Hi!
I have several bind instances running on the same host. All of them use
the same logging prefix, e.g:
named[11926]: zone mydomain/IN: Transfer started.
named[11926]: transfer of 'mydomain/IN' from 2.3.4.5#53: connected using
2.3.4.5#44224
named[13479]: client 2.3.4.5#44224: transfer of 'm
On 02.07.2013 14:59, Tony Finch wrote:
Klaus Darilion wrote:
Some software allows to configure the syslog prefix, but I couldn't find that
for bind.
Rename the named executable.
I would prefer a configuration options, but I guess I have to use this
workaround.
Tested with sym
Hi!
# named -V
BIND 9.9.3-rl.13204.02-P2
I have configured slave zones with inline signing:
zone "mydomain.at" {
type slave;
file "/etc/bind/mydomain.at";
masters { 1.2.3.4; };
key-directory "/etc/bind/keys";
auto-dnssec maintain;
inline-signing y
Same problem with:
# named -V
BIND 9.9.4-P1
On 11.12.2013 13:39, Klaus Darilion wrote:
Hi!
# named -V
BIND 9.9.3-rl.13204.02-P2
I have configured slave zones with inline signing:
zone "mydomain.at" {
type slave;
file "/etc/bind/mydomain.at";
On 11.12.2013 21:09, Mark Andrews wrote:
For normal slave zones (unsigned) it works fine. Is this a known bug?
>Where can I open a bug report? Any workarounds?
You can report bugs tobind9-b...@isc.org. That being said this one is
trivial.
Thanks, works fine.
regards
Klaus
_
Hi!
I use Bind for inline signing between a hidden master and the public
slaves. AFAIS Bind maintains 2 serials: one for the incoming unsigned
zone (eg. used to match incoming NOTIFYs) and one for the outgoing
signed zone.
I want to monitor if my name servers are all up2date by monitoring an
On 30.01.2014 14:19, Mark Andrews wrote:
In message <52ea4c56.5060...@pernau.at>, Klaus Darilion writes:
Hi!
I use Bind for inline signing between a hidden master and the public
slaves. AFAIS Bind maintains 2 serials: one for the incoming unsigned
zone (eg. used to match incoming N
On 30.01.2014 14:28, Tony Finch wrote:
Mark Andrews wrote:
In message <52ea4c56.5060...@pernau.at>, Klaus Darilion writes:
Are there any tools/ways to query Bind for the incoming serial?
rndc zonestatus [class [view]]
I think that's a BIND-9.10 feature :-)
On 9.9
Hi!
I just stumbled across section 7.1 of RFC 5155
(http://tools.ietf.org/search/rfc5155#section-7.1):
As the "owner name" is hashed, there is potential for a hash collision.
What confuses me is:
If a hash collision is detected, then a new salt has to be chosen,
and the signing proce
Hi!
I just noticed that on "rndc signing -clear all zone", Bind removes the
private RRs, updates the NSEC3 RR, and increases the serial, but it does
not send NOTIFYs.
I guess this is a bug.
I tested bind 9.9.5, with inline-signing of a zone.
regards
Klaus
___
On 06.02.2014 14:58, Cathy Almond wrote:
On 06/02/2014 12:58, Timothe Litt wrote:
On 06-Feb-14 05:56, Cathy Almond wrote:
On 05/02/2014 18:54, David Newman wrote:
The Michael W. Lucas DNSSEC book recommends changing NSEC3 salt every
time a zone's ZSK changes.
Is this just a matter of a new
On 06.02.2014 11:56, Cathy Almond wrote:
On 05/02/2014 18:54, David Newman wrote:
The Michael W. Lucas DNSSEC book recommends changing NSEC3 salt every
time a zone's ZSK changes.
Is this just a matter of a new 'rndc signing' command, or is some action
needed to remove the old salt?
thanks
d
Hi all!
I just managed to "crash" Bind 9.9.5 with an assertion failure - see
attached log file.
What my script does is:
1. delete zone via rndc (in this case the zone does not exist)
2. add zone via rndc
3. rndc signing -nsec3param
4. rndc sign
5. rndc signing -nsec3param (this
[22328]: #7 0x7f805eec21cd in ??
