Terminology, Power, and Exclusionary Language in Internet-Drafts and RFCs
Abstract
This document argues for more inclusive language conventions
sometimes used by RFC authors and the RFC Production Centre in
Internet-Drafts that are work in progress, and in new RFCs tha
On 2/6/25 08:40, Greg Choules via bind-users wrote:
In DNS terms, for me, a "primary" has the single source of truth for
data in zones and a "secondary" transfers a temporary copy of that data
from a primary, or from another secondary (though daisy chain
secondaries at your peril). All are auth
Hi Paul.
What's a "primary master" as opposed to (presumably?) a "secondary master"?
Maybe there are just too many combinations and permutations of type of box
for a single word to convey all meanings, though I haven't encountered any
yet. Even in an environment like Active Directory, where all se
On Sat, 1 Feb 2025 09:11:32 +0100
Ondřej Surý wrote:
> Hey,
>
> since you've asked about ISC recommendations and good practice,
> we prefer to use the current DNS terminology as defined in RFC 8499[1]
> that says:
>
> > Although early DNS RFCs such as [RFC1996] referred to this as a "master",
>
Hey,
since you've asked about ISC recommendations and good practice,
we prefer to use the current DNS terminology as defined in RFC 8499[1]
that says:
> Although early DNS RFCs such as [RFC1996] referred to this as a "master",
> the current common usage has shifted to "primary".
and
> Although
One of the things you may want to look into, is the notions of "acl" and
"masters". These are sections in named.conf that you can give names, that can
be referenced elsewhere. Below is one such config I have in my own systems
(with IP addresses partially redacted):
// Access Control Lists
// So
On Friday, January 31, 2025 10:03:06 PM CET Karol Nowicki via bind-users
wrote:
> Hi Everyone
> With design where one ISC Bind DNS server is a master for domain
> example1.com while in same time acts like as Slave for another one lets say
> example2.com do we breaks any ISC recomendations or good
Am 31.01.2025 um 21:03:06 Uhr schrieb Karol Nowicki via bind-users:
> With design where one ISC Bind DNS server is a master for domain
> example1.com while in same time acts like as Slave for another one
> lets say example2.com do we breaks any ISC recomendations or good
> practice ?
Such a conf
Hi Everyone
With design where one ISC Bind DNS server is a master for domain example1.com
while in same time acts like as Slave for another one lets say example2.com do
we breaks any ISC recomendations or good practice ?
Wysłane z Yahoo Mail do iPhone
--
Visit https://lists.isc.org/mailman/l
It's clearer now, thank you Greg
Sami
De : Greg Choules
Envoyé : lundi 25 mars 2024 12:52
À : RAHAL Sami SOFRECOM
Cc : ML BIND Users
Objet : Re: transfert master slave
Hi Sami.
"allow-..." statements are to restrict from which sources *this* server will
accept messages, of whi
Hi Sami.
"allow-..." statements are to restrict from which sources *this* server
will accept messages, of whichever type.
On the secondary (slave), "allow-notify {192.168.56.154;};" will permit it
to process NOTIFY messages sent to it from the primary (master), but ignore
any others. Actually, this
Thank you Mark for this information
Regards
De : Mark Andrews
Envoyé : lundi 25 mars 2024 12:42
À : RAHAL Sami SOFRECOM
Cc : ML BIND Users
Objet : Re: transfert master slave
Allow-notify is additive. You can’t block notify from primaries.
--
Mark Andrews
On 25 Mar 2024, at 22:34,
sami.ra
Allow-notify is additive. You can’t block notify from primaries.
--
Mark Andrews
> On 25 Mar 2024, at 22:34, sami.ra...@sofrecom.com wrote:
>
>
> Hello community,
> I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow
> notifications only from the master (192.168.56
On 25.03.24 11:34, sami.ra...@sofrecom.com wrote:
I'm trying to configure a DNS slave server (192.168.56.157) . I want to
allow notifications only from the master (192.168.56.154). I added the
directive "allow-notify {192.168.56.154;};" and it works. However, when I
try to test the prohibiti
Hello community,
I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow
notifications only from the master (192.168.56.154). I added the directive
"allow-notify {192.168.56.154;};" and it works. However, when I try to test the
prohibition of notification by adding "allow-n
The statement that a BIND secondary only uses one file is incorrect. A
secondary will write IXFR data to a journal file, a jnl file.
