Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

[Barry Margolin]

In article ,
 Walter Smith  wrote:

> Hello,
> 
> I have bind/named running on Linux master and slaves. All is good, but now 
> when I’m trying to clean up some old records – I realized that sorted 
> zone on 
> slaves are quite uneven. What I meant is, the $ORIGIN splits the zone into 
> some unknown to me syntax/format. Is there anywhere I can find the 
> description/documentation on it – How exactly slave parse the zone from 
> master and puts all these arbitrary paragraphs with $ORIGIN.

When writing the zone file on a slave, BIND uses $ORIGIN so that all 
records just have a single label.  So instead of writing:

foo.bar IN A 1.2.3.4

it will write:

$ORIGIN bar

foo IN A 1.2.3.4

If you have a zone with lots of levels of subdomain, the file will have 
lots of $ORIGIN statements as a result.

-- 
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: multi-master with mysql backend

[fddi]

I could succesfully setup bind with mysql backend and it works using 
bind-mysql driver.


everything works except that nsupdate will no longer work.

is this normal ??

requests sent for adding a RR using nsupdate are ignored by named when 
using mysqldb backend

while they are honoured and served when using normal file backend.

is this a normal behaviour ?

how to use nsupdate even if with a different backend which is not the 
default  file backend ?



any hints ?

thank you


Riccardo


On 2/9/11 3:48 PM, Steve Arntzen wrote:

I need really something very simple:


I have 2 domain name servers, I need them to be multi-master

Please explain -- *why* do you need multimaster?



I need to be able to update the nameserver even if one of the two
masters is down, I need this
for High Avaliability purposes for services geographycally distriuted
If I do not have a multimaster architecture and primary nameserver
goes
down, I Cannot update the secondary
if I need to.



How about rsync?

I too need a second master in an alternate location, only in the event
of a catastrophe (loss of a data center).  There are active slaves with
dynamic zones in both locations.  Any of the slaves can use either
master, but by default, they use the one listed first in named.conf
which is the master in the main location.  If the first master
disappears, the slaves will use the other master.

Simplicity is important to me as well and that's why I chose rsync to
periodically get the zone data (and configs) to the master in the
secondary location.  I looked into MySQL (which I use for other
purposes), but the solution was no longer simple.

Steve.




___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

[Torinthiel]

On 02/09/11 17:34, Walter Smith wrote:
> Hello,
> 
> I have bind/named running on Linux master and slaves. All is good, but
> now when I’m trying to clean up some old records – I realized that
> sorted zone on slaves are quite uneven. What I meant is, the $ORIGIN
> splits the zone into some unknown to me syntax/format. Is there anywhere
> I can find the description/documentation on it – How exactly slave parse
> the zone from master and puts all these arbitrary paragraphs with $ORIGIN.

$ORIGIN is simply appended to every name that does not have dot at the end.
So
$ORIGIN example.com
www a 1.2.3.4

and
www.example.com. a 1.2.3.4
are completely equivalent.

Now, why would you want to look into slave files, except for verifying
that the zone transfer succeeded?
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: about the file command

[Kevin Darcy]

On 2/8/2011 9:15 AM, Terry. wrote:

2011/2/8 Matus UHLAR - fantomas:

On 08.02.11 17:40, Terry. wrote:

Can BIND's "file" command referer to more than one zone file?
For example,

   zone "test.nsbeta.info" {
type master;
file "a.db";
file "b.db";
   };

When a record doesn't exist in a.db, BIND will continue to look for it in
b.db.

Afaik, no. Why would you want that?


For views catchall.

for example, named.conf has three views enabled by default, some users
have three veiws setup, but some have only two views setup, so I want
the catchall solution for the the lack of a view.

There is no "default" named.conf. Are you referring to some named.conf 
that was provided in an OS distribution? As part of a third-party DNS 
management tool? Perhaps you need to provide some specifics about your 
particular environment.


The general approach used with views is to include the entries that 
*every* view should see, into each version of the zone(s) in their 
respective views. Yes, this duplicates data and occupies more memory 
than is strictly necessary. If capacity is a problem, you always have 
the option of running separate nameserver instances on separate hardware 
or virtualized OS instances. Views are only a convenience for those who 
have the capacity and the desire to run multiple "logical" nameserver 
instances inside of a single process running in a single OS image.


