Re: Multiple BIND instances

2012-02-06 Thread Jeff Peng
于 2012-2-7 15:09, sasa sasa 写道: I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache only and another authoritative. Is it better to install 2 OS virtually and run BIND in them or run 2 instances of BIND on the same OS? I mean what is the best practice to take advantage

about the MX and NS values

2012-02-08 Thread Jeff Peng
I was thinking why RFC requires the values of MX and NS must be hostname not IP. Any glue? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https:

Re: about the MX and NS values

2012-02-08 Thread Jeff Peng
于 2012-2-9 15:27, Mark Andrews 写道: When you serve 10 zones do you want to update 1 address record or 10 NS record on a address change? When you serve 10 mail domains do you want to update 1 address record or 10 MX records on a address change? Yup

A question for the reference

2012-03-05 Thread Jeff Peng
Hello, Please see this case: $ dig funnygamesite.com @k.gtld-servers.net ; <<>> DiG 9.7.3 <<>> funnygamesite.com @k.gtld-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35540 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

Re: A question for the reference

2012-03-05 Thread Jeff Peng
于 2012-3-6 10:23, Spain, Dr. Jeffry A. 写道: I tested this by capturing network traffic on a bind 9.9.0 recursive resolver. The commands 'rndc flush' followed by 'dig @localhost funnygamesite.com' resulted in the following: 1. A query to m.gtld-servers.net. 2. The same referral response that you

Re: Can I set TTL served to users in bind?

2012-03-09 Thread Jeff Peng
于 2012-3-9 16:11, Drunkard Zhang 写道: I got some bind servers doing iteration resolution, and return the results to users. But I found that some names got too big TTLs, whose RRs can not be replaced correctly by new RRs in time. This leads to user‘s blame, we have to flush the caches by hand, and

Re: Can I set TTL served to users in bind?

2012-03-09 Thread Jeff Peng
于 2012-3-9 17:20, Cathy Almond 写道: Many ISP's caching DNS servers do this stuff. > AFAIK there is not such an option for that, but you can do it from > BIND's source. max-cache-ttl ? Thanks Cathy for pointing out that. From what googled: http://www.menandmice.com/knowled

Re: glub or authauthority NS is cached and used at a cache dns server?

2012-03-21 Thread Jeff Peng
You might want to read my this blog; http://www.nsbeta.info/archives/115 HTH 于 2012-3-21 15:07, Felix New 写道: when i dumpdb from the cache dns, some domain's ns records are glue DNS, and others are authauthority. The TTL are different. which type is used in Cache DNS? ___

querylog format

2011-06-06 Thread Jeff Peng
Hello, The querylog of BIND in my hosts is like: client 58.240.56.18#16768: query: s18.mhxx.game.yy.com IN A -EDC For the last part, I know the '-' means non-recursion,'E' means EDNS. But what are the 'D' and 'C' flags? thanks. Send

Re: querylog format

2011-06-06 Thread Jeff Peng
Thanks michael. That's right for me. > -Original Message- > From: mich...@rancid.berkeley.edu > Sent: Mon, 06 Jun 2011 20:41:03 -0700 > To: pen...@inbox.com > Subject: Re: querylog format > > On 6/6/11 8:09 PM, Jeff Peng wrote: >> Hello, >> >&

second nameserver with two IPs

2011-06-07 Thread Jeff Peng
Hello, My second nameserver has tow IPs, for example, 61.144.56.1 61.144.57.1 (They are in different CIDRs.) and my ns2.example.com was pointed to these two IPs. Will this cause problems, for example, the duplicated notification or zone-transfer? Thanks in advance. __

DNS is tainted

2011-06-07 Thread Jeff Peng
Hello, >From the dig info below: C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com www.nsbeta.info.3497IN CNAME nsbeta.info. nsbeta.info.2434IN A 74.117.232.204 C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com www.nsbet

tell BIND the nameservers have been changed

2011-06-14 Thread Jeff Peng
Hello, Once I changed the IP address for NS records, for example, example.com. IN NS ns1.myzone.com. example.com. IN NS ns2.myzone.com. I changed ns[1-2].myzone.com to new IPs in myzone.com's DNS, then how to let BIND for example.com to know the NS has been changed? Thanks. __

Re: tell BIND the nameservers have been changed

2011-06-15 Thread Jeff Peng
I remember there is a rndc option, but not sure. > -Original Message- > From: bortzme...@nic.fr > Sent: Wed, 15 Jun 2011 09:06:54 +0200 > To: pen...@inbox.com > Subject: Re: tell BIND the nameservers have been changed > > On Tue, Jun 14, 2011 at 08:41:50PM -0800

about the reference

2011-07-01 Thread Jeff Peng
Hello, Please see this reference: $ dig mydots.net @j.gtld-servers.net ; <<>> DiG 9.4.2-P2.1 <<>> mydots.net @j.gtld-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41902 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

allow-query for a zone

2012-01-15 Thread Jeff Peng
Hi, If I just want to disable any client to query for a zone, but keep that zone in the config file (maybe later I will enable it to be accessable), can I just set: allow-query { none; }; in the zone section? zone "example.com" { type master; file "example.com.db"; allow-query { none;

Re: Defense against a client?

2012-01-16 Thread Jeff Peng
于 2012-1-16 18:19, Tom Schmitt 写道: My question: Is there any possibility in Bind to give a quoata to a client? e.g. that from a given IP no more than houndred queries per second are allowed and the rest is to be blackholed. That way only the client causing the load would have a problem but not

Re: allow-query for a zone

2012-01-16 Thread Jeff Peng
于 2012-1-17 1:58, Warren Kumari 写道: Just out of interest, why wouldn't you just comment out the zone stanza? Would cut down on memory usage, load time, etc… I'm sure you have a use case, just a wondering… Well, my dns manage system (dnsbed.com) requires a "zone pause" feature. When user click

Re: allow-query for a zone

2012-01-16 Thread Jeff Peng
Well, my dns manage system (dnsbed.com) requires a "zone pause" feature. > When user click the "pause" button, the zone should be stopped for > resolving, but the config and records should be kept. How can you tell the difference? what differenct do you mean? __

Re: allow-query for a zone

2012-01-16 Thread Jeff Peng
Whether you set allow-query to none, or remove the zone statement, clients will get an error when they try to query the zone. There is a difference when you develop a web interface for DNS system. A user can "pause" the domain from web interface, if we remove the zone and records from BIND fi