Re: make bind-9.7.4-P1 fails when --prefix and --exec-prefix switches are used

Oops! Thanks again Mark. I'll fix'em :) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: avoid-v4-udp-ports ineffective? (BIND 9.8.1-P1)

In message <4b588336-2de9-45bd-87ec-98c04b83c...@columbia.edu>, David Coulthart writes: > On Nov 17, 2011, at 6:28 PM, Mark Andrews wrote: > > In message <20171600.pahg0ucw011...@scramble.princeton.edu>, Irwin = > Tillman writes: > >> It appears that named is trying to use ports I've mentione

Re: avoid-v4-udp-ports ineffective? (BIND 9.8.1-P1)

On Nov 17, 2011, at 6:28 PM, Mark Andrews wrote: > In message <20171600.pahg0ucw011...@scramble.princeton.edu>, Irwin > Tillman writes: >> It appears that named is trying to use ports I've mentioned in >> avoid-v4-udp-ports. >> >> Platform: BIND 9.8.1-P1 on Solaris 10 / SPARC >> >> On some

Re: ADB messages

In message <9f4917e46ec4a64c8e5c28480a43eba50ca1061...@blrkecmbx02.ad.infosys.com>, Binu B Nair writes: > Hello, > > I am getting the following informational messages on starting named after= > installing bind 9.8.1-P1 on a set of resolvers. Please advise. > > 18-Nov-2011 03:35:14.872 databas

Re: make bind-9.7.4-P1 fails when --prefix and --exec-prefix switches are used

In message , Red Cricket writes: > That's it! THANK YOU! > > my /usr/bin/gcc was this ... > > #!/bin/sh > > if [ -n "$GCC10G" ]; then > # Use the standard gcc > exec /usr/bin/gcc323 $@ > elif id | grep -q gcc296; then > #Use the compat gcc > exec /usr/bin/gcc29

Re: make bind-9.7.4-P1 fails when --prefix and --exec-prefix switches are used

That's it! THANK YOU! my /usr/bin/gcc was this ... #!/bin/sh if [ -n "$GCC10G" ]; then # Use the standard gcc exec /usr/bin/gcc323 $@ elif id | grep -q gcc296; then #Use the compat gcc exec /usr/bin/gcc296 $@ elif [ -n "$GCC296" ]; then # Use the compat gc

Re: avoid-v4-udp-ports ineffective? (BIND 9.8.1-P1)

In message <20171600.pahg0ucw011...@scramble.princeton.edu>, Irwin Tillman writes: > It appears that named is trying to use ports I've mentioned in > avoid-v4-udp-ports. > > Platform: BIND 9.8.1-P1 on Solaris 10 / SPARC > > On some of the ports which BIND might otherwise choose to use, >

RE: trigger point for new bug

I asked >> If the assertion takes place when retrieving data from the cache, >> would setting cache size to 0 (do disable caching) avert this issue >> while still allowing recursion? Evan responded: > >I don't think so. I believe the cache actually has a minimum size, >lower than which named won't

Re: trigger point for new bug

> If the assertion takes place when retrieving data from the cache, > would setting cache size to 0 (do disable caching) avert this issue > while still allowing recursion? I don't think so. I believe the cache actually has a minimum size, lower than which named won't let you go. Setting max-ncac

RE: trigger point for new bug

>> So is it true that there is no way to make an existing bind server >> (without this patch) safe from this? >A server that only serves authoritative data and doesn't recurse >is safe. The assertion takes place when retrieving data from the >cache, which an authoritative server never does. >An

RE: trigger point for new bug

From: Evan Hunt [e...@isc.org] Sent: Thursday, November 17, 2011 14:30 To: Jack Tavares Cc: John Wobus; bind-users Subject: Re: trigger point for new bug > So is it true that there is no way to make an existing bind server > (without this patch) safe from this? >A server that only serves authori

Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed

In message <5a89161c-702d-4093-af15-966cbc724...@cornell.edu>, John Wobus writes: > I assume ISC does not deliberately insert aborts > triggerable by bad data in DNS queries and answers. > Much more likel,y they do it when something happens > that is supposed to be logically impossible whatever t

Re: trigger point for new bug

> So is it true that there is no way to make an existing bind server > (without this patch) safe from this? A server that only serves authoritative data and doesn't recurse is safe. The assertion takes place when retrieving data from the cache, which an authoritative server never does. Any serv

RE: trigger point for new bug

So is it true that there is no way to make an existing bind server (without this patch) safe from this? -- Jack Tavares "How many more can we sell with this button?" From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5..

