Re: Master server offline
On May 7 2010, Dave Filchak wrote: Well, my SOA Expires are set to 604800 (1 week ). Can I change those to four weeks to give us some time. Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If your disaster recovery plan doesn't include use of a time machine, then you need to set SOA.expire large enough that you will have time to execute the next stage of the plan before the copies expire - convert a slave to be master, re-incarnate the master on new (possibly virtual) hardware, or whatever. BTW, there is an interaction with DNSSEC in setting a large SOA.expire value for a signed zone. You don't want your slaves to be serving expired signatures even if the zone copy is not expired, so you should arrange that resigning occurs at least the SOA.expire period before the old signature is due to expire. With BIND's defaults of a 30-day signature validity period and resigning 3/4 of the way through that, an SOA.expire period of 1 week works out quite nicely. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ftp.isc.org is down
On Fri, 7 May 2010, Mark Andrews wrote: Subject: Re: ftp.isc.org is down There was a fibre cut in the Bay area. Out of curiosity, how did this affect the DLV? (Not that I noticed any outages on my servers configured to use the DLV) Paul ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
On 05/07/10 06:49, Chris Thompson wrote: Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If he has a small number of slaves, the OP may not need a Tardis. It's possible to just edit the cache files. It's UGLY, you need to make sure you hit all the slaves, and they will get overwritten the instant your master returns from the dead ... but that latter's a good thing. About this master being offline for some time due to a disk failure ... that policy may need review. If the OP serves his organization's DNS, it's pretty darn critical that customers be able to resolv their DNS info. -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology pl...@ou.edu --- Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[OT] MSDN use google apps for email hosting
Though this is offtopic, but I'm surprised that msdn.net (microsoft developer networks) has been using google's apps for email hosting. It is not commercial for MS, isn't it? msdn.net Server: UnKnown Address: 192.168.1.1 Non-authoritative answer: msdn.netMX preference = 30, mail exchanger = aspmx4.googlemail.com msdn.netMX preference = 30, mail exchanger = aspmx5.googlemail.com msdn.netMX preference = 10, mail exchanger = aspmx.l.google.com msdn.netMX preference = 20, mail exchanger = alt1.aspmx.l.google.com msdn.netMX preference = 20, mail exchanger = alt2.aspmx.l.google.com msdn.netMX preference = 30, mail exchanger = aspmx2.googlemail.com msdn.netMX preference = 30, mail exchanger = aspmx3.googlemail.com -- Tech support agent in China http://duxieweb.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OT] MSDN use google apps for email hosting
On 05/07/10 09:22, Jeff Pang wrote: Though this is offtopic, but I'm surprised that msdn.net (microsoft developer networks) has been using google's apps for email hosting. It is not commercial for MS, isn't it? msdn.netMX preference = 30, mail exchanger = aspmx4.googlemail.com Funny, yes, but whois doesn't seem to point to M$ in any way. Independent? -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology pl...@ou.edu --- Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OT] MSDN use google apps for email hosting
yes but what confused me is msdn.net is cname'd to msdn.microsoft.com. www.msdn.net. 3600IN CNAME msdn.microsoft.com. msdn.microsoft.com. 1496IN CNAME msdn.microsoft.akadns.net. msdn.microsoft.akadns.net. 429 IN A 65.55.11.235 Jeff. 2010/5/7 Peter Laws pl...@ou.edu: On 05/07/10 09:22, Jeff Pang wrote: Though this is offtopic, but I'm surprised that msdn.net (microsoft developer networks) has been using google's apps for email hosting. It is not commercial for MS, isn't it? msdn.net MX preference = 30, mail exchanger = aspmx4.googlemail.com Funny, yes, but whois doesn't seem to point to M$ in any way. Independent? -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology pl...@ou.edu --- Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! -- Tech support agent in China http://duxieweb.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Issues following 9.3.5-p1 upgrade to 9.7.0-p1 Windows VMware environment
We have been running Bind 9.3.5-P1 on Windows 2003 guest in VMware ESX 3.5 environment for many years with no issues. Following an upgrade to Bind 9.7.0-p1 we are experiencing a couple of issues. No Bind configuration changes were made to config files other than the allow-query-cache, additional-from-auth and additional-from-cache statements so that queries worked in the new version. The errors are occurring on multiple Bind servers on different Vmware ESX hosts. On a regular but random basis we are getting the 2 socket error messages logged. I have not been able to determine what is causing this to occur nor reproduce at will. .\socket.c:2444: unexpected error: SOCKET_RECV: Windows error code: 1236, returning ISC error 54 We are also getting a poked timer error logged consistently soon after Bind service start and infrequently after that. *** POKED TIMER *** Any suggestions / solutions would be greatly appreciated. Thanks This message is intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient or have received this communication in error, you are hereby notified that any unauthorized use or disclosure is strictly prohibited. Please notify the sender immediately and delete the original without making a copy or disclosing its contents. Le présent message s'adresse exclusivement à son destinataire et peut contenir des renseignements privilégiés et confidentiels. Si vous n'êtes pas le destinataire de ce document ou si vous l'avez reçu par erreur, vous êtes par la présente avisé qu'il est strictement interdit de le divulguer ou de l'utiliser sans autorisation. Veuillez en avertir l'expéditeur immédiatement et détruire le message original sans le copier ou en révéler le contenu. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ftp.isc.org is down
In message alpine.lfd.1.10.1005070956370.6...@newtla.xelerance.com, Paul Wout ers writes: On Fri, 7 May 2010, Mark Andrews wrote: Subject: Re: ftp.isc.org is down There was a fibre cut in the Bay area. Out of curiosity, how did this affect the DLV? (Not that I noticed any outage s on my servers configured to use the DLV) Paul It wouldn't have had any real impact on serving the zone. The servers are on multiple continents announced from different AS's so a single event should not make them all unreachable. dlv.isc.org.1509IN NS dlv.sfba.sns-pb.isc.org. dlv.isc.org.1509IN NS ns.isc.afilias-nst.info. dlv.isc.org.1509IN NS ns1.isc.ultradns.net. dlv.isc.org.1509IN NS ns2.isc.ultradns.net. dlv.isc.org.1509IN NS dlv.ams.sns-pb.isc.org. dlv.isc.org.1509IN NS dlv.ord.sns-pb.isc.org. As for changing the zone content I'm not sure where the http server that does that is located. Updates may have been delayed but one's key maintence proceedures should take that into account. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
In article mailman.1428.1273241309.21153.bind-us...@lists.isc.org, Peter Laws pl...@ou.edu wrote: On 05/07/10 06:49, Chris Thompson wrote: Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If he has a small number of slaves, the OP may not need a Tardis. It's possible to just edit the cache files. It's UGLY, you need to make sure you hit all the slaves, and they will get overwritten the instant your master returns from the dead ... but that latter's a good thing. They'll only be overwritten if the serial number on the master increases. About this master being offline for some time due to a disk failure ... that policy may need review. If the OP serves his organization's DNS, it's pretty darn critical that customers be able to resolv their DNS info. That's why there are slaves. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
