[Solved] was: what does dig +trace do?

#23297] So I only have to update to the new version of named and dig +trace will work. :-) Original-Nachricht > Datum: Wed, 31 Aug 2011 17:36:46 +0200 > Von: "Tom Schmitt" > An: bind-users@lists.isc.org > Betreff: Re: RE: what does dig +trace do? >

[UNsolved] was: what does dig +trace do?

I spoke too soon :-( > > I think I found the reason why dig +trace always failed with a timeout. > From the announcement of Bind 9.8.1 from earlier today: > > * If the server has an IPv6 address but does not have IPv6 >connectivity to the internet, dig +trace could fail attempting

Re: [UNsolved] was: what does dig +trace do?

r deleting the searchsuffix in resolv.conf, dig +trace is working fine without any error. In my oppinion it's a bug that dig +trace behave in a differrent way than doing the queries with dig one by one. Tom. -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!

Re: [UNsolved] was: what does dig +trace do?

> > In my case, dig is asking for the nameservers of the root-zone and is > > getting the answer: > > . IN NS root1 > > . IN NS root2 > > etc > > > > Next dig is asking for the A-record of root1. And here is the > > differrence: > > > > If I do "dig root1" dig is asking exactly this, it is ask

Re: [UNsolved] was: what does dig +trace do?

> "dig +trace" calls getaddrinfo() and that needs to be able to resolve > the hostname (without dots at the end). getaddrinfo() is called > so that we don't have to have a full blown iterative resolver in > dig. > I see. So no way to solve this one in dig itself. > The Internet moved from bei

updating Bind made it slower

2000, for my faster servers I have no old servers to compare the numbers). Is this a knwon issue with the newer versions of named? Is there something I can do about it to tweak the numbers? Tom. -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informie

Re: updating Bind made it slower

> > I just updated a couple of my DNS-servers from the rather old version > > 9.4.1 to a newer version 9.8.0-P4. > > > > After this I have problem with outages. Looking into it, I found that > > the time for a "rndc reload" has nearly doubled! > > This has been pointed out to me before; do you re

Re: updating Bind made it slower

new zones and then trigger a "rndc reload" to make this new config activ. This process is now taking much more time, leading to outages in the DNS-service :-( I'll try to replace it with rndc reconfig. Not sure if this really is sufficient. Tom. -- Empfehlen Sie GMX DSL Ihren

Re: updating Bind made it slower

> In this case "rndc reconfig" should be sufficient. This command tells > BIND to re-read config file and load all new zones without touching > any previously loaded zones. This was my understanding (after reading the text from rndc) as well. But to my surprise: I tested "rndc reload" against "r

Re: allow-transfer not covering ixfr requests?

> > The odd part is that both NS3 and NS4 weren't able to request ixfr > transfers. > Shouldn't allow-transfer cover these kind of transfer requests as well? > First: Do you have statements "provide ixfr;" and "request ixfr;" in your config? Second: To do a ixfr a server is first sending a

Re: updating Bind made it slower

> > I have not the slightest clue why, I had suspected that rndc reconfig > > would be much faster, especially is there is no altering in the > > config at all. > > > How are you testing this? > > 'time rndc reconfing'? Yes. > Or do you stop answering queries and time that? No. > How l

Re: updating Bind made it slower

> > Why not try the latest version, really? Pick a test host. Install > 9.8.1+. > Time it again. Then let's talk. Such things take time. Did it now, but it didn't changed anything. It seemes that the performance optimization (which is mentioned in the releasenotes for startup) doesn't affec

Defense against a client?

other ways to achive this? How do you guys do this? Tom. -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone ___ Please visit https://lists.isc.org/mailman/listinfo

Re: Defense against a client?

Original-Nachricht > Datum: Mon, 16 Jan 2012 11:49:46 +0100 > Von: Roel Wagenaar > Betreff: Re: Defense against a client? > > In this case iptables is your friend. > > One of my solutions is partly based on this: > > http://codingfreak.blogspot.com/2010/01/iptables-rate-limi

Problem with rndc

rrect rndc and the version is 9.6.1-P1. Can anyone give me a hint what I'm doing wrong? Thanks, Tom. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ bind-users mailing

Views on differrent interfaces

from the second view no matter what the source IP is. Please tell me that this is easy :-) Tom. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ bind-users mailing list

Re: Views on differrent interfaces

drews > An: "Tom Schmitt" > CC: bind-us...@isc.org > Betreff: Re: Views on differrent interfaces > > match-destination. > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma.