Re: nanny (was Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed)

On 11/17/11 1:45 PM, "/dev/rob0" wrote: > What I should perhaps do: separate the authoritative named instance > from the recursive one on the mail server. I suppose BIND 10 does > this, by design? Yes, that is best practice (I keep reading it in docs from people I trust, like Cricket Liu). I've

Re: nanny (was Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed)

On Thursday 17 November 2011 15:24:12 Jeremy C. Reed wrote: > Also what other types of nanny scripts do you use? (I already saw > other emails with a few suggestions.) Mine is a very trivial thing, basically just: /sbin/pidof named || restartNamed where "restartNamed" is a function to log the

Re: make bind-9.7.4-P1 fails when --prefix and --exec-prefix switches are used

You need to fix your gcc wrapper as it is not handling command line arguments that contain spaces. This is a common error when people write shell script wrappers. They fail to account for arguments with spaces. Mark In message , Red Cricket writes: > gcc.orig: '--prefix=/users/rcricket/BIND_

RE: Query zone expiration time

We have the zone data - the slave is alive and the zones are on disk. I don't care about recovering the master server that died because we've been wanting to move the zones it served to our Infoblox systems anyways and this presented a 'do or die' opportunity. The original question was to determi

nanny (was Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed)

On Wed, 16 Nov 2011, Phil Mayers wrote: > It might be good if bind were able to re-start itself, rather than dying > outright (e.g. re-exec the process) but that is dangerous too; it's better > done by an unrelated supervising process. In the bind9 tarball's contrib directory there is a simply "n

Re: make bind-9.7.4-P1 fails when --prefix and --exec-prefix switches are used

I am unable to reproduce this (on a CentOS Linux system). Please tell us about your platform, what shell, what make, and provide a copy of your full configure output, and config.log and generated bin/named/Makefile. You may send these to me off-list if you'd like. Thanks, Jeremy C. Reed I

Re: Port number in A record in zone file

In message <5e1a7573.3227017d.4ec51045.62...@o2.pl>, =?UTF-8?Q?Aleksander_Kurczyk?= writes: > Hello, > Yesterday I asked here how can I run multiple named processes on different > ports in one OS. Now I have some troubles with t > hat. How can I specify the port number in zone file A record? Yo

make bind-9.7.4-P1 fails when --prefix and --exec-prefix switches are used

Hi, I have been working on upgrading from bind-9.7.3-P3 to bind-9.7.4-P1 to patch for cve-2011-4313. Here is what I am doing ... rcricket@dws-rch-rcricket-l:~$ wget http://ftp.isc.org/isc/bind9/9.7.4-P1/bind-9.7.4-P1.tar.gz ... rcricket@dws-rch-rcricket-l:~$ tar -zxf bind-9.7.4-P1.tar.gz rcricke

Re: trigger point for new bug

On 11/17/11 3:58 AM, "Gaurav Kansal" wrote: > Can you please explain What is the meaning of "INVALID RECORD"? I think doing so in overly verbose terms just helps script kiddies while parts of the community schedule upgrades... It can be best not to rush this type of detail. Granted, "determ

Re: Can't compile bind 9.8.1-P1 on Solaris

Well I recompiled everything within the environment and now I seem to have a working Bind. Thanks -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. K

RE: Bind 9.9.0B1 Inline-Signing Question

Evan: Thank you once more for your help with this. I'll redo our test on a separate environment, just to make sure, before sending a bug report. Pass on a Thank You to the rest of the ISC Bind team - you guys did a remarkable job with getting the Bind Upgrade out for the query.c crash, as well

