Re: How do i use å ä ö in domain names?
Piero Giobbi schrieb: Hi. This is our scandinavian chars, how do i implement them on our internal server (bind 9.5P1)? thx. p ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Hi P., ever heard of punycode? Google is your friend. There are a lot of tools and howtos to implement such characters. http://en.wikipedia.org/wiki/Punycode Regards Holger SIGNAL Krankenversicherung a. G. Sitz: Dortmund, HR B 2405 AG Dortmund, Ust-IdNr. DE 124906350 IDUNA Vereinigte Lebensversicherung aG fur Handwerk, Handel und Gewerbe Sitz: Hamburg, HR B 2740 AG Hamburg, Ust-IdNr. DE 118617622 SIGNAL Unfallversicherung a. G. Sitz: Dortmund, HR B 2220, AG Dortmund, Ust-IdNr. DE 124906341 SIGNAL IDUNA Allgemeine Versicherung AG Sitz: Dortmund, HR B 19108, AG Dortmund, Ust-IdNr. DE 118617622 Vorstande: Reinhold Schulte (Vorsitzender), Dr. Karl-Josef Bierth, Michael Johnigk, Ulrich Leitermann, Michael Petmecky, Dr. Klaus Sticker, Vorsitzender der Aufsichtsrate: Gunter Kutz SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de, E-Mail: i...@signal-iduna.de 44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund, Telefon: (02 31) 1 35-0, Telefax: (02 31) 1 35-46 38 20351 Hamburg, Hausanschrift: Neue Rabenstra?e 15-19, 20354 Hamburg, Telefon: (0 40) 41 24-0, Telefax: (0 40) 41 24-29 58 begin:vcard fn:Holger Honert n:Honert;Holger org:SIGNAL IDUNA Gruppe;koms-97850 adr;dom:;;Joseph-Scherer-Str. 3;Dortmund;NRW;44139 email;internet:holger.hon...@signal-iduna.org title:Dipl.-Ing. (FH) tel;work:0231/135-4043 tel;fax:0231/135-2959 x-mozilla-html:FALSE url:http://signal-iduna.de version:2.1 end:vcard ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ARPA entries for a host with multiple IPs
In article go4umg$1ks...@sf1.isc.org, Barry Margolin bar...@alum.mit.edu wrote: A common practice is to create unique names for each machine, in addition to the round-robin entry. This way, if you need to perform maintenance on a specific machine, you can go to it by its unique name. Then you should make the PTR record point to this name. E.g. the forward zone for myzone.com would contain: ws IN A 1.2.3.1 IN A 1.2.3.2 IN A 1.2.3.3 ws-1 IN A 1.2.3.1 ws-2 IN A 1.2.3.2 ws-3 IN A 1.2.3.3 and the reverse zone 3.2.1.in-addr.arpa would contain: 1 IN PTR ws-1.myzone.com. 2 IN PTR ws-2.myzone.com. 3 IN PTR ws-3.myzone.com. Or it might contain 1 IN PTR ws.myzone.com. 2 IN PTR ws.myzone.com. 3 IN PTR ws.myzone.com. Either is acceptable, but you have to decide which is more useful in your situation - is it more important to know which interface is being used to make an outgoing call (the usual use of PTR records) or is it vital the machine be recognised as the same one no matter which interface it uses? You can try doing this: 1 IN PTR ws.myzone.com. 1 IN PTR ws-1.myzone.com. 2 IN PTR ws.myzone.com. 2 IN PTR ws-2.myzone.com. 3 IN PTR ws.myzone.com. 3 IN PTR ws-3.myzone.com. which is technically legal but (allegedly) not many systems can make sensible use of multiple reverse entries and it might cause more confusion than it's worth. Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Zone transfers of dlv.isc.org