Feb 11 11:49:48 named[22328]: exiting (due to assertion failure)
Only the second startup worked.
Thanks
Klaus
On 11.02.2014 12:44, Klaus Darilion wrote:
Hi all!
I just managed to "crash" Bind 9.9.5 with an assertion failure - see
attached log file.
W
Does it only happen for IPv6 DNS requests? Maybe it is related to this:
https://open.nlnetlabs.nl/pipermail/nsd-users/2014-January/001783.html
klaus
On 05.03.2014 14:16, Kostas Zorbadelos wrote:
Greetings to all,
we operate an anycast caching resolving farm for our customer base,
based on Cen
Answering myself: This bug is probably not your problem, as Bind has
received the DNS query, otherwise it would not answer with SERVFAIL.
regards
Klaus
On 05.03.2014 16:15, Klaus Darilion wrote:
Does it only happen for IPv6 DNS requests? Maybe it is related to this:
https://open.nlnetlabs.nl
Hi!
I use Bind 9.9.5 for inline signing. The zone is configured to use NSEC3
without opt-out:
example.com 0 IN NSEC3PARAM 1 0 10 BEEF
Nevertheless, most of the resulting NSEC3 records have the opt-out bit
set and insecure delegations are indeed skipped (no NSEC3 re
er use opt-out or
non-opt-out?
Thanks
Klaus
On 01.04.2014 15:35, Klaus Darilion wrote:
Hi!
I use Bind 9.9.5 for inline signing. The zone is configured to use NSEC3
without opt-out:
example.com 0 IN NSEC3PARAM 1 0 10 BEEF
Nevertheless, most of the resulting NSEC3 re
On 01.04.2014 17:09, Chris Thompson wrote:
On Apr 1 2014, Klaus Darilion wrote:
[...]
Nevertheless, it seems there are still two bugs:
1. The NSEC3 chain is not properly cleared when switching from
non-opt-out to opt-out
2. The NSEC3PARAM record always has the opt-out flag clear, even if
opt
Hi!
During rollover testing I quite often delete keys without properly
settings the timestamps in the keys - it is testing only.
This leads to such errors:
error reading private key file example.com/NSEC3RSASHA1/64337: file not
found
To recover and restart my testing I:
- remove the zone from t
Hi!
Using Bind 9.9.5.
I have some questions about the private records which indicate the
signing status. From my external key management and monitoring tool I
query the private records to get the signing status, e.g. if the signing
after a rollover is finished, if a key can be deleted from disk,
> Further, I see that sometimes there are no private records at all. When
> does this happen? (I never called "rndc signing -clear")
It seems that this happens when Bind is restarted.
So, what is the suggested (and reliable) way for external tools to get
the signing status from Bind? I.e. if a k
On 21.05.2014 12:39, Phil Mayers wrote:
> On 21 May 2014 10:24:23 BST, Klaus Darilion
> wrote:
>>> Further, I see that sometimes there are no private records at all.
>> When
>>> does this happen? (I never called "rndc signing -clear")
>>
>&g
Hi!
Today I managed that Bind 9.9.5 created a signed zone with all RRs
signed except the SOA. The private RRs showed "finshed signing". Only
after another "rndc loadkeys" also the SOA was signed.
Unfortunately I can not reproduce the problem, but I suspect it may be
related to the order how I add
before calling "rndc signing nsec3param" - this is not nice.
Are there any workarounds for that? IMO it would be cool if Bind would
store NSEC3 options outside of the zone.
Thanks
Klaus
On 05.06.2014 14:02, Klaus Darilion wrote:
> Hi!
>
> Today I managed that Bind 9.9.5 crea
Release: BIND 9.9.5
I regularly perform key rollovers and zone validation of an
inline-signed zone. The zone validator receives NOTIFYs and then it
transfers the zone and validates it (using dnssec-verify and validns).
I also regularly call "rndc retransfer" to make sure to have an correct
zone.
Hi!
I currently use rndc addzone/delzone to manage zones on my slave. I now
want to add TSIG for some of these zones and I want to be able to
enable/disable TSIG dynamically per zone.