ADB messages

Hello, I am getting the following informational messages on starting named after installing bind 9.8.1-P1 on a set of resolvers. Please advise. 18-Nov-2011 03:35:14.872 database: info: adb: grow_entries to 1531 starting 18-Nov-2011 03:35:14.874 database: info: adb: grow_entries finished Regar

Re: Can't compile bind 9.8.1-P1 on Solaris

That's just the thing. I compile on my test box and it works. Move it to production and it fails with the error stated. Bind-9.8.1 worked with the same environment settings. No chroot on my end. Same version of ssl (1.0.0d). -- Hal King - h...@utk.edu Systems Administrator Office of Information

Re: Bind 9.9.0B1 Inline-Signing Question

> Thank you for responding. Unfortunately, it seems that the journal file > isn't getting updated when we manually edit/increment the static zone > file. The time/date stamps are off - both ualbanytest.org.db.signed and > ualbanytest.org.db.signed.jnl show Nov 16 while the static zone file > ualban

RE: Bind 9.9.0B1 Inline-Signing Question

Evan: Thank you for responding. Unfortunately, it seems that the journal file isn't getting updated when we manually edit/increment the static zone file. The time/date stamps are off - both ualbanytest.org.db.signed and ualbanytest.org.db.signed.jnl show Nov 16 while the static zone file ual

Re: Can't compile bind 9.8.1-P1 on Solaris

On 17/11/11 05:33, King, Harold Clyde (Hal) wrote: > With great help I got Bind 9.8.1 to compile on solaris but I can not get > Bind to start up. I am getting: > > 17-Nov-2011 00:31:23.609 initializing DST: openssl failure > 17-Nov-2011 00:31:23.609 exiting (due to fatal error) > > Is anyone else

Re: Bind 9.9.0B1 Inline-Signing Question

> We edit the static zone, adding a resource record (of any type), > increment the serial, and then do a rndc reload. However, Bind is still > looking at the previous dnssec signed file - it's not picking up the new > records. Another strange thing is that using the auto-dnssec maintain > option,

Bind 9.9.0B1 Inline-Signing Question

First off, Thank you to all who responded/helped in my previous post - this list is a wonderful community. The inline-signing is now working...sort of. We edit the static zone, adding a resource record (of any type), increment the serial, and then do a rndc reload. However, Bind is still looking

Re: trigger point for new bug

> How about authoritative-only views? I.e., if a query reaches > the bind instance but is in a view that does not have caching, > could it crash the instance? (I assume not.) You're correct, that would be safe. (But, obviously, if the recursive view crashes, it's taking the authoritative one dow

avoid-v4-udp-ports ineffective? (BIND 9.8.1-P1)

It appears that named is trying to use ports I've mentioned in avoid-v4-udp-ports. Platform: BIND 9.8.1-P1 on Solaris 10 / SPARC On some of the ports which BIND might otherwise choose to use, I have other daemons running and/or the OS treats the ports as privileged. To keep named from trying t

Re: Puzzeling about IPv6

On 17/11/2011 15:13, Michelle Konzack wrote: > my ISP is now offering an IPv6 /64 subnet for > free for each Server. Not only Root-Servers but for realy ALL! > > OK, however, I like to setup my VHosts to use it, but I am puzzling > around how to do this with bind9

RE: Puzzeling about IPv6

Hi, Michelle. Best practice is to choose your 64-bit interface identifiers randomly, for example 7492:4f89:d821:cf19. Your complete IPv6 address would then be 2a01:4f8:d12:1300:7492:4f89:d821:cf19. When you generate your own random IIDs, mask them with FCFF::: to clear the universal

Re: Port number in A record in zone file

> > Why would you run a dns server on a non standard port? There's no way > > for clients to query via non standard ports. > > I would like to make a experimental configuration simulating a few BIND > servers on one PC (PowerMac G4 400 Mhz :) ), without virtual machines. Take a look at how the BI

Re: Port number in A record in zone file

On Nov 17, 2011, at 8:51 AM, Rick Dicaire wrote: On Thu, Nov 17, 2011 at 8:46 AM, Aleksander Kurczyk wrote: Hello, Yesterday I asked here how can I run multiple named processes on different ports in one OS. Now I have some troubles with that. How can I specify the port number in zone file A

