Re: Can't transfer two zones using two IP addresses
On Tuesday 31 August 2010 21:44:15 Barry Margolin wrote: > Do the transfer sources match the match-clients options of the two > views? When a connection arrives, it's first associated with a view > using this option. Then when the request turns out to be a zone > transfer it further checks it against the allow-transfer option. That is the intellectual leap I was looking for. I added the lines view "internal { match-clients { !192.168.2.12; 192.168.2/24; }; ... view "external" { match-clients { !192.168.2.1; any; }; on the server and things worked swimmingly (I was missing the not clauses before). Danka schoen. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: discrepancy with rndc dumpdb -zones
Hi Gordon, We've not seen this before (and it doesn't sound like anyone else has either). What version of BIND is it? Has it reappeared since? Is this a particularly heavily loaded/busy server? Does it have recursive cache as well as authoritative zones? Kind regards, Cathy Gordon A. Lang wrote: > After several successful "update delete ..." nsupdate sends to the master > DNS server, verified with dig, the "rndc dumpdb -zones" command produced > named_dump.db file still showing the deleted records. This was repeatable > and persistent (over the half hour time period) until I performed a hard > restart of named. > > Has anyone else seen this sort of thing? > > Can anyone explain this? > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: discrepancy with rndc dumpdb -zones
BIND 9.4-ESV-R2 acting as master and also allowing recursive queries. It was just a disaster recovery exercise, so the load was extremely light. It happened repeatedly at the time, but I could not duplicate the problem on the busy production server. Matus posted that it could be journal data, which is believable, but I did not know the dumpdb was supposed to include history -- I thought it was supposed to be a fully digested and cherent snapshot. I have not had time to revist this, but I still do want to find out more. Thanks. -- Gordon A. Lang - Original Message - From: "Cathy Almond" To: Sent: Wednesday, September 01, 2010 6:52 AM Subject: Re: discrepancy with rndc dumpdb -zones Hi Gordon, We've not seen this before (and it doesn't sound like anyone else has either). What version of BIND is it? Has it reappeared since? Is this a particularly heavily loaded/busy server? Does it have recursive cache as well as authoritative zones? Kind regards, Cathy Gordon A. Lang wrote: After several successful "update delete ..." nsupdate sends to the master DNS server, verified with dig, the "rndc dumpdb -zones" command produced named_dump.db file still showing the deleted records. This was repeatable and persistent (over the half hour time period) until I performed a hard restart of named. Has anyone else seen this sort of thing? Can anyone explain this? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 and DLZ
On 08/31/2010 12:10 PM, Scott Haneda wrote: If anyone can point me to a simple tutorial, or explain how they managed to get this up and running on RHEL with a current version of BIND, I would appreciate any and all information that can be shared. I will do my best to follow up with what I learn once this is all done so others can hopefully have an easier time. Hi Scott, I have just made a quick write-up of my use of Bind-DLZ on Centos 5.X. I would welcome any comments. http://itsecureadmin.com/2010/09/bind-dlz-with-mysql/ Thanks, -- Josh Miller, RHCE/VCP Seattle, WA Linux Solutions Provider Website: http://itsecureadmin.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 and DLZ
