Re: Efficacy of using short timeout values for an A record

2012-02-14 Thread Chuck Swiger
On Feb 14, 2012, at 2:59 AM, goran kent wrote: > I need to setup an A record for a machine who's IP might change > unexpectedly, and I need to ensure PCs out there cache it for as short > a time as possible: > >host1300 IN A 10.10.10.10 > > Does anyone know whether MS windows PCs will in

Re: Efficacy of using short timeout values for an A record

2012-02-14 Thread Chuck Swiger
On Feb 14, 2012, at 11:11 AM, Alan Clegg wrote: > On 2/14/2012 1:42 PM, Chuck Swiger wrote: > >> ISC's BIND has (or had) a MINTTL value of 5 minutes / 300 seconds. >> It's probably unreasonable to expect other platforms to refetch DNS >> records faster than tha

Re: Efficacy of using short timeout values for an A record

2012-02-14 Thread Chuck Swiger
On Feb 14, 2012, at 2:16 PM, Mark Andrews wrote: >> ISC's BIND has (or had) a MINTTL value of 5 minutes / 300 seconds. >> It's probably unreasonable to expect other platforms to refetch DNS >> records faster than that. > > To the best of my knowlege this is just plain wrong. Look at BIND-4.8.3 a

Re: Query Regarding AKAMAI Working Model

2012-02-17 Thread Chuck Swiger
Hi, Gaurav-- On Feb 17, 2012, at 11:15 AM, Gaurav kansal wrote: > I want to know how AKAMAI works They work well. :-) > May be this is not the right forum to ask but I am asking this here because > AKAMAI heavily depend on its HL-DNS and LL-DNS AND these DNS Servers answer > the query ba

Re: what's wrong with the e.hushpuppies-australia.com delegation @ns.domainnetwork.se ?

2012-02-27 Thread Chuck Swiger
Hi-- On Feb 27, 2012, at 12:14 PM, M. Meadows wrote: > But > > dig e.hushpuppies-australia.com +nssearch @8.8.8.8 > > Yields no nameserver list. "+nssearch" does SOA lookups for each of the nameservers, but ns.domainnetwork.se (and so forth) only returns an SOA record for hushpuppies-austra

Re: DNS requests error sending response: host unreachable

2012-03-12 Thread Chuck Swiger
On Mar 12, 2012, at 8:09 AM, Romgo wrote: > Dear community, > > I do have many error in my Bind's log file such as : > > client 192.168.201.1#29404: error sending response: host unreachable > > It seems that I have an iptables issue as each time I shut iptables I don't > have anymore this messa

Re: DNS requests error sending response: host unreachable

2012-03-12 Thread Chuck Swiger
On Mar 12, 2012, at 1:24 PM, Romgo wrote: > Here is my Iptables configuration for bind : > > # prod.dns.in > $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d > 192.168.201.2 -s 0/0 > $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d > 192.168.201.2 -s 0/

Re: How to reset the serial number?

2012-03-26 Thread Chuck Swiger
On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: > I accidentally changed the serial number to one bigger than 32 bits and now > I'm trying to reset the serial number. Following the manual of Bind9 I tried > to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave > is not u

Re: BIND Lameness

2012-04-02 Thread Chuck Swiger
On 4/2/2012 10:37 PM, Keith Burgoyne wrote: [ ... ] I've recently replaced the master server at 24.222.7.11, and am now running bind 9.7.3. My question is: I keep seeing log entries like Apr 2 23:24:17 clementine named[5870]: lame server resolving 'comuna.silverorange.com' (in 'silverorange.com

Re: BIND Lameness

2012-04-03 Thread Chuck Swiger
On 4/3/2012 10:14 AM, Barry Margolin wrote: In article, Chuck Swiger wrote: [ ... ] Does the following help: http://www.dnsvalidation.com/reports/4f7a96b37d79ee376912 http://www.dnsvalidation.com/reports/4f7a97bd7d79ee3d420c ns3.silverorange.com seems to be down, and the

Re: Apple OS and DNS resolution (._dns-sd.udp. requests)

2012-04-05 Thread Chuck Swiger
On 4/5/2012 5:08 AM, Matus UHLAR - fantomas wrote: Hello, our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03 nam

DSN for Matus...