Re: Port number in A record in zone file

It works :) Thanks very much Dnia 17 listopada 2011 15:52 Matthew Seaman napisał(a): > On 17/11/2011 14:41, Aleksander Kurczyk wrote: > > If not, it is possible to map traffic from 127.0.0.11:53, > > 127.0.0.12:53 and 127.0.0.13:53 to 127.0.0.1:2001, 127.0.0.1:2002 and > > 127.0.0.1:2003 or to

Puzzeling about IPv6

Hello *, my ISP is now offering an IPv6 /64 subnet for free for each Server. Not only Root-Servers but for realy ALL! OK, however, I like to setup my VHosts to use it, but I am puzzling around how to do this with bind9 (I run Debian) I have gotten this: IPs:

Re: Port number in A record in zone file

On 11/17/11 08:54 AM, Bill Owens wrote: On Thu, Nov 17, 2011 at 03:41:54PM +0100, Aleksander Kurczyk wrote: Why would you run a dns server on a non standard port? There's no way for clients to query via non standard ports. I would like to make a experimental configuration simulating a few BIND

Re: Port number in A record in zone file

On Thu, Nov 17, 2011 at 03:41:54PM +0100, Aleksander Kurczyk wrote: > > Why would you run a dns server on a non standard port? There's no way > > for clients to query via non standard ports. > > I would like to make a experimental configuration simulating a few BIND > servers on one PC (PowerMac

Re: Port number in A record in zone file

On 17/11/2011 14:41, Aleksander Kurczyk wrote: > If not, it is possible to map traffic from 127.0.0.11:53, > 127.0.0.12:53 and 127.0.0.13:53 to 127.0.0.1:2001, 127.0.0.1:2002 and > 127.0.0.1:2003 or to setup new loopback interfaces for 127.0.0.11, > 127.0.0.12 and 127.0.0.13 on Mac OS X or somehow

Re: trigger point for new bug

On Nov 16, 2011, at 4:20 PM, Michael McNally wrote: On 11/16/11 9:55 AM, Chris Brookes wrote: Any info on whether the newly announced bug can be triggered before the query ACL is applied on a recursive only server? An authoritative only server ought to be safe? According to our best current u

Re: Port number in A record in zone file

Dnia 17 listopada 2011 14:51 Rick Dicaire napisał(a): > You can't. If not, it is possible to map traffic from 127.0.0.11:53, 127.0.0.12:53 and 127.0.0.13:53 to 127.0.0.1:2001, 127.0.0.1:2002 and 127.0.0.1:2003 or to setup new loopback interfaces for 127.0.0.11, 127.0.0.12 and 127.0.0.13 on Mac

Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed

I assume ISC does not deliberately insert aborts triggerable by bad data in DNS queries and answers. Much more likel,y they do it when something happens that is supposed to be logically impossible whatever the incoming data, and implies continuing to run is potentially insecure and/or will just cr

Re: Port number in A record in zone file

Am Thu, 17 Nov 2011 14:46:45 +0100 schrieb Aleksander Kurczyk : > Hello, > Yesterday I asked here how can I run multiple named processes on different > ports in one OS. Now I have some troubles with that. How can I specify the > port number in zone file A record? > There is a simple answer: Y

Re: Port number in A record in zone file

On Thu, Nov 17, 2011 at 8:46 AM, Aleksander Kurczyk wrote: > Hello, > Yesterday I asked here how can I run multiple named processes on different > ports in one OS. Now I have some troubles with that. How can I specify the > port number in zone file A record? You can't. Why would you run a dns

Port number in A record in zone file

Hello, Yesterday I asked here how can I run multiple named processes on different ports in one OS. Now I have some troubles with that. How can I specify the port number in zone file A record? My config and zone files: 095160160157:/var/named root# cat srv1/named.conf options { directory

RE: trigger point for new bug

Can you please explain What is the meaning of "INVALID RECORD"? Thanks and Regards, Gaurav Kansal 9910118448 -Original Message- From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org [mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of Michael McNally Se