Re: restarting bind fixes some resolution issues
On 2017-07-09 15:04:53 +, Matus UHLAR - fantomas said: On 09.07.17 14:36, Dario Corti wrote: Hi, I occasionally have issues updating some packages, with the package manager saying that it cannot resolve deb.nodesource.com. I'm using 1:9.9.5.dfsg-9+deb8u11 and I verified that a bind restart fixes the problem every time (even if technically the domain CAN be resolved also before the restart). https://mxtoolbox.com/SuperTool.aspx?action=dns%3adeb.nodesource.com&run=toolpage http://dnscheck.pingdom.com/?domain=deb.nodesource.com both checkers report errors... I issued a dig before and after the restart and it does report something different, but I'm unable to understand it, so I wonder if anyone can suggest a possible reason for this. Before: https://pastebin.com/7qZUmPKA After: https://pastebin.com/U0DUhE20 i don't see any difference here, both cases report deb.nodesource.com to be a CNAME to d2buw04m05mirl.cloudfront.net - maybe you should look up that one next time problem appears. What's different is the authority section. In neither case does it provide the expected NS records for nodesource.com or cloudfront.net, or even NS records for d2buw04m05mirl.cloudfront.net, which my servers have cached. There is something odd about the configuration. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: designing the DNS from the scratch
> But you do know the approximate speed of light in a vacuum? ~3 x 10**8 m/s More importantly, what is the speed of light in a fiberoptic connection? Speed of electrons in copper wire? Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: designing the DNS from the scratch
On 10/07/2017 14:02, wbr...@e1b.org wrote: > ~3 x 10**8 m/s > > More importantly, what is the speed of light in a fiberoptic connection? ~0.66c > Speed of electrons in copper wire? Individual electrons move *very* slowly - it's the electric *field* that moves at between 0.5c and 1c. https://en.wikipedia.org/wiki/Velocity_factor cheers, Ray ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: designing the DNS from the scratch
But you do know the approximate speed of light in a vacuum? there's always dark in my vacuum, so the speed of light doesn't apply there. On 10.07.17 09:02, wbr...@e1b.org wrote: More importantly, what is the speed of light in a fiberoptic connection? Speed of electrons in copper wire? speed of electrical field, which is the same as speed of light. electrons are much slower. however, the longest distances on earth are about 2km, which requires at least 67ms for signal to get there and 133ms to get back. in reality there's some small delay on each network device in the path, so the 3ms can only be achieved on short distances. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: designing the DNS from the scratch
On 2017/07/10 14:16, Matus UHLAR - fantomas wrote: >>> But you do know the approximate speed of light in a vacuum? > > there's always dark in my vacuum, so the speed of light doesn't apply > there. > > On 10.07.17 09:02, wbr...@e1b.org wrote: >> More importantly, what is the speed of light in a fiberoptic connection? >> Speed of electrons in copper wire? > > speed of electrical field, which is the same as speed of light. > electrons are much slower. > > however, the longest distances on earth are about 2km, which requires > at least 67ms for signal to get there and 133ms to get back. > in reality there's some small delay on each network device in the path, so > the 3ms can only be achieved on short distances. > Indeed. Assuming the OP was talking about providing an authoritative service -- that is, to allow the rest of the world to look up their customer's domains -- then if they went back to their customer with a more realistic target of say a 95th-percentile limit of a sub-50ms RTT for users in urban North America, Europe, Russia, Japan and other locations with a well developed Internet infrastructure, that could be achieved by putting DNS servers in strategically located POPs on each continent and using anycast routing to direct traffic to the nearest location. Which would be eye-wateringly expensive to do for just one client, unless they needed about as much capacity as a middle-sized ccTLD. Or you could buy a service from one of a number of DNS service providers who provide pretty much exactly what I described. That will still be quite expensive, but not to the extent that it would cause inadvertent emission of bodily fluids. On the other hand, if they were talking about providing a recursive DNS caching service to allow their customer's servers to look stuff up from the internet, then a 3ms RTT is not impossible so long as * the DNS machines are sufficiently close to the client's machines that you can readily achieve sub-3ms ping RTTs between them * the 3ms limit *only* applies to responses from cached data. There's clearly no way you can guarantee <3ms if your recursive server needs to talk to a machine on the other side of the planet where it takes at least 200ms just to get packets there and back again. Cheers, Matthew signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: different result between normal query and zone transfer