2012-04-05 Thread Chuck Swiger
Hi, Matus-- Your anti-spam measures block direct delivery. works fine (it goes to me, as does postmaster@); I don't know why you would try to do an RFC-ignorant lookup on the hostname in the PTR record Regards, -- -Chuck begin forwarded message This is the mail system at ho

Re: DSN for Matus...

2012-04-06 Thread Chuck Swiger
On 4/6/2012 3:36 PM, Thomas Dupas wrote: and I would suggest dropping rfc-ignorant.org entirely from your anti-spam flow, unless you are keen on the very high false positive rate. Their listings are fairly accurate-- if postmaster@ or abuse@ doesn't work for a domain,

Re: troubleshooting bind

2012-04-09 Thread Chuck Swiger
Hi-- On Apr 9, 2012, at 9:55 AM, Marseglia, Michael wrote: [ ... ] > When configuring BIND for an internal corporate network with a thousand > clients should any of the default values be tweaked? I’ve searched for > tuning guidance but I haven’t found any yet. > > I’ve taken interest in t

Re: DNS faileover

2012-04-11 Thread Chuck Swiger
On Apr 11, 2012, at 10:26 AM, mfla wrote: > We use 3 BIND each is configured as Master. > Each domain is configure with 3 NS records according to the above 3 BIND. > What happens for end users when tthey try to access the domain but one of the > BIND server is down ? Assuming all of the clients w

Re: Question

2012-04-12 Thread Chuck Swiger
On Apr 12, 2012, at 3:38 PM, Dustin Moon wrote: > Any Reason people could see why this config would not allow remote systems > that can ping this server to do lookups on it? Why, yes-- see the following line: >allow-query { localhost; }; ...? Regards, -- -Chuck __

Re: Update

2012-04-12 Thread Chuck Swiger
On Apr 12, 2012, at 3:52 PM, Dustin Moon wrote: > #allow-query { any; }; Commenting it out entirely is *not* the same thing as changing it to a setting which allows remote clients to make queries. Regards, -- -Chuck ___ Please visit https

Re: Problem with recursive name server

2012-06-08 Thread Chuck Swiger
Hi-- On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote: > we are running an authorative name server for some domains. After some time > our ISP has now delegated the reverse name lookups to our server. We are > running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reverse > name loo

Re: OT: cached memory

2012-06-13 Thread Chuck Swiger
On Jun 13, 2012, at 3:02 PM, Dan Letkeman wrote: > I understand the concept, as I have read many documents like that. I > am more interested in a real world example of how much free memory for > caching is recommended for an average server. The OS likes to keep a few megabytes of prezeroed pages

Re: CNAME Rules

2012-06-25 Thread Chuck Swiger
On Jun 25, 2012, at 2:13 PM, Srinivas Krishnan wrote: > The RFC rules on CNAMEs is fairly tight but I am seeing an increasing > amount of traffic with misconfigured CNAMEs some of which are accepted > by BIND as valid responses. The examples capture three trends, note > these are actual responses:

Re: CNAME Rules

2012-06-25 Thread Chuck Swiger
On Jun 25, 2012, at 2:34 PM, Srinivas Krishnan wrote: > You are using a caching resolver to check the responses and you only see > response after its been resolved by Google's DNS server. The overwhelming majority of Internet users are using caching resolvers running at their ISP, employer, etc.

Re: disabling "Any" requests

2012-07-12 Thread Chuck Swiger
On Jul 12, 2012, at 2:27 AM, Dns Administrator wrote: > Hi bind-users, >please excuse my ignorance being a novice to dns, but is there some way of > disabling or choking "Any" type requests? Sure-- a firewall or even taking a pair of wire-cutters to the ethernet cable will accomplish that.

