Re: big improvement in BIND9 auth-server startup time

2011-08-03 Thread Barry Finkel
Evan Hunt wrote last July 13: -- People who operate big authoritative name servers (particularly with large numbers of small zones, e.g., for domain hosting and parking), and have had trouble with slow startup, may find this information useful: http://www.isc.org/community/blog/201107/major-imp

Re: BIND 9.7 Serial Number Decrease Problem

2011-06-20 Thread Barry Finkel
Barry Finkel wrote: I ran a test this morning on one of the Solaris 10 slave servers. A query to the server showed serial numbers: _tcp 1238 _udp842 Both of these match the zone on the MS Windows DNS Server. I checked the zone files on the slave server: _tcp 1239

Re: How to Setup a Name Servers visible on Internet?

2011-06-20 Thread Barry Finkel
"Metropolitan College " wrote, in part: An embedded and charset-unspecified text was scrubbed... Name: 194.134.41.in-addr.arpa URL: The attachment: $TTL 3H 194.134.41.in-addr.arpa.IN

Re: BIND 9.7 Serial Number Decrease Problem

2011-06-10 Thread Barry Finkel
On 07/06/11 13:51, I wrote: I now have this situation on one Solaris 10 slave; the problem probably also exists on the other Sol 10 slave and the two Ubuntu hardy slaves: The _tcp zone on the master MS DNS Server: 1238 600 86400 3600 The _tcp zone on the BIND 9.7.3-P1 Solaris 10 server di

RE: BIND 9.7 Serial Number Decrease Problem

2011-06-07 Thread Barry Finkel
"McDonald, Dan" " replied to my posting: I think your root problem is trying to deal with active directory integrated zones. We stopped using them entirely when we found that each domain controller maintains an individual SOA record with its own serial number. The serial numbers rapidly (and p

Re: BIND 9.7 Serial Number Decrease Problem

2011-06-07 Thread Barry Finkel
In my last posting I was confused as to the .jnl file. I have about 44 AD slave files on my BIND servers, and 40 .jnl files. The two zones in question do not have .jnl files. As I do not look at .jnl files much, I had forgotten about the tool to list them. I now have this situation on one Solar

Re: BIND 9.7 Serial Number Decrease Problem

2011-06-06 Thread Barry Finkel
In message<4de9045c.2050...@anl.gov>, Barry Finkel writes: I have a problem with BIND 9.7.x on Ubuntu. I have two servers that are running 9.7.3. They slave 332 zones, and they also master 213,750 malware/spyware zones that we have defined to reroute these domains to a local machine. When

BIND 9.7 Serial Number Decrease Problem

2011-06-03 Thread Barry Finkel
I have a problem with BIND 9.7.x on Ubuntu. I have two servers that are running 9.7.3. They slave 332 zones, and they also master 213,750 malware/spyware zones that we have defined to reroute these domains to a local machine. When I was upgrading the BIND to 9.7.3-P1 yesterday, an ./rndc st

Re: how to check if a slave zone is expired

2011-05-08 Thread Barry Finkel
I review the BIND syslogs on my servers daily. The syslog will tell me if any slave is having problems loading a zone. I expect that the hostmasters at my off-site slaves do the same. If I slave a zone for someone else, and I see problems, I contact the owner of that zone. --

Re: BIND 9 And Short Name resolution Problem

2011-03-31 Thread Barry Finkel
On 03/31/11 13:17, bind-users-requ...@lists.isc.org wrote: Hello, I get the following messages on the BIND server when I do a short name nslookup from a client: Mar 31 14:08:04 jedi named[1299]: [ID 873579 daemon.info] network unreachable resolving 'C.ROOT-SERVERS.NET//IN': 2001:500:1::803f

Typo in 9.7.3 Announcement

2011-02-15 Thread Barry Finkel
In the posting and on the ISC release notes page on the web, under "Feature Changes" - the first heading "9.7.2" should read "9.7.3". -- -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory

