Re: How do i use å ä ö in domain names?

[Holger Honert]

Piero Giobbi schrieb:

Hi.

This is our scandinavian chars, how do i implement them on our 
internal server (bind 9.5P1)?


thx.

p


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



Hi P.,

ever heard of punycode?

Google is your friend. There are a lot of tools and howtos to implement 
such characters.


http://en.wikipedia.org/wiki/Punycode

Regards

Holger


SIGNAL Krankenversicherung a. G.
Sitz: Dortmund, HR B 2405 AG Dortmund, Ust-IdNr. DE 124906350
IDUNA Vereinigte Lebensversicherung aG fur Handwerk, Handel und Gewerbe
Sitz: Hamburg, HR B 2740 AG Hamburg, Ust-IdNr. DE 118617622
SIGNAL Unfallversicherung a. G.
Sitz: Dortmund, HR B 2220, AG Dortmund, Ust-IdNr. DE 124906341
SIGNAL IDUNA Allgemeine Versicherung AG
Sitz: Dortmund, HR B 19108, AG Dortmund, Ust-IdNr. DE 118617622

Vorstande:
Reinhold Schulte (Vorsitzender), Dr. Karl-Josef Bierth, Michael Johnigk,
Ulrich Leitermann, Michael Petmecky, Dr. Klaus Sticker, Vorsitzender der
Aufsichtsrate: Gunter Kutz

SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de,
E-Mail: i...@signal-iduna.de

44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund,
Telefon: (02 31) 1 35-0, Telefax: (02 31) 1 35-46 38

20351 Hamburg, Hausanschrift: Neue Rabenstra?e 15-19, 20354 Hamburg,
Telefon: (0 40) 41 24-0, Telefax: (0 40) 41 24-29 58
begin:vcard
fn:Holger Honert
n:Honert;Holger
org:SIGNAL IDUNA Gruppe;koms-97850
adr;dom:;;Joseph-Scherer-Str. 3;Dortmund;NRW;44139
email;internet:holger.hon...@signal-iduna.org
title:Dipl.-Ing. (FH)
tel;work:0231/135-4043
tel;fax:0231/135-2959
x-mozilla-html:FALSE
url:http://signal-iduna.de
version:2.1
end:vcard

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ARPA entries for a host with multiple IPs

[Sam Wilson]

In article go4umg$1ks...@sf1.isc.org,
 Barry Margolin bar...@alum.mit.edu wrote:

 A common practice is to create unique names for each machine, in 
 addition to the round-robin entry.  This way, if you need to perform 
 maintenance on a specific machine, you can go to it by its unique name.  
 Then you should make the PTR record point to this name.  E.g. the 
 forward zone for myzone.com would contain:
 
 ws IN A 1.2.3.1
IN A 1.2.3.2
IN A 1.2.3.3
 
 ws-1 IN A 1.2.3.1
 ws-2 IN A 1.2.3.2
 ws-3 IN A 1.2.3.3
 
 and the reverse zone 3.2.1.in-addr.arpa would contain:
 
 1 IN PTR ws-1.myzone.com.
 2 IN PTR ws-2.myzone.com.
 3 IN PTR ws-3.myzone.com.

Or it might contain

1 IN PTR ws.myzone.com.
2 IN PTR ws.myzone.com.
3 IN PTR ws.myzone.com.

Either is acceptable, but you have to decide which is more useful in 
your situation - is it more important to know which interface is being 
used to make an outgoing call (the usual use of PTR records) or is it 
vital the machine be recognised as the same one no matter which 
interface it uses?

You can try doing this:

1 IN PTR ws.myzone.com.
1 IN PTR ws-1.myzone.com.
2 IN PTR ws.myzone.com.
2 IN PTR ws-2.myzone.com.
3 IN PTR ws.myzone.com.
3 IN PTR ws-3.myzone.com.

which is technically legal but (allegedly) not many systems can make 
sensible use of multiple reverse entries and it might cause more 
confusion than it's worth.

Sam
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Zone transfers of dlv.isc.org

[Chris Thompson]

Resurrecting part of a thread from last September, when I wrote:


On Sep 23 2008, Stephane Bortzmeyer wrote:


On Tue, Sep 23, 2008 at 02:07:43PM +0100,
Chris Thompson c...@hermes.cam.ac.uk wrote 
a message of 20 lines which said:


[*] How do I know? Well dlv.isc.org uses NSEC records and is 
therefore enumerable :-) 113 DLV records at the end of July,

163 today.