Resurrecting part of a thread from last September, when I wrote: On Sep 23 2008, Stephane Bortzmeyer wrote: On Tue, Sep 23, 2008 at 02:07:43PM +0100, Chris Thompson c...@hermes.cam.ac.uk wrote a message of 20 lines which said: [*] How do I know? Well dlv.isc.org uses NSEC records and is therefore enumerable :-) 113 DLV records at the end of July, 163 today. [ 352 at a recent count, by the way ] As the shadoks http://en.wikipedia.org/wiki/Les_Shadoks said, Why do it simply when you can make it complicated? :-) dig AXFR is simpler... Over-hasty analysis on my part. Having discovered that ns-ext.isc.org didn't allow zone transfers for dlv.isc.org, I obviously failed to note that the other official nameservers for it do allow them ... Things have changed more than once since then. When the official slaves changed to the current set, {ams,sfba,ord}.sns-pb.isc.org, they didn't allow zone transfers, but the hidden master from the SOA record, ns-int.isc.org still did. But in the last couple of days it has started forbidding them as well. So I suppose I will have to go back to enumerating via the NSEC records after all ... :-) Apart from vulgar curiosity [*] about the contents, there is a potential issue here. A validating nameserver using dlv.isc.org for lookaside makes a lot of queries to it (the TTLs and, most significantly, the negative TTL, are only 1 hour), and if network access to the official slaves were lost one would start getting SERVFAILs for everything. So a natural thought is that one could (stealth) slave dlv.isc.org, and survive loss of contact for up to its SOA.expire value (28 days at the moment). Of course, one ought to be validating the results of the zone transfer if one did this. Or I should say, were allowed by ISC to do it. [*] Well, perhaps not all that vulgar. I have used lists of the zones secured via dlv.isc.org when arguing here about our own plans for moving to DNSSEC. The recent inclusion of the TLDs from the IANA ITAR is a good sign. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: named with DLZ
RedHat does have prebuilt packages on RHEL5.x. On my 5.2 server I have: bind-chroot-9.3.4-6.0.3.P1.el5_2 system-config-bind-4.0.3-2.el5 bind-libs-9.3.4-6.0.3.P1.el5_2 bind-9.3.4-6.0.3.P1.el5_2 bind-utils-9.3.4-6.0.3.P1.el5_2 You can install the latest packages with yum yum install bind-chroot system-config-bind bind-libs bind bind-utils I'm running the chroot'ed BIND configuration - it isn't required but I'd recommend it. I'm not sure any of these have DLZ support built in as I don't use it. On scanning RedHat's support site I found no mention of DLZ so you may need to build your own. FYI: Although the base BIND version for above packages is 9.3.4 the RedHat people have backported security fixes from later BIND versions into their version. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Scott Haneda Sent: Thursday, February 26, 2009 7:53 PM To: BIND Users Mailing List Subject: named with DLZ I have been talked with getting named with DLZ support on Red Hat 5.2 Enterprise. I have never worked on Red Hat or with RPM, can someone point me to the rpm I need? Any other basic pointers? I was thinking to just build it out myself, but if there is a confident stable rpm, I might as well learn that as well. Thanks. -- Scott ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OT] Is it possible to set a ddns hostname to access a name-based virtual host?
Michael Milligan wrote: hongyi.z...@gmail.com wrote: You *must* reference the location using the same URI if you expect to see the same expected results. Thanks for your detailed explanations. Another issue: what do you mean by saying URI? What's the differences between URI and URL? Just being more general. A URL is a HTTP URI... Google has plenty of explanations. That's nonsense. A URL was never just an HTTP URI. It's one example of one but there have always been more than one type. Danny -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Change my primary DNS server safely...