Unfortunately I haven't found a nice solution yet. My results are:
1. delzone/addzone with adding the tsig key n
Hi!
I have a Bind 9.9.5 running as slave. The master is not configured
correctly and rejects the zone transfer. It seems that if Bind has never
received the zone yet, it tries endlessly to fetch the zone (see below),
~3 times per second.
It would be nice if Bind for example retries only every min
If you manually configure the listen-on IP addresses, that may help:
http://linux-ip.net/html/adv-nonlocal-bind.html
regards
Klaus
On 31.07.2014 13:24, Johannes Kastl wrote:
> Hi everyone,
>
> in the quest to use a master behind a Router with changing IPs, I set
> up a VPN and told bind on both
Am 31.07.2014 21:08, schrieb /dev/rob0:
The proper tool to manage named configuration and operation, and
which in the best Unix ethic is well suited for automation, is
rndc(8).
You can not always use rndc. For example you can add and delete zones,
but you can not modify zones via rndc.
regards
Hi!
I want to monitor the freshness of my slaves zones. Is it somehow
possible to extract the status of slave-zones from bind?
Thanks
Klaus
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mai
Am 08.02.2016 um 14:59 schrieb Warren Kumari:
> The standard, compatible way to do this is simply to do a lookup for the
> SOA record and make sure that the serial number matches what you expect
> it to be / what is on the master. I'm not sure what monitoring tool you
> are using (or if you are w
Am 08.02.2016 um 14:58 schrieb Tony Finch:
> Klaus Darilion wrote:
>>
>> I want to monitor the freshness of my slaves zones. Is it somehow
>> possible to extract the status of slave-zones from bind?
>
> If you are running 9.10 or later you can use `rndc zonestatus`
On 08.02.2016 20:49, Mark Andrews wrote:
> With a modern nameserver that supports the expire edns option you can
> also do "dig +expire soa zone @server" which will tell you how long
> until the zone will expire on this server.
Aha, but isn't this a different kind of information? A zone which is
On 08.02.2016 14:58, Tony Finch wrote:
> Klaus Darilion wrote:
>>
>> I want to monitor the freshness of my slaves zones. Is it somehow
>> possible to extract the status of slave-zones from bind?
>
> If you are running 9.10 or later you can use `rndc zonestatus`.
On 10.02.2016 09:27, Klaus Darilion wrote:
>
>
> On 08.02.2016 14:58, Tony Finch wrote:
>> Klaus Darilion wrote:
>>>
>>> I want to monitor the freshness of my slaves zones. Is it somehow
>>> possible to extract the status of slave-zones from bind?
Hello all!
Will bind refuse (close) the new TCP connections, or will it accept the
new connection and closes the longest idle TCP connection? Or even better?
Thanks
Klaus
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
max-ixfr-ratio introduced with 9.17.0 sounds like a workaround instead
of a bugfix.
Anyway, can you recommend a sensible settings? I.e. when does the
performance problem of "large" IXFR starts to happen? Does this depend
on the ratio of the IXFR-size to zone-size, or does it depend on the
siz
Hello!
What is the rationale of:
bind9 (1:9.13.6-1) experimental; urgency=medium
...
* Rename the init scripts to named to match the name of the daemon
Since years, Debian and Ubuntu User, and plenty of scripts and automation
software (Puppet ...), know that the service is called "bind9". I
20 um 08:56 schrieb Reindl Harald:
> >
> >
> > Am 15.04.20 um 08:51 schrieb Klaus Darilion:
> >> Hello!
> >>
> >> What is the rationale of:
> >>
> >> bind9 (1:9.13.6-1) experimental; urgency=medium
> >> ...
> >> * Rename
> > It would be great if you undo this change before release of 18.04
>
> you confuse the upstream project with your distribution
>
> bind9 was completly wrong in the debian world as well as apache2 for
> httpd, on sane distributions it's "httpt" and "named" all the years
> beause it's nonsense t
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Reindl
> Harald
> Gesendet: Mittwoch, 15. April 2020 09:17
> An: bind-users@lists.isc.org
> Betreff: Re: Debian/Ubuntu: Why was the service renamed from bind9 to
> named?
>
>
>
> Am 15.04.2
Thanks for answer!