[ 352 at a recent count, by the way ]


As the shadoks http://en.wikipedia.org/wiki/Les_Shadoks said, Why
do it simply when you can make it complicated? :-) dig AXFR is
simpler...


Over-hasty analysis on my part. Having discovered that ns-ext.isc.org
didn't allow zone transfers for dlv.isc.org, I obviously failed to
note that the other official nameservers for it do allow them ...


Things have changed more than once since then. When the official
slaves changed to the current set, {ams,sfba,ord}.sns-pb.isc.org,
they didn't allow zone transfers, but the hidden master from the
SOA record, ns-int.isc.org still did. But in the last couple of
days it has started forbidding them as well.

So I suppose I will have to go back to enumerating via the NSEC 
records after all ... :-)


Apart from vulgar curiosity [*] about the contents, there is a
potential issue here. A validating nameserver using dlv.isc.org
for lookaside makes a lot of queries to it (the TTLs and, most
significantly, the negative TTL, are only 1 hour), and if network
access to the official slaves were lost one would start getting
SERVFAILs for everything. So a natural thought is that one could
(stealth) slave dlv.isc.org, and survive loss of contact for up
to its SOA.expire value (28 days at the moment). Of course, one
ought to be validating the results of the zone transfer if one
did this. Or I should say, were allowed by ISC to do it.

[*] Well, perhaps not all that vulgar. I have used lists of the
zones secured via dlv.isc.org when arguing here about our own 
plans for moving to DNSSEC. The recent inclusion of the TLDs

from the IANA ITAR is a good sign.

--
Chris Thompson
Email: c...@cam.ac.uk

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named with DLZ

[Jeff Lightner]

RedHat does have prebuilt packages on RHEL5.x.

On my 5.2 server I have:
bind-chroot-9.3.4-6.0.3.P1.el5_2
system-config-bind-4.0.3-2.el5
bind-libs-9.3.4-6.0.3.P1.el5_2
bind-9.3.4-6.0.3.P1.el5_2
bind-utils-9.3.4-6.0.3.P1.el5_2

You can install the latest packages with yum

yum install bind-chroot system-config-bind bind-libs bind bind-utils

I'm running the chroot'ed BIND configuration - it isn't required but I'd
recommend it.

I'm not sure any of these have DLZ support built in as I don't use it.
On scanning RedHat's support site I found no mention of DLZ so you may
need to build your own.

FYI:  Although the base BIND version for above packages is 9.3.4 the
RedHat people have backported security fixes from later BIND versions
into their version.

-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Scott Haneda
Sent: Thursday, February 26, 2009 7:53 PM
To: BIND Users Mailing List
Subject: named with DLZ

I have been talked with getting named with DLZ support on Red Hat 5.2  
Enterprise.  I have never worked on Red Hat or with RPM, can someone  
point me to the rpm I need?  Any other basic pointers?

I was thinking to just build it out myself, but if there is a  
confident stable rpm, I might as well learn that as well.

Thanks.
--
Scott

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [OT] Is it possible to set a ddns hostname to access a name-based virtual host?

[Danny Mayer]

Michael Milligan wrote:
 hongyi.z...@gmail.com wrote:
 You *must* reference the location using the same URI if you expect to
 see the same expected results.
 Thanks  for  your  detailed  explanations.  Another issue: what do you
 mean by saying URI?  What's the differences between URI and URL?
 
 Just being more general.  A URL is a HTTP URI... Google has plenty of
 explanations.
 

That's nonsense. A URL was never just an HTTP URI. It's one example of
one but there have always been more than one type.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Change my primary DNS server safely...

[Thomas Manson]

Hi Jeff,

  Actually, I've Postfix/Apache2/Bind (primary DNS) on the same
machine which is hosted by one company.

  I want to dedicate a server to be the primary DNS. This server is
hosted by another company. (the first server will be re installed soon
but will stay in the original hosting company).

  The secondary DNS is already a dedicated server.

  So my new primary DNS  is ready and the old server will still be
running (at least for the apache2 service).
  Should I let BIND running on the old server or stop it ?  (whould it
be annoying if the old ip still answer to query ?)

Regards,
Thomas.



On Fri, Feb 27, 2009 at 14:50, Jeff Lightner jlight...@water.com wrote:
 Not sure where the trepidation comes in here.  Hopefully you ARE running
 a slave server as well so if the primary isn't reachable the slave would
 resolve lookups until you fixed any problem.

