Re: Performance tuning
I see no problems. [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig www.kentlaw.iit.edu ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 <<>> www.kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54160 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.kentlaw.iit.edu. IN A ;; ANSWER SECTION: www.kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 847 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:23:46 2012 ;; MSG SIZE rcvd: 53 *real0m0.854s* user0m0.000s sys 0m0.008s [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig kentlaw.iit.edu ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 <<>> kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39163 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;kentlaw.iit.edu. IN A ;; ANSWER SECTION: kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 780 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:24:11 2012 ;; MSG SIZE rcvd: 49 *real0m0.799s* user0m0.004s sys 0m0.016s [ec2-user@domU-12-31-39-06-2E-64 ~]$ Hope that helps. regards Saludos.- Leonardo Santagostini <http://ar.linkedin.com/in/santagostini> 2012/11/26 Chuck Swiger > Hi-- > > On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: > > The report must also address these two specific questions: > > > > • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.eduin > > any browser? > > • What happens if we remove the forwarders option from named.conf? > > I can't duplicate the issue in Q1 and I'm trying to determine a way of > testing Q2. > > Q1 isn't related to DNS performance; both of the names you mention resolve > to the same IP address via an A record. There wasn't a significant > difference in response time I saw by loading the webpages (both took ~1.3 s > per curl), but one likely could improve webserver performance by running > Apache, nginx, or almost anything else instead of than Microsoft's IIS. > > The domain seems to be missing A records for your nameservers, however: > > http://www.dnsvalidation.com/reports/50b3b5167d79ee02b826 > > As for Q2, it depends on whether the nameservers you are pointing to do > better in caching queries then your local nameservers would doing recursive > lookups for themselves. If the local nameservers have poor connectivity > compared to the forwarders, maybe, otherwise it's probably not helpful to > use forwarders. > > Regards, > -- > -Chuck > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
Hello everybody. I have puppet running in my infraestructure and works like a charm. By the way, im using named+dlz and i really have forgotten about zone files tranfer and things like that. Hope that help, Kind regards, Leonardo Santagostini 2013/1/3 Warren Kumari > > On Jan 3, 2013, at 6:06 AM, Joerg Stephan wrote: > > > Hi all, > > > > > > we are currently using PowerDNS on our 12 Nameservers. Now we are > thinking about a migration to bind. > > > > So we are seeking a way to distribute the named.conf.x for the several > zonfiles. Currently this is solved by powerdns via mysql replication. Is > there any tool in bind we could use. Generating the conf file and syncing > via ssh/rsync is discussed on our side, and we hoped that there is a > "nicer" way. > > Yup, have a look at Puppet. > > For the first while it will seem like way way more work than it is worth > (and the whole declarative language bit makes my head hurt) but after > investing a few hours getting things setup you'll wonder how you ever > managed without it… > Deploying a new server (or configs, etc to a bunch of servers) suddenly > becomes trivial... > > > > > Many registrys are testing the dns server if the zone is available > during the registration. Genrating the new files via cron would cause the > registration to fail. > > > Setup Puppet to distribute the file, and then have an exec action that > does: > rndc addzone example.com '{type master; file "master/example.com"; };' > > on master(s) and: > rndc addzone example.com '{type slave; master 192.0.2.1; };' > on devices that you have told Puppet are slaves. > > After investing the time you'll wonder how you ever managed >2 boxes > without it… > > More more info on Puppet at: > http://puppetlabs.com/puppet/puppet-open-source/ and > http://docs.puppetlabs.com/learning/ > > W > > > > > > > Regards > > > > Jörg > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > "I think perhaps the most important problem is that we are trying to > understand the fundamental workings of the universe via a language devised > for telling one another when the best fruit is." --Terry Prachett > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: spf ent txt records.
Hello Hugo, You can try looking at your zone files for SPF records and/or TXT containing spf stuff. You con implement SPF records as you wish. Maybe you can take a look at: http://www.zytrax.com/books/dns/ch9/spf.html Saludos / Regards Leonardo Santagostini <http://ar.linkedin.com/in/santagostini> 2013/3/13 hugo hugoo > Dear all, > > > > I received the following question and I am not able to aswer as spf > records are still mysterious to me. > > We are using BIND 9.7. > > > > Thanks in advance for your answers, > > > > Hugo, > > > > > > > > Does our DNS-server support SPF-type records? Or do we put SPF-info in a > TXT-record?** > > ** ** > > *Ref. : > *Early implementations used TXT > records<http://en.wikipedia.org/wiki/TXT_record>for implementation before the > new record type was commonly available in DNS > software. Use of TXT records for SPF was intended as a transitional > mechanism. However, according to the current RFC, RFC > 4408<http://tools.ietf.org/html/rfc4408>, > section 3.1.1, "An SPF-compliant domain name SHOULD have SPF records of > both RR types. A compliant domain name MUST have a record of at least one > type," and as such, TXT record use is not > deprecated.[2]<http://en.wikipedia.org/wiki/Sender_Policy_Framework#cite_note-2> > > > ** ** > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users