Are you sure that the new system has exactly the same jail configuration as the
old one? That's the easiest thing to overlook when hurrying; I did that once
myself replicating a system with an underlying OS change which ruled out my
preferred dump/restore method.
Hth,Len
On Thursday,
The hints hopefully point eventually to an authoritative server for ".".
Whatever that authoritative server says overrides any hints, just like any
other zone's authoritative NS. It does not matter how obsolete a delegation
is, so long as some authoritative NS replies, the data from the delega
I think you meant to say: WWW and any other server/service --> zone
db.internalOtherfwise have your cogent explanation ready for the executive of
your choice complains loudly "Our web site is down Our customers MUST have
reliable access to our site!"
(Many executives will not think t
>Let me take a step back. The original problem is "dig ."
> would give SERVFAIL instead of NOERROR.
>The "." is pointed to named.ca which looks normal.
Without source code changes to your tools and/or replacement
hints files "." invariably points to the root servers to be used by the
(possib
At about 3:26 AM on 07 AUG 2014 Gaurav Kansal asked:
...
>Is there any way out to figure out the same ?
Here are two easy approaches:
Create a simple database or sequence of files containing the results of an "all
star" crontab entry. The persistent storage entries coming over the statistics
The "never changes" TTLs are from zones for which the server is authoritative.
Otherwise, the TTL is the decrementing time-in-cash-before-required-refetchng.
hth,
Len
On Thursday, July 31, 2014 12:56 PM, Ray Van Dolson wrote:
Not BIND-related specifically... (though the server below coul
You may be seeing additional buffering from nslookup.
If you are using nslookup on a Windows platform,
I'm 99.44% confident that you are observing M$ client-side
buffering. DiG (or even host) are much better than nslookup
for diagnostic purposes.
hth
On Thursday, July 24, 2014 8:00 AM
Taking the CNAME line in the response, please notice that the published TTL is
60 seconds. Prefetch does not cause named to ignore TTLs.
hth,
Len
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-us
Easy fix.. These two records can not coexist:
www.espersunited.com. IN CNAME carter.espersunited.com.
www.espersunited.com. IN A 192.168.0.2
The error message was completely correct in saying:
failed: CNAME and other data
In this particular case, the other data was a
You previously showed your unsuccessful rndc command. It contained:
'type slave; file "slaves/zone.local";
Unless you override the defaults, that says:
"use the file /var/named/slaves/zone.local".
So it appears that the directory /var/named/slaves was not writable.
Hth,
Len
On Su
"Why is the recursive
>server not pegging the CPU?" I'm aware that there will be a difference
>in qps between auth-only and recursive, but the recursive server seems
>to be working a lot less hard than the auth server, and I can't figure
>out why.
>
>Doug
Are you allowing long answers when authoritative? Performance measurements
with and without additional data in responses is measurable (imo around 12%
more network traffic from the replies on auth-only servers).
hth,
Len
On Sunday, January 12, 2014 5:54 PM, Doug Barton wrote:
Thanks for
Not with a CNAME, but you can get what you want with two zone definitions and
one $INCLUDE directive in each zone below the appropriate $ORIGIN statements.
That way will allow all of your, for example, RRs to be the same in each
domain but only be maintained in one entry.
hth,
Len
On
AIUI, it is not their name servers (which clearly support the records when
secondary), it's their hefty customer UI and their support/helpdesk folks that
would require a non-cheap upgrade.
That said, I have spent most of a decade as a happy customer of register.com,
which was recently Borged by
At about Monday, September 16, 2013 6:54 PMDan McDaniel wrote:
>querying the
>failed fedora NS. Then it came back with a not found. My company's
>networking group said it's the fault of the bad fedora NS.
If the fedora NS had returned SERVFAIL or if it was not reachable,
your company's NS WOULD
That appears to be a strange desire. If you need such high levels of "never
allow a normal retry" you might look at using either Prolexic or Akami services
to create a geographically-diverse network topology. Or even a simple 3DNS or
router package at your borders with a few inner-DMZ systems
Sumsum--
Using the technique you document, you will need a zone for each of
128.100.168.192.in-addr.arpa through 190.100.168.192.in-addr.arpa
Or you might want to serve the entire class C 100.168.192.in-addr.arpa,
especially if you can get a feed for the zone excluding your portion.
Hope this
Sorry for top-post.
Your expectation is incorrect.
zone "0/24.110.252.173.in-addr.arpa"
is not the same as
zone "173.252.110.24.in-addr.arpa"
hth,
Len
>
> From: sumsum 2000
>To: bind-users@lists.isc.org
>Sent: Monday, July 8, 2013 11:21 PM
>Subject: Re
At about Friday, June 28, 2013 10:54 AM Ward, Mike S" wrote:
>Hello all, is there any reason to setup reverse address entries
>for a zone?