 Here we've moved our servers from one network provider to another so had
 to change the IPs of the master and the slave at the Network registrars.
 We did those one at a time.  That is to say we first did the slave and
 once we were sure it was resolving correctly and had allowed time for
 everyone's caches to clear (we waited 3 days/72 hours) then we moved the
 master.

 We've also completely replaced both our primary and slave by installing
 new servers and setting them with the IPs.  There again we did it by
 doing one at a time.  For those there was no propagation time since the
 IP stayed the same.

 If you're simply moving your master to a new IP (as the outside world
 sees it) then you'll have to allow time for the caches to clear as we
 did.  If you're simply moving it to a new IP internally then your
 network folks should be able to NAT that IP to the same external IP your
 prior server had.

 -Original Message-
 From: bind-users-boun...@lists.isc.org
 [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas Manson
 Sent: Thursday, February 26, 2009 8:04 PM
 To: bind-users@lists.isc.org
 Subject: Change my primary DNS server safely...

 Hello,

  I need to change the primary DNS server which manage hundreds of
 domains.

  I've setup the new machine so that it has the correct named
 configuration for each domains (script generated).

  I plan to change the IP behind the ns0.mydomain.com so that it
 points to the new machine.

  As I feel it's a bit risky to do that, if you have any suggestion,
 I'll be glad to hear it.

 Thanks,
 Thomas.
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

 Please consider our environment before printing this e-mail or attachments.
 --
 CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
 information and is for the sole use of the intended recipient(s). If you are 
 not the intended recipient, any disclosure, copying, distribution, or use of 
 the contents of this information is prohibited and may be unlawful. If you 
 have received this electronic transmission in error, please reply immediately 
 to the sender that you have received the message in error, and delete it. 
 Thank you.
 --

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Change my primary DNS server safely...

[Denny Jodeit]

It's not exactly 'proper' practice, but I have successfully turned down the
caching time to 300 seconds. Do this a week ahead of your planned server
move.

After you know everything is resolving correctly, obviously reset your TTLs
to the accepted settings.

Be aware this 'will' create traffic, but if your network can handle it, it's
not an issue.

-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jeff Lightner
Sent: Friday, February 27, 2009 8:50 AM
To: Thomas Manson; bind-users@lists.isc.org
Subject: RE: Change my primary DNS server safely...

Not sure where the trepidation comes in here.  Hopefully you ARE running
a slave server as well so if the primary isn't reachable the slave would
resolve lookups until you fixed any problem.

Here we've moved our servers from one network provider to another so had
to change the IPs of the master and the slave at the Network registrars.
We did those one at a time.  That is to say we first did the slave and
once we were sure it was resolving correctly and had allowed time for
everyone's caches to clear (we waited 3 days/72 hours) then we moved the
master.

We've also completely replaced both our primary and slave by installing
new servers and setting them with the IPs.  There again we did it by
doing one at a time.  For those there was no propagation time since the
IP stayed the same.

If you're simply moving your master to a new IP (as the outside world
sees it) then you'll have to allow time for the caches to clear as we
did.  If you're simply moving it to a new IP internally then your
network folks should be able to NAT that IP to the same external IP your
prior server had.  

-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas Manson
Sent: Thursday, February 26, 2009 8:04 PM
To: bind-users@lists.isc.org
Subject: Change my primary DNS server safely...

Hello,

  I need to change the primary DNS server which manage hundreds of
domains.

  I've setup the new machine so that it has the correct named
configuration for each domains (script generated).

  I plan to change the IP behind the ns0.mydomain.com so that it
points to the new machine.

  As I feel it's a bit risky to do that, if you have any suggestion,
I'll be glad to hear it.

Thanks,
Thomas.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
information and is for the sole use of the intended recipient(s). If you are
not the intended recipient, any disclosure, copying, distribution, or use of
the contents of this information is prohibited and may be unlawful. If you
have received this electronic transmission in error, please reply
immediately to the sender that you have received the message in error, and
delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Change my primary DNS server safely...

[Jeff Lightner]

In your case it sounds like you're going to have two external IPs.  If so I'd 
leave the Apache server with BIND running and add the new server as first one 
at the registrar.  That way anyone that has your old server cached will 
continue to get to it.  Any new queries hopefully would cache your new server.  

After you're sure the new server is up and running for a few days you can stop 
BIND on the old one (to reduce load on it).

-Original Message-
From: Thomas Manson [mailto:dev.mansontho...@gmail.com] 
Sent: Friday, February 27, 2009 10:06 AM
To: Jeff Lightner
Cc: bind-users@lists.isc.org
Subject: Re: Change my primary DNS server safely...