So actually it is just a cosmetic change not addressing a real problem.
I will miss the bind9 service :-(
Klaus
> -Ursprüngliche Nachricht-
> Von: Ondřej Surý
> Gesendet: Mittwoch, 15. April 2020 10:15
> An: Klaus Darilion
> Cc: bind-users@lists.is
> Am 15.04.20 um 10:08 schrieb Ondřej Surý:
> > you need to stop being rude to people on the bind-users mailing list,
> > personal attacks are not acceptable behaviour here. You should apologize
> > to Klaus.
>
> it's not a personal attack to clearly point out that discussions of
> distribution le
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Cathy
> Almond
> Gesendet: Dienstag, 9. Juni 2020 14:30
> An: bind-users@lists.isc.org
> Betreff: Re: NSEC3 salt change - temporary performance decline
...
>
> FYI this will be fixed in the June 2020 BIND releases (in 9.11.20,
>
Hello all!
A signed zone shall be moved to another DNS provider. Hence I want to add the
public KSK of the gaining DNS provider as additional DNSKEY to the zone. My
setup ist:
Bind1 as hidden primary --> Bind2 as bump-in-the-wire signer -> public facing
secondaries
I tried to add the DNSKEY t
> > So, how is the correct process to add an additional DNSKEY (only the public
> key is known).
>
> I think you are looking for `dnssec-importkey`.
Indeed. I imported the key and got a .key and .private file. I put those files
in the same directory as the other keys, gave read permissions to bi
Thanks - now it works.
Klaus
Von: Shumon Huque
Gesendet: Donnerstag, 9. Juli 2020 13:44
An: Daniel Stirnimann
Cc: Klaus Darilion ; bind-users@lists.isc.org
Betreff: Re: AW: How to prepublish additional DNSKEY
On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann
mailto:daniel.stirnim...@switch.ch
Hello!
Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
(NSD/bind)
Today we upgraded bind-1 and bind-2 from:
9.16.6-3+ubuntu18.04.1+isc+3 ---> 9.16.12-2+ubuntu18.04.1+isc+1
AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can not
transfer the
I just wanted to add, that AXFR of all other hosted zones work fine (even
bigger ones). Only this single zone fails.
Thanks
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Klaus
> Darilion
> Gesendet: Donnerstag, 11. März 2021 21:24
> An: bind-user
I will - in the meantime: do you have older ppa packages somewhere on archive?
Thanks
Klaus
> -Ursprüngliche Nachricht-
> Von: Ondřej Surý
> Gesendet: Donnerstag, 11. März 2021 21:49
> An: Klaus Darilion
> Cc: bind-users@lists.isc.org
> Betreff: Re: AXFR Proble
on: bind-users Im Auftrag von Klaus
> Darilion
> Gesendet: Donnerstag, 11. März 2021 21:24
> An: bind-users@lists.isc.org
> Betreff: AXFR Problems sind Upgrade to 9.16.12
>
> Hello!
>
> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
> (
Hello!
On our servers where we use Bind 9.16, named needs approx. 29G RAM. On the
servers with Bind 9.11 named needs approx. 25G RAM.
Is this a known issue? Are there some config options to tune memory consumption?
Thank
Klaus
___
Please visit https:
Hi!
I have 9.7.0-P1 as slave configured with two masters: M1 and M2. M2 is
currently down.
When M1 sends a NOTIFY to inform the salve of the new zone, bind starts
querying for the SOA record at M2. As M2 is down, bind sends
retransmissions and tries it several times. It takes up to 2 minutes
unti
Am 30.08.2011 00:04, schrieb Mark Andrews:
> In message <4e5b6098.80...@pernau.at>, Klaus Darilion writes:
>> Hi!
>>
>> I have 9.7.0-P1 as slave configured with two masters: M1 and M2. M2 is
>> currently down.
>>
>> When M1 sends a NOTIFY to
Am 30.08.2011 18:17, schrieb Klaus Darilion:
> 2. Thus, every 4.5 minutes the slave asks both masters for the serial.
> The lookup to M1 works fine, the lookup to M2 of course fails as M2 is
> down and thus bind starts with retransmissions: every lookup has 2
> retransmissions ever
Hi Michael!