Re: disabling "Any" requests

2012-07-12 Thread Chuck Swiger
On Jul 12, 2012, at 7:16 AM, Lightner, Jeff wrote: > Your answer was clearly meant to be tongue in cheek but I'm not sure you > understood. Please allow me to reassure you that I understood the intent of the question. :-) The point was that if one isn't clear about what one should allow and wh

Re: DNS BIND Failover Setup (High Availability)

2012-09-14 Thread Chuck Swiger
On Sep 14, 2012, at 4:37 AM, Kaushal Shriyan wrote: > Can someone please point me to setup High Availability BIND DNS Server > on CentOS Linux version 5.8? Sure; read the fine BIND ARM: http://www.isc.org/software/bind/documentation Setup and register as many nameservers for your domains as y

Re: DNS BIND Failover Setup (High Availability)

2012-09-14 Thread Chuck Swiger
On Sep 14, 2012, at 4:36 PM, Kaushal Shriyan wrote: > Thanks for the reply. Basically i am setting up Internal DNS Server > within the same DC. Will Master Slave Replication suit the need? Yes. (Oh, there are other ways of doing replication, but AFXR works fine.) > and any step by step guide and

Re: Possible DDoS?

2012-10-17 Thread Chuck Swiger
Hi-- On Oct 17, 2012, at 11:17 AM, Manson, John wrote: > From time to time I notice a large number of queries like these to one of my > external dns servers: > > 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ? > [ ... ] > 14:14:40.98668 121.10.105.66 -> 143.231.1.67 DNS

Re: transparent DNS load-balancing with a Cisco ACE

2012-10-19 Thread Chuck Swiger
Hi-- On Oct 19, 2012, at 11:25 AM, John Miller wrote: > Hello everyone, > > Perhaps a Cisco list is a better destination for this, but I've seen a > similar post here in the past couple of months, so posting here as well. > > I'm trying to get our Cisco ACE set up appropriately to handle DNS tr

Re: transparent DNS load-balancing with a Cisco ACE

2012-10-19 Thread Chuck Swiger
Hi-- On Oct 19, 2012, at 1:04 PM, John Miller wrote: >> IMO, the only boxes which should have IPs in both public and private >> netblocks should be your firewall/NAT routing boxes. > > That's how we usually have our servers set up--the load balancer gets the > public IPs, the servers get the pr

Re: Performance tuning

2012-11-26 Thread Chuck Swiger
Hi-- On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: > The report must also address these two specific questions: > > • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any > browser? > • What happens if we remove the forwarders option from named.conf? > I can

Re:

2012-11-29 Thread Chuck Swiger
Hi-- On Nov 29, 2012, at 3:00 PM, Jose Manuel Delgado G. wrote: > I have the following problem in resolving my DNS using Bind 9, sends me an > error connection time out, no servers Could be reached. that way I can avoid > giving these errors and how I can reduce the time of the response? > > th

Re:

2012-11-29 Thread Chuck Swiger
On Nov 29, 2012, at 3:34 PM, Jose Manuel Delgado G. wrote: > about the other question, as to reduce the response time of my server when > the domain does not exist? BIND implements negative caching of NXDOMAIN responses: % dig www.does.not.exist. @localhost [ ... ] ;; ->>HEADER<<- opcode: QUERY,

Re: Find all authoritative domains for a nameserver?

2012-12-03 Thread Chuck Swiger
Hi-- On Dec 3, 2012, at 3:30 PM, Novosielski, Ryan wrote: > I don't know if there's an easy, or even moderately easy way to do > this, but can one somehow figure out/get a list of all domains for > which the nameserver is set to a given IP/server name? It's easy enough to test whether a specific

Re: MNAME not a listed NS record

2013-01-16 Thread Chuck Swiger
On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: > Is there anything technically wrong with having a SOA MNAME field that isn't > listed as a NS record? Sure. The SOA MNAME is expected to be the "primary master" nameserver for the zone; it's where things like dhcpd and such send dynamic updates

