RE: Caching-only Name server does Zone Updates

Thank you Mark, Doupdate is followed by lot of statements like Db_update Match Please see the content below. = Doupdate(zone 0, savens x, flags y) Doupdate: dname 21.in-addr.arpa type 6 class 1 ttl 600 Db_update(21.in-addr.

Re: Caching-only Name server does Zone Updates

In article , "Ashish" wrote: > Hello All, > > Thank you for your replies. > > Our configuration file is fairly simple (I have changed the domain name for > security). > > domain example.group.net > cache .

Re: Caching-only Name server does Zone Updates

In message <009201c985c0$aff05cb0$f9281...@wipro74039c7ca>, "Ashish" writes: > Hello All, > > Thank you for your replies. > > Our configuration file is fairly simple (I have changed the domain name for > security). You care about security yet you run BIND 4? > domain example

Re: How many nameservers?

In article , bsfin...@anl.gov wrote: > One downside - if you have many NS records, then they might not all > fit in one UDP packet (the Authority and/or Addition sections of a > response to a DNS query). This will cause the protocol to revert > to TCP. Truncation isn't supposed to happen if you

RE: Caching-only Name server does Zone Updates

Hello All, Thank you for your replies. Our configuration file is fairly simple (I have changed the domain name for security). domain example.group.net cache ./etc/dnscache We use BIND 4. Actually our DNS

Re: Is per "view" logging possible with bind?

At Mon, 2 Feb 2009 15:13:54 -0800 (PST), Gregory Hicks wrote: > > > Is it possible instead of seeing this in the logs: > > > > It's impossible if my understanding of the implementation is correct. > > I may have mis-understood here, but I have TWO views and get logging by > view, thusly: I pro

Re: Upgrade 9.5.1-P1 to 9.6.0.P1 question

At Mon, 2 Feb 2009 12:34:06 -0800 (PST), Terpasaur wrote: > I successfully and effortlessly upgraded two Bind servers running > 9.5.1-P2 directly to 9.6.0-P1, simply by running ./configure > make > make install > > Although this worked just fine, I am now planning to perform the same > procedure

Re: Open ports in Bind

At Mon, 02 Feb 2009 22:32:17 +0330, "Bind" wrote: > maybe my first question type was wrong,sorry for terrible!,my question is: > when i run netstat -an,why my server has some stablished connection with its > own ip address through different source port to one client address? > > example: > > 1

Re: Is per "view" logging possible with bind?

> Date: Mon, 02 Feb 2009 14:37:42 -0800 > From: JINMEI Tatuya / ...@l@C#:H(B > > At Sat, 31 Jan 2009 08:31:35 -0500 (EST), > Justin Piszcz wrote: > > > > I have multiple views: > > > > internal > > external > > localhost > > > > Is it possible instead of seeing this in the logs: > > It's

Re: Is per "view" logging possible with bind?

At Sat, 31 Jan 2009 08:31:35 -0500 (EST), Justin Piszcz wrote: > > I have multiple views: > > internal > external > localhost > > Is it possible instead of seeing this in the logs: It's impossible if my understanding of the implementation is correct. --- JINMEI, Tatuya Internet Systems Consor

Re: Bind-9.5.1 logging

At Fri, 30 Jan 2009 22:06:57 -0500, Peter Fraser wrote: > I'm trying to configure bind-9.5 logging to help troubleshoot a > problem. I put this in named.conf > > logging { > channel myfile { > file "/etc/namedb/dns.log"; > severity info; > print-time yes; >

Re: How many nameservers?

On Sun, Feb 01, 2009 at 04:51:52PM -0800, shulkae wrote a message of 17 lines which said: > How may NS entries typically is allowed per zone? The protocol has no limit. But you may run into problems with old software which still limits the DNS packets to 512 bytes. See all the gory details in

Re: How many nameservers?

On Mon, Feb 02, 2009 at 02:25:35PM -0600, bsfin...@anl.gov wrote a message of 41 lines which said: > One downside - if you have many NS records, then they might not all > fit in one UDP packet Let me demonstrate a bit of pedantism: the correct sentence is rather "they might not all fit in a t

Upgrade 9.5.1-P1 to 9.6.0.P1 question

Hello, I successfully and effortlessly upgraded two Bind servers running 9.5.1-P2 directly to 9.6.0-P1, simply by running ./configure make make install Although this worked just fine, I am now planning to perform the same procedure one of my production servers which is running 9.5.1-P1, and wante

Re: How many nameservers?

On Sun, Feb 1, 2009 at 7:51 PM, shulkae wrote: >> How may NS entries typically is allowed per zone? Is there a bind >> limit or does it cause any side effects if the >> slaves are geographically distributed ? >> >> We would like to setup one zone for my new group who have offices all >> over the

RE: BIND still will not resolve

Brain fart times 2. That defines what IPv4 addresses it will listen on for queries, not what addresses are allowed to query it. And I failed to notice that it was commented out. > -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On

Re: error sending response log messages

In article , Andre LeClaire wrote: >Mark Andrews wrote: >> In message <497caef2.80...@yahoo.com>, Andre LeClaire writes: >>> Hello everyone, >>> I've been seeing these syslog messages for about a week on a FreeBSD >>> server running BIND 9.4.3-P1: >>> >>> Jan 25 02:35:21 asimov named[145]: clien

Re: BIND still will not resolve --now fixed

Thanks everyone who helped. You know you can look at something a hundred times and not see what is obviously wrong until someone points it out. Jc S. Jeff Cold, Associate Professor IS&T Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - offic

