Re: Converting between zone file formats

2023-02-02 Thread Evan Hunt 
On Mon, Jan 30, 2023 at 11:11:03AM +0100, Havard Eidnes via bind-users wrote:
> You didn't answer, though, whether the 9.16 named-checkzone will
> be able to read & correctly interpret the binary zone files 9.18
> stores in the file system, or whether there is some other and
> more preferable way to accomplish what I want, either with 9.18
> itself or otherwise.

It should, the raw file format hasn't changed. (There used to be a
format called "map" that was incompatible between versions, but
you're not using that, and it's been removed from BIND now anyway.)

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Intermittent issues resolving "labor.upload.akamai.com"

2023-02-02 Thread Bhangui, Sandeep - BLS CTR via bind-users 
Hi

We are running ISC DNS Bind Version 9.18.10 ( will soon be moving to 9.18.11) 
on our Linux Servers.

DNS resolution in general seems to work just fine as expected.

It seems we have intermittent issues resolving "labor.upload.akamai.com" and 
then some scripts fail. It is clear that the failure of the script is due to 
DNS name lookup.

Not sure if this is an issue that needs to be looked up at our end ( since DNS 
as such is working just fine for all the rest of the name resolution) or things 
are not configured properly at other end as far as how this DNS record is 
published and due to which I see the behavior of intermittent dns name lookup 
failure.

Any pointers would be appreciated.

Thanks
Sandeep

dig labor.upload.akamai.com

; <<>> DiG 9.18.10 <<>> labor.upload.akamai.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51211
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 17e14f79ba23179d010063dc4895fbcf47353a31763c (good)
;; QUESTION SECTION:
;labor.upload.akamai.com.   IN  A

;; Query time: 1203 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Feb 02 18:34:45 EST 2023
;; MSG SIZE  rcvd: 80


But if I point to a public DNS server like VZ or google I seem to resolve it 
fine all the time.

dig @198.6.1.1 labor.upload.akamai.com

; <<>> DiG 9.18.10 <<>> @198.6.1.1 labor.upload.akamai.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43891
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;labor.upload.akamai.com.   IN  A

;; ANSWER SECTION:
labor.upload.akamai.com. 300IN  CNAME   labor.c-ftp.upload.akamai.com.
labor.c-ftp.upload.akamai.com. 900 IN   CNAME   
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net.
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.137
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.149
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.144
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.143
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.142
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.148
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.139
r33674-33729.neards.1.cftp.e.stor.lb.akamai.net. 23 IN A 23.200.4.146

;; Query time: 202 msec
;; SERVER: 198.6.1.1#53(198.6.1.1) (UDP)
;; WHEN: Thu Feb 02 18:35:50 EST 2023
;; MSG SIZE  rcvd: 267
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Requesting Update-Policy Statements Sanity Check, Please

2023-02-02 Thread duluxoz 

Hi All,

I'm pretty new to configuring Bind and so it would be great if 
someone(s) could just check my code re: the update-policy zone 
command(s) below - thanks in advance.


For the first zone (a regular internal forward-lookup zone) I'd like to 
be able to update (from Kea via ddns) the zone when a new host is 
assigned/etc a DHCP lease:


update-policy {grant update-key name internal-forward-lookup.local A ;};

For the second zone (a regular internal reverse-lookup zone for the 
192.168.1.0/24 network) I'd like to be able to update (from Kea via 
ddns) the zone when a new host is assigned a DHCP lease(obviously I've 
got an equivalent IPv6 reverse-lookup zone :-) ):


update-policy {grant update-key name 1.168.192.IN-ADDR.ARPA PTR;};

For the third zone (a regular external forward-lookup zone) I'd like to 
be able to update (via acme.sh/LetsEncrypt) the 
_acme-challenge.example.com TXT record when a Certificate is 
requested/renewed:


update-policy {grant update-key name _acme-challenge.example.com TXT;};

I've got the update-key configured and available on all the necessary 
boxes, etc, and dns (for fixed IP addresses) and dhcp are working - I 
just need to get these update-policy statements correct.


Any help is greatly appreciated - and again, thanks in advance

Cheers

Dulux-Oz
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users