This cross-view record-level or RRset-level inclusion can be done either 
through $INCLUDE-file chicanery, or by designing/modifying/configuring 
your DNS maintenance system to make and maintain the relevant entries in 
parallel.


As for selection of views, these are matched in order, so if your last 
view has "match-clients { any; };" (or, if you prefer, 
"match-destinations { any; };", this gives you the "not otherwise 
matched" behavior you seem to be seeking.




- Kevin



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

[Chris Thompson]

On Feb 9 2011, Walter Smith wrote:


I have bind/named running on Linux master and slaves. All is good, but
now when I'm trying to clean up some old records - I realized that sorted
zone on slaves are quite uneven. What I meant is, the $ORIGIN splits the
zone into some unknown to me syntax/format. Is there anywhere I can find
the description/documentation on it - How exactly slave parse the zone
from master and puts all these arbitrary paragraphs with $ORIGIN.


Remember that what is transferred from the master to the slave is in
internal (binary) DNS format. The format that the slave writes it to
disc (unless you have specified "masterfile-format raw") is the same
as that which named-checkzone would generate with the options
"-D -F text -s relative".

As the named-checkzone man page says under "-s",

The full format is most suitable for processing automatically by
a separate script. On the other hand, the relative format is more
human-readable and is thus suitable for editing by hand.

"More" does not mean "very", as you have noticed :-)

--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

syntax/format of zone on slave $ORIGIN/paragraph - sorted?

[Walter Smith]

Hello,

I have bind/named running on Linux master and slaves. All is good, but now when 
I’m trying to clean up some old records – I realized that sorted zone on slaves 
are quite uneven. What I meant is, the $ORIGIN splits the zone into some 
unknown to me syntax/format. Is there anywhere I can find the 
description/documentation on it – How exactly slave parse the zone from master 
and puts all these arbitrary paragraphs with $ORIGIN.

Thanks,
Walter


  ___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: compile error bind-9.7.2-P3 osx 10.5.8 ppc

[Bill Larson]

On Feb 8, 2011, at 8:43 PM, donovan jeffrey j wrote:


greetings

i was able to update ssl to OpenSSL 1.0.0c 2 Dec 2010
when i try and recompile bind I get an error on make

Undefined symbols:
 "_RSA_generate_key_ex", referenced from:
 _opensslrsa_generate in libdns.a(opensslrsa_link.o)
 "_DSA_generate_parameters_ex", referenced from:
 _openssldsa_generate in libdns.a(openssldsa_link.o)
 "_DH_generate_parameters_ex", referenced from:
 _openssldh_generate in libdns.a(openssldh_link.o)
ld: symbol(s) not found
collect2: ld returned 1 exit status
make[2]: *** [named] Error 1
make[1]: *** [subdirs] Error 1
make: *** [subdirs] Error 1


Remember that MacOS X includes OpenSSL.  Are you really updating the  
version on OpenSSL supplied by Apple, or are you installing a second,  
and newer, version of OpenSSL in a different directory?


Where did you install the OpenSSL package?  Did you use the defaults,  
which installs in /usr/local/ssl?


What configure option(s) did you use when building BIND?  Did you  
explicitly state "--with-openssl"?  The default, not specifying "with- 
openssl", will use Apple's OpenSSL, which is OpenSSL 0.9.7, not  
OpenSSL 1.


I ***just*** successfully built BIND 9.7.2-P3 with OpenSSL 1.0.0.c.  I  
am also running MacOS X 10.5.8, but on an Intel machine rather than  
PPC.  My added OpenSSL was installed in it's default location, /usr/ 
local/ssl.  The configure command for building BIND was "./configure -- 
with-openssl=/usr/local/ssl".  Note that I explicitly specified the  
path for OpenSSL to avoid using the Apple supplied version of OpenSSL.


Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

bind9: debugging information in logs

[Pavel Sukhoy]

Hello,

Could you please give me clarification about debugging mode. 

In the BIND9.7 ARM I found this:
"...
The server can supply extensive debugging information when it is in debugging 
mode. If the server’s
global debug level is greater than zero, then debugging mode will be active. 
The global debug level is
set either by starting the named server with the -d flag followed by a positive 
integer, or by running
rndc trace. The global debug level can be set to zero, and debugging mode 
turned off, by running rndc
notrace. All debugging messages in the server have a debug level, and higher 
debug levels give more
detailed output. Channels that specify a specific debug severity, for example:
channel specific_debug_level {
file "foo";
severity debug 3;
};
will get debugging output of level 3 or less any time the server is in 
debugging mode, regardless of
the global debugging level.
..."

