Hi,
more findings ...
BIND 9.6.1b1
No matter what I set in named.conf, it starts to give "out of memory" when
recursive
clients pass 1000. I see that 1000 is the default value for recursive-clients.
From "rndc status" on each run, it starts with "out of memory messages" when
recursive-client
On Tue, 24 Mar 2009, Kevin Darcy wrote:
> SOA record is now used as the "negative caching TTL", not "minimum" in any
> sense of the word. The comment should probably reflect that.
off-list now to get BIND's generated outputs to say the same thing
:)
___
In message <200903242339.n2ond3x0021...@edge.twig.com>, Richard Doty writes:
> Greetings,
>
> I am wondering how folks handle keys for zones that are going
> to be signed with nsupdate.
>
> It appears that named wants the zone signing keys to be in the
> location identified by the "directory" pa
Contents of blockeddomains.host:
$TTL 86400 ; one day
@ IN SOA ns.hhs.harrisonburg.k12.va.us
(
2004061000 ; serial number 09032401
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns1.harrisonburg.k12.va.us.
NS ns2.harrisonburg.k12.va.us.
A 0.0.0
Greetings,
I am wondering how folks handle keys for zones that are going
to be signed with nsupdate.
It appears that named wants the zone signing keys to be in the
location identified by the "directory" parameter, yes? Putting
all keys in one directory seems like a scaling issue, besides which
I
Corey Shaw wrote:
Bind version: 9.6
OS: Gentoo Linux
I am currently setting up an internal DNS server. I have a separate
DNS server that is publicly accessible. Both servers have a zone for
"example.com". How do I set the internal DNS server to forward
queries for entries that it does not
Bind version: 9.6
OS: Gentoo Linux
I am currently setting up an internal DNS server. I have a separate DNS server
that is publicly accessible. Both servers have a zone for "example.com". How do
I set the internal DNS server to forward queries for entries that it does not
have for "example.co
dhottin...@harrisonburg.k12.va.us wrote:
Quoting Kevin Darcy :
dhottin...@harrisonburg.k12.va.us wrote:
Quoting Doug McIntyre :
In comp.protocols.dns.bind you write:
Has anyone used their internal dns server for blacklisting? I would
like to specifically block access to domains that are spr
> @ IN SOA ns.hhs.harrisonburg.k12.va.us
> (
> 2004061000 ; serial number 09032401
> 28800 ; refresh 8 hours
> 7200; retry2 hours
> 864000 ;
Quoting Kevin Darcy :
dhottin...@harrisonburg.k12.va.us wrote:
Quoting Doug McIntyre :
In comp.protocols.dns.bind you write:
Has anyone used their internal dns server for blacklisting? I would
like to specifically block access to domains that are spreading
malware. I was grepping around the
dhottin...@harrisonburg.k12.va.us wrote:
Quoting Doug McIntyre :
In comp.protocols.dns.bind you write:
Has anyone used their internal dns server for blacklisting? I would
like to specifically block access to domains that are spreading
malware. I was grepping around the internet and fell upon t
Quoting Doug McIntyre :
In comp.protocols.dns.bind you write:
Has anyone used their internal dns server for blacklisting? I would
like to specifically block access to domains that are spreading
malware. I was grepping around the internet and fell upon this
website http://www.malwaredomains.co
It should not be too hard. Since you have such a rock solid format,
you can safely assume in your case, the last 2 digits are ints always,
always 2 digits long.
Just find the string of chars you are interested in, and substring the
last two. Now you have a number (int) and you can use a l
Todd Snyder wrote:
> I am looking for a clever way to do the new serial number. Date will do
> the first bit no problem (date +%Y%m%d), but I'd love to find a clever
> way to auto increment the last 2 digits unless it's a new day. Then I
> could use the same script every time.
http://www.crufty.
I am looking for a clever way to do the new serial number. Date will do
the first bit no problem (date +%Y%m%d), but I'd love to find a clever
way to auto increment the last 2 digits unless it's a new day. Then I
could use the same script every time.
/puts on thinking cap.
-Original Message
Good point.
The serial number should be updated since the zone file is being
updated. The sed command could be used to do that as well.
for zonefile in `ls *.com`
do sed -e s/604800/709600/ -e
s/200[0-9][0-1][0-9][0-9][0-9][0-9][0-9]/2009032401/ $zonefile
>${zonefile}.new
mv $zonefile ${zon
John D. Vo wrote:
> Thanks Jeff. I prefer your way better, more eloquent than the brute
> force method I did.
To this point, nobody has updated the serial.
AlanC
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-us
Thanks Jeff. I prefer your way better, more eloquent than the brute
force method I did.
