Re: Logging

On 1/8/2013 8:19 AM, Timothe Litt wrote: What I think would be more useful is if named actually reported the issues to where they'd do some good. Perhaps a DNS extension "I got an invalid message from you" - so it shows up in the log of the server (and administrator) with the problem. (I'd wo

Re: Simple question about zone and CNAME

On 4/6/2013 12:46 AM, Lawrence K. Chen, P.Eng. wrote: So, up until a couple years ago...our webmail address had always been, and only "webmail.ksu.edu". But, under the new directionit has to work as "webmail.ksu.edu", "www.webmail.ksu.edu", "webmail.k-state.edu","www.webmail.k-state.edu".

Re: What happens when one out of three NSs are down?

On 6/11/2013 7:12 PM, Gary Wallis wrote: What really happens in the real world when 1 out of three authoritative NSs are down for 30 minutes due to a datacenter outage? For example, we have 3 NSs: ns1.someisp.net 12.23.34.45 ns2.someisp.net 23.34.45.56 ns3.someisp.net 34.45.56.67 All in dif

Re: Diagnostic help part 2

On 10/1/2014 3:45 PM, Tony Finch wrote: (Sorry for straying off topic. I have less experience of Cisco PIX/ASA breaking DNS than of them breaking SMTP.) I can't resist either.. I specifically remember a PIX that bit me by "helpfully" changing the payload of an axfr so that the A records that tr

Re: Random nx name queries, anyone see this before?

Alan Clegg wrote: > ponga2...@gmail.com wrote: >> I'm seeing name queries from a couple clients on the network that >> occur around every two minutes - the queries are evidently random and >> are looking for A IN records of this form, as an example: >> >> ungzbvyf.lzghmccim >> >> They always look l

Re: Multiple CNAME alternantive?

On 8/19/2010 10:52 AM, Steve Arntzen wrote: I would like to resolve dns.ourdomain.com to a list of our DNS server names and possibly their IPs. As we use many DNS servers (and or views) for our different development environments, it would be very helpful for the developers to easily find the nam

Re: I get "No mail exchanger (MX) records available for rimm.com" error just for a couple of domains

On 8/19/2010 2:33 PM, Samad Agha wrote: 2- When I perform this query from our ns1 server I do get the correct result, but the same query from ns2 server fails can't find rim.com : Non-existent host/domain Any help would be highly appreciated; many thanks in advance. The config

Re: I get "No mail exchanger (MX) records available for rim.com" error just for a couple of domains

On 8/19/2010 2:58 PM, Samad Agha wrote: Dave or anyone else who can help: 4- Yes, is only rim.com & tmo.blackberry.net that error out. Everything else resolves just fine on ns2 and EVERYTHING, including rim.com & tmo.blackberry.net

Re: Slave DNS zone problem

On 9/9/2010 4:43 AM, Rock July wrote: Hi All, I have a problem with one of my DNS. This DNS is configured as slave and have two masters (hosting different domains). Recently, I changed the IP of one of the master DNS then all domains under that master DNS cannot be resolved on the slave DNS altho

Re: Caching nameservers dealing with dead authoritative servers

On 9/15/2010 5:18 PM, ML wrote: Hi, I'm having a problem with my caching DNS servers. I'm on bind 9.4.3-p5, threads enabled (4), running gentoo 64 bits. For 2 days, I have some clients (mail servers receiving spams) issuing a lot of requests on zone hosted on dead dns server. For example : '

Re: Max-Cache-TTL

On 9/23/2010 10:19 AM, Atkins, Brian (GD/VA-NSOC) wrote: I'm looking for methods to reduce the period of time we cache external records (e.g., www.google.com). I think the option I need to implement is max-cache-ttl. Is this the correct method for limiting caching? Are there reasons that I shoul

Re: minimum cache times?

On 10/5/2010 9:19 AM, Atkins, Brian (GD/VA-NSOC) wrote: I asked a similar question 2 weeks ago and got a non-response (e.g., a response with no real information). From what I've read, everyone seems to frown on over-riding cache times, but I haven't seen any specifics as to why it's bad. Ba

Re: AXFR partially timed out

On 10/7/2010 4:55 AM, Beat Jucker wrote: Hello BIND users I have a very strange problem with AXFR. We are using a master and a secondary DNS Server with an internal and an external view. Depending on the source address the secondary server will get the internal or external view for zone transfer

Re: AXFR partially timed out

On 10/11/2010 5:11 PM, Beat Jucker wrote: Is the problem zone larger than the ones that are not a problem? If so it may be a MTU problem, or even a firewall that does things differently based on packet sizes. Indeed the trouble zone is about double the size of other zones. Both DNS servers are

Re: High named CPU every 10 minutes?

