Re: Change in statistics format

Hi Peter, Would you consider donating that script to ISC so they can bundle it with the BIND distribution? I have a whole library of scripts like yours which I've collected over the last 10 years. Most of the hosts that are linked to as where these scripts are located are long gone and the

Re: DNS Zone File Entries Limit

> Its there > > zone "rpz" { >type master; >file "/etc/bind/zones/rpz.db"; >allow-query { none; }; >allow-transfer { 10.0.0.1; }; > }; I asked: "The slave is making a SOA query to the master and is getting refused as as response. I would be checking your acls. Look at the logs

Re: Change in statistics format

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2012-11-15 at 21:31 -0500, Silas Cutler wrote: > allow-query { none; }; > allow-transfer { 10.0.0.1; }; I think the slave needs to do an SOA query before it will even try the transfer. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0

Re: Change in statistics format

Its there zone "rpz" { type master; file "/etc/bind/zones/rpz.db"; allow-query { none; }; allow-transfer { 10.0.0.1; }; }; On 11/15/12 8:10 PM, Peter Yardley wrote: > I wrote a script to extract stats from the XML channel. Works for cricket, > cacti, MRTG ... > > You can find it

Re: Change in statistics format

> Looks like I'll have to update it for 9.10 tho, hope they updated the > schema number. Yes, we did. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Change in statistics format

I wrote a script to extract stats from the XML channel. Works for cricket, cacti, MRTG ... You can find it here… Looks like I'll have to update it for 9.10 tho, hope they updated the schema number. On 16/11/20

Re: DNS Zone File Entries Limit

In message <50a58610.8000...@blacklistthisdomain.com>, Silas Cutler writes: > No ACLs in place. > > [SLAVE] > Nov 15 19:13:36 [Redacted] named[21899]: zone rpz/IN: refresh: > unexpected rcode (REFUSED) from master MASTER#53 (source 0.0.0.0#0) > Nov 15 19:13:36 [Redacted] named[21899]: zone rpz/IN

Re: DNS Zone File Entries Limit

No ACLs in place. [SLAVE] Nov 15 19:13:36 [Redacted] named[21899]: zone rpz/IN: refresh: unexpected rcode (REFUSED) from master MASTER#53 (source 0.0.0.0#0) Nov 15 19:13:36 [Redacted] named[21899]: zone rpz/IN: Transfer started. Nov 15 19:13:36 [Redacted] named[21899]: transfer of 'rpz/IN' from MA

Re: DNS Zone File Entries Limit

In message <50a582d2.30...@blacklistthisdomain.com>, Silas Cutler writes: > Well, the authoritative server can handle the zone file size. However, > with the slave makes the request for the zone, I get: > > refresh: unexpected rcode (REFUSED) The slave is making a SOA query to the master and i

Re: DNS Zone File Entries Limit

Well, the authoritative server can handle the zone file size. However, with the slave makes the request for the zone, I get: refresh: unexpected rcode (REFUSED) On 11/15/12 6:59 PM, Mark Andrews wrote: > In message <50a580c1.9080...@blacklistthisdomain.com>, Silas Cutler writes: >> Good Evening

Re: DNS Zone File Entries Limit

In message <50a580c1.9080...@blacklistthisdomain.com>, Silas Cutler writes: > Good Evening, > > I've been doing some DNS RPZ experiments and during my testing I found > that if a DNS Zone on an Authoritative DNS Server has more then 100k > elements, it will not replicate to a slave DNS Server. >

DNS Zone File Entries Limit

Good Evening, I've been doing some DNS RPZ experiments and during my testing I found that if a DNS Zone on an Authoritative DNS Server has more then 100k elements, it will not replicate to a slave DNS Server. Do you know if this is a known issue or a PEBKAC related problem? Cheers, Silas Cutler

Forcing DNSSEC queries

Hi, I have using Bind for a while and last night upgraded to Bind 9.9.2 on my OpenIndiana 151a7. I would like to be able to control my DNS queries on Unix/Linux hosts, so that by default the client queries would only be DNSSEC authenticated/validated. However, as DNSSEC is not completely dep

Re: Change in statistics format

Thanks, Evan. That's exactly what I wanted to know. I'm already running the statistics server, so I'd certainly prefer to leverage that rather than rely on a bunch of regexes to parse the statistics file. I'll let the folks at Hyperic know about the upcoming schema changes. John On 11/15/20

Re: Change in statistics format

Thank you! Just downloaded a copy, and looks pretty straightforward. John On 11/15/2012 12:13 PM, Jan-Piet Mens wrote: Thanks, Phil. Those were my thoughts as well. For the present, I'll write my own monitoring plugin to parse the XML data. If you need some inspiration, I wrote a bit of C c

Re: Change in statistics format

On Thu, Nov 15, 2012 at 11:44:12AM -0500, John Miller wrote: > Hello everyone, > > When did BIND 9 switch over from the older The new stats counters were added in 9.5.0. They're in all currently- supported releases; the old format is fully deprecated now. Incidentally, that release also introdu