Re: bind says 'clocks are unsynchronized' but they are not

> > The problems seems to occur mostly on zone transfers that take a long > time (ie. hours). > HOURS?? There is defnitly something wrong. I cannot imagine a zone so big or a connection so slow that a zonetransfer could take hours. Or do you make a axfr of the tld com. over a seri

Re: ACL for forward zone

The syntax for a forward zone is: zone domain_name [ ( in | hs | hesiod | chaos ) ] { type forward; [ forward ( only | first ); ] [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ] [ check-names ( warn | f

Behavior of a slave to a NOTIFY

What would delay a slave responding to a notify? More importantly, what would delay a slave from transferring a zone after verifying the master's serial for the zone is newer than the serial the slave has? I've looked over the bug fixes as accumulated by the latest revisions for the 9.[2-7].x

Bind DNS servers: can they coexist with httpd and mail servers?

, -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

On Wed, Jul 19, 2017 at 05:42 Reindl Harald wrote: > Am 19.07.2017 um 12:37 schrieb Tom Browder: > > I want to host my own DNS servers, but I need the master to share Bind > > with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. > besides th

Re: Bind DNS servers: can they coexist with httpd and mail servers?

ng > NS, but if you need to run BIND anyway I meant to say I intend to run as an authoritative DNS server for my personal domains. I assume Reindl's answer is still valid. BTW, anything special I need for the bind service file? Thanks, John -Tom __

Systemd bind9.service file?

How does one install bind9 from source and set it up to work with systemd? I copied a bind9.service file from a Debian 9 package installation but I think it's more complicated than that. Thanks. -Tom ___ Please visit https://lists.isc.org/ma

Re: Systemd bind9.service file?

On Fri, Jul 21, 2017 at 3:46 PM, Tom Browder wrote: > How does one install bind9 from source and set it up to work with systemd? > > I copied a bind9.service file from a Debian 9 package installation but > I think it's more complicated than that. Sorry, I should have looked a

Re: Systemd bind9.service file?

On Sat, Jul 22, 2017 at 04:06 Alberto Colosi wrote: > as just said inside previous mail > > ever if you edit some , you should understand > Thanks for your help and good links, Alberto. -Tom ___ Please visit https://lists.isc.org/mail

Need DNS records help for single server (and IP), and multi-domain mail server.

ain look look appropriate: # For each domain X.TLD: X.TLD. INA 142.54.186.2. *.X.TLD.IN CNAME X.TLD. X.TLD. INMX 10 142.54.186.2. X.TLD. INTXT "v=spf1 mx -all" Thanks. With

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

t have an SOA record, or NS records. Those are also required, I should have been a little clearer about the DNS server: I'm using Namecheap so some things like SOA and NS records are done using their entry form. I'll change the MX record. Thanks, Dan! -Tom

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

On Wed, Aug 23, 2017 at 3:01 PM, wrote: > MX records cannot point to an IP address. try this: > > x.tld MX 10 x.tld. Thanks, William! -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

On Wed, Aug 23, 2017 at 2:54 PM, Alan Clegg wrote: > MX record needs a name and not an IP address. Beyond that, seems fine. Thanks, Alan. -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list b

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

On Wed, Aug 23, 2017 at 2:58 PM, John Miller wrote: > Hi Tom, > > You'll want to change your MX records to point to the name, rather > than the IP, of your mail server. Note that your MX target does _not_ > have to be in the same domain as the one it's serving mail for.

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

On Wed, Aug 23, 2017 at 2:28 PM, Tom Browder wrote: ... > I have a single remote server with one IP address (142.54.186.2) I am using > it to host multiple, independent domains. I am working on configuring a > single postfix instance to serve mail for all domains (assuming I can >

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

On Wed, Aug 23, 2017 at 17:25 Alan Clegg wrote: > Now you broke the A record. Get rid of the trailing dot. > Done. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@li

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

th bind. But that is down the road a bit. This a hobby and I can only put so much time in with each kitchen pass! Thanks. -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing lis

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

IN TXT "v=spf1 mx -all" Thanks, Matus. -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

DNSSEC validation option in BIND 9.10

Hi people, I have two BIND 9.10.3 servers with DNSSEC validation enabled, one in one client and the other in another client. Both BIND have the same configuration lines relative to DNSSEC validation: dnssec-validation auto; dnssec-enable yes; and both has the current and future key in bind.keys.

