Kevin Darcy 写道:
> BIND doesn't have an option for "blackhole recursive queries only",
> which is the behavior I'm seeing. So I think it's an external device
> that's blocking the queries. Check your firewall.
>
>
> - Kevin
>
>
I'm so sorry to bother you. I've checked the only one firewall's conf
On Fri, 15 Aug 2008, Andrey G. Sergeev (AKA Andris) wrote:
> Well, though the publicity of DNS data seems to be a good reason to
> expose it, but not for everyone and in every case. I think that the DNS
> administrators should decide whether to disclose the [sometimes]
> sensitive zone data or not
> I wrote in part:
>
> >> One of our users here complained about getting a SERVFAIL when
> >> querying DNS for
> >>
> >> www.tjhinc.com.
> >>
> >> I have done a number of queries (see below), and I do not understand
> >> the results. Here are the questions:
> >>
> >> <>
> >>
> >> 3) Som
The release note of 9.5.0-P2 mentioned unaddressed stability issues
affecting Windows, and it says a Windows-specific release will be
available very soon. Any news when?
Peter
Kevin Darcy 写道:
> >From the outside, it looks like 211.148.192.137 has a firewall in front
> of it that blocks all query packets with the RD (Recursion Desired) bit
> set. Non-recursive queries seem to work fine, but recursive queries are
> getting dropped.
>
> A version query shows 9.4.2 (unpatche
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> > Behalf Of JINMEI Tatuya /
> > Sent: Thursday, August 14, 2008 3:21 PM
> > To: Hans F. Nordhaug
> > Cc: bind-users@isc.org
> > Subject: Re: Recursive queries fail if query source port is not fixed
> >
>
>From the outside, it looks like 211.148.192.137 has a firewall in front
of it that blocks all query packets with the RD (Recursion Desired) bit
set. Non-recursive queries seem to work fine, but recursive queries are
getting dropped.
A version query shows 9.4.2 (unpatched), so maybe this is an awk
Hi,
yesterday one of our customer complain cannot resolve the
*www.zaobao.com, *the dns server he used is 211.148.192.137. so i trace
it and get:
[EMAIL PROTECTED] ~ $ dig @211.148.192.137 www.zaobao.com +trace
; <<>> DiG 9.4.2-P1 <<>> @211.148.192.137 www.zaobao.com +trace
; (1 server found)
;; g
Never mind, this is the right command to start in chrooted using the
directory /var/named.
Here it is if someone is interested.
# /opt/bind/sbin/named -c /etc/named.conf -t /var/named -d 1 -g
14-Aug-2008 13:08:41.189 starting BIND 9.5.0-P2 -c /etc/named.conf -t
/var/named -d 1 -g
14-Aug-2008 13:08
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of JINMEI Tatuya /
> Sent: Thursday, August 14, 2008 3:21 PM
> To: Hans F. Nordhaug
> Cc: bind-users@isc.org
> Subject: Re: Recursive queries fail if query source port is not fixed
>
> At Thu, 14 Aug 2
Greetings Kevin,
Thu, 14 Aug 2008 16:47:02 -0400 Kevin Darcy wrote:
[...]
>> I also recommend you to restrict the AXFR queries.
>>
>>
> Why? It's public information, and as you yourself have just
> demonstrated, leaving zone transfers open is useful for
> troubleshooting.
Well, though the
Your file pathnames need to be relative to the chroot.
Do you have a config file at /var/named/opt/bind/etc/named.conf?
Apparently you don't.
If you don't want to use the compiled-in pathname for /etc/named.conf,
you might want to use the -c option to specify a different
(chroot-relative) path
Do you guys know how to start the new version of bind in BSD with chrooted "-t
/var/named"?
I'm trying to make bind-9.5.0-P2 to start using the config files + the
rndc.conf under /var/named and not from /opt/bind?
# ./named -g
14-Aug-2008 11:52:10.971 starting BIND 9.5.0-P2 -g
14-Aug-2008 11:52:
Folks, I have been looking around see if there is tool/script available
to generate forward/reverse zones taking input from a text file. I see
a util called hostdb, but cant seem to download from anywhere.