Am 30.08.2011 20:33, schrieb Michael Graff:
> On 2011-08-30 12:06 PM, Klaus Darilion wrote:
>
>> Unfortunately I fail to find the options where I can configure the
>> number of retransmissions, timeouts and number of transactions -
>> please give me some hin
Hi!
I would like to use this feature to check the status of my slave zones.
# rndc zonestatus nic.at
name: nic.at
type: slave
files: /etc/bind/zones/nic.at
serial: 2017121119
nodes: 77
next refresh: Tue, 19 Dec 2017 08:34:53 GMT
expires: Tue, 02 Jan 2018 07:50:08 GMT
secure: yes
inline signing: n
Hi!
The default setting of max-journal-size filled my disk. I do have plenty
of zone from KByte to GByte. So I wonder, what would be the perfect size
to configure. So, I wondered - do I need a journal at all? I know the
journal is needed for ixfr-from-differences and DDNS.
But on a server with sl
Hi!
I couldn't find it online - is there a limit on the zone file size?
Thanks
Klaus
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.or
Am 14.03.2018 um 13:10 schrieb Ray Bellis:
> On 14/03/2018 12:08, Anand Buddhdev wrote:
>
>> Not that I know of. The amount of RAM in a server is probably the most
>> significant limit for loading zones into BIND.
>
> Anand is correct - there's no intrinsic limit other than RAM.
>
> I personal
Am 14.03.2018 um 13:04 schrieb Tony Finch:
> Klaus Darilion wrote:
>>
>> But on a server with slave-zone only (fetched by ixfr) - do I need a
>> journal at all? How can I disable it - by setting the max-size to 0?
>
> The journal reduces the cost of re-writing zone
Am 14.03.2018 um 13:38 schrieb Tony Finch:
> Klaus Darilion wrote:
>>
>> Thanks for the detailed answer. So I will use a few MBytes. But would it
>> be possible to set max-journal-size=0?
>
> There's a minimum journal size (the calculation in the code comes to
Am 14.03.2018 um 15:20 schrieb Tony Finch:
> Klaus Darilion wrote:
>>
>> I have now set
>> max-journal-size 50M;
>> and restartet bind a few times. But the journal files are still GBytes.
>> When should Bind flush the journal into the zone file?
>
Hi!
I use bind 9.9.5.dfsg-3ubuntu0.17 with around 20 slave zones (from small
to huge).
I query the SOA of every configured zone once a second to monitor bind.
Once a day my script reports timeouts (3 seconds) querying a SOA. This
server is a test server, hence it is idle except the monitoring ch
Hi Latitude!
Short answer: I think 2s delay is not possible in a distributed system
with many global distributed slaves and limited ressources.
Long answer: It all depends on how much money you have and time in
setting up such a service - long comments inline.
Am 07.03.2018 um 07:10 schrieb
This time with log file attached
Thanks
Klaus
Am 23.04.2018 um 14:55 schrieb Klaus Darilion via bind-users:
> Hi all!
>
> Upgrading to Ubuntu 16.04 with Bind 9.10.3 did not solved the problem.
>
> I enabled debug log (trace 2) and query logging. Unless my monitoring
> tr
Am 04.06.2018 um 14:20 schrieb Ict Security:
Hi guys,
we are running a Bind 9.x Server, everything is going fine.
Under particular heavy load mometns, with some hundreds of concurrent
queries coming in, sometime Bing stops answering for some seconds or
answer with important delays.
But, when i
Hi!
named-journalprint dumps the journal without any time information.
Does the journal include time information? (Timestamp of add/del)
If yes, can I somehow extract the timestamps?
thanks
Klaus
___
Please visit https://lists.isc.org/mailman/listinfo
Hi Anand!
Am 09.07.2018 um 14:04 schrieb Anand Buddhdev:
On 09/07/2018 13:50, Klaus Darilion wrote:
Hi Klaus,
named-journalprint dumps the journal without any time information.