Can I use multi-purpose servers for authoritative bind dns servers?

purpose? If they are usable, is it preferable to have a unique IP instead of sharing with other services? Thanks, and Happy New Year! -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: Can I use multi-purpose servers for authoritative bind dns servers?

On Sat, Jan 5, 2019 at 10:06 Warren Kumari wrote: > On Sat, Jan 5, 2019 at 7:06 AM Tom Browder wrote: > >> I have two remote servers: (1) one with one >> > ... > Question: Can I use one or both servers as authoritative bind dns servers, >> or should I get one or

Error: already exists previous definition

"; notify no; }; I will appreciate greatly if someone could offer any advise or idea as to what's exactly causing such errors? Thanks vert much. Regards, Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Error: already exists previous definition

Hi No, there's no duplicated directives in the zone file. For example, here's the zone for another domain with the same error and here are the only directives: $ORIGIN   x.com. $TTL   3600 Tom At 20-07-2012 09:56 PM +0100, Tony Finch wrote: On 20 Jul 2012, at 21:40, Active Ven

Re: How can I launch a private Internet DNS server?

t > Ale Is it not a requirement to have at least two authoritative name servers? I believe all TLDs require at least two name servers but I must be mistaking as no one pointed this out yet. Regards, Tom ___ Please visit https://lists.isc.org/mailman

Re: [External] Re: How can I launch a private Internet DNS server?

Having at least two name servers is not a requirement by the RFC standards but which TLD allows for only one NS server to be given when hou register a domain? On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote: > On 11/7/2020 10:15 AM, Reindl Harald wrote: > > > https://tools.ietf.org/html/rfc1

Re: [External] Re: How can I launch a private Internet DNS server?

Thank you for your valuable feedback. It is much appreciated. On Fri, 20 Nov 2020 at 19:37, Reindl Harald wrote: > > Am 08.11.20 um 14:44 schrieb Timothe Litt: > > > I'm amazed that this thread has persisted for so long on this list of > knowledgeable people > > > me too, i would understand that

Re: Abour RRL and Best Practise

eaning "no limit" (see the ARM for version 9.16.8 on page 73). [1]: https://kb.isc.org/docs/aa-00994 [2]: https://conference.apnic.net/data/37/apricot-2014-rrl_1393309768.pdf Best regards, Tom On Fri, 27 Nov 2020 at 08:00, Onur GURSOY wrote: > > Hello Everyone, > > Bind9

Re: BIND through COPR after CentOS

Hey all, Just wondering here, why switching from CentOS to Debian or building BIND from sources? What is wrong with migrating to CentOS Stream? Why would that be so much worse than using Debian? Regards, Tom On Sat, 19 Dec 2020 at 00:25, G.W. Haywood via bind-users < bind-users@lists.isc.

resolv.conf question / timeout behaviour

Hi, at my work place we have a three resolver setup in /etc/resolv.conf. We had sometimes, though rarely, response times for DNS like 14000ms, due to the fact that the *first* listed resolver is down for maintenance reasons. The application we test this with is Oracle/TNSPing. As a mitigation we

RE: netstat showing multiple lines for each listening socket

I observe the same behaviour. I have similar output for TCP/53 on the loopback and public IP addresses. The IP addresses and port numbers are the same, but the fd (file descriptors?) are different. I assumed different threads of the same process. # named -V | grep ^BIND BIND 9.18.26 (Extended S

RE: netstat showing multiple lines for each listening socket

:39:02 /usr/local/sbin/named -U4 -u named -c /usr/local/etc/namedb/named.conf I am still in the process of figuring out my predecessor's custom setup... -Oorspronkelijk bericht- Van: Thomas Hungenberg Verzonden: dinsdag 9 juli 2024 14:52 Aan: Lee ; Tom Marcoen (EXT) ; bind-

<    1   2