Re: MNAME not a listed NS record

2013-01-16 Thread Chuck Swiger
On Jan 16, 2013, at 1:42 PM, Barry Margolin wrote: > In article , > Chuck Swiger wrote: > >> On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: >>> Is there anything technically wrong with having a SOA MNAME field that >>> isn't listed as a NS record? >>

Re: MNAME not a listed NS record

2013-01-16 Thread Chuck Swiger
On Jan 16, 2013, at 4:30 PM, Barry Margolin wrote: [ ... ] On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: > Is there anything technically wrong with having a SOA MNAME field that > isn't listed as a NS record? Sure. The SOA MNAME is expected to be the "primary master" na

Re: broken ISP in china

2013-02-18 Thread Chuck Swiger
Hi-- On Feb 18, 2013, at 2:07 PM, Lyle Giese wrote: > Recently I moved this domain(lcrcomputer.net) to a registrar that suports > DNSSEC and inserted the DS record for this domain. I checked DNSSEC via > http://dnsviz.net and http://dnssec-debugger.verisignlabs.com. Both show > DNSSEC is wor

Re: cname record

2013-03-01 Thread Chuck Swiger
Hi, Dwayne-- On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote: > I would like for users inside my network to not be able to do ssl searches > with google, because of cipa compliance issues. OK, so you should block port tcp/443 to Google's network addresses (approximately 173.194.79.0/24) on

Re: How to minimize the downtime in my case

2013-03-14 Thread Chuck Swiger
Hi-- On Mar 14, 2013, at 12:04 PM, Manish Rane wrote: > I right now have NS server hosted with ISP and I am planning to set up my own > BIND servers. Now I would like to understand that I need to ask my Registrar > to populate the entry of my new NS server which would take 4-6 hours to > propag

Re: reverse resolution failing

2013-04-10 Thread Chuck Swiger
Hi-- On Apr 10, 2013, at 1:07 PM, Jim Pazarena wrote: > So I have another domain which will not reverse resolve for me: > > mail.tysers.com which also appears to be: > mail.tyser.co.uk > > 80.169.188.226 > > the IP, will not reverse resolve (for me) yet, once again, > google (8.8.8.8) CAN RESOL

named: high memory usage under FreeBSD-7...?

2010-12-16 Thread Chuck Swiger
Hi, bind-users-- I'd recently updated a machine to FreeBSD 7-STABLE, and I've noticed that named from the base system (which claims to be BIND 9.4-ESV-R4) is using more than twice as much memory as it used to: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 706 bind

Re: named: high memory usage under FreeBSD-7...?

2010-12-21 Thread Chuck Swiger
Hi, Dough-- On Dec 21, 2010, at 2:22 PM, Doug Barton wrote: > On 12/16/2010 14:48, Chuck Swiger wrote: >> Hi, bind-users-- >> >> I'd recently updated a machine to FreeBSD 7-STABLE, and I've noticed >> that named from the base system (which claims to be B

Re: named: high memory usage under FreeBSD-7...?

2010-12-21 Thread Chuck Swiger
On Dec 21, 2010, at 4:34 PM, Doug Barton wrote: > You're combining too many variables. Whilst on the same platform (presumably > FreeBSD 7) install dns/bind94, run your tests. Then deinstall that, and > install dns/bind96; then run your tests. > > I suspect that what you're seeing is actually a

Re: named: high memory usage under FreeBSD-7...?

2010-12-22 Thread Chuck Swiger
Hi-- On Dec 21, 2010, at 4:34 PM, Doug Barton wrote: > You're combining too many variables. Whilst on the same platform (presumably > FreeBSD 7) install dns/bind94, run your tests. Then deinstall that, and > install dns/bind96; then run your tests. > > I suspect that what you're seeing is actua

Re: bind Bind or BIND?