Re: Change in statistics format

> Thanks, Phil. Those were my thoughts as well. For the present, > I'll write my own monitoring plugin to parse the XML data. If you need some inspiration, I wrote a bit of C code [1] which does that rather effectively. It doesn't do what you want, but it may get you started. ;-) -JP

Re: User wanting to use a .local domain to host DNS

On 2012.11.15 11.39, Novosielski, Ryan wrote: Great, thanks, sounds like I'm covered then (I have BIND running authoritative for my zone on the firewall/NAT machine only accepting queries from my local 1918 addresses) and DHCP providing its address as the nameserver. be sure that bind is also a

Re: Change in statistics format

Thanks, Carsten, I've opened bug #4619 and indeed asked Hyperic to parse the XML output. I agree, it's much nicer than trying to parse the rndc.stats file! If anyone here has already written a BIND plugin for Hyperic, let me know--I'd love to have a copy and see if it'll work for us. John

Re: Change in statistics format

Hello John, John Miller writes: > Hello everyone, > > When did BIND 9 switch over from the older > > +++ Statistics Dump +++ (timestamp) > success # > referral # > nxrrset # > nxdomain # > recursion # > failure # > --- Statistics Dump --- (timestamp) > > to the newer > > +++ Statistics Dump +++

Re: Change in statistics format

Thanks, Phil. Those were my thoughts as well. For the present, I'll write my own monitoring plugin to parse the XML data. John On 11/15/2012 11:47 AM, Phil Mayers wrote: On 15/11/12 16:44, John Miller wrote: Hello everyone, When did BIND 9 switch over from the older I think that was *ye

Re: Change in statistics format

On 15/11/12 16:44, John Miller wrote: Hello everyone, When did BIND 9 switch over from the older I think that was *years* ago? I'm getting ready to file a bug for our monitoring software (Hyperic HQ), because it only reads the older format, and wanted to be sure I had my ducks in a row. Y

Change in statistics format

Hello everyone, When did BIND 9 switch over from the older +++ Statistics Dump +++ (timestamp) success # referral # nxrrset # nxdomain # recursion # failure # --- Statistics Dump --- (timestamp) to the newer +++ Statistics Dump +++ (timestamp) ++ Incoming Requests ++ x QUERY ++

Re: Bind 9.9.2 ADB Question Update

On 15/11/12 16:17, Cathy Almond wrote: > On 15/11/12 15:49, Manson, John wrote: >> The adb grow-names process? does not appear to be related to recursive cache >> as I cleared cache while monitoring syslog and the counter kept increasing. >> However a reload did start the adb grow-names process an

Re: User wanting to use a .local domain to host DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2012 11:36 AM, btb wrote: > On 2012.11.15 10.14, Novosielski, Ryan wrote: >>> Failing to operate a private TLD correctly is causing internal >>> data leaking to the Internet, which could be a security risk >>> but in all cases is a burden on

Re: User wanting to use a .local domain to host DNS

On 2012.11.15 10.14, Novosielski, Ryan wrote: Failing to operate a private TLD correctly is causing internal data leaking to the Internet, which could be a security risk but in all cases is a burden on the root server system. Not that I think that I'm doing this (and as I'd said, the only place

Re: Bind 9.9.2 ADB Question Update

On 15/11/12 15:49, Manson, John wrote: > The adb grow-names process? does not appear to be related to recursive cache > as I cleared cache while monitoring syslog and the counter kept increasing. > However a reload did start the adb grow-names process anew. > Both shown below > > . > . > . > Nov

Bind 9.9.2 ADB Question Update

The adb grow-names process? does not appear to be related to recursive cache as I cleared cache while monitoring syslog and the counter kept increasing. However a reload did start the adb grow-names process anew. Both shown below . . . Nov 14 15:25:40 local@mercury named[2920]: [ID 873579 daemon.

Re: User wanting to use a .local domain to host DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2012 09:40 AM, Carsten Strotmann wrote: > '.local" is the 4th most queried domain name (after localhost, com > and net), but it should not exist at all in the Internet (or > queries should not reach the root server system). You see "corp", >

Re: User wanting to use a .local domain to host DNS

On 15/11/12 15:39, Carsten Strotmann wrote: > Phil Mayers writes: > >> On 14/11/12 15:02, King, Harold Clyde (Hal) wrote: >>> I'm a bit confused by a user request. I think he is trying to keep some >>> hosts on the private side of DNS, but he wants to use a DNS name like >>> host.sub.local. I do

Re: User wanting to use a .local domain to host DNS

Phil Mayers writes: > On 14/11/12 15:02, King, Harold Clyde (Hal) wrote: >> I'm a bit confused by a user request. I think he is trying to keep some >> hosts on the private side of DNS, but he wants to use a DNS name like >> host.sub.local. I do not know of the use of the .local TLD except in >> b

Re: User wanting to use a .local domain to host DNS

Hi there, On Wed, 14 Nov 2012, Phil Mayers wrote: On 14/11/12 15:39, Kevin Darcy wrote: > I stopped reading as soon as I saw the requirement to add a NetBIOS > name, being overpowered by the stench of obsolescence. Does anyone As per our recent thread, there's load of (recent, modern) stuff th