Hi Jeff, Actually, I've Postfix/Apache2/Bind (primary DNS) on the same machine which is hosted by one company. I want to dedicate a server to be the primary DNS. This server is hosted by another company. (the first server will be re installed soon but will stay in the original hosting company). The secondary DNS is already a dedicated server. So my new primary DNS is ready and the old server will still be running (at least for the apache2 service). Should I let BIND running on the old server or stop it ? (whould it be annoying if the old ip still answer to query ?) Regards, Thomas. On Fri, Feb 27, 2009 at 14:50, Jeff Lightner jlight...@water.com wrote: Not sure where the trepidation comes in here. Hopefully you ARE running a slave server as well so if the primary isn't reachable the slave would resolve lookups until you fixed any problem. Here we've moved our servers from one network provider to another so had to change the IPs of the master and the slave at the Network registrars. We did those one at a time. That is to say we first did the slave and once we were sure it was resolving correctly and had allowed time for everyone's caches to clear (we waited 3 days/72 hours) then we moved the master. We've also completely replaced both our primary and slave by installing new servers and setting them with the IPs. There again we did it by doing one at a time. For those there was no propagation time since the IP stayed the same. If you're simply moving your master to a new IP (as the outside world sees it) then you'll have to allow time for the caches to clear as we did. If you're simply moving it to a new IP internally then your network folks should be able to NAT that IP to the same external IP your prior server had. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas Manson Sent: Thursday, February 26, 2009 8:04 PM To: bind-users@lists.isc.org Subject: Change my primary DNS server safely... Hello, I need to change the primary DNS server which manage hundreds of domains. I've setup the new machine so that it has the correct named configuration for each domains (script generated). I plan to change the IP behind the ns0.mydomain.com so that it points to the new machine. As I feel it's a bit risky to do that, if you have any suggestion, I'll be glad to hear it. Thanks, Thomas. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Change my primary DNS server safely...
It's not exactly 'proper' practice, but I have successfully turned down the caching time to 300 seconds. Do this a week ahead of your planned server move. After you know everything is resolving correctly, obviously reset your TTLs to the accepted settings. Be aware this 'will' create traffic, but if your network can handle it, it's not an issue. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jeff Lightner Sent: Friday, February 27, 2009 8:50 AM To: Thomas Manson; bind-users@lists.isc.org Subject: RE: Change my primary DNS server safely... Not sure where the trepidation comes in here. Hopefully you ARE running a slave server as well so if the primary isn't reachable the slave would resolve lookups until you fixed any problem. Here we've moved our servers from one network provider to another so had to change the IPs of the master and the slave at the Network registrars. We did those one at a time. That is to say we first did the slave and once we were sure it was resolving correctly and had allowed time for everyone's caches to clear (we waited 3 days/72 hours) then we moved the master. We've also completely replaced both our primary and slave by installing new servers and setting them with the IPs. There again we did it by doing one at a time. For those there was no propagation time since the IP stayed the same. If you're simply moving your master to a new IP (as the outside world sees it) then you'll have to allow time for the caches to clear as we did. If you're simply moving it to a new IP internally then your network folks should be able to NAT that IP to the same external IP your prior server had. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas Manson Sent: Thursday, February 26, 2009 8:04 PM To: bind-users@lists.isc.org Subject: Change my primary DNS server safely... Hello, I need to change the primary DNS server which manage hundreds of domains. I've setup the new machine so that it has the correct named configuration for each domains (script generated). I plan to change the IP behind the ns0.mydomain.com so that it points to the new machine. As I feel it's a bit risky to do that, if you have any suggestion, I'll be glad to hear it. Thanks, Thomas. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Change my primary DNS server safely...
