Re: Refreshing cache in other DNS Servers

I would add that Windows PC OSs by default have the dns client cache set to 'enable'. John Manson U.S. House of Representatives | HIR Data Communications | Washington, DC 20515 Desk: 202-226-4244 | NCC: 202-226-6430 | john.man...@mail.house.gov ___ Plea

What is proper fault-tolerant behavior?

To add to Len's comments, bind will keep going to the partially broken Fedora dns as long as it has the fastest response time. As a short term fix, you can use the 'blackhole' option to prevent your dns from sending queries to that IP. John Manson U.S. House of Representatives | HIR Data Communi

Re: bind-users Digest, Vol 1560, Issue 1

Give each instance of named a unique name: A-named, b-named, etc - Original Message - From: bind-users-requ...@lists.isc.org [mailto:bind-users-requ...@lists.isc.org] Sent: Tuesday, July 02, 2013 08:00 AM To: bind-users@lists.isc.org Subject: bind-users Digest, Vol 1560, Issue 1 Send

Rate-Limit Question

We are running Bind 9.9.2 and would like to invoke the rate-limit option but named says 'unknown option'. Do we need to upgrade bind to get this option? Using this syntax: rate-limit { responses-per-second 5; window 5; }; Thanks John Manson US House of Representatives CAO/HIR/NAF/Data-Communicat

Views Question

If the 'type' info in a zone statement determines master or slave, can you have 2 views in the same named.conf file, one with type master zones and the other with type slave zones? John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226

Mirror Masters

We have a second master at a different location and I was wondering if there is any way to have the first master send db file updates to it using file transfers like it does to the slaves. We currently do db file transfers between masters with sftp and would like to stop using OS processes and h

Solaris 11

I searched www.isc.org to no avail. Is bind 9.9.x compatible with Solaris 11? Anything out of the ordinary with compiling and such? Thanks John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430

Recursion Issue

http://www.digwebinterface.com/? Is one of the internet sites I use. John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov __

RE: Recursion issue

mailto:cli...@buxtonfamily.us] Sent: Thursday, March 28, 2013 12:57 PM To: Manson, John Cc: bind-users@lists.isc.org Subject: Re: Recursion issue On Mar 28, 2013, at 9:05 AM, Manson, John wrote: > I disagree with your statement about recursion. > What stops an authoritative server from doing recursi

RE: Recursion issue

, 2013 11:49 AM To: Manson, John Cc: bind-users@lists.isc.org Subject: Re: Recursion issue On Mar 28, 2013, at 8:27 AM, Manson, John wrote: > From the internet: > Answer records > > name class typedatatime to live > test.gopleader.govIN CNAME testwww.house.g

RE: Recursion issue

: test.gopleader@mercury.house.gov: test.gopleader.gov. 300 IN CNAME testwww.house.gov. -Original Message- From: Chris Buxton [mailto:cli...@buxtonfamily.us] Sent: Thursday, March 28, 2013 11:49 AM To: Manson, John Cc: bind-users@lists.isc.org Subject: Re: Recursion issue On Mar 28

RE: Recursion issue

:15:00) So the first lookup does not fully resolve due to recursion. Does this help? -Original Message- From: Chris Buxton [mailto:cli...@buxtonfamily.us] Sent: Thursday, March 28, 2013 11:13 AM To: Manson, John Cc: bind-users@lists.isc.org Subject: Re: Recursion issue On Mar 28, 2013,

Recursion issue

My external authoritative dns does not allow recursion. We have vanity names like speaker.gov. When we add an entry like: www.speaker.gov CNAME www.house.gov it fails because of the recursion statement even though the external dns is authorit

FW: CVE-2013-2266 Question

In the work around section of this notice, it talks about 'make clear' and editing a file statement. No problem with that. Does 'make clear' affect the running named or is it best to stop named and start it afterward? Do I also need to run configure again or just make? Will dig and rndc be update

Hack Attempt?

Found this entry in external named log: Mar 26 20:07:18 local@mercury named[4043]: [ID 873579 daemon.notice] client 72.13.58.93#39043: view outhouse: notify question section contains no SOA This IP is not one of mine. Does the word 'notify' related to zone transfers or something else. Thanks Jo

Re: disabling lame server logging

Syslog-ng Use the named default logging. John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov ___ Plea

Transfers-out

Can this option be used in a 'slave' config to prevent out-bound transfers? Transfers-out 0; The 9.9.2 ARM is ambiguous. Thanks John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov<

FW: Named stopped loging?

I would like to retract this post after I had a long conversation with my co-worker who is just back from leave. Sorry for the bother. From: Manson, John Sent: Friday, December 28, 2012 10:54 AM To: 'bind-users@lists.isc.org' Subject: Named stopped loging? Good Day Running 9.9.2 f

Named stopped loging?

Good Day Running 9.9.2 for about a month now with no worries. Today I noticed only the reload message in the namedlog and not the zone messages that are usually there after stopping and restarting the named process. Worked fine on the 26th but not today. Logs sample: Dec 26 15:01:52 local@mercu

TCP retransmission counters for

Keep it simple. We use syslog-ng and named logging set to default. We get entries like this so it is easy to see who is talking to who and how long it is taking. Sample from one of our external servers. Redacted where necessary: Nov 27 09:42:44 local@mercury named[17686]: [ID 873579 daemon.info]

Bind 9.9.2 ADB Question Update

The adb grow-names process? does not appear to be related to recursive cache as I cleared cache while monitoring syslog and the counter kept increasing. However a reload did start the adb grow-names process anew. Both shown below . . . Nov 14 15:25:40 local@mercury named[2920]: [ID 873579 daemon.