On 11/17/2010 2:26 PM, blrmaani wrote: I see a peculiar behavior on my DNS server. The named CPU reaches 90% + every 10 minutes and my monitoring software keeps paging me. I have a DNS host running FreeBSD 7.x, running BIND 9.4.x on a 2-CPU machine with 4GB RAM. It is a recursive DNS server. D

Re: load balance of DNS

On Mon, Jan 16, 2012 at 2:52 PM, Barry Margolin wrote: >> One (icky) solution is to hand out more addresses for one server than the >> otherŠ >> >> www.example.com  IN  A  192.168.1.1 >> www.example.com  IN  A  192.168.1.2 >> www.example.com  IN  A  192.168.1.3 >> www.example.com  IN  A  192.168.

Re: clearing local caches

Scott Haneda wrote: ... However, I would like to just get DNS response times. Perhaps take the list of hosts and feed them to a iterative script calling dig, and fish out the response time? This does add the problem of redirects of course would not be followed, so I would have to pre-fetch a

Re: Truncated, retrying in TCP on Reverse lookup

Matus UHLAR - fantomas wrote: On Thu, Jul 09, 2009 at 05:50:02AM -0700, Fr34k wrote a message of 119 lines which said: There should be one and only one PTR for that IP. On 10.07.09 22:40, Stephane Bortzmeyer wrote: No. No good reason fo

Re: How See what is Cached?

Gregory Hicks wrote: From: "Alans" Date: Sun, 5 Jul 2009 11:29:27 +0300 I run that command but nothing happened! And named.conf option is dump-file "/data/cache_dump.db"; , I checked that directory that file doesn't exist!! Do you think there is a problem in configuration? File / directory p

Re: clearing local caches

Scott Haneda wrote: On Jul 15, 2009, at 12:29 PM, Dave Sparro wrote: Scott Haneda wrote: ... However, I would like to just get DNS response times. Perhaps take the list of hosts and feed them to a iterative script calling dig, and fish out the response time? This does add the problem of

Re: SRV Record Priority set by IP Address

Lev Vanyan wrote: 20.07.09 14:11, Chris Thompson написав(ла): On Jul 20 2009, Dmitry Rybin wrote: Lev Vanyan wrote: i've stumbled into a question whether it is possible to configure BIND in a way that it responds to DNS SRV requests with the priority flag changed depending on the IP address o

Re: no more recursive clients: quota reached

On Thu, Aug 27, 2009 at 12:17 PM, Niall O'Reilly wrote: > Lisa Casey wrote: > >> Aug 26 12:48:56 netlink named[295]: client 207.191.185.6#60614: no more >> recursiv >> e clients: quota reached > >> Any ideas on how I should go about solving/fixing this? > >        I'ld suggest you check your connec

Re: problem resolving domains with bind9.5.0-P2

Based on the answer size for the query you presented, I'd focus on looking for an upstream filter/device that is blocking answers that are > 512 bytes. On Wed, Sep 9, 2009 at 5:34 AM, Matthias Brehm wrote: > Dear all, > > > > we use bind9.5.0-P2 for the internet dns server. > > Sometimes we get

Re: rndc command for erased zone?

On Wed, Sep 23, 2009 at 8:00 AM, Marcos Lorenzo de Santiago wrote: > I no longer manage one of our DNS domain. As I use 'rndc reconfig' to > load newly created zones I was wondering if exists a way to do the same > as reconfig but inversely, I mean, reload configuration forgetting the > just erase

Re: Match-Clients not working in DNS

On Mon, Nov 16, 2009 at 7:08 AM, Agarwal Vivek-RNGB36 wrote: > Iam running BIND-9.3.3 on Linux Server. I have configured match-clients in > the named.conf file. I added some more IPS to >this and restarted the named process. The issue is its not getting updated and >the new added IPs cant resolv

Re: Feature request - disable internal recursion cache

On Wed, Dec 2, 2009 at 9:43 AM, Dmitry Rybin wrote: > I found answer for my feature request - simple C proxer: > http://www.wolfermann.org/dnsproxy.html > > It can forward queries to auth or recursion server. Based on client IPs. > What if one of your access customers is running their own DNS ser

Re: Notify "storms"

On 1/18/2010 4:27 PM, Todd wrote: Good day all, We've run into a problem with our DNS servers. The way we update our masters is via a CVS Checkout and reload of the zones modified. Sometimes though, we need to reload the whole config for big changs/etc. When that happens, all 6 masters (I know

Re: Bind9 overloaded, recursive clients and timeout.

