Re: Zone transfer using TSIG

Carlos, zone "example.com" { ... allow-transfer { key hostA-myserver.key; }; ... }; and in our environment, I have the key files readable only by the user that named is running as, then use something like: include keys/tsig_key_file.key in named.conf so that the named.conf file can remain read

Re: Zone transfer using TSIG

Forgot to reply all in my corrected answer. On Apr 19, 2012, at 3:09 PM, Carlos Ribas wrote: > Thanks Rich! I completely forgot that I can use the key in the definitions of > master. > > Regards, > > - > Carlos Eduardo Ribas > >

Re: reverse resolution failing

STION SECTION: ;10.184.142.139.in-addr.arpa. IN PTR ;; Query time: 90 msec ;; SERVER: 204.191.11.5#53(204.191.11.5) ;; WHEN: Thu Feb 7 11:49:48 2013 ;; MSG SIZE rcvd: 45 -- Rich Goodson Sr. Unix System Administrator Mediacom Communications 2195 Ingersoll Ave Des Moines, IA 50312 5-710

RE: CVE-2013-2266 Question

John, You do not need to run the configure script again if you're compiling from the same directory you have compiled from previously. Just edit the specified file(s), then run make clean (and it is make clean, not make clear - this removes previously compiled objects from your build direc

RE: Caching server - named process is limit at 500MB

P2.tar.gz tar -xvf bind-9.8.4-P2.tar cd bind-9.8.4-P2 export LD_LIBRARY_PATH=/usr/ucblib/amd64:/lib/amd64:/usr/lib/64:/usr/sfw/lib/64 export CFLAGS="-m64" ./configure --enable-threads --enable-largefile --with-openssl=/usr/local/ssl make su make install /usr/local/sbin/named -V file /u

Re: Rate-limiting - working? How to test?

John, "log-only yes;" is the reason you are not seeing any rate limiting. You are telling your server not to actually do any rate limiting, just to log what it would have done. You didn’t post any more of your named.conf, but I would assume you don’t have any logging set up for rate limiting

Re: DNS passthrough on no explicit result?

Steve, If you must use the same domain for internal names as external, here is one way to do that. On the recursive resolving name server that you use inside your network, also make that server authoritative for the domain name in question. You’ll need to do double-entry for every externally

Re: Answer for a specific host, but recurse for all others within a zone

On your resolver, create a zone called something.xyz.com and only have one entry, an A record for the zone itself. something like this: ---begin something.xyz.com zonefile--- something.xyz.com. in soa ns1.abc.com. hostmaster.abc.com. ( 2014050901 3H 300 2W

Re: Diagnostic help part 2

If named is running and doesn’t respond on the external interface, it’s possible that your listen-on {}; directive is set to only localhost. TCP connections to 205.238.182.102 come back “Connection refused”, so it’s possible that BIND just isn’t listening on the interface or perhaps you’re filt

Re: Config large tuning and out of memory

Is your binary 64 bit, or 32? Rich > On Mar 3, 2015, at 9:54 AM, Job wrote: > > Hello, > > i recompiled Bind 9.10.1-P1 with system large tuning enabled. > I have some hundreds of view (with DLZ) in our system. > > With this feature compiled in, bind does not start: > > Mar 3 16:50:45 cloud0

Re: Config large tuning and out of memory

64 bit version of BIND with your compile time options. -Rich > On Mar 3, 2015, at 10:05 AM, Job wrote: > > Hello Rich, > we are on 32 bit system, CentOS 5.2 > > Thank you > > ________ > Da: Rich Goodson [rgood...@gronkulator.com]

Re: DNS Negative Caching

I have a feeling that the discussion regarding SOA fields didn’t really answer your question, Harshith. Yes, negative results (NXDOMAIN) are usually cached for the amount of time specified in the last field of the SOA. This field was originally named “Minimum”, but is since used for NXDOMAIN TT

Re: Secondarying DLZ zones

Robert, Try setting the “Refresh” value in your SOA record to 3600. RFC1912 recommends refresh values between 1200 and 43200. If notify messages are not working, I’d set it to 20 or 30 minutes, myself. if the zone is unchanged, all it costs you is one SOA query by the slave. Just make sure

Re: New IP for Auth Servers

Teresa, Here are the out of zone glue records for mcomdc.com (note the query to a.gtld-servers.net , one of the authoritative servers for the com zone): rgoodson@bcn-rgoodson1 ~ $ dig @a.gtld-servers.net ns1.mcomdc.c

Re: Multiple queries for same host

Alex, These queries in your logs (at least the ones you’ve sent as examples) are not identical. Sometimes stub resolvers will rapid-fire queries at an iterative resolver for the same record, but that doesn’t appear to be happening in this case. These queries are just for very similar looking