Bind 9.9.2 ADB Question

Just upgraded to 9.9.2 today and am seeing the following in syslog for the first time: Nov 14 15:08:58 local@mercury named[2920]: [ID 873579 daemon.info] adb: grow_names to 6143 starting Nov 14 15:08:58 local@mercury named[2920]: [ID 873579 daemon.info] adb: grow_names finished I gather this i

Bind 9.9.2 Clarification

Should I install bind 9.9.0 first and then update to bind 9.9.1 then update to bind 9.9.2? This excerpt from the README file is a little confusing: BIND 9.9.2 BIND 9.9.2 is a maintenance release and patches the security flaw described in CVE-2012-4244. BIND 9.9.1 BIND 9

RE: Possible DDoS?

Thanks So that is why there are usually no NS records? -Original Message- From: Chuck Swiger [mailto:cswi...@mac.com] Sent: Wednesday, October 17, 2012 2:31 PM To: Manson, John Cc: bind-users@lists.isc.org Subject: Re: Possible DDoS? Hi-- On Oct 17, 2012, at 11:17 AM, Manson, John wrote

Possible DDoS?

>From time to time I notice a large number of queries like these to one of my >external dns servers: 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ? 14:14:40.01529 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ? 14:14:40.03688 121.10.105.66 -> 143.231.1.67 D

Bind 9.7.3 Options Table

While googling for 'default' config file options, I found this chart. http://www.ipamworldwide.com/component/content/article/48-dns-isc/98-bind-973-options.html It does not take the place of the ARM but seems helpful. Enjoy John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representat

DDOS Atatck on BIND 9.8.0

Sounds like the internet is using your external dns server to do recursive queries. This will reduce the unwanted queries. On your external dns server, create 2 views, one for your internal dns forwarders to point to (recursive) and one for internet queries to you (authoritative). Name them Insi

RE:Root Hints Updates

This url works. http://www.internic.net/domain/named.root You can edit your hints file to change or add info, just be sure to follow the existing format. JM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this l

Re: Zone Transfer issue on BIND9

The key names will show up in syslog messages along with IPs and view names. Compare master and slave syslogs for clues. JM -- Message: 1 Date: Sat, 25 Aug 2012 11:48:47 -0400 From: John Wingenbach To: bind-users@lists.isc.org

What can cause excessive amount of _dns-sd queries?

In our case, 90% of the dns-sd queries were for the 192.168 network. These are from 1 client: DNS C db._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ? DNS C dr._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ? DNS C lb._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ? DNS C cf.

What can cause excessive amount of _dns-sd queries?

Good explanation of Service Discovery: http://www.dns-sd.org/ Also, Bonjour is a big offender: http://en.wikipedia.org/wiki/Bonjour_%28software%29 A lot of Apple apps use it like itunes. -Original Message- From: bind-users-bounces+john.manson=mail.house@lists.isc.org [mailto:bind-use

RE: Delayed Zone Transfers

One thing about views, since named.conf is read 'top down', you have to exclude IP pairs used for tranfers by the 2nd view from the 1st view. All our tranfers happen in 1 second or less on average. JM -Original Message- From: bind-users-bounces+john.manson=mail.house@lists.isc.org [

RE: Default Options

one;};\n\ . . . . The file also includes defaults for 'view' and 'zone'. Thanks -Original Message- From: Evan Hunt [mailto:e...@isc.org] Sent: Tuesday, June 05, 2012 3:04 PM To: Mike Hoskins Cc: Manson, John; 'bind-users@lists.isc.org' Subject: Re: Default Op

VMware & Bind

Will bind run on VMware? John Manson CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov ___ Please visit https://lists.isc.org/mailman/listinfo/

Default Options

Is there a command for bind that will list all Options default names and settings in named.conf? Might be helpful in understanding why bind is acting a certin way. Thanks John Manson CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | Tea

RE: Bind9.9.1 Dependences

Yes It would help if you could add the version of each listed below. What are the 'few others"? Thanks -Original Message- From: Dennis Clarke [mailto:dcla...@blastwave.org] Sent: Tuesday, May 22, 2012 12:14 PM To: Manson, John Cc: 'bind-users@lists.isc.org' Su

Bind9.9.1 Dependences

How can I find out which Unix files/libraries bind requires before I do the compile? Thanks John Manson CAO/HIR/NI Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | Team: 202-225-5552 | john.man...@mail.house.gov

Secondary Master

I found this article about setting up a secondary master. This may be useful as we are bringing up a disaster recovery site. The author explains that the zone type should be 'slave'' so it can receive db updates from the normal master. Seems like that makes it a slave instead of a master for that

AEM Question

Any idea when the ARM for 9.9.0 will be published? No mention on the ISC web site. Reference and FAQ The primary documentation for BIND is the ARM, the Administrator's Reference Manual. There is a separate edition of the ARM for each major release of BIND. You can download the PDF file of the