> > Is this an artifact of the -P2 changes or was the use of RTT dropped
> > for some other reason?
>
> You didn't say which version you were running.
>
> I'd be quite surprised if this were an artifact of the -P1 and -P2
> changes. I'd be less surprised if it were a bug introduced in 9.5.0.
> My understanding is that the RTT-based forwarder selection is "banded",
> so that if a bunch of forwarders' RTTs all fall within the same "band"
> they'll be used either randomly, or in a strict round-robin fashion.
As I understand it that was a feature of BIND8, not BIND9.
(It'll be coming b
> Is this an artifact of the -P2 changes or was the use of RTT dropped
> for some other reason?
You didn't say which version you were running.
I'd be quite surprised if this were an artifact of the -P1 and -P2
changes. I'd be less surprised if it were a bug introduced in 9.5.0.
--
Evan Hunt -
David Sparks wrote:
> Dmitry Rybin wrote:
>> Matus UHLAR - fantomas wrote:
Matus UHLAR - fantomas wrote:
> On 11.08.08 18:54, varun srivastava wrote:
>> I just wanted to know whether bind has some specific multi processor or
>> multi core support, to take advantage to the max ?
>>
JINMEI Tatuya / 神明達哉 wrote:
> At Tue, 12 Aug 2008 17:51:06 +0400,
>
>> OK... This is well known bug.
>>
>> === named.conf ===
>> [...]
>> options {
>> max-cache-size 500M;
>> };
>>
>> [...]
>> ==
>> named with threads (8 threads, 1 thread per CPU)
>> Memory Usege grows ve
On 12 Aug 2008, at 19:46:37, Kevin Darcy wrote:
> Merton Campbell Crockett wrote:
>> My corporate network consists of roughly 100 different sites located
>> throughout North America. At each site there is a Network Management
>> System (NMS) running ISC BIND and DHCP. Each NMS is the master nam
MontyRee wrote:
> sorry for non-txt based previous e-mail. sending again.
>
>
>
> So thanks for kind and concrete answers.
>
> and addtional questions are...
>
>
> -. others can use other resolvers like windows based or other bind version.
> so this program works well as you said without except
John Smith wrote:
> I have a Fedora Core 2 box
FC2 is unsupported. You should upgrade your OS to latest Fedora or
RHEL/Centos 5.2.
> that is running BIND 9.2.3-13 and I want to
> update to the latest patch due to the DNS issue. How can I upgrade my RPM
> install? Is there an RPM that is independ
Merton Campbell Crockett wrote:
> My corporate network consists of roughly 100 different sites located
> throughout North America. At each site there is a Network Management
> System (NMS) running ISC BIND and DHCP. Each NMS is the master name
> server for the forward and reverse DNS zones
My corporate network consists of roughly 100 different sites located
throughout North America. At each site there is a Network Management
System (NMS) running ISC BIND and DHCP. Each NMS is the master name
server for the forward and reverse DNS zones assigned to the site.
No NMS has direct
On Tuesday 12 August 2008 20:09, Mark A. Moore wrote:
> Yes. We are running SELinux. What is the command to stop the service and
> if we plan on using SELinux, can you tell us what changes need to be made?
setenforce 0 = stops SELinux
setenforce 0 = re-enables SELinux
As to reconfiguring SELinu
sorry for non-txt based previous e-mail. sending again.
So thanks for kind and concrete answers.
and addtional questions are...
-. others can use other resolvers like windows based or other bind version.
so this program works well as you said without exception?
-. in the point of high-
So thanks for kind and concrete answers.
and addtional questions are...
-. others can use other resolvers like windows based or other bind version.
so this program works well as you said without exception?
-. in the point of high-availability of service,
what it better two autho
Yes. We are running SELinux. What is the command to stop the service and if we
plan on using SELinux, can you tell us what changes need to be made?
Thanks.
Mark
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Spangler
Sent: Tuesday, August 12, 2
On Tuesday 12 August 2008 10:11, Jeff Lightner wrote:
> You also probably shouldn't use Fedora for a Production DNS - Fedora is
> bleeding edge so it rolls out new versions and discards old ones on a
> fairly aggressive time frame. If you don't want to pay for RedHat
> (RHEL) then you can in
On Tuesday 12 August 2008 17:05, Mark A. Moore wrote:
> All,
> Thanks for the response given on this. I modified the named.conf file line
> file "/chroot/named/logs/named.log"; to file "/logs/named.log";
>
> Now when I restart bind, the error I get now is "logging channel
> 'audit_log' file '/l
>> tcpdump -v -x udp and port 53 and 'udp[20] == 3' and 'udp[21] == 102'
>> and 'udp[22] == 111' and 'udp[23] == 111'
>
> yow. looks WAY painful. have you tried dnscap? its CLI language has not
> changed in the last six months, so if you were waiting for it to settle
> out, now's your moment.