Does the journal include time information? (Timestamp of add/del)
If yes, can I somehow extract the timestamps
What is an "extraordinarily large zone transfer"? We do have regularly
AXFR and IXFRs around 2GB. Is this "extraordinarily large"?
regards
Klaus
Weitergeleitete Nachricht
Betreff: Operational Notification: Extremely large zone transfers can
result in corrupted journal file
Hello!
We have a problem with Bind [2] during incoming IXFR. When there is a
huge IXFR (ie 1,8GB tranferred in 15minutes [1]), the response time
heavily increases. Using dsc's newest "Reponse Time Indexer" we clearly
see that Bind answers slow:
Response Time normal during
Window
Am 25.04.2019 um 14:10 schrieb Martin Meadows via bind-users:
Wondering if anyone is aware of a max file size or max number of lines
that a given BIND zone file can contain?
IF you use a journal, things may get complicated if your journal is over
2G: https://kb.isc.org/docs/aa-01627
regar
Am 20.05.2019 um 20:16 schrieb Ict Security:
How could i increase the number of socket on a single IP address,
since Bind is working perfectly on the secondary address,
when the first one is stucked?
If the incoming traffic is bursty it may happen that the receive queue
of the socket is full a
Am 21.05.2019 um 22:31 schrieb Ict Security:
Under heavy load, Bind becomes extremely load above a certain number of
Qps but, if i query an alias IP address (where normally queries don't
arrive), Bind answers immediately.
btw - how high is the "extremely load"?
Klaus
_
Hi!
I wonder how Bind as master handles IXFR when the requested IXFR would
be much than the AXFR. (For example: if you change the NSEC3 salt).
Are there some mechanisms to detect such a situation and trigger a
fallback to AXFR or will Bind always perform IXFR?
thanks
Klaus
PS: AFAIK the max jou
Hi Tony!
Am 12.07.2019 um 13:00 schrieb Tony Finch:
> Yes, that is curious. Are you sure it isn't actually doing an
> IXFR-flavoured AXFR of the whole zone, rather than a delta?
We have a setup with severals Bind in a row:
hidden master
customer
(software unknown)
|
|
V
o
Hello!
BIND 9.12.2-P2, max-journal-size 1m;
What does the log message "journal file is out of date: removing journal
file" exactly mean? Is it somehow problematic?
I have bind as bump in the wire signer, and regularly problems with slow
zone updates for a specific zone which often, almost every
Hi Tony!
Am 31.07.2019 um 12:44 schrieb Tony Finch:
> Klaus Darilion wrote:
>>
>> What does the log message "journal file is out of date: removing journal
>> file" exactly mean? Is it somehow problematic?
>
> After loading a zone, named discovers the seri
Am 12.09.2019 um 17:39 schrieb Roberto Carna:
Hi people, is it possible to setup BIND in order to implement GSLB
(Global Service Load Balancing) between two sites ?
I need a near Active-Active scenario between two datacenters in
different locations, and I want to do this with an open source so
Hello Niels!
Thanks for bringing this to attention. I have reported it before [1][2]
without response.
We see this regulary. AFAIS it happens actually always, but if the IXFR
is small, the performance decline is so short that you usually won't
notice it.
The bigger the zonechange ie NSEC3 change
Am 21.01.2020 um 16:40 schrieb Ondřej Surý:
> We are currently investigating performance degradation related to big IXFRs.
> Do you use ixfr-from-differences in your BIND configuration? You could try
> enforcing AFRX on salt change.
>
> This is currently tracked as
> https://gitlab.isc.org/is
Yes it does. I guess all name servers offer a command to force a transfer of
the zone without checking the serial. The ones I use support that:
Bind: rndc retransfer
NSD: nsd-control force_transfer
PowerDNS: pdns_control retrieve
Knot: knotc zone-retransfer
regards
Klaus
> -Ursprünglich
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Bob
> Harold
> Gesendet: Freitag, 24. Februar 2023 19:26
> An: bind-users
> Betreff: DNS DDoS protection
>
> Before answering this question, can you tell me the proper place where I
> should be asking this question?
>
> "We ar
Hello!
