2:30 AM
To: bind-users@lists.isc.org
Subject: Re: help

On 5 August 2016 at 19:26, RAM MOHAN, Hari Ganesh  
wrote:
>
> Dig SOA gives two different results, It tells SERVFAIL and then 
> NXDOMAIN
>

Check your BIND logs to make sure the zone has been successfully transferred 
from the master.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users