But as has been stated earlier in the thread, a secondary is not involved
in anyway in signing a zone. One way to possibly make more sense of this is
to consider how
This is all I have in my zone on secondary:
zone "mylocal" {
type secondary;
file "/etc/bind/mylocal.saved";
primaries {
192.168.40.142;
};
};
My primary is a little more complicated:
zone "mylocal" {
type primary;
file "/etc/bind/mylocal";
notify yes;
allow-update {
ke
On 16 Dec 2022, at 15:59, adrien sipasseuth wrote:
> - on the slaves: files .db
>
> I don't understand why there is no .db.signed file on my slave
> knowing that a dig from a slave does return RRSIG.
The secondary (slave) only needs one file to hold whatever zone
data the primary provides when tr
Hi,
I deleted my zone file .db on my slaves and I forced a transfer from
the master.
Now it seems to work, I do have the RRSIG associated with my RRset A when I
do a dig from my slave.
When I test my dig from my internal network I actually don't have the ad
flag. But from the google resolver (ht
I have a simple “mylocal” zone setup with a primary and secondary server.
my primary has this .jnl file:
mylocal.jnl
My secondary has this similar .jnl file:
mylocal.saved.jnl
which I believe was distributed via zone transfer. You find no such similar
files on your secondary?
If you
dig @
Hi,
Ok, I got confused, no need for the keys on the slavs actually.
On the other hand, my slaves should generate the .signed, .signed.jnl and
.jbk files of my zones, no? currently it is not my case, should I copy them
from the master?
moreover, when I test a "dig A" I don't have the associated R
>
>
> the keys are generated on the master but not on the slaves.
> so I don't understand how the slaves can read their zone file which ends in
> ".signed" because they don't have the keys ? (but it's work with dig, i see
> DS with the right ZSK)
>
> Regards
>
> Adrien
>
Because the zone is
Hi,
It seems to work! Thank you!
To summarize:
On the master side I have the following configuration:
dnssec-policy "test" {
keys {
ksk lifetime P3D algorithm rsasha256 2048;
zsk lifetime P2D algorithm rsasha256 1024;
};
};
zone "**" {
type master
Hi,
No.
You don't need DNSSEC maintenance on your secondary zones if you already
have set it on your primary zones. So
zone "***" {
type secondary;
primaries { ***; };
file "***.db";
};
is enough.
Best regards,
Matthijs.
On 12/9/22 09:58, adrien sipasseuth wrote:
Hi Mat
Hi Matthijs,
thank you, so just to confirm something like this should work :
Master :
dnssec-policy "test" {
keys {
ksk lifetime P3D algorithm rsasha256 2048;
zsk lifetime P2D algorithm rsasha256 1024;
};
};
zone "**" {
type master;
file "/***/*
Hi Adrien,
You should **not** copy the dnssec-policy configuration to your
secondaries. They transfer in the signed zone from the primary server.
Best regards,
Matthijs
On 12/9/22 09:24, adrien sipasseuth wrote:
Hello,
Lokking for some guidance, sorry if i use the wrong way to contact
c
Hello,
Lokking for some guidance, sorry if i use the wrong way to contact community
user support.
I would like to set up DNSSEC using KASP.
I have an architecture with a master and several slaves.
Here is my policy and zone configuration:
dnssec-policy "test" {
keys {
ksk lifet
Use notify-explicit.