Luis Silva wrote:
> Hi all!
> I'm sending iterative queries from my dns server but I'm having problems to
> understand how the server realizes that the response is a referral and not
> the final response. What is the message element that indicates this or what
> is suppose to be in the message? tha
On Tue, 12 Aug 2008, Mark A. Moore wrote:
> Thanks for the response given on this. I modified the named.conf file
> line file "/chroot/named/logs/named.log"; to file "/logs/named.log";
> Now when I restart bind, the error I get now is "logging channel
> 'audit_log' file '/logs/named.log' : per
Chris,
When I type the command $CHROOT/chroot/named/logs/ I get a response back saying
it is a directory.
Mark
From: Chris Buxton [mailto:[EMAIL PROTECTED]
Sent: Tue 8/12/2008 4:38 PM
To: Mark A. Moore
Cc: bind-users@isc.org
Subject: Re: Error with logging c
At Tue, 12 Aug 2008 11:36:26 -0700,
Kai Lanz <[EMAIL PROTECTED]> wrote:
> We run BIND 9.5.0-P1 on an Alpha Tru64-4.0G box. Yesterday morning
> our named suddenly stopped serving requests, although the daemon
> had not died; the log file showed two entries for every request:
>
> Aug 11 04:01:14 pa
All,
Thanks for the response given on this. I modified the named.conf file line file
"/chroot/named/logs/named.log"; to file "/logs/named.log";
Now when I restart bind, the error I get now is "logging channel 'audit_log'
file '/logs/named.log' : permission denied
Sorry but I'm new to BIND.
At Tue, 12 Aug 2008 16:40:52 +0300,
Sotiris Tsimbonis <[EMAIL PROTECTED]> wrote:
> >> 17-Jul-2008 13:20:48.425 general: resolver.c:5494: REQUIREquery) !=
> >> ((void *)0)) && (((const isc__magic_t *)(query))->magic == ((('Q') << 24
> >> | ('!') << 16 | ('!') << 8 | ('!')) failed
> >>
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The path of your audit_log channel does not look correct. Is this
running inside a chroot jail? If so, what is the path of the chroot
jail? Let's call that path $CHROOT. Check that there is a directory
here:
$CHROOT/chroot/named/logs/
Chris Bux
Barry Margolin <[EMAIL PROTECTED]> writes:
>> > Are there any configuration changes that can be made to BIND to force
>> > it to use TCP exclusively and never use UDP? Possible?
>>
>> I guess not, why?
>
> I'm guessing he's considering this as a better solution to the Kaminsky
> attack.
noone
On Tue, 12 Aug 2008, Mark A. Moore wrote:
> named[25935]: logging channel 'audit_log' file '/var/log/named.log':
> file not found
>
> The permission for named.log is a follows -rw-r--r-- root named.
>
> Here is a partial output of named.conf file:
>
> logging {
At Mon, 11 Aug 2008 22:32:43 -0700 (PDT),
Fr34k <[EMAIL PROTECTED]> wrote:
> Usual question:
> - did you build named with a large value of FD_SETSIZE?
> ANSWER: No. I'm not even sure how to change it. Would I edit
> lib/isc/unix/socket.c? Should I change it?
You should build named by setting STD_
We need help trying to troubleshoot our issue. We are running RHEL 5.2 and
installed the latest version of BIND by following the steps provided by Steve's
article in a chroot jail (http://www.unixwiz.net/techtips/bind9-chroot.html).
I've added a few additional options recommended by Rob
(http:/
Dmitry Rybin wrote:
> Matus UHLAR - fantomas wrote:
>>> Matus UHLAR - fantomas wrote:
On 11.08.08 18:54, varun srivastava wrote:
> I just wanted to know whether bind has some specific multi processor or
> multi core support, to take advantage to the max ?
bind supports threads wh
We run BIND 9.5.0-P1 on an Alpha Tru64-4.0G box. Yesterday morning
our named suddenly stopped serving requests, although the daemon
had not died; the log file showed two entries for every request:
Aug 11 04:01:14 pangea named[10832]: resolver.c:3239: unexpected error:
Aug 11 04:01:14 pangea named[
At Tue, 12 Aug 2008 17:51:06 +0400,
> OK... This is well known bug.
>
> === named.conf ===
> [...]