But on the BIND9.7.2-P3 I have seen that: if only "severity debug [level]" will 
be set in channel configuration and at the same time debugging level is 0 - I 
will see in log file information regarding to this debugging level. I think 
something is wrong. 

-- 
With best regards,
Pavel Sukhoy
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: multi-master with mysql backend

[Steve Arntzen]

>>> I need really something very simple:
>>>
>>>
>>> I have 2 domain name servers, I need them to be multi-master
>> Please explain -- *why* do you need multimaster?
>>
>>
>I need to be able to update the nameserver even if one of the two 
>masters is down, I need this
>for High Avaliability purposes for services geographycally distriuted

>If I do not have a multimaster architecture and primary nameserver
>goes 
>down, I Cannot update the secondary
>if I need to.



How about rsync?

I too need a second master in an alternate location, only in the event
of a catastrophe (loss of a data center).  There are active slaves with
dynamic zones in both locations.  Any of the slaves can use either
master, but by default, they use the one listed first in named.conf
which is the master in the main location.  If the first master
disappears, the slaves will use the other master.

Simplicity is important to me as well and that's why I chose rsync to
periodically get the zone data (and configs) to the master in the
secondary location.  I looked into MySQL (which I use for other
purposes), but the solution was no longer simple.

Steve.




___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: multi-master with mysql backend

[fddi]

On 2/9/11 2:15 AM, Warren Kumari wrote:

On Feb 8, 2011, at 10:47 AM, fddi wrote:


I need really something very simple:


I have 2 domain name servers, I need them to be multi-master

Please explain -- *why* do you need multimaster?


I need to be able to update the nameserver even if one of the two 
masters is down, I need this

for High Avaliability purposes for services geographycally distriuted

If I do not have a multimaster architecture and primary nameserver goes 
down, I Cannot update the secondary

if I need to.

Riccardo


so I will put a mysql instance on each one,
the two mysql servers in sync whith each other.

when one of the servers goes down, the other continue to work.

If you have "traditional" master-slave and the "master" goes down, the slave will 
continue to serve the last information it had (at least, until the expire timer goes "boing").

So, make Server_A be the master, Server_B the slave and set expire to be a 
couple of weeks. Assuming Server_A goes kablooie, you have 2 weeks to promote 
Server_B from slave to master...



There are very few entry in hte database let;s say 10 entries of important 
internet services which must be
always avaliable... that's it nothing complicate.

Yup.


now I coudl succesfully build my own bind RPM for CentOS with mysql backend 
support.
I simply used mysql-bind driver patches

Ah, but now, suddenly, it *is* complicated...

Seriously, unless you have some pathological use case traditional master/ slave 
is way way more stable...
W



http://mysql-bind.sourceforge.net/


now I am trying them out


thank you for all the suggestions you gave me


Riccardo

On 2/8/11 4:28 PM, Gary Wallis wrote:

fddi wrote:

thank you for hte thread you pointed me.
Actaully I do not have performance issue, but I just need DNS multi-master.
I could succesfully apply mysql-bind patches.
I have only one zone with few hosts.

thank you very much

Riccardo


On 2/8/11 3:30 PM, Terry. wrote:

2011/2/8 fddi:

I have considered dlz, but it does mocu more than simply mysql backend and
seems too way complicate for my porpouse.
At hte end I am considering using this mysql-bind:

http://mysql-bind.sourceforge.net/


You may read this one of the mailing list archive:
https://lists.isc.org/pipermail/bind-users/2008-April/069884.html

Terry.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


A nice way to deal with what Riccardo's needs is to use ISC BIND configured 
statically (keeps all advantages of a pure BIND system) but from a MySQL 
database that has web apps for end users to manage their own zone data. BIND 
was not meant for end users with little to no DNS expertise to manage their 
RRs. Some middleware is required.

This is not a new concept but developed from pure dynamic websites to ones that 
"printed" static copies of their pages -now proxies are also used as well as 
memcache for SQL query caching.

See wikipedia for dns management software.

Cheers!
Gary
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users