Re: Performance tuning

2012-11-26 Thread Leonardo Santagostini 
I see no problems.

[ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig www.kentlaw.iit.edu

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 <<>> www.kentlaw.iit.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54160
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.kentlaw.iit.edu.   IN  A

;; ANSWER SECTION:
www.kentlaw.iit.edu.86400   IN  A   64.131.119.9

;; Query time: 847 msec
;; SERVER: 200.51.197.187#53(200.51.197.187)
;; WHEN: Mon Nov 26 19:23:46 2012
;; MSG SIZE  rcvd: 53


*real0m0.854s*
user0m0.000s
sys 0m0.008s
[ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig kentlaw.iit.edu

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 <<>> kentlaw.iit.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39163
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;kentlaw.iit.edu.   IN  A

;; ANSWER SECTION:
kentlaw.iit.edu.86400   IN  A   64.131.119.9

;; Query time: 780 msec
;; SERVER: 200.51.197.187#53(200.51.197.187)
;; WHEN: Mon Nov 26 19:24:11 2012
;; MSG SIZE  rcvd: 49


*real0m0.799s*
user0m0.004s
sys 0m0.016s
[ec2-user@domU-12-31-39-06-2E-64 ~]$

Hope that helps.

regards
Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>






2012/11/26 Chuck Swiger 

> Hi--
>
> On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote:
> > The report must also address these two specific questions:
> >
> >   • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.eduin 
> > any browser?
> >   • What happens if we remove the forwarders option from named.conf?
> > I can't duplicate the issue in Q1 and I'm trying to determine a way of
> testing Q2.
>
> Q1 isn't related to DNS performance; both of the names you mention resolve
> to the same IP address via an A record.  There wasn't a significant
> difference in response time I saw by loading the webpages (both took ~1.3 s
> per curl), but one likely could improve webserver performance by running
> Apache, nginx, or almost anything else instead of than Microsoft's IIS.
>
> The domain seems to be missing A records for your nameservers, however:
>
>   http://www.dnsvalidation.com/reports/50b3b5167d79ee02b826
>
> As for Q2, it depends on whether the nameservers you are pointing to do
> better in caching queries then your local nameservers would doing recursive
> lookups for themselves.  If the local nameservers have poor connectivity
> compared to the forwarders, maybe, otherwise it's probably not helpful to
> use forwarders.
>
> Regards,
> --
> -Chuck
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Distribute named.conf

2013-01-03 Thread Leonardo Santagostini 
Hello everybody. I have puppet running in my infraestructure and works like
a charm.

By the way, im using named+dlz and i really have forgotten about zone files
tranfer and things like that.

Hope that help,

Kind regards,

Leonardo Santagostini




2013/1/3 Warren Kumari 

>
> On Jan 3, 2013, at 6:06 AM, Joerg Stephan  wrote:
>
> > Hi all,
> >
> >
> > we are currently using PowerDNS on our 12 Nameservers. Now we are
> thinking about a migration to bind.
> >
> > So we are seeking a way to distribute the named.conf.x for the several
> zonfiles. Currently this is solved by powerdns via mysql replication. Is
> there any tool in bind we could use. Generating the conf file and syncing
> via ssh/rsync is discussed on our side, and we hoped that there is a
> "nicer" way.
>
> Yup, have a look at Puppet.
>
> For the first while it will seem like way way more work than it is worth
> (and the whole declarative language bit makes my head hurt) but after
> investing a few hours getting things setup you'll wonder how you ever
> managed without it…
> Deploying a new server (or configs, etc to a bunch of servers) suddenly
> becomes trivial...
>
> >
> > Many registrys are testing the dns server if the zone is available
> during the registration. Genrating the new files via cron would cause the
> registration to fail.
>
>
> Setup Puppet to distribute the file, and then have an exec action that
> does:
> rndc addzone example.com '{type master; file "master/example.com"; };'
>
> on master(s) and:
> rndc addzone example.com '{type slave; master 192.0.2.1; };'
> on devices that you have told Puppet are slaves.
>
> After investing the time you'll wonder how you ever managed >2 boxes
> without it…
>
> More more info on Puppet at:
> http://puppetlabs.com/puppet/puppet-open-source/ and
> http://docs.puppetlabs.com/learning/
>
> W
>
>
>
> >
> > Regards
> >
> > Jörg
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
>
> --
> "I think perhaps the most important problem is that we are trying to
> understand the fundamental workings of the universe via a language devised
> for telling one another when the best fruit is." --Terry Prachett
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: spf ent txt records.

2013-03-13 Thread Leonardo Santagostini 
Hello Hugo,

You can try looking at your zone files for SPF records and/or TXT
containing spf stuff.

You con implement SPF records as you wish.

Maybe you can take a look at: http://www.zytrax.com/books/dns/ch9/spf.html

Saludos / Regards
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>





2013/3/13 hugo hugoo 

> Dear all,
>
>
>
> I received the following question and I am not able to aswer as spf
> records are still mysterious to me.
>
> We are using BIND 9.7.
>
>
>
> Thanks in advance for your answers,
>
>
>
> Hugo,
>
>
>
>
>
>
>
> Does our DNS-server support SPF-type records? Or do we put SPF-info in a
> TXT-record?**
>
> ** **
>
> *Ref. :
> *Early implementations used TXT 
> records<http://en.wikipedia.org/wiki/TXT_record>for implementation before the 
> new record type was commonly available in DNS
> software. Use of TXT records for SPF was intended as a transitional
> mechanism. However, according to the current RFC, RFC 
> 4408<http://tools.ietf.org/html/rfc4408>,
> section 3.1.1, "An SPF-compliant domain name SHOULD have SPF records of
> both RR types. A compliant domain name MUST have a record of at least one
> type," and as such, TXT record use is not 
> deprecated.[2]<http://en.wikipedia.org/wiki/Sender_Policy_Framework#cite_note-2>
> 
>
> ** **
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users