dev_n...@zoho.com wrote:
>
>
> > If named is invoked successfully on startup, then the contents of the
> > PID file will be overwritten with the new PID value.
> >
> > If named *isn't* invoked successfully on startup, then that's a separate
> > error condition that should be detected an
> If named is invoked successfully on startup, then the contents of the
> PID file will be overwritten with the new PID value.
>
> If named *isn't* invoked successfully on startup, then that's a separate
> error condition that should be detected and dealt with, within the whole
> sta
If named is invoked successfully on startup, then the contents of the
PID file will be overwritten with the new PID value.
If named *isn't* invoked successfully on startup, then that's a separate
error condition that should be detected and dealt with, within the whole
startup subsystem.
The
I don't agree so much.
some time when a system is reboot unnormally, named doesn't have the chance to
remove its pid file.
(when OS is shutdown normally, OS sends SIGTERM to named, named can exit and
remove its own pid file.)
after system is started, the pid number in name's pid file is maybe an
Standard methodology would be to read the contents of the PID file and
see if that process is running (traditionally kill -0 $pid can be used
to non-intrusively check whether a given process is running).
I've had a rough time with BlueCat's Adonis product on the DHCP side of
things. There are feature and stability gaps that take months and years to
resolve. Their releases are always just a few weeks or months away, but
take longer to materialize. I've been waiting over a year for code that
they
That's the good idea, I have written a script to archive that:
start()
{
if ! ps -efw|grep 'named -u nobody'|grep -v grep >/dev/null 2>&1;then
/usr/local/bind/sbin/named -u nobody
fi
}
Thanks.
> dev_n...@zoho.com wrote:
> > Hello,
> >
> > I found a strange case on bind
dev_n...@zoho.com wrote:
Hello,
I found a strange case on bind server.
when one named was running, I started another one or more (the same) named
server again, they all got started successsfully.
this is the ps output:
nobody28312 1 0 10:10 ?00:00:00 /usr/local/bind/sbin/name
Hello,
I found a strange case on bind server.
when one named was running, I started another one or more (the same) named
server again, they all got started successsfully.
this is the ps output:
nobody28312 1 0 10:10 ?00:00:00 /usr/local/bind/sbin/named -u
nobody
nobody2835
In article , "Todd Snyder"
wrote:
> Good day,
>
> I saw some strange behaviour from BIND and am trying to understand it.
>
> In one of the labs, someone mucked up a DNS change and made the serial
> lower than the previous version.
>
> Some of the nameservers complained:
>
> Mar 23 15:07:24
Jan Arild Lindstrøm wrote:
> Hi,
>
> more findings ...
>
> BIND 9.6.1b1
>
> No matter what I set in named.conf, it starts to give "out of memory" when
> recursive
> clients pass 1000. I see that 1000 is the default value for recursive-clients.
Did you try backing up to 9.6.0-P1 to see if the s
On Wed, Mar 25, 2009 at 4:41 PM, John D. Vo wrote:
> Anyone has experience (good or bad) with a dns appliance?
>
> Bluecatnetwork
> infoblox
> infoweapons..
>
> Thanks.
Experience with infoblox: wonderful.
___
bind-users mailing list
bind-users@lists
We've used MetaInfo appliances for about four years, and the software version
for two years before that.
We have 40 of their appliances now. Fairly inexpensive, pretty reliable too.
Their tech support has been good, they do seem to care about your problem.
They are good for small to medium si
Our experience with blue(s)cat was not a good one.
That product would sporadically lose all of our zones.
Vendor blamed us (so did our angry customers).
Thing was, no one was in the office. We came into work one morning to phones
ringing -- no DNS.
DNS because master config was empty. FTW?
Mig
Actually, they have dozens scattered around the planet
(they happen to have a local headquarters that I've visited),
so there are always support folks working in their local daylight. :-)
Len
From: John D. Vo
To: Steve Lancaster
Cc: bind-users@lists.isc.org;
You can build a tunnel between the servers using openvpn to secure
zone transfers. May also need policy based routing dependig on what
else you do. If you are doing zone transfers across a network you
control and have concerns about exposing data on it such as dns zone
transfers, you may wa
It's sign that they have low turnover. The few times that have relied
on them I've gotten the same engineers. A lot of companies lack that
personal rapport with their clients. You are just a number to them.