Re: Telling rndc Which IP Address to Use

2011-01-20 Thread Barry Finkel
On 01/19/11 15:21, Jay Ford wrote: On Wed, 19 Jan 2011, Barry Finkel wrote: I have a master DNS server that has two IP addresses - one used for DNS and one used for non-DNS. On that master I run rndc to load zones on slave servers. On the slave servers I have controls{ inet a.b.c.d port 953

Telling rndc Which IP Address to Use

2011-01-19 Thread Barry Finkel
I have a master DNS server that has two IP addresses - one used for DNS and one used for non-DNS. On that master I run rndc to load zones on slave servers. On the slave servers I have controls{ inet a.b.c.d port 953 allow {127.0.0.1; e.f.g.h; } keys { "rndc-key'

Tracing Response Packets at the Querying Server

2011-01-13 Thread Barry Finkel
I am running bind-9.7.2-P3, and I am having a problem with BIND or the network or the Ubuntu operating system. I send a DNS query from one of my DNS servers to another of my DNS servers. I see in a tshark trace that the reply packet is received back at the querying server, but dig produces a tim

Re: BIND View Option

2010-11-10 Thread Barry Finkel
From: St?phanas Schaden wrote: >Is there a way or option to configure bind to do the following logic: >If the bind didn't find a entry in a view 1 (internal view) it will >search this entry on the view 2 (external view) ? Place the common piece in a separate include file: view "view1" { ...

Re: Logging SERVFAIL Errors

2010-10-08 Thread Barry Finkel
Am Fri, 8 Oct 2010 09:09:16 -0500 (CDT) schrieb b19...@anl.gov (Barry Finkel): >> On BIND 9.7.1-P2 I have in named.conf: >> >> channel query-errors-log { >> file "/var/log/named.query-errors.log" versions 3 size >> 200k; print-category

Logging SERVFAIL Errors

2010-10-08 Thread Barry Finkel
On BIND 9.7.1-P2 I have in named.conf: channel query-errors-log { file "/var/log/named.query-errors.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; }; category query-e

Re: non-24 bit subnets

2010-10-07 Thread Barry Finkel
> >You can have a different TTL for each and every record, if you like, in >the same zone file with no includes (the $TTL directive can appear >multiple times). > >e.g. : > >$TTL 300; 5 mins >*PTRhost-no-spec.example.com. >$TTL 3600; 1 hour >17 PTR mail.example.com. >$TTL 1800

A Further Question about query-source

2010-09-08 Thread Barry Finkel
I have DNS severs with multiple addresses. They are running 9.7.1-P2. On the servers I have query-source 1.2.3.4; to tell BIND to use one of the DNS addresses for its queries. Yesterday on the box I issued dig example.com @someserver.example.com and the query was sent using the non-D

Re: Question on query-source, transfer-source, notify-source

2010-08-04 Thread Barry Finkel
Another question about query-source: Is there a difference between query-source address 1.2.3.4; and query-source 1.2.3.4; My reading of the ARM simplies that the two are the same, but I may be getting different results. I am not sure. Two of my colleagues ran a test last week that s

Re: Question on query-source, transfer-source, notify-source

2010-08-03 Thread Barry Finkel
On 7/28/10, I wrote: >> I have a BIND config question. First some history. >> >> My initial two DNS servers (A and B) had three NICs and three IP >> addresses. Then I installed two additional servers (C and D), >> each with one NIC; each server has one base address and one DNS address. >> All fo

Question on query-source, transfer-source, notify-source

2010-07-28 Thread Barry Finkel
I have a BIND config question. First some history. My initial two DNS servers (A and B) had three NICs and three IP addresses. Then I installed two additional servers (C and D), each with one NIC; each server has one base address and one DNS address. All four servers run Solaris. When I install

Re: BIND integration with windows DNS

2010-07-27 Thread Barry Finkel
Arnoud Tijssen wrote: >I`m facing kind of a challenge. At the moment we have BIND and windows >DNS within our corporate network. > >I would like to get rid of windows DNS and switch completely over to >BIND, but since DNS is so intertwined with AD this is not an option >since it probably introduc