Any help is appreciated.
~LA
Andrey G. Sergeev (AKA Andris) wrote:
> Hello Giannis,
>
>
> Thu, 14 Aug 2008 04:03:50 +0300 Giannis Mantzouranis wrote:
>
>
>> I would like to report a problem I have with bind which is occuring
>> for at least one month. I get this message from the log files. Aug 14
>> 00:49:10 pelops named[42
Hello,
Not necessarily a requirement.
If you are seeing "socket: too many open file descriptors" messages, then
making the compile change for FD may be something that you want to try and test.
>From what I've seen for our environment, 9.5.1b1 has been the best 9.5.x
>version as long as it stays r
I wrote in part:
>> One of our users here complained about getting a SERVFAIL when
>> querying DNS for
>>
>> www.tjhinc.com.
>>
>> I have done a number of queries (see below), and I do not understand
>> the results. Here are the questions:
>>
>> <>
>>
>> 3) Sometimes I get a response tha
I've compiled bind for HP-UX and OpenBSD 3.7.
I've seen a lot of emails about the FD_SETSIZE?
Does HP-UX or OpenBSD requires a compile time change to FD_SETSIZE?
Latif
-- NOTICE --
This e-mail message is confidential, intended only for the named
recipient(s) above and may contain information
At Thu, 14 Aug 2008 15:20:38 +0200,
> fctx 0xb3d04278(./NS'): destroy
> resquery 0xb3f02260 (fctx 0x87b7b20(images.yandex.ru/A)): response
> fctx 0x87b7b20(images.yandex.ru/A'): noanswer_response
> fctx 0x87b7b20(images.yandex.ru/A'): cache_message
> fctx 0x87b7b20(images.yandex.ru/A'): cancelquer
At Thu, 14 Aug 2008 15:01:04 -0400,
"Binmakhashen, Latif" <[EMAIL PROTECTED]> wrote:
>
> Is HP-UX and OpenBSD 3.7 affected by this value as well?
>
> I compiled them as following:
>
> ./configure --prefix=/opt/bind
>
> Please let me know as I'm concern about this.
I don't understand the quest
Did I send it to the wrong group?
Kind regards,
Latif
-- NOTICE --
This e-mail message is confidential, intended only for the named recipient(s)
above and may contain information that is privileged or exempt from disclosure
under applicable law. If you have received this message in error,
Guys,
Is HP-UX and OpenBSD 3.7 affected by this value as well?
I compiled them as following:
./configure --prefix=/opt/bind
Please let me know as I'm concern about this.
Kind regards,
Latif
-- NOTICE --
This e-mail message is confidential, intended only for the named recipient(s)
above
JINMEI Tatuya / 神明達哉 wrote:
> At Wed, 13 Aug 2008 17:06:36 -0700,
> "David Sparks" <[EMAIL PROTECTED]> wrote:
>
>>> Also, don't forget the world is not just Linux. Solaris requires a
>>> compile time change to FD_SETSIZE, so it's very difficult to increase
>>> the limitation 100% run-time.
>> Why
OK. Those are the same version I have on my working RHEL5.
I'm running the bind-chroot package here but it has the same version as
the others.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hans F. Nordhaug
Sent: Thursday, August 14, 2008 12:24 PM
To: b
Hans Fredrik Nordhaug wrote:
>> what about any suspicious syslog messages from your ASA?
>
> Nothing suspicious. (I assume that suspicious stuff is reported in
> level 4, and not 5/6)
Would it be possible to remove the ASA from the equation completely?
Also, have you done any packet captures on
* Andrey G. Sergeev (AKA Andris) <[EMAIL PROTECTED]> [2008-08-14]:
> Hello Hans,
>
>
> what about any suspicious syslog messages from your ASA?