--
Mark Andrews
> On 7 Nov 2021, at 20:30, Walter H. via bind-users
> wrote:
>
> Hello,
>
> I have this situation:
>
> both the master and the slave are dualstack (have both an IPv4 and IPv6
> address),
> but the master is not reachable on IPv4 (RFC1918 IPv4 without
Hello,
I have this situation:
both the master and the slave are dualstack (have both an IPv4 and IPv6
address),
but the master is not reachable on IPv4 (RFC1918 IPv4 without a port
forwarding);
how can I prevent the following on slave side's log:
Nov 7 10:23:01 nilsholgerson named[20881]:
Excellent..Thanks!
On Fri, Jun 29, 2018 at 10:52 PM wrote:
> From: "Blason R"
>
> > OK - Got it so is there any settings available at master by which it
> > will keep on probing slave and as soon it is contacted NOTIFY Message is
> sent.
>
> No. The slave will try every REFRESH interval to see
From: "Blason R"
> OK - Got it so is there any settings available at master by which it
> will keep on probing slave and as soon it is contacted NOTIFY Message is
sent.
No. The slave will try every REFRESH interval to see if it can contact
the master.
Confidentiality Notice:
This electron
> From: "Blason R"
> I have bind Master server with me and slave is at other remote
> location. My query is since I have opted for PUSH update from master
> to slave over random port.
>
> What if the link at slave is down and NOTFY message is not reached?
> When will slave then pull the update?
OK - Got it so is there any settings available at master by which it will
keep on probing slave and as soon it is contacted NOTIFY Message is sent.
On Fri, Jun 29, 2018 at 10:30 PM wrote:
> --
> William Brown
> Messaging Team
> Technology Services, WNYRIC, Erie 1 BOCES
> (716) 821-7285
>
> "bind
--
William Brown
Messaging Team
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285
"bind-users" wrote on 06/29/2018
12:53:07 PM:
> From: "Blason R"
> I have bind Master server with me and slave is at other remote
> location. My query is since I have opted for PUSH update from master
>
Hi There,
I have bind Master server with me and slave is at other remote location. My
query is since I have opted for PUSH update from master to slave over
random port.
What if the link at slave is down and NOTFY message is not reached? When
will slave then pull the update?
Lets take an example
Sure thanks for the help
On Sun, May 6, 2018 at 10:34 PM, Anand Buddhdev wrote:
> I could answer this, but I think you need to read the documentation
> first, and *then* ask questions if you don't understand, so here's a
> link to the relevant documentation:
>
> https://ftp.isc.org/isc/bind9/9.1
I could answer this, but I think you need to read the documentation
first, and *then* ask questions if you don't understand, so here's a
link to the relevant documentation:
https://ftp.isc.org/isc/bind9/9.12.1/doc/arm/Bv9ARM.ch05.html
Regards,
Anand
On 06/05/2018 18:15, Blason R wrote:
> This n
This needs to be configured on Master or slave or both?
On Sun, May 6, 2018 at 2:29 AM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 05/05/2018 11:35 AM, Blason R wrote:
> > BTW on the slave dumped zones are not in a readable format I believe
> > those are kinda of mapping?
On 05/05/2018 11:35 AM, Blason R wrote:
> BTW on the slave dumped zones are not in a readable format I believe
> those are kinda of mapping?
There is a config option for the zone file format. I believe you want
what's below. Try it and / or check the man page to confirm / refine to
your prefere
, /dev/rob0 wrote:
> On Sat, May 05, 2018 at 03:52:16PM +0530, Blason R wrote:
> > Since I am building Master/slave RPZ for my organization I do have
> > couple of queries.
> >
> >
> >1. My ixfr is not working as soon as I remove the statement it
> >wo
On Sat, May 05, 2018 at 03:52:16PM +0530, Blason R wrote:
> Since I am building Master/slave RPZ for my organization I do have
> couple of queries.
>
>
>1. My ixfr is not working as soon as I remove the statement it
>works fine
Remove WHAT statement? No data
Hi Team,
Since I am building Master/slave RPZ for my organization I do have couple
of queries.
1. My ixfr is not working as soon as I remove the statement it works fine
2. Do I need to create files at secondary server? or will those be
created automatically?
3. I guess I always need
guide me on working configuration of Mater/Slave zone
>> in DNS RPZ for reference?