RE: BIND still will not resolve

It also appears that your name server (iceman) is configured to accept IPv4 queries only from itself. >#listen-on port 53 { 127.0.0.1; }; > -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Matthew Pounsett >

Re: BIND still will not resolve

On 02-Feb-2009, at 14:03, S. Jeff Cold wrote: BIND list, Well, I thought I had this DNS problem licked with my ISP volunteering as a secondary name server, but I guess not. My server still will not resolve my jatec.us domain. Maybe I have something wrong in named.conf or the zone fi

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

David Sparks wrote: > > There are plenty of ways to get a mail loop that don't involve DNS > mis-configuration. As such pretty much every major MTA detects and stops mail > loops. Not if you (accidentally) fat-finger the MTA configuration. It is completely possible to still mis-configure a MTA

Re: BIND still will not resolve

just at a glance I see a problem in your zone file: IN NS iceman.jatecus. ; The DNS server your NS record has jatecus as a TLD via you missing a . between jatec and us. same in your SOA for the reverse. @ IN SOA iceman.jatecus. ro

BIND still will not resolve

BIND list, Well, I thought I had this DNS problem licked with my ISP volunteering as a secondary name server, but I guess not. My server still will not resolve my jatec.us domain. Maybe I have something wrong in named.conf or the zone files? I can't figure it to be so difficult, but it j

RE: Error: isc_lex_gettoken() failed: I/O error

Maybe if you do something like paste the line and pipe it through "cat -v" you can see what special characters are being embedded by SecureCRT. This by the way is why we tell our DBAs that use something other than PuTTY that we won't help them unless it fails in PuTTY also. -Original Message-

Open ports in Bind

Dear Admins maybe my first question type was wrong,sorry for terrible!,my question is: when i run netstat -an,why my server has some stablished connection with its own ip address through different source port to one client address? example: 192.168.1.1.51121 74.222.11.71.53 Connected192.168

Re: Bind 9 query logging

On Fri, 30 Jan 2009, Robert Coward wrote: Sorry, I should have been a been a bit more specific. In reference to the O Reilly book: O' Reilly DNS and Bind by Paul Albitz & Cricket Liu (4th Edition) pg. 163 - 173 (specifically pg. 164, paragraph 4) and pg. 405 - 421 (info about using the debug op

Re: How many nameservers?

I have never heard of there being any downside to a large number of NS records for a domain. I know internally to my company we have large numbers of NS records for the internal domains. -- -Ben Croswell On Sun, Feb 1, 2009 at 7:51 PM, shulkae wrote: > How may NS entries typically is allowed p

RE: Error: isc_lex_gettoken() failed: I/O error

[replying to myself is bad form, I know] The command we are running is: r...@dnsbox:/var/named/var/named# named-checkzone -w /var/named test.domain var/named/master/test.domain So we did some more testing - if I type the command in, it works. If I paste it into SecureCRT it fails. If I paste

Re: error sending response log messages

I have them too. I received the exact same error message along with some others from different IP's. Its been going on for 2 or 3 weeks now. On Jan 27, 9:49 am, Andre LeClaire wrote: > Mark Andrews wrote: > > In message <497caef2.80...@yahoo.com>, Andre LeClaire writes: > >> Hello everyone, > >

How many nameservers?

How may NS entries typically is allowed per zone? Is there a bind limit or does it cause any side effects if the slaves are geographically distributed ? We would like to setup one zone for my new group who have offices all over the world ? We are planning to use BIND 9 over FreeBSD. There may be f

Bind 9 query logging

Sorry, I should have been a been a bit more specific. In reference to the O Reilly book: O' Reilly DNS and Bind by Paul Albitz & Cricket Liu (4th Edition) pg. 163 - 173 (specifically pg. 164, paragraph 4) and pg. 405 - 421 (info about using the debug options) The web sites I looked at were: http

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 29 Jan 2009 22:33:24 -0800, Al Stu wrote: > Analyze this. > Query MX dns.com > Response MX nullmx.domainmanager.com > Query A nullmx.domainmanager.com > Response CNAME mta.dewile.net, A 64.40.103.249 So the fact that other random fol

Error: isc_lex_gettoken() failed: I/O error

While running a checkzone, one of my users is getting this error: dns_master_load: /var/named/var/named:1: isc_lex_gettoken() failed: I/O error dns_master_load: /var/named/var/named:1: I/O error Google isn't helping me too much. We're thinking maybe it's terminal related - a user has had succes

Re: Caching-only Name server does Zone Updates

On Mon, 2009-02-02 at 17:25 +0530, Ashish wrote: > Our DNS is configured as Caching-only Name server. How do you know? > However, it's still > performing Zone updates like a Slave Name Server. How many 'zone' sections are in your configuration? Why not post your configu

Re: Caching-only Name server does Zone Updates

On 02.02.09 17:25, Ashish wrote: > Our DNS is configured as Caching-only Name server. However, it's still > performing Zone updates like a Slave Name Server. > > Is it possible that a Caching-only Name server performs Zone updates, if yes > under what conditions is this possible. Zone updates wor

Caching-only Name server does Zone Updates

Hi Folks, Hope you can guide me in the correct direction. Our DNS is configured as Caching-only Name server. However, it's still performing Zone updates like a Slave Name Server. Is it possible that a Caching-only Name server performs Zone updates, if yes under what conditions is this poss

Re: A newbies Bind question

In article , "Peter Arends" wrote: > In addition to these recommendation, you can use MAC filtering to restrict > users. > This is ofcourse if you have a iptables based firewall with MAC module. MAC filtering isn't much use if the clients are remote. MAC addresses don't leave the local LAN.