Nothing suspicious. (I assume that suspicious stuff is reported in
level 4, and not 5/6)
> Have you used the Packet Tracer tool to discover and debug
* Jeff Lightner <[EMAIL PROTECTED]> [2008-08-14]:
> Can you run "rpm -qa |grep -i bind" to verify the version of BIND
> packages you have? That is I'm looking for the full version you're
> using and not just 9.3.4-P1.
bind-9.3.4-6.0.2.P1.el5_2
bind-libs-9.3.4-6.0.2.P1.el5_2
bind-utils-9.3.4-6
JINMEI Tatuya / wrote:
> I don't know the answer to this question, but your operational
> environment seems to be extraordinary in some points:
>
> - it's acting both as an authoritative and as a caching server
> - as an authoritative server, it's managing a pretty large number of
> zones (w
Scott Baker wrote:
> Peter Laws wrote:
>> Scott Baker wrote:
> So I should be updating my root.hints file periodically? I never thought
> about it, the root servers are so permanent.
They're not permanent (not so long ago, they all had different names
instead of root-servers.net) so yes, you do ne
Can you run "rpm -qa |grep -i bind" to verify the version of BIND
packages you have? That is I'm looking for the full version you're
using and not just 9.3.4-P1.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Andrey G. Sergeev (AKA Andris)
Sent: Thur
Hello Hans,
what about any suspicious syslog messages from your ASA? Have you used
the Packet Tracer tool to discover and debug the way packets are processed?
--
Yours sincerely,
Andrey G. Sergeev (AKA Andris) http://www.andris.name/
On Thu, 14 Aug 2008, Vidya Devi SS wrote:
> i copied the .conf file(named.conf and reslove.conf and named.pid) from
> my host PC (linux 2.6.21.5).
You don't need to copy named.pid. And copying resolv.conf doesn't make
sense unless you really meant to use same configuration.
> and in my board i
This thread is turning too long, but I can't give up yet - sorry,
everyone.
* Andrey G. Sergeev (AKA Andris) <[EMAIL PROTECTED]> [2008-08-14]:
[cut]
> > Thx for replying. I did a query for the a record of images.yandex.ru
> > with and without the trace. With trace, I get a reply - without
> > tra
Hello Hans,
Thu, 14 Aug 2008 14:05:21 +0200 Hans F. Nordhaug wrote:
>> Assuming that your name servers aren't authoritative for the, say,
>> yandex.ru, ku.dk and asahi.co.jp zones, please post here the
>> results of doing at least one command suggested below without the
>> query-source directiv
Hiii all,
I am using bind-9.5.0-p1,i cross compiled it to arm,and configured using
1>>./configure --prefix=/opt/TRIAL1 --host=arm-linux
BUILD_CC=/usr/local/arm//...
--enable-libind --with-openssl=no --with-randomdev-no --with-libxml2=no
2>>make
3>>make install
after this libraries and "nam
* Andrey G. Sergeev (AKA Andris) <[EMAIL PROTECTED]> [2008-08-14]:
> Hello Hans,
[cut]
> Assuming that your name servers aren't authoritative for the, say,
> yandex.ru, ku.dk and asahi.co.jp zones, please post here the results of
> doing at least one command suggested below without the query-sour
Hello Hans,
On 14.08.2008 11:48, Hans F. Nordhaug wrote:
> * Mark Andrews <[EMAIL PROTECTED]> [2008-08-14]:
>>> * Mark Andrews <[EMAIL PROTECTED]> [2008-08-14]:
Does "dig ns . @198.41.0.4" succeed when run from the box
running the nameserver?
>>> Yes.
>>>
>>> I still don't underst
Hello Giannis,
Thu, 14 Aug 2008 04:03:50 +0300 Giannis Mantzouranis wrote:
> I would like to report a problem I have with bind which is occuring
> for at least one month. I get this message from the log files. Aug 14
> 00:49:10 pelops named[4248]: transfer of 'physics.upatras.gr/IN' from
> xxx .
* Mark Andrews <[EMAIL PROTECTED]> [2008-08-14]:
>
> > * Mark Andrews <[EMAIL PROTECTED]> [2008-08-14]:
> > >
> > > Does "dig ns . @198.41.0.4" succeed when run from the box
> > > running the nameserver?
> >
> > Yes.
> >
> > I still don't understand why most recursive queries only works aft
39 matches
Mail list logo