>>
>> Is that available with someone? And does it work exactly as master/slave
>> like any other zone?
>>
>
>
___
Please visit https://
PM, Blason R wrote:
> Hi there,
>
> Can someone please guide me on working configuration of Mater/Slave zone
> in DNS RPZ for reference?
>
> Is that available with someone? And does it work exactly as master/slave
> like any other zone?
>
Hi there,
Can someone please guide me on working configuration of Mater/Slave zone in
DNS RPZ for reference?
Is that available with someone? And does it work exactly as master/slave
like any other zone?
___
Please visit https://lists.isc.org/mailman
Hi Nagesh
On Fri, Oct 14, 2016 at 11:00:24AM +0530, Nagesh Thati wrote:
> Hi,
>
> Can anybody implemented master/slave communication with views and algorithm
> HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms it didn't
> work for me, only HMAC-MD5 algorithm work
On Fri, Oct 14, 2016 at 1:30 AM, Nagesh Thati
wrote:
> Hi,
>
> Can anybody implemented master/slave communication with views and
> algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms
> it didn't work for me, only HMAC-MD5 algorithm worked for communicati
Hi,
Can anybody implemented master/slave communication with views and
algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA*
algorithms it didn't work for me, only HMAC-MD5 algorithm worked for
communication. If anybody has any idea please help me.
Thanks.
--
Thanks,
Nagesh
Peter Rathlev wrote:
> On Wed, 2016-01-06 at 16:05 +, Tony Finch wrote:
> > * Set up a new hidden master, with copies of your zones. (See below)
> >
> > * Change your existing servers to slave from the new hidden master
> > instead of the old master. Reconfigure the old master to be a slave
>
On Wed, 2016-01-06 at 18:04 +, Darcy Kevin (FCA) wrote:
> I'd just like to note in passing that the "separate authoritative and
> recursive" herd mentality reaches the ultimate point of absurdity
> when you only have 2 servers and you're going to create single points
> of failure (apparently, u
Hi Tony,
Thank you for the suggestions!
On Wed, 2016-01-06 at 16:05 +, Tony Finch wrote:
> * Set up a new hidden master, with copies of your zones. (See below)
>
> * Change your existing servers to slave from the new hidden master
> instead of the old master. Reconfigure the old master to be
: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Peter Rathlev
Sent: Wednesday, January 06, 2016 8:17 AM
To: bind-users@lists.isc.org
Subject: Moving dynamic zones to new master+slave pair without interruptions
We currently have two internal DNS servers that a
Peter Rathlev wrote:
> We currently have two internal DNS servers that are both authoritative
> for a range of internal zones and caching resolvers for our clients. We
> would like to split this so authorizative and caching roles exist on
> different servers. And we would like to do this with as
We currently have two internal DNS servers that are both authoritative
for a range of internal zones and caching resolvers for our clients. We
would like to split this so authorizative and caching roles exist on
different servers. And we would like to do this with as little down
time as possible, a
Dear Matus / Tony, I understand your point.
It is good practice to be authoritative for non routing prefixes so
queries are not sended outside.
About RFC 1918 , I understand it is necessary to provide reverse mapping
for non - internet routing prefixes as described here:
http://archive.oreilly.
Matus UHLAR - fantomas wrote:
>
> you should declare at least RFC 1918/3330/5735 reverse zones, to prevent
> from forwarding queries to root servers.
Up-to-date named has these built in.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
South Fitzroy: Westerly veering northerly 4 or 5, occasionall
On 06.07.15 16:39, Leandro wrote:
3)Does it have any drawbacks no declaring any zone file in the long term?
you should declare at least RFC 1918/3330/5735 reverse zones, to prevent
from forwarding queries to root servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
W
fined in your config (or perhaps only the root hints), so at that
point it doesn't make any sense to talk about master or slave configuration.
Perhaps I misunderstood what you described at the outset as a "master / slave
dns cache cluster". What is that? I don't recognize the
Hi , guys after reading some documentation about setting my master /
slave dns cache cluster, I stil have some doubts.
