query reply servfail
Hi We are using solaris x86 bind-9.5.1-P3. I tried that when rndc flushname www.hsbc.com.hk. and dig a www.hsbc.com.hk. a few times, sometimes our nameserver reply servfail. It shouldn't be the memory problem as the daemon just started. Any clue of it? # /usr/local/sbin/rndc flushname www.hsbc.com.hk. # /usr/local/bin/dig a www.hsbc.com.hk. ; DiG 9.5.1-P3 a www.hsbc.com.hk. ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 1374 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;www.hsbc.com.hk. IN A ;; ANSWER SECTION: www.hsbc.com.hk.20 IN A 203.112.92.11 ;; AUTHORITY SECTION: www.hsbc.com.hk.900 IN NS mtyprdgss01.hsbc.com.hk. www.hsbc.com.hk.900 IN NS tkoprdgss02.hsbc.com.hk. www.hsbc.com.hk.900 IN NS tkoprdgss01.hsbc.com.hk. ;; ADDITIONAL SECTION: mtyprdgss01.hsbc.com.hk. 17 IN A 203.112.94.241 tkoprdgss01.hsbc.com.hk. 577IN A 203.112.92.241 tkoprdgss02.hsbc.com.hk. 73 IN A 203.112.92.244 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 20 13:57:56 2009 ;; MSG SIZE rcvd: 175 # /usr/local/sbin/rndc flushname www.hsbc.com.hk. # /usr/local/bin/dig a www.hsbc.com.hk. ; DiG 9.5.1-P3 a www.hsbc.com.hk. ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 1042 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.hsbc.com.hk. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 20 13:57:57 2009 ;; MSG SIZE rcvd: 33 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
lookup cnames
[r...@mandy4 ccadns]# rpm -qa|grep bind bind-utils-9.3.2-7.4.20060mlcs4 bind-9.3.2-7.4.20060mlcs4 I've tried but cannot find an option to return cname records for a given host. I did find dig and host command options that allows entering a cname with the result being the host that owns that cname. I need the opposite - enter host and return all the cnames for that host. Is there a way using dig or host? or something else (besides axfr and grep) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: lookup cnames
James M wrote: [r...@mandy4 ccadns]# rpm -qa|grep bind bind-utils-9.3.2-7.4.20060mlcs4 bind-9.3.2-7.4.20060mlcs4 I've tried but cannot find an option to return cname records for a given host. I did find dig and host command options that allows entering a cname with the result being the host that owns that cname. I need the opposite - enter host and return all the cnames for that host. Is there a way using dig or host? or something else (besides axfr and grep) ___ No, the protocol does not support a general all CNAMEs pointing to a given name lookup function. Even if it did, it would only work for CNAMEs in the zone(s) for which the target server was authoritative. There's no way to know whether some arbitrary admin has put a CNAME at some hierarchy level in some arbitrary zone, pointing to one of your Internet-advertised names (or even a non-Internet-advertised one, for that matter). - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
out of memory handling during *XFR
Hi, May I suggest an improvement in the handling of bind's out of memory handling when performing *XFR's? I am talking about these: failed while receiving responses: out of memory Currently, bind drops the AXFR, and I assume the memory of the failed partial *XFR'd zone, and tries again. On dedicated name servers, where memory does not spontaniously appears from no where, this just starts a loop of endless *XFR requests, peaking out a lot of bandwidth. Bind could check to see if it got more free memory at the start of the run then it had at the previously failed run. Bind could do an exponential back off for the *XFR's. Paul ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse delegation - refused on my DNS
In message 001201ca21de$6eea36e0$4cbea4...@monnerie@is.it-management.at, Mi chael Monnerie writes: I'm still searching for the error. Also, sorry for the strangeness of the mail format, I used a webmail for = the last mails. This time it's Outlook, don't know if it's really any = better... at least not for correctly indenting old mail texts :-( Because you don't serve 164.69.212.in-addr.arpa and you tried to access the cache. You should slave 164.69.212.in-addr.arpa so you have the CNAMEs locally. This will also make the above dig directed at your server work as the answer will come from the zone rather than the cache. I did that now, helps :-)) =20 Note: the lookups are working remotely because interative resolvers ask for 57.48-28.164.69.212.in-addr.arpa rather that 57.164.69.212.in-addr.arpa as generated by the above dig. Ah, I get the point. I always tested from a remote side with dig @dns1.zmi.at -x 212.69.164.57 but that didn't work as this is not an open resolver. Slaving the zone = as you suggested enables even these lookups to work now. I think it's = good, as it helps remote sites to debug DNS when hunting an error. A plain dig -x 212.69.164.57 also works, so, do I have an issue or is everything OK with my = configuration? Thanks for all your help, to all three of you! mfg zmi All three servers are now answering which is good. drugs:marka 10:11 {371} % dig +nssearch 48-28.164.69.212.in-addr.arpa SOA ns4.zmi.at. hostmaster.ns4.zmi.at. 42 172800 14400 3628800 60 from server power4u.zmi.at in 2270 ms. SOA ns4.zmi.at. hostmaster.ns4.zmi.at. 42 172800 14400 3628800 60 from server dns1.zmi.at in 1534 ms. SOA ns4.zmi.at. hostmaster.ns4.zmi.at. 42 172800 14400 3628800 60 from server dns2.zmi.at in 357 ms. drugs:marka 10:12 {372} % You do however have a delegation mismatch. 48-28.164.69.212.in-addr.arpa. 86400 IN NS dns1.zmi.at. 48-28.164.69.212.in-addr.arpa. 86400 IN NS dns2.zmi.at. ;; Received 91 bytes from 82.98.222.6#53(dns2.serico.de) in 717 ms 48-28.164.69.212.in-addr.arpa. 3600 IN NS power4u.zmi.at. 48-28.164.69.212.in-addr.arpa. 3600 IN NS dns2.zmi.at. 48-28.164.69.212.in-addr.arpa. 3600 IN NS dns1.zmi.at. ;; Received 161 bytes from 212.69.162.197#53(dns1.zmi.at) in 999 ms Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users