2011-01-26 Thread Chuck Swiger
On Jan 26, 2011, at 6:02 PM, p...@mail.nsbeta.info wrote: > When talk to others, I never describe it clearly for naming bind. > is it "bind" or "Bind" or "BIND"? is bind an abbreviation word? Yes, BIND is an acronym for Berkeley Internet Name Daemon. Regards, -- -Chuck

Re: BIND9 SERVFAIL on some .gov addresses

2011-02-10 Thread Chuck Swiger
On Feb 10, 2011, at 11:26 AM, Ryan Novosielski wrote: > dig: isc_socket_create: address family not supported > > I've read that I shouldn't let this error message lead me anywhere in > particular. Does anyone have some advice for where to start > troubleshooting? The error message you mention is

Re: BIND9 SERVFAIL on some .gov addresses

2011-02-10 Thread Chuck Swiger
On Feb 10, 2011, at 12:39 PM, Ryan Novosielski wrote: > health.nyc.gov query-errors: > > 10-Feb-2011 15:32:30.682 query-errors: debug 1: client > 130.219.34.129#55935: query failed (SERVFAIL) for health.nyc.gov/IN/MX > at query.c:4630 > 10-Feb-2011 15:32:30.682 query-errors: debug 2: fetch complet

Re: Some hosts not resolving from No-IP by our DNS servers

2011-03-09 Thread Chuck Swiger
Hi-- On Mar 9, 2011, at 10:25 AM, Frank Pikelner wrote: > I'm having a problem resolving several hosts from NO-IP. When I attempt to > resolve them from our DNS servers I get no reply (we can resolve other > hosts). I'm not certain why the resolution stops. If I force a resolution > using exter

Re: Best ipfw Rules for DNS-SEC

2011-03-15 Thread Chuck Swiger
On Mar 15, 2011, at 11:08 AM, Martin McCormick wrote: > Is there a recommended set of firewall rules that insure that all > necessary DNS traffic can enter and leave, even the larger > packets that result from dns-sec? # allow UDP DNS queries out to the world, and in to your nameservers ## It's f

Re: BIND9 fails resolving after connecting to VPN

2011-04-08 Thread Chuck Swiger
Hi-- On Apr 8, 2011, at 10:27 AM, kapetr wrote: > After connect to them (new network device created - tun or tap and > default route changes) my BIND is not able to reach other (root) > nameservers. And resolve requests fails. This is due to how you are operating your VPN. Change it to only add

Re: BIND9 fails resolving after connecting to VPN

2011-04-08 Thread Chuck Swiger
On Apr 8, 2011, at 1:07 PM, kapetr wrote: > I absolutely do not understand your answer. OK. > I use the VPT to anonymisation. I need all traffic to go over the VPN. OK. That's not the usual method of operation for a routed VPN, but is more commonly used when doing bridging. > The VPN must be

Re: BIND9 fails resolving after connecting to VPN

2011-04-08 Thread Chuck Swiger
On Apr 8, 2011, at 2:23 PM, kapetr wrote: >> What does: >> >> dig +short rs.dns-oarc.net txt >> >> ...do when your VPN tunnel is up? > > After VPN up and restart of BIND: > > hugo@duron650:~$ dig +short rs.dns-oarc.net txt > ;; connection timed out; no servers could be reached > hugo@duron650:~

Re: Empty CNAME chain, should getaddrinfo() return EAI_NONAME or EAI_FAIL?

2011-04-28 Thread Chuck Swiger
On Apr 28, 2011, at 3:23 AM, Havard Eidnes wrote: www.apple.com. 281 IN CNAME www.isg-apple.com.akadns.net. >> www.isg-apple.com.akadns.net. 60 IN CNAME www.apple.com.edgekey.net. >> www.apple.com.edgekey.net. 17295 IN CNAME e3191.c.akamaiedge.net. > ... > > As a matter of terminology, in the quo

Re: Empty CNAME chain, should getaddrinfo() return EAI_NONAME or EAI_FAIL?

