Re: named-checkconf error

2008-12-08 Thread Chris Thompson 

On Dec 7 2008, Mark Andrews wrote:


named-checkzone calls getaddrinfo() to lookup addresses of servers
which are not in the zone.  That lookup has failed.

For a start I would fix this delegation error.  The NS RRset on both
sides of the delegation should be the same.

capmark.com.172800  IN  NS  ns1.gmaccm.com.
capmark.com.172800  IN  NS  ns2.gmaccm.com.
;; Received 116 bytes from 192.42.93.30#53(G.GTLD-SERVERS.NET) in 175 ms

quarantine1.capmark.com. 7200   IN  A   216.83.188.21
capmark.com.86400   IN  NS  ns1.capmark.com.
capmark.com.86400   IN  NS  ns2.capmark.com.
;; Received 125 bytes from 216.83.188.8#53(ns1.gmaccm.com) in 227 ms


It seems rather unlikely that this has anything to do with the OP's problem,
as the IP addresses of ns{1,2}.gmaccm.com and ns{1,2}.capmark.com are the
same, i.e. 216.83.188.{8,9}, in the glue as well as in the zones.

But technically, of course, Mark is right: you ought to fix this
(for gmaccm.com as well as for capmark.com).

In message [EMAIL PROTECTED], Steve Shockley wrote:

I'm running BIND 9.4.2 on OpenBSD 4.3.  I'm getting some errors with 
named-checkconf I don't really understand.  I'm running:


named-checkzone -t /var/named capmarksecurities.com 
/master/db.capmarksecurities.com


and I get:

zone capmarksecurities.com/IN: getaddrinfo(quarantine1.capmark.com) 
failed: non-recoverable failure in name resolution

[etc.]
This appears to happen with all zones with MX records that are in a 
different zone.  The zone loads and seems to work as expected.  What's 
going wrong?


Something is wrong with the configuration of the host on which you
ran named-checkzone. Either its resolver configuration is screwed,
or getaddrinfo() isn't getting as far as using the resolver. Can
you do host address lookups at all there?

You can suppress the check by using -i local on named-checkzone
(see the man page). But it would be better to fix the configuration
problem, of course.

--
Chris Thompson
Email: [EMAIL PROTECTED]

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Round robin DNS and only one record?

2008-12-08 Thread Dustin Lovell 
Greetings all. Is it possible to set up BIND in such a way that if there are 
multiple A-records for a specific host, instead of returning all of them in 
response to a request and only changing the order with every second request, 
the server only returns one A-record, and varies that A-record with every 
second request?

A little background: I am preparing to retire an aging load-balancing appliance 
which does dynamic load balancing based on various criteria. In any given 
response to a request for an A-record, only one IP address is returned, thus:

;; ANSWER SECTION:
foo.test.com. 86400  IN  A   192.168.1.10

With every other request, the IP varies.

BIND's default behavior is to hand out both IPs, thus:

;; ANSWER SECTION:
foo.test.com. 86400  IN  A   192.168.1.10
foo.test.com. 86400  IN  A   192.168.1.11

With every other request, the IPs' order changes.

Certain browsers hitting our web application don't like having two A-records 
handed to them (I'm still in the process of figuring out why), and much prefer 
the first example above. We have two geographically dispersed locations, and 
too much traffic to realistically concentrate all of it to just one of the 
locations at present. Our load-balancer is near death, and I'm scrambling to 
replace it. I'm prepared to deal with the disaster-recovery scenario in which 
one of our locations becomes unavailable. My main objective is to replicate the 
behavior of our existing load balancer from the point of view of the end user, 
but ignore the dynamic aspect of it and use BIND to handle DNS.

Any help or advice would be greatly appreciated.

Best regards,
Dustin Lovell
America First Credit Union

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Round robin DNS and only one record?

2008-12-08 Thread Barry Margolin 
In article [EMAIL PROTECTED],
 Dustin Lovell [EMAIL PROTECTED] wrote:

 Certain browsers hitting our web application don't like having two A-records 
 handed to them (I'm still in the process of figuring out why), and much 
 prefer the first example above.

Really?  So these browsers can't access www.google.com, which has four A 
records?

I don't think BIND can be forced to return only one A record at a time 
without code changes.  Why don't you replace your aging load balancer 
with a new load balancer?

-- 
Barry Margolin, [EMAIL PROTECTED]
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users