Occasional problems resolving from capitalone.com

T) in 130 ms www.capitalone.com. 120 IN CNAME www.wpex.capitalone.com. wpex.capitalone.com.3600IN NS ns2-mockingbird.wpex.capitalone.com. wpex.capitalone.com.3600IN NS ns1-cardinal.wpex.capitalone.com. ;; Received 148 bytes from 199.244.214.10

Re: Assertion Failure

I had the same issue on one of my caching resolvers just yesterday for the first time. This is one of the lowest utilized servers out of 6 that are all on identical hardware and identical versions of BIND (9.4.3). Jan 14 17:46:38 wdmdc-dns-dts2 named[1415]: [ID 873579 daemon.crit] name.c

rndc halt -p behavior

The behavior of 'rndc halt -p' appears to be different from the documentation. According to the BIND 9.4 ARM rndc section: halt [-p] Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal

Re: rndc halt -p behavior

the new one is free to grab the port and start answering queries while the old one simply cleans up after itself, memory-wise. -rich On Jan 21, 2009, at 5:00 PM, Mark Andrews wrote: In message <2971f259-4897-48f8-b418-2f7599075...@gronkulator.com>, Rich Goodson writes: The behav

Re: rndc halt -p behavior

ore I start acting like a jackass (or more of one). -rich On Jan 21, 2009, at 6:05 PM, Alan Clegg wrote: Rich Goodson wrote: If -p is specified named's process id is returned. This allows an external process to determine when named had completed halting. Whether named is still answeri

Re: rndc halt -p behavior

ake my living as a technical writer. -rich On Jan 21, 2009, at 7:14 PM, Jeremy C. Reed wrote: On Wed, 21 Jan 2009, Rich Goodson wrote: And I'm expected to know this, how? (incidentally, I added a 'wait' statement to my script after I discovered this behavior). This behavi

Re: rndc halt -p behavior

I wasn't talking about (or even really looking at, at the time) the output of rndc -help. I was originally discussing the description in the Administrators Reference Manual for Bind 9.4. -rich On Jan 23, 2009, at 1:45 AM, Doug Barton wrote: Niall O'Reilly wrote: On Wed, 2009-01-21 at 1

Re: my DNS not resolving

$ whois jatec.us --snip-- Domain Status: inactive Name Server: ICEMAN.JATEC.US --snip-- Domain Registration Date:Fri Oct 03 21:05:39 GMT 2008 Domain Expiration Date: Fri Oct 02 23:59:59 GMT 2

Re: BIND still will not resolve

just at a glance I see a problem in your zone file: IN NS iceman.jatecus. ; The DNS server your NS record has jatecus as a TLD via you missing a . between jatec and us. same in your SOA for the reverse. @ IN SOA iceman.jatecus. ro

Re: question about thehartford.com domain

Info at the authoritative servers doesn't match the glue records. We see this all the time on our recursive resolvers. rich-goodsons-computer:~ rgoodson$ dig +norec @ns1.thehartford.com thehartford.com NS ; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec @ns1.thehartford.com thehartford.com NS ; (1 server

Re: multi-named instance exist?

quot;issue" that Solaris has, but that's a whole different mailing list, right there. -Rich Goodson Sr. Unix Admin Mediacom Communications On Mar 26, 2009, at 1:02 AM, Doug Barton wrote: dev_n...@zoho.com wrote: If named is invoked successfully on startup, then the contents of the

Re: root and in-addr.arpa zone transfers

192.33.4.12;// C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. }; notify no; }; Rich Goodson Sr. Unix Administrator Mediacom Communications On Sep 9, 2009, at 1:23 AM, Michael Monneri

Re: root and in-addr.arpa zone transfers

, but it seems to work well for what I use it for. -rich On Sep 10, 2009, at 8:16 PM, Joseph S D Yao wrote: On Thu, Sep 10, 2009 at 11:27:27AM +0200, Michael Monnerie wrote: On Mittwoch 09 September 2009 Rich Goodson wrote: zone "." { zone "arpa" { zone "in-addr.arpa&

Re: no more recursive clients: quota reached

Those are the items I'd look at, but it could be that I'm biased by recently being burned by networking :-) -- Rich Goodson On Mar 24, 2010, at 9:41 AM, Oliver Henriot wrote: > Dear list users, > > I'd like to understand a point about quotas on recursive clients quotas

Re: Can i set up bind9 with dynamic ip?

Setting up a recursive resolver for your own use on a dynamic IP is easy, just don't specify an IP address to bind to in your named.conf file, and named will listen on all interfaces. An authoritative zone or zones on a dynamic IP address is a whole other set of challenges. -Rich Goodso