I always was quite sure that Bind will request XFR from the Primary that sent
the NOTIFY.
config:
masters {
X.X.X.4;
X.X.X.20;
};
Bind Version 9.11.5.P4+dfsg-5.1+deb10u8
But I just saw this in the logs that the first NOTIFY is received from .20, but
AXFR is perf
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Mark
> Andrews
> Gesendet: Donnerstag, 9. März 2023 21:04
> An: Jan-Piet Mens
> Cc: bind-users@lists.isc.org
> Betreff: Re: Correlation between NOTIFY-Source and AXFR-Source
>
> Named just uses the notify to trigger an early re
Hi!
root@cc-tld-sbg1:/var/log/tld-acct-by-customer# dpkg -l|grep bind9
ii bind9 1:9.18.6-1+ubuntu22.04.1+isc+1
amd64Internet Domain Name Server
Please help me debugging this issue: We have a TLD zone with ~3mio delegations
and updates every f
>
> https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-notify-rate
Will that feature throttle Notifys or stop them completely for some minutes?
Thanks
Klaus
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developmen
> > On 24. 3. 2023, at 14:36, Klaus Darilion via bind-users us...@lists.isc.org> wrote:
> >
> > Is there some rate liming in Bind?
>
> https://bind9.readthedocs.io/en/stable/reference.html#namedconf-
> statement-notify-rate
For the records: Increasing the n
There are several tools with different features and behavior. I would take
alook at dnsperf, kxdpgun and flamethrower
regards
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von
> sami.ra...@sofrecom.com
> Gesendet: Mittwoch, 21. Juni 2023 17:59
> An: bind-users@lists.isc.org
>
several XFRs are
equally fast?
Thanks
Klaus
--
Klaus Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020 Salzburg, Austria
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
Hi Petr!
> > For example, there are 8 secondaries (Mumbai, LosAngeles, Melbourne,
> > Atlante, SaoPaulo...) to which the XFR took 2361 seconds.
> >
> > Are there some mechanisms in Bind that put multiple XFRs together into
> a
> > common stream? Or do you have any other ideas how it come that seve
Hi all!
I also know a colleague which was hit by the same issue, causing problems to
their zone.
Migrating from auto-dnssec to dnssec-policy can lead to operational issues. For
example that problem with different algos should be mentioned in
https://kb.isc.org/docs/dnssec-key-and-signing-p
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Carsten
...
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9 would
> report steps it would do because of "dnssec-policy", but will not execute the
> changes.
If this Bind9 is only a hidden primary, disable all
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Arsen
> STASIC
> Gesendet: Donnerstag, 21. März 2024 08:47
> An: Petr Špaček
> Cc: bind-users@lists.isc.org
> Betreff: Re: Crafting a NOTIFY message from the command line?
>
> * Petr Špaček [2024-03-20 09:32 (+0100)]:
> > On 1
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Jan
> Schaumann via bind-users
> Gesendet: Dienstag, 26. März 2024 14:44
> An: bind-users@lists.isc.org
> Betreff: Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
>
> Karl Auer wrote:
> > I'm puzzled by the C
qps we see
it more often.
Before I dig into the problem, are there any specific changes to 9.20 that I
should look at? Maybe some default value changes for socket buffers, thread
handling ...?
Thanks
Klaus
--
Klaus Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020
Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020 Salzburg, Austria
From: Ondřej Surý
Sent: Wednesday, September 4, 2024 7:23 PM
To: Klaus Darilion
Cc: bind-users@lists.isc.org
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Klaus,
is that recursive or authoritative
/lib/x86_64-linux-gnu/libuv.so.1.0.0
#3 0x7b8cec5177fe - 1 - /usr/lib/x86_64-linux-gnu/libuv.so.1.0.0
#4 0x7b8ceb49ca94 - 1 - /usr/lib/x86_64-linux-gnu/libc.so.6
#5 0x7b8ceb529c3c - 1 - /usr/lib/x86_64-linux-gnu/libc.so.6
--
Klaus Darilion, Head of Operations
nic.at GmbH, Jakob
I just happened again. I have not yet installed the debug symbols.
I query the SOA every second with 1 second timeout. Here are the traces. I
happened a few times in a row.
Below are the traces.
I noticed the timeout happened during Bind9 starting an inbound IXFR:
Sep 06 07:20:55 named[1605200]
1 - 100 of 143 matches
Mail list logo