On Sep 1, 2010, at 11:26 AM, Josh Miller wrote: > On 08/31/2010 12:10 PM, Scott Haneda wrote: > >> If anyone can point me to a simple tutorial, or explain how they managed to >> get this up and running on RHEL with a current version of BIND, I would >> appreciate any and all information that can be shared. I will do my best to >> follow up with what I learn once this is all done so others can hopefully >> have an easier time. > > Hi Scott, > > I have just made a quick write-up of my use of Bind-DLZ on Centos 5.X. I > would welcome any comments. > > http://itsecureadmin.com/2010/09/bind-dlz-with-mysql/ Thanks! I don't think I will have much issue with the configuration, this is a second install as a slave to a master that resides elsewhere. Probably the hardest part will be getting Mysql to replicate across a non local lan, but it should be not that terrible to get working. My issue seems to be the actual install. I am using this rpm: http://people.redhat.com/atkac/bind/bind-9.7.1-2.P2.fc13.src.rpm When I run rpm -i on that it warns me about mysql-devel and posgresql-devel, so I installed mysql-devel and commented out the need for the postgresql-devel from the spec file. Next up I run: rpmbuild -bb /usr/src/redhat/SPECS/bind.spec That command does not complete, and is also installing a chrooted BIND, which I don't want: Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.84489 + umask 022 + cd /usr/src/redhat/BUILD + LANG=C + export LANG + unset DISPLAY + cd /usr/src/redhat/BUILD + rm -rf bind-9.7.1-P2 + /bin/gzip -dc /usr/src/redhat/SOURCES/bind-9.7.1-P2.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd bind-9.7.1-P2 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + echo 'Patch #5 (bind-nonexec.patch):' Patch #5 (bind-nonexec.patch): + patch -p1 -b --suffix .nonexec -s + echo 'Patch #10 (bind-9.5-PIE.patch):' Patch #10 (bind-9.5-PIE.patch): + patch -p1 -b --suffix .PIE -s + echo 'Patch #16 (bind-9.3.2-redhat_doc.patch):' Patch #16 (bind-9.3.2-redhat_doc.patch): + patch -p1 -b --suffix .redhat_doc -s + echo 'Patch #104 (bind-96-dyndb.patch):' Patch #104 (bind-96-dyndb.patch): + patch -p1 -b --suffix .dyndb -s + echo 'Patch #111 (bind97-compat-default-keysdir.patch):' Patch #111 (bind97-compat-default-keysdir.patch): + patch -p1 -b --suffix .compat-default-keysdir -s + echo 'Patch #101 (bind-96-old-api.patch):' Patch #101 (bind-96-old-api.patch): + patch -p1 -b --suffix .old-api -s + mkdir bin/named-sdb + cp -r bin/named/Makefile.in bin/named/Makefile.in.PIE bin/named/bind.keys.h bin/named/bind9.xsl bin/named/bind9.xsl.h bin/named/bindkeys.pl bin/named/builtin.c bin/named/client.c bin/named/config.c bin/named/control.c bin/named/controlconf.c bin/named/convertxsl.pl bin/named/include bin/named/interfacemgr.c bin/named/listenlist.c bin/named/log.c bin/named/logconf.c bin/named/lwaddr.c bin/named/lwdclient.c bin/named/lwderror.c bin/named/lwdgabn.c bin/named/lwdgnba.c bin/named/lwdgrbn.c bin/named/lwdnoop.c bin/named/lwresd.8 bin/named/lwresd.c bin/named/lwresd.docbook bin/named/lwresd.html bin/named/lwsearch.c bin/named/main.c bin/named/main.c.dyndb bin/named/named.8 bin/named/named.8.redhat_doc bin/named/named.conf.5 bin/named/named.conf.docbook bin/named/named.conf.html bin/named/named.docbook bin/named/named.html bin/named/notify.c bin/named/query.c bin/named/server.c bin/named/server.c.compat-default-keysdir bin/named/server.c.dyndb bin/named/sortlist.c bin/named/statscha nnel.c bin/named/tkeyconf.c bin/named/tsigconf.c bin/named/unix bin/named/update.c bin/named/win32 bin/named/xfrout.c bin/named/zoneconf.c bin/named-sdb + echo 'Patch #11 (bind-9.3.2b2-sdbsrc.patch):' Patch #11 (bind-9.3.2b2-sdbsrc.patch): + patch -p1 -b --suffix .sdbsrc -s + cp -fp contrib/sdb/ldap/ldapdb.c contrib/sdb/ldap/ldapdb.h bin/named-sdb + cp -fp contrib/sdb/pgsql/pgsqldb.c contrib/sdb/pgsql/pgsqldb.h bin/named-sdb + cp -fp contrib/sdb/sqlite/sqlitedb.c contrib/sdb/sqlite/sqlitedb.h bin/named-sdb + cp -fp contrib/sdb/dir/dirdb.c contrib/sdb/dir/dirdb.h bin/named-sdb + mkdir -p bin/sdb_tools + cp -fp /usr/src/redhat/SOURCES/ldap2zone.c bin/sdb_tools/ldap2zone.c + cp -fp /usr/src/redhat/SOURCES/bind-9.3.1rc1-sdb_tools-Makefile.in bin/sdb_tools/Makefile.in + cp -fp contrib/sdb/ldap/zone2ldap.1 contrib/sdb/ldap/zone2ldap.c bin/sdb_tools + cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools + cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools + echo 'Patch #12 (bind-9.5-sdb.patch):' Patch #12 (bind-9.5-sdb.patch): + patch -p1 -b --suffix .sdb -s + echo 'Patch #17 (bind-9.3.2b1-fix_sdb_ldap.patch):' Patch #17 (bind-9.3.2b1-fix_sdb_ldap.patch): + patch -p1 -b --suffix .fix_sdb_ldap -s + echo 'Patch #62 (bind-9.5-sdb-sqlite-bld.patch):' Patch #62 (bind-9.5-sdb-sqlite-bld.patch): + patch -p1 -b --suffix .sdb-sqlite-bld -s + echo 'Patch #71 (bind-9.5-overflow.patch):' Patch #71 (bind-9.5-over