In your case it sounds like you're going to have two external IPs. If so I'd leave the Apache server with BIND running and add the new server as first one at the registrar. That way anyone that has your old server cached will continue to get to it. Any new queries hopefully would cache your new server. After you're sure the new server is up and running for a few days you can stop BIND on the old one (to reduce load on it). -Original Message- From: Thomas Manson [mailto:dev.mansontho...@gmail.com] Sent: Friday, February 27, 2009 10:06 AM To: Jeff Lightner Cc: bind-users@lists.isc.org Subject: Re: Change my primary DNS server safely... Hi Jeff, Actually, I've Postfix/Apache2/Bind (primary DNS) on the same machine which is hosted by one company. I want to dedicate a server to be the primary DNS. This server is hosted by another company. (the first server will be re installed soon but will stay in the original hosting company). The secondary DNS is already a dedicated server. So my new primary DNS is ready and the old server will still be running (at least for the apache2 service). Should I let BIND running on the old server or stop it ? (whould it be annoying if the old ip still answer to query ?) Regards, Thomas. On Fri, Feb 27, 2009 at 14:50, Jeff Lightner jlight...@water.com wrote: Not sure where the trepidation comes in here. Hopefully you ARE running a slave server as well so if the primary isn't reachable the slave would resolve lookups until you fixed any problem. Here we've moved our servers from one network provider to another so had to change the IPs of the master and the slave at the Network registrars. We did those one at a time. That is to say we first did the slave and once we were sure it was resolving correctly and had allowed time for everyone's caches to clear (we waited 3 days/72 hours) then we moved the master. We've also completely replaced both our primary and slave by installing new servers and setting them with the IPs. There again we did it by doing one at a time. For those there was no propagation time since the IP stayed the same. If you're simply moving your master to a new IP (as the outside world sees it) then you'll have to allow time for the caches to clear as we did. If you're simply moving it to a new IP internally then your network folks should be able to NAT that IP to the same external IP your prior server had. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas Manson Sent: Thursday, February 26, 2009 8:04 PM To: bind-users@lists.isc.org Subject: Change my primary DNS server safely... Hello, I need to change the primary DNS server which manage hundreds of domains. I've setup the new machine so that it has the correct named configuration for each domains (script generated). I plan to change the IP behind the ns0.mydomain.com so that it points to the new machine. As I feel it's a bit risky to do that, if you have any suggestion, I'll be glad to hear it. Thanks, Thomas. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forward Unknown Lookups
Josh Durham wrote: Forgive me if this has been asked before - I'm trying to set up bind to have A records for a zone, but forward requests for that zone to another known server if lookups fail. For example, on my server, I would create a record for the zone example.com: serverINA 10.0.1.1 You can do this by creating multiple zones with these names, so for you example, you would _not_ create an example.com zone, you would create a zone for server.example.com and put in an A record at the apex. This way you can override/add names under example.com but have your resolving server follow the normal resolution path and talk to the example.com auth servers for other names under example.com, e.g., lookups for www.example.com. This can cause problems though, if the example.com authoritative server uses/references any of the names you want to override (like as the target of an MX record), then the view from your perspective will look different and may have unintended consequences. Just think it through and test if you're not sure. And don't forget about what you've done when it comes time to troubleshoot a problem in 6 months! Regards, Mike -- Michael Milligan - mi...@acmeps.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: statschannel assertion failure