On 2/9/2010 7:28 PM, Mark Andrews wrote: In message<4b719346.4020...@arcelormittal.com>, Cedric Lejeune writes: In fact, our firewall was doing some kind of traffic shaping (thanks Robert ;): if the number of requests of any type goes above a define number, then block further requests.

Re: Different handling of referrals by dig and nslookup

On 2/13/2010 9:42 PM, kalpesh varyani wrote: Hi Rick, I am aware that it is a somewhat odd (but not incorrect, am I right ?) to put a non-recursive name server in the resolv.conf but I am not able to understand the behavioral difference of ping/dig and nslookup. But logically shouldn't it be

Re: CNAME Issue - Whether to use CNAME-data or Response-Flag

On 4/9/2010 8:59 PM, Steven Wilmot wrote: 1 - The original server-configuration (or response) from "primary-dns.co.uk" is NOT VALID If this is the case, could you please help let me know exactly which RFC or configuration that you believe is not valid. Note: 'primary-dns.co.uk is owned and mai

Re: Caching DNS server (bind9.4.2) CPU usage is so so so high.

On 4/25/2010 10:23 PM, Trần Trọng Tấn wrote: Hi, I have a caching-only dns server which get ~3k queries per second. Here is specs: |Xeon dual-core2,8GHz 4GB of RAM Centos 5x 32bit(kernel2.6.18-164.15.1.el5PAE) bind9.4.2 | rndc status: recursive clients: 666/4900/5000 Bind always uses

Re: SRV record question

On 6/16/2010 10:44 AM, Niobos wrote: In this configuration, the server's IP is present multiple times, which will lead to mistakes in the future. I can't let the SRV-record point directly to "server" either, since the vhost-configuration needs the correct Host:-HTTP header. Or am I missing som

Re: Performance tuning tips required for bind 9.6.1-P3!!!

On 7/13/2010 1:11 PM, Shiva Raman wrote: Dear All This is in reference to the performance tuning , i had already gone through the mailing list archives , but could not find answer to my specific query mentioned here. Right now i am using queryperf to test the performance with sample query fi

Re: Three NameServer DOSing my

On 7/28/2010 5:53 AM, Michelle Konzack wrote: Hello Experts, my primary NameServer is hit by more then 600.000 requests per day coming mainly from three NameServers: [ '/var/log/named.log' ] Jul 28 11:18:17 samba3 named[26425]: 28-Jul-2010 11:18:

Re: Three NameServer DOSing my

On 7/29/2010 2:11 PM, Michelle Konzack wrote: Hello Matus UHLAR - fantomas, Your hostname is private and inaccessible from the outside. The requesters get SERVFAIL reply which apparently makes them retry. If you provided them any IP address (e.g. 127.0.0.1) they could be satisfied and stop try

Re: Can an NS point to a CNAME

On 8/13/2010 6:08 AM, Phil Mayers wrote: Still puzzled that bind didn't seem to log anything. I will have a trawl through the source I think; I'm sure it must be my logging config. I don't know if I'm on the right path, but were you logging lame delegations? -- Dave ___

Re: Cannot resolve DNS off public dns, but can via nameserver ip

On 8/13/2010 1:53 PM, Mike Mackintosh wrote: How will the registrar be able to resolve the host name dns.angryserver.net if dns is not propagating? I understand that when you register a domain, the registrar will send the nameserver information to the root servers, which are then queried for your

Re: www.ncbi.nlm.nih.gov / pubmed

On 8/18/2010 8:30 AM, Phil Mayers wrote: On 18/08/10 13:15, Lightner, Jeff wrote: It comes right up in Firefox but prompts for a username and password. Do you have DNSSEC validation enabled? Because as per my email, it's a DNSSEC problem. After a bit of investigation, it seems that the proble

Re: www.ncbi.nlm.nih.gov / pubmed

On 8/18/2010 1:12 PM, Casey Deccio wrote: On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparro wrote: On 8/18/2010 8:30 AM, Phil Mayers wrote: ...since the "ncbi" zone is an unsigned child zone, there needs to be an NSEC/NSEC3 record to prove the absence of the DS record, and hav