It very much depends on the reasons for the forward entries.
For example:
Commercial backup software for Microsoft servers require
forward-reverse-forwa
Hello Alok,
Something may have changed at the name servers for
bvt-rhe63-32s.ipv6domain.com.
Right now, both ns.addpac.co.kr (61.33.161.2) and ns.addpac.com (61.33.161.2)
are returning NXDOMAIN for bvt-rhe63-32s.ipv6domain.com. The IP happily returns
the SOA for ipv6domain.com using either NS
Hi Brian,
I don't understand why you would expect to see errors, when nslint says:
nslint: 0/131072 items used, 0 errors
Zero items used/checked strongly implies zero errors can be detected.
hth,
Len
>
> From: Brian Cuttler
>To: bind-users@lists.isc.org
OK, Jeff, would it be possible for you to share the entire non-delivery
notification as seen by one of your customers? (You might have to establish an
account at Y!, gmail, etc. for your customer to use in sending the NDN, in
which case have the customer include the full headers from the NDN in
Hi Norman,
>This is the error message my browser returns:
> The server at dlinkrouter can't be found, because the DNS lookup failed.
> DNS is the network service that ...
This is my best guess on your incomplete information.
Some process or person somehow managed to convince the router
If your some of your clients are SMTP relays, then ANY is the default lookup
for an MX and is perfectly normal.
Much better from the point of view of the mail servers to do one lookup instead
of several.
Len
>
> From: hugo hugoo
>To: Vernon Schryver ; "bind
As I understand AUTHORITATIVE trumps anything. For example, from an inside
intranet name server forward the root (".") to somewhere on your edge, sprinkle
in a few internal-only authoritative zones, and enjoy. This is certainly not
the only choice, but it functions pretty well.
Len
>___
>
> "Novosielski, Ryan" wrote on about Friday, April 5,
>2013 10:31 PM
>
>
>>$INCLUDE db.example.com
>>@ IN A 192.168.50.50
>It may be obvious, but one needs to be aware that any $ORIGIN
statements in the included file may cause unexpected results
Moving registration away from NetSol is documented at
http://www.networksolutions.com/support/preparing-a-domain-name-for-a-transfer-out-of-network-solutions/
If you have a good number of domains, and that number changes frequently, you
might want to consider CSC
https://www.cscglobal.com/globa
Packet dumps at your edge would likely be helpful to your diagnosis.
At your firewall (or other edge appliance) you are seeing successful UDP from a
high port on your system (DNS client) to port 53 on the server and a reply in
the opposite direction. You are not seeing success from an external
From: Rajiv wrote at about Sunday, December 4, 2011
12:24 AM
>Subject: bind
...
> I am getting below error while updating the new Name server
>to IANA.
>The NS RR-set returned by the authoritative name server [xxx.xxx.xxx] are not
>the
>same as the supplied ns records [xxx.x
Darvin Denmian asked:
> 2) What is the maximum number of includes inside a SFP field?
It is RECOMMENDED that SPF library implementations limit the number of DNS
operations performed during a lookup to ten, to cut down on the chances of a
denial-of-service exercise using SPF and to short-circuit
Actually, they have dozens scattered around the planet
(they happen to have a local headquarters that I've visited),
so there are always support folks working in their local daylight. :-)
Len
From: John D. Vo
To: Steve Lancaster
Cc: bind-users@lists.isc.org;
One spot is http://ftp.isc.org/isc/libbind/6.0b1/libbind-6.0b1.tar.gz
- Original Message
From: David Sparks
To: "bind-us...@isc.org"
Sent: Thursday, January 29, 2009 3:22:47 PM
Subject: where is libbind???
configure: error: 'libbind' is no longer part of the BIND 9 distribution.
I personally really like SENDS. Works fine, has lasted long time, with only
minor changes as perl has evolved. However, note that the last few times we
tried to supply updates, we haven't succeeded. The below FTP server may or may
not be available; I could not reach it in the past 10 minutes.
Scott wrote at about Thursday, November 20, 2008 12:45:26 AM:
...
>> 19-Nov-2008 15:36:34.955 lame-servers: info: lame server resolving
>> '127.52.195.166.in-addr.arpa' (in '52.195.166.in-addr.arpa'?):
>> 209.183.48.20#53
> However, I thought the last part, was an IP and a port, telling me, tha
They are most likely reverse lookups from your MTA. Borked reverse zones are
quite common.
Len
- Original Message
From: Scott Haneda <[EMAIL PROTECTED]>
To: BIND Users Mailing List
Sent: Wednesday, November 19, 2008 3:57:15 PM
Subject: Help understanding lame server error
I have a
35 matches
Mail list logo