2011-04-28 Thread Chuck Swiger
On Apr 28, 2011, at 11:52 AM, Doug Barton wrote: >> Agreed. Akamai's EdgeSuite doesn't provide IPv6 records at this time, >> but e3191.c.akamaiedge.net does have an A record. > > I understand what you're saying, but I've always referred to such a thing as > an "empty CNAME chain" because i

Re: dnssec-keygen with different activation date

2011-05-20 Thread Chuck Swiger
On May 20, 2011, at 4:41 PM, Noel Rocha wrote: > # Showing activate date > $ cat Kmydomain.com.+005+48738.key | grep Activate > ; Activate: 20110520203500 (Fri May 20 17:35:00 2011) > > This (20110520203500)2011/05/20 20:35:00 isn't "Fri May 20 17:35:00 2011." :( > > Anyone have idea how to solve

Re: Bind9 Random Whois and Dig Fails

2011-06-07 Thread Chuck Swiger
On Jun 7, 2011, at 11:07 AM, Sri Harsha Yalamanchili wrote: > Not much luck using tcpdump either. We know, from both the query_log and > tcpdump logging, that the queries are going out. But we never get a reply > back. That's the confusing part. The Google DNS server replies back but not > our o

Re: Logging Response Results

2011-06-23 Thread Chuck Swiger
On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote: > Does anyone have idea on following... Apart from bind9 query log, is it > possible to log response returned to client? Sure: use tcpdump, wireshark, or another network sniffer of your choice and observe DNS responses to the clients you're inte

Re: Logging Response Results

2011-06-23 Thread Chuck Swiger
On Jun 23, 2011, at 1:27 PM, Stefan Certic wrote: > Thanks Chuck > > Yes, that would be a solution, but i need logs processed through syslog and > stored into database (matching the initial query from query log). Why do you need to send this information via syslog to a database? > Pharsing tcpd

Re: Logging Response Results

2011-06-23 Thread Chuck Swiger
On Jun 23, 2011, at 2:28 PM, Stefan Certic wrote: > It is Enum server, and logging is taking care of billing process. I don't see why you need to preserve queries and responses, unless you plan to charge differently for different DNS requests. Can't you just track traffic per client using netfl

Re: Clients get DNS timeouts because ipv6 means more queries for each lookup

2011-07-11 Thread Chuck Swiger
On Jul 11, 2011, at 1:25 PM, Jonathan Kamens wrote: > Even if PowerDNS is the only source of this issue, and even if the new > version of PowerDNS is released tomorrow, I'm sure there will still be sites > running the old version a year from now. So just relying on a PowerDNS > release to fix th

Re: Reverse lookup flood from a single host

2011-07-15 Thread Chuck Swiger
On Jul 15, 2011, at 12:24 PM, Joshua Beard wrote: > Greetings, > > I've noticed a specific client machine doing a crap load of reverse lookups > in my named logs. It's just reverse lookups for our internal network, and > just from that machine. I can't see that this machine is looking up anyth

Re: DNS Caching Issue

2011-07-21 Thread Chuck Swiger
On Jul 21, 2011, at 3:02 PM, Sathyan Arjunan (sarjunan) [CONTRACTOR] wrote: > Recent days, I am facing frequent caching issues with my DNS servers which > are responsible for recursive lookup to external queries. As a temporary > solution, we used to refresh the named daemon to clear the cache. T

Re: epza.gov.tw. MX

2011-08-08 Thread Chuck Swiger
Hi-- On Aug 8, 2011, at 1:15 PM, Mark K. Pettit wrote: > My resolvers, running BIND 9.7.3P3, are having a difficult time resolving the > MX record for the zone "epza.gov.tw.". [ ... ] > But if I query any of [abc].twnic.net.tw. directly for the IP address of > dns.epza.gov.tw, I get an answer.