Ok, I think I've included what your looking for below. If it's not the right thing please let me know how to generate what your looking for from the core dump. I will readily admit this level of debugging isn't something I'm very familiar with. If you want to try to reproduce it I made a little script on the remote system like this: foo.sh for i in `seq 1 300` ; do wget --quiet -O - 10.9.2.18:8085 /dev/null done and then run the command: foo.sh foo.sh I find that you have to run two instances of wget in a loop in order to get two requests to occur close enough together to trigger the crash. Sometimes I have to extend the length of the loop but I find it usually triggers a crash when run for any length of time from a separate system. Interestingly however if I run the same thing on the same system Bind is running on it never triggers the crash. = Thread 1 (process 12282): #0 0x003930c30155 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x003930c31bf0 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00411cb5 in assertion_failed (file=0x556e7c statschannel.c, line=152, type=isc_assertiontype_insist, cond=0x568d53 0) at ./main.c:161 No locals. #3 0x00393e230f98 in __xmlRaiseError () from /usr/lib64/libxml2.so.2 No symbol table info available. #4 0x00393e231aaa in __xmlErrEncoding () from /usr/lib64/libxml2.so.2 No symbol table info available. #5 0x00393e2336d6 in xmlCurrentChar () from /usr/lib64/libxml2.so.2 No symbol table info available. #6 0x00393e243c57 in xmlParseCharDataComplex () from /usr/lib64/libxml2.so.2 No symbol table info available. #7 0x00393e246baf in xmlParseChunk () from /usr/lib64/libxml2.so.2 No symbol table info available. #8 0x00393e2f02ea in xmlFreeTextWriter () from /usr/lib64/libxml2.so.2 No symbol table info available. #9 0x00393e2595e1 in xmlOutputBufferWrite () from /usr/lib64/libxml2.so.2 No symbol table info available. #10 0x00393e2ef254 in xmlTextWriterEndElement () from /usr/lib64/libxml2.so.2 No symbol table info available. #11 0x0053f397 in isc_taskmgr_renderxml (mgr=0x2b03dae22058, writer=0x8f95730) at task.c:1352 task = (isc_task_t *) 0x2b03dae39c48 #12 0x00429a16 in render_index (url=value optimized out, querystring=value optimized out, arg=0x2b03dae2d010, retcode=0x8f962b0, retmsg=0x8f962b8, mimetype=0x8f962a8, b=0x8f962c0, freecb=0x8f962f8, freecb_args=0x8f96300) at statschannel.c:745 msg = value optimized out msglen = value optimized out #13 0x0052c5a9 in isc_httpd_recvdone (task=0x2b03dae4ef88, ev=0x2b03db4bcc40) at httpd.c:688 r = {base = 0x2b03dae4ef88 KSATX ��\003+, length = 5551396} result = value optimized out httpd = (isc_httpd_t *) 0x8f95e00 url = (isc_httpdurl_t *) 0x2b03daf15bf0 now = {seconds = 1235744333, nanoseconds = 318308000} datebuf = Fri, 27 Feb 2009 14:18:53 GMT\000\000 #14 0x0053f6f5 in isc__taskmgr_dispatch () at task.c:862 manager = (isc_taskmgr_t *) 0x2b03dae22058 #15 0x0054209f in evloop () at app.c:358 when = {seconds = 1235744333, nanoseconds = 784265000} tv = {tv_sec = 0, tv_usec = 472793} n = 2 now = {seconds = 1235744333, nanoseconds = 311472000} tvp = value optimized out swait = (isc_socketwait_t *) 0x7b5b5c readytasks = value optimized out result = value optimized out #16 0x0054232a in isc_app_run () at app.c:550 event = (isc_event_t *) 0x0 next_event = (isc_event_t *) 0x0 task = (isc_task_t *) 0x0 #17 0x00412434 in main (argc=0, argv=0x7fffcfcc2fe8) at ./main.c:914 result = value optimized out JINMEI Tatuya / 神明達哉 wrote: At Thu, 26 Feb 2009 07:58:29 -0600, Timothy Holtzen t...@nebrwesleyan.edu wrote: No it is a single processor on both production and test systems. Production is an Opteron and the test system is an Athlon64 but both are single core processors. Just to be sure I did a configured with a --disable-threads on the test system and tried again. Testing still triggers the exception with the same errors. Okay, then please try the revised patch. This will make named abort itself in the context of the libxml2 error, so please then get the stack trace of the core dump and show it. BTW, I tried to reproduce the problem by mostly concurrent access like: wget http://127.0.0.1:5300/ ; wget http://127.0.0.1:5300/ but couldn't see the crash. Also, since this happened even --disable-threads, it's very unlikely to be a kind of race condition. I have no idea how the concurrent access relates to the problem at this moment. --- JINMEI, Tatuya Internet Systems Consortium, Inc. Index: statschannel.c === RCS file:
Testing - please ignore
This is a test. Please disregard. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users