-John
Jeff Lightner wrote:
I guess "[done]" was a key point of your subject. Oh - well at least
its there for the archives.
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bi
I guess "[done]" was a key point of your subject. Oh - well at least
its there for the archives.
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jeff Lightner
Sent: Tuesday, March 24, 2009 3:42 PM
To: j...@eagle.net
Cc: bind
If all your zones have same value (e.g. 604800) for expire and nothing
else matches that value in the files you could do it fairly easily with
a for loop and sed:
For example if all your zone files were named with a .com at end of
name:
for zonefile in `ls *.com`
do sed -e s/604800/709600/ $zone
Has anyone used their internal dns server for blacklisting? I would
like to specifically block access to domains that are spreading
malware. I was grepping around the internet and fell upon this
website http://www.malwaredomains.com/, but dont seem to be able to
get my internal name serve
I used WinSCP and just select a bunch of files and edit command and
copy/paste the "good' settings into the zone files.
-Thanks.
-John
John D. Vo wrote:
Greetings:
According to http://thednsreport.com, my "expire" time for my zones
are too short (recommended 2-4 weeks) and
my SOA record is
Be very careful (test, test, test) before using in production, but
something like:
for file in *.db
> do
> sed -i-03242009 "s/1200/2419200/g" $file
> done
should work.
I'm making a couple of assumptions:
1) all of your zone database files end in .db
2) the -i flag is supported in Solaris sed (I
Hello,
Some folks prefer to script something.
Some may find this tool helpful:
http://www.laffeycomputer.com/rpl.html
I'm sure there are other ways.
HTH
- Original Message
From: John D. Vo
To: bind-users@lists.isc.org
Sent: Tuesday, March 24, 2009 1:03:22 PM
Subject: Make changes e
Greetings:
According to http://thednsreport.com, my "expire" time for my zones are
too short (recommended 2-4 weeks) and
my SOA record is not good.
Is there a tool that I can use to make changes to all my zones in one
swoop?
Thanks,
Solaris/Bind 9.2.2. (yes, it is ancient)
--
Best R
In message <00a901c9ac92$9dc4e8a0$f9281...@wipro74039c7ca>, "Ashish" writes:
> Hi,
>
> Could someone kindly explain what is happening?
You have a DNS client that is using a pre-RFC 1535 search
algorithm that is looking up kemira.kemira.com.
Network Working Group
> Casey Deccio wrote:
> >RFC 1035 [1] (page 44) describes the use of a list of server names
> >(SLIST) to query for a particular name. It is unclear to me from the
> >RFC as to whether the server is selected by address or by name. In
> >other words, all history (e.g., batting average and respo
On 12/8/2008 11:00 AM, Chris Thompson wrote:
In message <493b2b5d.40...@shockley.net>, Steve Shockley wrote:
I'm running BIND 9.4.2 on OpenBSD 4.3. I'm getting some errors with
named-checkconf I don't really understand. I'm running:
named-checkzone -t /var/named capmarksecurities.com
/master/d
funet.finameserver = ns.funet.fi
funet.finameserver = ns-secondary.funet.fi
> kemira.com
Server: rockyd.rockefeller.edu
Address: 129.85.1.24
Non-authoritative answer:
kemira.com nameserver = ns1.capgemini.fi
kemira.com nameserver = ns2.capgemini.fi
Internet DNS think
Hi,
Could someone kindly explain what is happening?
I don't have domain name kemira.kemira.com anywhere in my primary
database (and all secondaries, too) kemira.com = 137.33.1.2
I have doublechecked the master database and secondaries. I have
restarted both of them, but nothing seems to help.
In
Mani,
With recursion enabled, your abc.com server is both authoritative (for
the zones configured in named.conf) and caching. If you want it to be
purely authoritative, you'll need to disable recursion. But if you want
to be able to query it for the root server (which is why you started
this th
Good day,
I saw some strange behaviour from BIND and am trying to understand it.
In one of the labs, someone mucked up a DNS change and made the serial
lower than the previous version.
Some of the nameservers complained:
Mar 23 15:07:24 ns1001 named[5913]: zone 5.1.10.in-addr.arpa/IN: serial
Hi,
I am running ResPerf from Nominum against BIND 9.6.1b1, and I get a lot of:
--cut--
24-Mar-2009 08:51:30.495 database: adb: fetch of 'ns2.state.oh.us' A failed:
out of memory
24-Mar-2009 08:51:30.630 database: adb: fetch of 'gz-dns.cncnet.net' A failed:
out of memory
24-Mar-2009 08:51:30.65
33 matches
Mail list logo