Hi Jeff,

  Actually, I've Postfix/Apache2/Bind (primary DNS) on the same
machine which is hosted by one company.

  I want to dedicate a server to be the primary DNS. This server is
hosted by another company. (the first server will be re installed soon
but will stay in the original hosting company).

  The secondary DNS is already a dedicated server.

  So my new primary DNS  is ready and the old server will still be
running (at least for the apache2 service).
  Should I let BIND running on the old server or stop it ?  (whould it
be annoying if the old ip still answer to query ?)

Regards,
Thomas.



On Fri, Feb 27, 2009 at 14:50, Jeff Lightner jlight...@water.com wrote:
 Not sure where the trepidation comes in here.  Hopefully you ARE running
 a slave server as well so if the primary isn't reachable the slave would
 resolve lookups until you fixed any problem.

 Here we've moved our servers from one network provider to another so had
 to change the IPs of the master and the slave at the Network registrars.
 We did those one at a time.  That is to say we first did the slave and
 once we were sure it was resolving correctly and had allowed time for
 everyone's caches to clear (we waited 3 days/72 hours) then we moved the
 master.

 We've also completely replaced both our primary and slave by installing
 new servers and setting them with the IPs.  There again we did it by
 doing one at a time.  For those there was no propagation time since the
 IP stayed the same.

 If you're simply moving your master to a new IP (as the outside world
 sees it) then you'll have to allow time for the caches to clear as we
 did.  If you're simply moving it to a new IP internally then your
 network folks should be able to NAT that IP to the same external IP your
 prior server had.

 -Original Message-
 From: bind-users-boun...@lists.isc.org
 [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas Manson
 Sent: Thursday, February 26, 2009 8:04 PM
 To: bind-users@lists.isc.org
 Subject: Change my primary DNS server safely...

 Hello,

  I need to change the primary DNS server which manage hundreds of
 domains.

  I've setup the new machine so that it has the correct named
 configuration for each domains (script generated).

  I plan to change the IP behind the ns0.mydomain.com so that it
 points to the new machine.

  As I feel it's a bit risky to do that, if you have any suggestion,
 I'll be glad to hear it.

 Thanks,
 Thomas.
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

 Please consider our environment before printing this e-mail or attachments.
 --
 CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
 information and is for the sole use of the intended recipient(s). If you are 
 not the intended recipient, any disclosure, copying, distribution, or use of 
 the contents of this information is prohibited and may be unlawful. If you 
 have received this electronic transmission in error, please reply immediately 
 to the sender that you have received the message in error, and delete it. 
 Thank you.
 --

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Forward Unknown Lookups

[Michael Milligan]

Josh Durham wrote:
 Forgive me if this has been asked before -
 
 I'm trying to set up bind to have A records for a zone, but forward
 requests for that zone to another known server if lookups fail.
 
 For example, on my server, I would create a record for the zone
 example.com:
 serverINA 10.0.1.1

You can do this by creating multiple zones with these names, so for you
example, you would _not_ create an example.com zone, you would create a
zone for server.example.com and put in an A record at the apex.  This
way you can override/add names under example.com but have your resolving
server follow the normal resolution path and talk to the example.com
auth servers for other names under example.com, e.g., lookups for
www.example.com.

This can cause problems though, if the example.com authoritative server
uses/references any of the names you want to override (like as the
target of an MX record), then the view from your perspective will look
different and may have unintended consequences.  Just think it through
and test if you're not sure.

And don't forget about what you've done when it comes time to
troubleshoot a problem in 6 months!

Regards,
Mike

-- 
Michael Milligan   - mi...@acmeps.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: statschannel assertion failure

[Timothy Holtzen]

Ok, I think I've included what your looking for below.  If it's not the
right thing please let me know how to generate what your looking for
from the core dump.  I will readily admit this level of debugging isn't
something I'm very familiar with.

If you want to try to reproduce it I made a little script on the remote
system like this:

foo.sh
for i in `seq 1 300` ; do
wget --quiet -O - 10.9.2.18:8085  /dev/null
done

and then run the command:

foo.sh  foo.sh

I find that you have to run two instances of wget in a loop in order to
get two requests to occur close enough together to trigger the crash. 
Sometimes I have to extend the length of the loop but I find it usually
triggers a crash when run for any length of time from a separate
system.  Interestingly however if I run the same thing on the same
system Bind is running on it never triggers the crash.