Re: Memory utilisation problem on busy bind resolver

2011-08-09 Thread Chuck Swiger
Hi, Dennis-- On Aug 9, 2011, at 7:31 AM, Dennis Perisa wrote: > We are running a number of BIND 9.7.3-p3 caching nameservers. In the > last couple of months, we've observed the memory utilisation of named > increasing at a steady rate of 1-2% per day on our busiest resolver > with no indication o

Re: Proper CNAME interpretation

2011-09-14 Thread Chuck Swiger
On Sep 14, 2011, at 2:27 PM, Ronald F. Guilmette wrote: > The second part however seems to go more to my question, which is "What is > the resolver supposed to do when some knucklehead breaks the rules and puts > a CNAME in with some other stuff?" Depends on which query one issued. The very next

blacklisting replies, was: Proper CNAME interpretation

2011-09-14 Thread Chuck Swiger
with the following header fields: > > Message-id: <2be47d87-8417-4055-8466-f47cd7fdb...@mac.com> > Date: Wed, 14 Sep 2011 14:52:34 -0700 > From: Chuck Swiger > To: "Ronald F. Guilmette" > Subject: Re: Proper CNAME interpretation > > Your message cannot

Re: blacklisting replies, was: Proper CNAME interpretation

2011-09-15 Thread Chuck Swiger
On Sep 14, 2011, at 5:09 PM, Ronald F. Guilmette wrote: > In message , you wrote: >> Sigh: your mail server is blacklisting email from mac.com. > > Yes. Sorry about that. Too much spam from there and no indication > that anybody there gives a damn that that they gush spam. (If you > find anybod

Re: One IP in multiple zones

2011-09-21 Thread Chuck Swiger
On Sep 21, 2011, at 12:56 PM, Adamiec, Lawrence wrote: > Is it possible to have one IP in multiple zone files for forward lookups? Yes. > What type of troubles would be encountered? None. This sort of thing is very commonly done, for example with shared/virtual webservers. Regards -- -Chuck

Re: fallback to forwarder if master zone does not have requested record

2011-10-13 Thread Chuck Swiger
On Oct 13, 2011, at 7:57 AM, Moser, Stefan (SIDB) wrote: > in customer migrations, when we shift customers from an old DNS environment > to a new DNS environment, there are sometimes situations where we have to > keep the same domain (let’s say “example.com”) both on the old DNS-server and > on

Re: intermittent bad horizontal referral?

2011-10-17 Thread Chuck Swiger
Hi-- On Oct 17, 2011, at 3:37 PM, Karl Auer wrote: > To see it, do (for example): > > dig+trace biplane.com.au ns > > Some such queries return correctly, some end up in a BHR loop. I don't see a "bad horizontal referral" being returned anywhere, but I do get errors against ppsdns6.pps.com.au

Re: maximum number of FD events

2011-10-25 Thread Chuck Swiger
On Oct 25, 2011, at 1:09 PM, Fr34k wrote: > We found someone else who seemed to suggest a "fix" by increasing the number > of sockets. > We figured we would give that a shot and see what would happen. We tried > 128, and then 256 -- but we still see these messages: > named[14050]: [ID 873579 d

Re: about the A and PTR for sending mail

2011-11-09 Thread Chuck Swiger
On Nov 9, 2011, at 5:57 PM, 风河 wrote: > I have two server IPs, the A records for them are: > > mail.dnsbed.com.300 IN A 74.117.233.4 > mail.dnsbed.com.300 IN A 74.117.232.204 > > The corresponding PTR records are: > > 4.233.117.74.in-addr.arpa. 36466

Re: BIND started several times at one time

2011-11-15 Thread Chuck Swiger
On Nov 15, 2011, at 4:00 PM, Aleksander Kurczyk wrote: > Is it possible to run named several times at one time on one computer on one > OS at different ports and with different config files? I would like to > simulate multiple servers on one PC. It's possible, but unlikely to be useful without a

Re: Query zone expiration time

2011-11-16 Thread Chuck Swiger
On Nov 16, 2011, at 10:20 PM, Hajducko, Steven wrote: > Yeah, that's if we wanted to bother recovering it. :) Then there is the > process of recovering the master conf file and setting up notifies and allows > for all the slaves the old master had. Hmm. If you don't care about recovering the z