Eric
Steve Lancaster wrote:
[In a message on Wed, 25 Mar 2009 11:45:47 EDT,
""Eric
For a commercial appliance Bluecat Networks makes a good product. If
commercial is not a requirement and djbdbs is enough, have a look at
pfSense who make an excellent open source firewall appliance and now
have a DNS appliance that is available.
Best,
Frank Pikelner
On 25-Mar-09, at 11:3
Or they only have one or two support engineers..h :)
Steve Lancaster wrote:
[In a message on Wed, 25 Mar 2009 11:45:47 EDT,
""Eric C. Davis"" wrote:]
Infoblox user: Love them. Support is fantastic. I can name actual
support engineers.
Is the fact that you
I can vouch for Men & Mice. I currently have the enterprise version running
in an environment managing 2000+ domains and 15+ DNS servers. Support is
great as well.
Josh
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of da..
[In a message on Wed, 25 Mar 2009 11:45:47 EDT,
""Eric C. Davis"" wrote:]
>Infoblox user: Love them. Support is fantastic. I can name actual
>support engineers.
Is the fact that you can name support engineers a good thing or are you
spending too much time talking to them? :-)
Steve Lanca
You may want to look into the Men & Mice suite. I have been testing their
software for the last couple of months for consideration at our site. The
suite offers a windows GUI client, CLI & web interface. An agent gets
installed on each server hosting BIND and their suite will manage the
servers
I am running Bind on two Solaris servers. It's pretty much command line,
old school.
I can see some GUI with Webmin but that's probably not as pretty as the
appliances.
My boss wants "visibility" so I'm looking. eh. meh. :)
Thanks.
Gainey, Joe (AT - Atlanta) wrote:
blue cat Adonis/XMB provide
Adonis XMB™ is transforming the face of IPAM. Built for branch and
remote offices, the Adonis XMB brings the power and features of the
Adonis 1000 Enterprise-class DNS/DHCP Appliance to the branch and remote
office. ***
This from Bluecat's website. I believe it is an appliance, but I c
Infoblox user: Love them. Support is fantastic. I can name actual
support engineers. Products are very good. Not too expensive. Only
thing I'm disappointed with is the reporting/monitoring of the system.
They are actively working to improve it as they just came out with a new
software re
Not an appliance, but has a nice offering including a MMC-ish console and
Web GUI.
Josh
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Gainey, Joe (AT -
Atlanta)
Sent: Wednesday, March 25, 2009 10:43 AM
To: j...@eagle.net;
blue cat Adonis/XMB provide a great GUI interfaces for dns power users
with enough intuitive widgets for dns novices. they have been fairly
stable and easy to manage and their support has been knowledgeable.
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-bou
Anyone has experience (good or bad) with a dns appliance?
Bluecatnetwork
infoblox
infoweapons..
Thanks.
--
Best Regards,
John D. Vo
Eagle Teleconferencing Services, Inc.
Network-System Administrator
j...@eagle.net
Office: (212) 200-2000 Ext. 105
Cell: (212) 200-3016
---
__
In message , Ram Ak
uka writes:
> 2009/3/25 Alan Clegg :
> > Ram Akuka wrote:
> >
> >> Is there's any way I can encrypt the zone transfer date (without using
> >> any third-party encryption tool)?
> >
> > Why exactly do you want to do this?
> >
> > DNS data is NOT PROTECTED DATA.
> >
> > As long a
IPSEC really isn't too onerous between machines with static IP
addresses just a thought.
2009/3/25 Ram Akuka :
> 2009/3/25 Alan Clegg :
>> Ram Akuka wrote:
>>
>>> Is there's any way I can encrypt the zone transfer date (without using
>>> any third-party encryption tool)?