> options {
> max-cache-size 500M;
> };
>
> [...]
> ==
> named with threads (8 threads, 1 thread per CPU)
> Memory Usege grows very quickly. Top memory usage - system li
On Tue, Aug 12, 2008 at 9:12 AM, Gregory Hicks <[EMAIL PROTECTED]> wrote:
> Greetings:
>
> Are there any "best practices" on stress testing a newly installed
> BIND? How about ANY recommendations on stress testing?
>
> Regards,
> Gregory hicks
>
> --
On Tue, 2008-08-12 at 06:42 +, MontyRee wrote:
> So thanks for kind answer.
>
>
> Additional questions below.
>
>
> >> Hello, all.
> >>
> >>
> >> I have operated two dns(primary and secondary) for one domain like below.
> >>
> >>
> >> example.com IN NS ns1.example.com
> >> example.com IN NS
:tî{ð.]ÿÛM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don't forget the Polyakov attack. Rate-limit your inbound traffic as
per Paul Vixie's recommendation (no more than 10 Mbit/s of inbound DNS
traffic), if necessary, using a firewall on your DNS server, or
possibly using an external DNS server.
Ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> In my host PC 2.6.21.5 linux kernel is running and in my target
> board linux 2.6.24.7 kernel..
>
> In minicom i tried named -v
> it gave the version of the bind i.e 9.5.0.p1 and after this i tried
> "named -c /dev/null -g ",
>
> 01-Jan-1970 05:3
On Tue, Aug 12, 2008 at 10:11 AM, Jeff Lightner <[EMAIL PROTECTED]> wrote:
> FC2 is really old so I don't know that anyone would have compiled
> anything newer for it. Certainly not the Fedora main repositories.
> You might want to see if Dag Weirs' site has it.
>
> You'll probably have to downloa
FC2 is really old so I don't know that anyone would have compiled
anything newer for it. Certainly not the Fedora main repositories.
You might want to see if Dag Weirs' site has it.
You'll probably have to download source and compile your own.
I'd recommend planning for installing something a lo
Thanks Kevin, didn't know if doing random with iptables was going to make it
harder to guess instead of just using the new bind with port randomization.
So at this point I'm assuming that aside from using secure zones, using the
new bind is all that can be done?
paul
P.A > -Original Message
If it's a slave one way to force tests to it might be to temporarily
stop named on the primary so queries have to use the slave.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kevin Darcy
Sent: Tuesday, August 12, 2008 12:51 AM
To: bind-users@isc.org
Subj
Matus UHLAR - fantomas wrote:
>> Matus UHLAR - fantomas wrote:
>>> On 11.08.08 18:54, varun srivastava wrote:
I just wanted to know whether bind has some specific multi processor or
multi core support, to take advantage to the max ?
>>> bind supports threads which is what you want. Note
Sotiris Tsimbonis wrote, On 08/06/2008 10:20 AM:
> On 08/05/2008 10:31 PM, JINMEI Tatuya / 神明達哉 wrote:
>> For those who've seen a crash of recent beta versions on entry of
>> resolver.c:resquery_response() like this:
>>
>> 17-Jul-2008 13:20:48.425 general: resolver.c:5494: REQUIREquery) !=
>> (
I have a Fedora Core 2 box that is running BIND 9.2.3-13 and I want to
update to the latest patch due to the DNS issue. How can I upgrade my RPM
install? Is there an RPM that is independent of the Fedora OS?
Or is it possible to compile and use the patch installed from source overtop
my RPM?
Any
> Matus UHLAR - fantomas wrote:
> > On 11.08.08 18:54, varun srivastava wrote:
> >> I just wanted to know whether bind has some specific multi processor or
> >> multi core support, to take advantage to the max ?
> >
> > bind supports threads which is what you want. Note that your OS has so
> > su
Matus UHLAR - fantomas wrote:
> On 11.08.08 18:54, varun srivastava wrote:
>> I just wanted to know whether bind has some specific multi processor or
>> multi core support, to take advantage to the max ?
>
> bind supports threads which is what you want. Note that your OS has so
> support them too
Hi all!
I'm sending iterative queries from my dns server but I'm having problems to
understand how the server realizes that the response is a referral and not
the final response. What is the message element that indicates this or what
is suppose to be in the message? thanks in advance.
On 11.08.08 18:54, varun srivastava wrote:
> I just wanted to know whether bind has some specific multi processor or
> multi core support, to take advantage to the max ?
bind supports threads which is what you want. Note that your OS has so
support them too.
--
Matus UHLAR - fantomas, [EMAIL PR
47 matches
Mail list logo