Im setting a master / slave dns cache cluster to provide dns service to
internal users on my company having redundancy.
Here the questions:
1)If Im not authoritative for any
I am trying to configure DNSSEC as a master/slave. Following signing the
zone and uploading the DS record to my provider, I am able to see what
appears to be the proper output from dnssec-verify
dnssec-verify -o ex-mailer.com ex-mailer.com.external.signed
Loading zone 'ex-mailer.com&
于 2012-10-29 9:58, kavin 写道:
Now,I want transfer the zone data from the master dns serverto slave
dns server ,the master dns use bind-dlz+mysql and the slave dns server
use bind+file.
On 29.10.12 10:45, Feng He wrote:
AFAIK, BIND DLZ doesn't send a notify message to slave, so both your
master
2012/11/1 Chris Thompson :
> On Oct 29 2012, Feng He wrote:
>
>> 于 2012-10-29 9:58, kavin 写道:
>>>
>>> Now,I want transfer the zone data from the master dns serverto slave
>>> dns server ,the master dns use bind-dlz+mysql and the slave dns server
>>> use bind+file.
>>
>>
>> AFAIK, BIND DLZ doesn't s
Chris,
> Can one use BIND 9.9 "inline signing"
> with the unsigned version provided by a DLZ interface?
there's no reason why you shouldn't be able to.
Your BIND 9.9 inline signer would AXFR from BIND DLZ without trouble,
but your signer won't be notified by DLZ; you'd have to "manually"
issue N
On Oct 29 2012, Feng He wrote:
于 2012-10-29 9:58, kavin 写道:
Now,I want transfer the zone data from the master dns serverto slave
dns server ,the master dns use bind-dlz+mysql and the slave dns server
use bind+file.
AFAIK, BIND DLZ doesn't send a notify message to slave, so both your
master an
于 2012-10-29 9:58, kavin 写道:
Now,I want transfer the zone data from the master dns serverto slave
dns server ,the master dns use bind-dlz+mysql and the slave dns server
use bind+file.
AFAIK, BIND DLZ doesn't send a notify message to slave, so both your
master and slave should be able to use th
On 3/9/12 7:58 AM, "Romgo" wrote:
> Even if I use a VIP I can reproduce the issue :
> If the first VIP (so the nameserver 1) is down, I'll have the same
> drawbacks. As the resolver will timeout before falling back to the second
> nameserver.
Sure, we don't live in a perfect world. You can estab
Hello,
I know that I can use VIP with any software (corosync, Linux HA...) But
this will not explain the origin of the issue I am facing :)
Even if I use a VIP I can reproduce the issue :
If the first VIP (so the nameserver 1) is down, I'll have the same
drawbacks. As the resolver will timeout b
On 03/08/2012 06:26 PM, michoski wrote:
Meant to add one thing... In our configuration, we actually have two
recursive VIPs per site, and even considered three (internal IPs are cheap).
We do this.
We also make the two different VIPs use different underlying tech - one
is an anycast route a
In article ,
michoski wrote:
> On 3/8/12 8:15 AM, "Romgo" wrote:
> > I can use a VIP for DNS server, but I though that master/slave
> > configuration was made in order to avoid to use a VIP.
>
> Master/slave was to avoid SPOF -- if the master dies, who cares
On 3/8/12 10:20 AM, "Mike Hoskins" wrote:
> On 3/8/12 8:15 AM, "Romgo" wrote:
>> I can use a VIP for DNS server, but I though that master/slave
>> configuration was made in order to avoid to use a VIP.
>
> Master/slave was to avoid SPOF -- if the m
On 3/8/12 8:15 AM, "Romgo" wrote:
> I can use a VIP for DNS server, but I though that master/slave
> configuration was made in order to avoid to use a VIP.
Master/slave was to avoid SPOF -- if the master dies, who cares with a
reasonable expire time. :-)
So go ahead, setup a
: windows XP :/
The default Windows timeout is 2s.
I can see in bind's logs the dns request, but the webpage is not showing
up.