>>
>> Why exactly do y
2009/3/25 Alan Clegg :
> Ram Akuka wrote:
>
>> Is there's any way I can encrypt the zone transfer date (without using
>> any third-party encryption tool)?
>
> Why exactly do you want to do this?
>
> DNS data is NOT PROTECTED DATA.
>
> As long as queries and responses are permitted in the clear (whi
Ram Akuka wrote:
> Is there's any way I can encrypt the zone transfer date (without using
> any third-party encryption tool)?
Why exactly do you want to do this?
DNS data is NOT PROTECTED DATA.
As long as queries and responses are permitted in the clear (which is
the way DNS works), you are onl
Thanks everyone for your answers. Seems I'll just have to find some other way
of doing what I'd like. To throw something strange into the mix though, I'll
bring up another configuration that accomplishes what I was asking.
I currently have yet another internal DNS server doing what I asked in
Chris Dew wrote:
> No, we've had to work around these limitations of axfr/notify, so that
> we can take this concern away from our customers.
What "limitations" are you talking about specifically?
> I would love to find a nice bind-supported way of dealing with
> views/axfr/notify, so if you find
Alan,
Is there's any way I can encrypt the zone transfer date (without using
any third-party encryption tool)?
Thanks,
--
Ram
2009/3/25 Alan Clegg :
> Ram Akuka wrote:
>> but encrypting the file system won't do the work here.
>> i agree that storing the key and the encrypted data on the same
>>
No, we've had to work around these limitations of axfr/notify, so that
we can take this concern away from our customers.
I would love to find a nice bind-supported way of dealing with
views/axfr/notify, so if you find anything, please let me know.
Thanks,
Chris
http://www.finalcog.com
2009/3/2
Ram Akuka wrote:
> but encrypting the file system won't do the work here.
> i agree that storing the key and the encrypted data on the same
> machine is useless in security terms. that why i'm looking for a build
> in solution .
> is there's any way the slave server can save the zone in format
> di
Carl Fretwell wrote:
> Hi Everyone
>
>
>
> I have installed BIND 9.6.0-P1 on a Windows Server 2003 x64 system but
> when I come to start the âISC BINDâ service I always get a 1067 error
> which I read somewhere was due to permissions so made sure the user
> account password etc was correct
> I would use a #include in the zone file on the internal machine to include
> the contents of zone file on the external machine. (NFS mount, or
> cron'ed rsync copy.)
>
> You could use views/split horizon dns and run them both off of one server,
> but this seems unneeded and n
So you want to store data on the slaves which will not be accessible
to an attacker who has root privileges on the same slave?
This looks difficult.
One possibility is to replace bind's operations on the slave's zone
file (the loading and saving of data) with a hack to bind which stores
the data
Scenario: BIND 9.6, and a signed zone all changes to which are made
by DNS update operations. Re-signing with the current ZSK is being
done automatically by BIND.
The question is how to roll over ZSKs for such a zone with these
desired features:
1. The bulk of RRsets in the zone are signed with
Thanks Cris,
but encrypting the file system won't do the work here.
i agree that storing the key and the encrypted data on the same
machine is useless in security terms. that why i'm looking for a build
in solution .
is there's any way the slave server can save the zone in format
diffent then clear
You could use the ecrypt fs for the location of the zone data - it
would require a passphrase when bind starts up on the slave - this
could cause trouble if the slave crashes.
In general there is NO way of having encrypted data on a machine AND
having the keys on that same machine AND making it 10
Hi,
I want to design a DNS system for secure authoritative server.
I’ll use one master server to store the data zone and use zone
transfer mechanism for the 2 public slave servers (which will defined
as masters in the internet). That way I’ll update and backup only
server.
I using TSIG for secure z
I would use a #include in the zone file on the internal machine to include
the contents of zone file on the external machine. (NFS mount, or cron'ed
rsync copy.)
You could use views/split horizon dns and run them both off of one server,
but this seems unneeded and nasty.
http://www.finalcog.com/d
45 matches
Mail list logo