Re: BIND9 and DLZ
On 09/01/2010 03:26 PM, Scott Haneda wrote: You should add the contents of `/usr/share/aclocal/libtool.m4' to `aclocal.m4'. + aclocal -I m4 --force configure.in:2772: warning: underquoted definition of NOM_PATH_FILE run info '(automake)Extending aclocal' or see http://sources.redhat.com/automake/automake.html#Extending-aclocal contrib/dlz/config.dlz.in:38: warning: underquoted definition of DLZ_ADD_DRIVER + autoconf -f configure.in:287: error: possibly undefined macro: AC_C_FLEXIBLE_ARRAY_MEMBER If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. error: Bad exit status from /var/tmp/rpm-tmp.45014 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.45014 (%build) It looks like this version of Bind is expecting a newer version of autoconf and expects new macros defined, like AC_C_FLEXIBLE_ARRAY_MEMBER, which was introduced in autoconf 2.61. (re: http://git.savannah.gnu.org/cgit/autoconf.git/tree/NEWS) I was able to get past this error by commenting out this macro in the configure.in file within the archive. ie: 1. pushd /usr/src/redhat/SOURCES/ 2. tar xzvf bind-9.7.1-P2.tar.gz 3. vi bind-9.7.1-P2/configure.in 4. Comment out line 285 with a # 5. remove old archive: rm -rf bind-9.7.1-P2.tar.gz 6. archive the new version: tar czvf bind-9.7.1-P2.tar.gz bind-9.7.1-P2 7. re-run rpmbuild command After this, I successfully created the RPMs. Thanks, -- Josh Miller, RHCE/VCP Seattle, WA Linux Solutions Provider Website: http://itsecureadmin.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't transfer two zones using two IP addresses
In message <201009010237.26909.scott.simp...@computer.org>, Scott Simpson write s: > On Tuesday 31 August 2010 21:44:15 Barry Margolin wrote: > > Do the transfer sources match the match-clients options of the two > > views? When a connection arrives, it's first associated with a view > > using this option. Then when the request turns out to be a zone > > transfer it further checks it against the allow-transfer option. > > That is the intellectual leap I was looking for. I added the lines > > view "internal { > match-clients { !192.168.2.12; 192.168.2/24; }; > ... > view "external" { > match-clients { !192.168.2.1; any; }; > > on the server and things worked swimmingly (I was missing the not clauses > before). Danka schoen. Don't forget notify source and to do the same sort of thing on the slave. This is in the FAQ. > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't transfer two zones using two IP addresses
In article , Mike Ragusa wrote: > What does your ifconfig -a output look like? Are you sure the External AXFR > queries are coming form 192.168.2.12? He said he checked with tcpdump and it showed the correct source addresses. My guess was the answer, he forgot about match-clients. > > On Wed, Sep 1, 2010 at 12:38 AM, Scott Simpson > wrote: > > > I'm trying to transfer my two zones "internal" and "external" from master > > to > > slave using two IP addresses and it isn't working. > > > > On my master I have: > > > > view "internal" { > >allow-transfer { 192.168.2.1; }; > > ... > > view "external" { > >allow-transfer { 192.168.2.12; }; > > ... > > > > My slave has two IP addresses 192.168.2.1 and 192.168.2.12 (I used a > > secondary > > IP address on the card). On the slave I have > > > > view "internal" { > >transfer-source 192.168.2.1; > > ... > > view "external" { > >transfer-source 192.168.2.12; > > ... > > > > When I try to transfer the domain "external", I get a permission denied on > > the > > master. I know that the slave is using the correct transfer-source IP > > address > > because I did a tcpdump and it shows the correct address for the two > > transfers. > > > > Interestingly, if I switch the "internal" and "external" stanzas on the > > master, I get "external" only and not "internal". What gives? Thanks. > >Scott > > > > ___ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users