The bottom line is that a *zone* is the basic administrative unit of AXFR/IXFR-based replication. If you create a new zone and you want a replica to serve it, you need to configure the replica to replicate it. There is no "automatic" mechanism within BIND to tell replicas to start slaving new zones. If you have a common provisioning/configuration-control mechanism, then this can be quite convenient, but it sounds like this is between you and your ISP, so I assume that no such common framework exists. You have to follow their procedures for getting the new zone transfer definition established, whether that be a phone call, an email, filling out an online form, something like that. - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of MAYER Hans Sent: Sunday, July 09, 2017 1:14 AM To: bind-users@lists.isc.org Subject: Re: different result between normal query and zone transfer Hi Steven, Many thanks for your answer. Isn’t there a flag or option to say handle all sub-zones like normal A or CNAME records too ? // Hans > On 6 Jul 2017, at 15:05, Steven Carr wrote: > > On 6 July 2017 at 12:29, MAYER Hans wrote: >> For me this looks like a bug. Why is the answer for a normal query different >> than the answer from a zone transfer ? >> Or do I miss a special flag for this setup ? >> I am using BIND 9.11.1 but I had the same issue with older >> versions too. > > A zone transfer is transferring the contents of the zone, the zone in > question is 'iiasa.ac.at', but you've also created a subzone > 'test44.iiasa.ac.at' which is a completely separate point of > administration that just happens to hide records inside of the parent > zone. So on your slaves you will also need to slave the subzone if you > want it to override the records there. > > A query will traverse the tree until it finds the lowest point of > delegation with which to obtain a response from. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: different result between normal query and zone transfer
Darcy Kevin (FCA) wrote: > There is no "automatic" mechanism within BIND to tell replicas to start > slaving new zones. Fans of new features pop up in response to say, you might be able to use catalog zones to automatically configure replication :-) https://kb.isc.org/article/AA-01401/0/A-short-introduction-to-Catalog-Zones.html Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Trafalgar: North or northwest 5 or 6, decreasing 4 at times, then occasionally 7 later. Moderate or rough, occasionally slight in far southeast. Occasional rain in north. Good, occasionally moderate in north. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: different result between normal query and zone transfer
Am 10.07.2017 um 18:48 schrieb Tony Finch: Darcy Kevin (FCA) wrote: There is no "automatic" mechanism within BIND to tell replicas to start slaving new zones. Fans of new features pop up in response to say, you might be able to use catalog zones to automatically configure replication :-) https://kb.isc.org/article/AA-01401/0/A-short-introduction-to-Catalog-Zones.html This guide shows the basic usage of catalog zones - how to add set up a master and slave provisioned using catalog zone, how to add a new zone to the catalog zone and how to possibly automate it. In this guide we'll be using three servers - master running on 10.53.0.1 and two slaves running on 10.53.0.2 and 10.53.0.3. To make it easier to try out this example on your own system, we are using unprivileged ports 5300 and 9953, for DNS and RNDC respectively. well, bind10 is dead so far and at least no longer a ISC project ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: different result between normal query and zone transfer
Reindl Harald wrote: > > well, bind10 is dead so far and at least no longer a ISC project Catalog zones are a BIND 9.11 feature. https://kb.isc.org/article/AA-01432/81/BIND-9.11.0-Release-Notes.html#relnotes_features Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Forth, Tyne, Dogger, Fisher, North German Bight: Cyclonic 4 or 5, increasing 6 at times. Slight or moderate. Rain or thundery showers. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: designing the DNS from the scratch
Em 10/07/17 11:12, Matthew Seaman escreveu: Or you could buy a service from one of a number of DNS service providers who provide pretty much exactly what I described. That will still be quite expensive, but not to the extent that it would cause inadvertent emission of bodily fluids. I have been using Amazon AWS Route 53 DNS services and i'm loving them. The price is really low for the availability i'm experiencing, the easy management. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