I can use a VIP for DNS server, but I though that master/slave
configuration was made in order to avoid to use a VIP.
Did you guys encounter that kind of issues ?
On 8 Mar 2012, at 02:58, Lyle Giese wrote (on bind-users):
> On linux boxes, adding
>
> options rotate
>
> to the /etc/resolv.conf helps.
[cross-posted, reply-to header set]
Is there a DHCP option which expresses that, and which
typical fielded DHCP clients will respe
On linux boxes, adding
options rotate
to the /etc/resolv.conf helps.
Lyle Giese
LCR Computer Services, Inc.
On 03/07/12 06:54, Bostjan Skufca wrote:
Problem is, most of client resolvers (not resolving nameservers, but
resolvers on workstations etc) query first specified nameserver first,
the
On 3/7/12 9:15 AM, "Barry Margolin" wrote:
> In article ,
> ro...@free.fr wrote:
>> I use bind on my network as DNS Server. Running bind
>> 1:9.6.ESV.R4+dfsg-0+lenny4
>> on Debian Lenny.
>>
>> The setup is quite usual : one master server with one slave server.
>>
>> The slave sync the zone from
In article ,
ro...@free.fr wrote:
> Dear community,
>
> I use bind on my network as DNS Server. Running bind
> 1:9.6.ESV.R4+dfsg-0+lenny4
> on Debian Lenny.
>
> The setup is quite usual : one master server with one slave server.
>
> The slave sync the zone from the master.
>
> I discover tha
Problem is, most of client resolvers (not resolving nameservers, but
resolvers on workstations etc) query first specified nameserver first, then
after timeout start with the others. You should create a HA IP for such
uses.
b.
On 7 March 2012 10:23, wrote:
> Dear community,
>
> I use bind on my
Dear community,
I use bind on my network as DNS Server. Running bind 1:9.6.ESV.R4+dfsg-0+lenny4
on Debian Lenny.
The setup is quite usual : one master server with one slave server.
The slave sync the zone from the master.
I discover that when the master is down I have some trouble to access to
Got around to adding a virtual interface on the production box (I never could
get this
working with keys alone), I had labbed this up previously in reverse of what I
needed
but transfers were broken on the production box when I reversed the views that
contained the master/slave.
The following
false-positives.
d) you can't have normal master-slave setup, which leads to zone
maintenance problems.
Regards,
Torinthiel
> Date: Thu, 14 Jul 2011 17:42:56 +0800
> Subject: Re: master slave different site different resolution
> From: short...@gmail.com
> To: d_gabr
2011/7/14 Gabriele Gabriele :
> Ok, may be I was not so clear to explain..
>
>
> for example I have in my Master work site the our webmail
> "webmail.mydomain.com" that when Master work site in UP the resolution is
> 1.1.1.1 but if the master go down in My slave work site, my slave dns resolv
> "we
ot; with 1.1.1.1 but that site is down. So it should
resolv it with my backup/slave resolution 2.2.2.2
ok?
> Date: Thu, 14 Jul 2011 17:42:56 +0800
> Subject: Re: master slave different site different resolution
> From: short...@gmail.com
> To: d_gabri...@hotmail.it
> CC: bind
2011/7/14 Gabriele Gabriele :
> Dear lists,
>
> I have an issue to resolve about 2 dns server Master/Slave.
>
>
> The Master is positioned in a site with public ip 1.1.1.1 and all the public
> dns resolutions point to 1.1.1.1
> the Slave is positioned in a site whi
Dear lists,
I have an issue to resolve about 2 dns server Master/Slave.
The Master is positioned in a site with public ip 1.1.1.1 and all the public
dns resolutions point to 1.1.1.1
the Slave is positioned in a site whit public ip 2.2.2.2 and obviously all the
public dns resolutions point
On Thu, 7 Jul 2011, Ewald Jenisch wrote:
So here is my question: How do I set up two servers (master/slave)
using views (for internal and external clients) so that both of them
hold the the correct data and return the correct answers to their
respective clients (inside and outside)?