Re: About root zones

2012-01-02 Thread Chuck Swiger
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote: > If the system resolver is good enough for every other application > running on the system, it should be good enough for BIND. > > Why not at least allow this as an option? The system resolver will happily provide answers based upon data from /

Re: About root zones

2012-01-03 Thread Chuck Swiger
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote: > Unfortunately as I learning BIND more, I understand that it is not > very suitable for my requirements. Which are? I've been trying to understand what the actual problem you are trying to solve might be. Regards, -- -Chuck __

Re: best practices for two-location DDNS for a single domain

2012-01-12 Thread Chuck Swiger
Hi-- On Jan 12, 2012, at 5:04 PM, Chris McCraw wrote: > But those aren't an option here - they both need to serve the same > domain and both need to allow local DDNS updates visible from both > sides, and work in the absence of a network between the two. I've > done some searching and it does not

Re: Forward Domain

2012-01-15 Thread Chuck Swiger
On Jan 15, 2012, at 8:41 AM, Markus Braun wrote: > > DNSMASQ is basically a DNS forwarder but it has a bunch of other > > features. Check the Wikipedia page on it and if you have questions > > please ask on their mailing list or forum. > > > > Regarding BIND, if you have issues with your server re

Re: Few questions on Bind

2017-01-04 Thread Chuck Swiger
On Jan 4, 2017, at 4:11 PM, Debarghya Mandal wrote: > Hi, > I am kind of new to bind. I have a few queries about it. > > 1. Is there a way to load custom DNS record from zone file? Yes; that's exactly what zone files are for. > I have some schematized data that I can store say in json or xml fo

Re: global server load balancing with the domain name

2017-04-14 Thread Chuck Swiger
On Apr 14, 2017, at 2:40 PM, McDonald, Daniel (Dan) wrote: > Setting up global server load balancing seems easy enough – just add ns > records pointing at the load balancer and away you go: > > example.com. 38400INSOAns20.example.net. > dan\.mcdonald.example.com. 2

Re: DNS64 & nslookup

2018-04-11 Thread Chuck Swiger
On Apr 11, 2018, at 3:09 PM, Rick Tillery wrote: > I appear to have my NAT64+DN64 IPv6 -> IPv4 network configured correctly, as > I can access IPv4 only Internet sites, e.g. from my browser. But some tools > don't seem to work the way I think they should. > > One example is nslookup. If do ns

Re: DNS64 & nslookup

2018-04-11 Thread Chuck Swiger
On Apr 11, 2018, at 3:32 PM, Rick Tillery wrote: > I'll give those tools a try, but I don't understand how my client is > requesting an A record. It only has IPv6 networking. DNS64 should be > requesting an A record, but that the client should see is the converted > record. Is that not rig

Re: DNS64 & nslookup

2018-04-11 Thread Chuck Swiger
On Apr 11, 2018, at 3:49 PM, Mark Boolootian wrote: > >>> I'll give those tools a try, but I don't understand how my client is >>> requesting >> an A record. It only has IPv6 networking. DNS64 should be requesting an >> A record, but that the client should see is the converted record. Is >

Re: DNS64 & nslookup

2018-04-11 Thread Chuck Swiger
On Apr 11, 2018, at 4:26 PM, Mark Boolootian wrote: >>> As far as I know, a host with on an IPv6 address is only ever >>> going to perform lookups. I'd be very interested to know >>> if there are cases where that isn't true. >> >> Well, if you run nslookup or dig -t a, you're asking for A r

Re: Frequent timeout

2018-08-31 Thread Chuck Swiger via bind-users
Hi, Alex-- On Aug 31, 2018, at 3:49 PM, Alex wrote: > The interface does show some packet loss: > > br0: flags=4163 mtu 1500 > [ ... ] >RX packets 1610535 bytes 963148307 (918.5 MiB) >RX errors 0 dropped 5066 overruns 0 frame 0 > > Is some packet loss such as the above to b