 
=
Thread 1 (process 12282):
#0  0x003930c30155 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x003930c31bf0 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00411cb5 in assertion_failed (file=0x556e7c
statschannel.c, line=152,
type=isc_assertiontype_insist, cond=0x568d53 0) at ./main.c:161
No locals.
#3  0x00393e230f98 in __xmlRaiseError () from /usr/lib64/libxml2.so.2
No symbol table info available.
#4  0x00393e231aaa in __xmlErrEncoding () from /usr/lib64/libxml2.so.2
No symbol table info available.
#5  0x00393e2336d6 in xmlCurrentChar () from /usr/lib64/libxml2.so.2
No symbol table info available.
#6  0x00393e243c57 in xmlParseCharDataComplex () from
/usr/lib64/libxml2.so.2
No symbol table info available.
#7  0x00393e246baf in xmlParseChunk () from /usr/lib64/libxml2.so.2
No symbol table info available.
#8  0x00393e2f02ea in xmlFreeTextWriter () from /usr/lib64/libxml2.so.2
No symbol table info available.
#9  0x00393e2595e1 in xmlOutputBufferWrite () from
/usr/lib64/libxml2.so.2
No symbol table info available.
#10 0x00393e2ef254 in xmlTextWriterEndElement () from
/usr/lib64/libxml2.so.2
No symbol table info available.
#11 0x0053f397 in isc_taskmgr_renderxml (mgr=0x2b03dae22058,
writer=0x8f95730)
at task.c:1352
task = (isc_task_t *) 0x2b03dae39c48
#12 0x00429a16 in render_index (url=value optimized out,
querystring=value optimized out, arg=0x2b03dae2d010,
retcode=0x8f962b0,
retmsg=0x8f962b8, mimetype=0x8f962a8, b=0x8f962c0, freecb=0x8f962f8,
freecb_args=0x8f96300) at statschannel.c:745
msg = value optimized out
msglen = value optimized out
#13 0x0052c5a9 in isc_httpd_recvdone (task=0x2b03dae4ef88,
ev=0x2b03db4bcc40)
at httpd.c:688
r = {base = 0x2b03dae4ef88 KSATX ��\003+, length = 5551396}
result = value optimized out
httpd = (isc_httpd_t *) 0x8f95e00
url = (isc_httpdurl_t *) 0x2b03daf15bf0
now = {seconds = 1235744333, nanoseconds = 318308000}
datebuf = Fri, 27 Feb 2009 14:18:53 GMT\000\000
#14 0x0053f6f5 in isc__taskmgr_dispatch () at task.c:862
manager = (isc_taskmgr_t *) 0x2b03dae22058
#15 0x0054209f in evloop () at app.c:358
when = {seconds = 1235744333, nanoseconds = 784265000}
tv = {tv_sec = 0, tv_usec = 472793}
n = 2
now = {seconds = 1235744333, nanoseconds = 311472000}
tvp = value optimized out
swait = (isc_socketwait_t *) 0x7b5b5c
readytasks = value optimized out
result = value optimized out
#16 0x0054232a in isc_app_run () at app.c:550
event = (isc_event_t *) 0x0
next_event = (isc_event_t *) 0x0
task = (isc_task_t *) 0x0
#17 0x00412434 in main (argc=0, argv=0x7fffcfcc2fe8) at ./main.c:914
result = value optimized out


JINMEI Tatuya / 神明達哉 wrote:
 At Thu, 26 Feb 2009 07:58:29 -0600,
 Timothy Holtzen t...@nebrwesleyan.edu wrote:

   
 No it is a single processor on both production and test systems. 
 Production is an Opteron and the test system is an Athlon64 but both are
 single core processors.  Just to be sure I did a configured with a
 --disable-threads on the test system and tried again.  Testing still
 triggers the exception with the same errors.
 

 Okay, then please try the revised patch.  This will make named abort
 itself in the context of the libxml2 error, so please then get the
 stack trace of the core dump and show it.

 BTW, I tried to reproduce the problem by mostly concurrent access
 like:
   wget http://127.0.0.1:5300/ ; wget http://127.0.0.1:5300/
 but couldn't see the crash.

 Also, since this happened even --disable-threads, it's very unlikely
 to be a kind of race condition.  I have no idea how the concurrent
 access relates to the problem at this moment.

 ---
 JINMEI, Tatuya
 Internet Systems Consortium, Inc.

 Index: statschannel.c
 ===
 RCS file: 

Testing - please ignore

[Kirk]

This is a test.  Please disregard.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users