Thanks much
On Thu, Jul 07, 2011 at 05:59:29PM +0200, Ewald Jenisch wrote:
> So here is my question: How do I set up two servers (master/slave)
> using views (for internal and external clients) so that both of
> them hold the the correct data and return the correct answers to
> their respec
On Thu, Jul 07, 2011 at 11:24:22AM -0500, Brad Bendily wrote:
> I am glad to be able to answer an email on this list.
> I literally did this same thing 4 days ago and had the exact same
> problem.
> Here is the answer you seek:
>
> https://www.isc.org/faq/item/182
>
Bingo - that's exactly what I
sc.org
> [mailto:bind-users-bounces+brad.bendily=la@lists.isc.org]
> On Behalf Of Ewald Jenisch
> Sent: Thursday, July 07, 2011 10:59 AM
> To: bind-users@lists.isc.org
> Subject: Split-DNS + Views + master/slave
>
> Hi,
>
> I'm in the process of setting up two DNS-server
Hi,
I'm in the process of setting up two DNS-servers
(master/slave). Response of these servers should be different as to
where the queries come from (inside our network vs. external). For
this purpose I thought about using views.
Here's an excerpt from what I got in my named.conf:
On 07.01.11 12:08, blr maani wrote:
> You can develop scripts to do the following:
>
> Develop script(s) and run on a host which has access to both Master(s) and
> Slave(s). The script should do the following:
>
> 1. For each zones, check serial number on both master(s) and slave(s) for
> the zon
p...@mail.nsbeta.info writes:
I wrote a nagios plugin for monitoring the status of master/slave DNS.
Just to check if their serial number is the same. The script shows
below,thanks for all your directions.
#!/usr/bin/perl
use strict;
use Net::DNS;
use Getopt::Std;
my %opts;
getopts
I wrote a nagios plugin for monitoring the status of master/slave DNS.
Just to check if their serial number is the same. The script shows
below,thanks for all your directions.
#!/usr/bin/perl
use strict;
use Net::DNS;
use Getopt::Std;
my %opts;
getopts('hm:s:z:', \%opts);
if
On 1/7/2011 3:08 PM, blr maani wrote:
> 1. For each zones, check serial number on both master(s) and slave(s)
> for the zone and compare it. Report mismatch if any.
dig +nssearch
AlanC
signature.asc
Description: OpenPGP digital signature
___
bind-u
You can develop scripts to do the following:
Develop script(s) and run on a host which has access to both Master(s) and
Slave(s). The script should do the following:
1. For each zones, check serial number on both master(s) and slave(s) for
the zone and compare it. Report mismatch if any.
2. If yo
Slightly OT, if the test is performed really from outside, it will also
catch a number of other problems like network issues etc. Some of these
issues might look like a DNS issue but with a different root cause,
maybe even happening outside your own network.
On 07/01/11 16:27, Bryan Bradsby wrote
For zones where we provide all the masters and slaves, the external
perspective of an outside testing site is crucial to ensuring that we
have not missed anything, especially after a change.
We find an emphasis on scripts monitoring the log files works best for
zones where we are not providing ma
> Niall O'Reilly writes:
>> If your zones are properly delegated, and your servers accessible
>> from the public Internet, then the web-based remote-checking tools
>> available at www.zonecheck.fr or dnscheck.iis.se are excellent.
>> Either of these will give you some ideas abo
Niall O'Reilly writes:
If your zones are properly delegated, and your servers accessible
from the public Internet, then the web-based remote-checking tools
available at www.zonecheck.fr or dnscheck.iis.se are excellent.
Either of these will give you some ideas a
On 7 Jan 2011, at 09:10, p...@mail.nsbeta.info wrote:
> I just want to write a script for checking master and slave to make sure they
> have been always syncing the data correctly. What's the idea for doing it?
Initial condition:
dig @master zone SOA
dig @slave zone SOA
Hello,
I just want to write a script for checking master and slave to make sure
they have been always syncing the data correctly. What's the idea for doing
it?
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mai
1 - 100 of 112 matches
Mail list logo
