Re: bind 9.6.3 crashing on Freebsd 7.3
On 02/11/2011 07:21 PM, Terry. wrote: 2011/2/11 Joshua Frugé: running bind 9.6.3 installed from ports on Freebsd 7.3 (amd64) Getting this error in my local log 10-Feb-2011 21:12:13.711 general: rbtdb.c:1506: INSIST(((unsigned int)((&(node)->references)->refs)) == 0&& node->data == ((void *)0)) failed could you try to compile BIND from the source rather than the ports installation? That won't change anything, except maybe the arguments to configure. There are no patches in the port. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named_dump - record where answer came from?
In article , Matus UHLAR - fantomas wrote: > Hello, > > can named remember and log where the answer came from, when dumping a > database? > > Last two days I've been solving similar problem - cached NXDOMAIN for .sk > domain that do and did really exist. > > I know some of .sk servers run still on BIND8 that has some implementation > flaws, but can any of them cause this kind of error? > > There are the cached record from named dump database. > > www.porada.sk. 11629 \-ANY ;-$NXDOMAIN > ; sk. SOA ns.sk-nic.sk. hostmaster.sk-nic.sk. 2011021040 28800 7200 360 > 86400 > > nemetko.sk. 11172 \-ANY ;-$NXDOMAIN > ; sk. SOA ns.sk-nic.sk. hostmaster.sk-nic.sk. 2011020956 28800 7200 360 > 86400 > > I'd really like to know where these came from. IIRC, BIND 8 had this information, but it went away in BIND 9. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: additional empty zones
2011/2/12 Matus UHLAR - fantomas : > Hello, > > Is it possible to add additional zones as empty? depends on what is "empty". ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.6.3 crashing on Freebsd 7.3
2011/2/11 Joshua Frugé : > running bind 9.6.3 installed from ports on Freebsd 7.3 (amd64) > > Getting this error in my local log > > 10-Feb-2011 21:12:13.711 general: rbtdb.c:1506: INSIST(((unsigned > int)((&(node)->references)->refs)) == 0 && node->data == ((void *)0)) failed > could you try to compile BIND from the source rather than the ports installation? Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
max-udp-size controls what you send. MAX(512, MIN(max-udp-size, client's UDP size)) edns-udp-size controls what you advertise you can receive. MAX(512, MIN(edns-udp-size, server's UDP size)) -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/11/2011 01:21 PM, Ryan Novosielski wrote:
> On 02/10/2011 04:19 PM, Chuck Swiger wrote:
>> On Feb 10, 2011, at 12:39 PM, Ryan Novosielski wrote:
>>> health.nyc.gov query-errors:
>>>
>>> 10-Feb-2011 15:32:30.682 query-errors: debug 1: client
>>> 130.219.34.129#55935: query failed (SERVFAIL) for health.nyc.gov/IN/MX
>>> at query.c:4630
>>> 10-Feb-2011 15:32:30.682 query-errors: debug 2: fetch completed at
>>> resolver.c:3057 for health.nyc.gov/MX in 0.46: failure/success
>>> [domain:nyc.GOV,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:4,findfail:0,valfail:0
>
>> The adberr count looks like it can only be incremented by two code sections
>> in lib/dns/resolver.c:
>
>> if (result != ISC_R_SUCCESS) {
>> if (result == DNS_R_ALIAS) {
>> /*
>> * XXXRTH Follow the CNAME/DNAME chain?
>> */
>> dns_adb_destroyfind(&find);
>> fctx->adberr++;
>> }
>> }
>
>> [ ...and... ]
>
>> if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0)
>> fctx->lamecount++; /* cached lame server */
>> else
>> fctx->adberr++; /* unreachable server, etc.
>> */
>
>> This implies a connectivity issue between your client and the nyc.gov
>> nameservers, I think.
>> But there are local wizards lurking who are much more familiar with the code
>> than I
>
> It is starting to appear as if this is an issue relating to EDNS, though
> I can't see specifically how. It does not appear to even be a size
> related issue, but instead possibly something to do with packet
> fragmentation. I built a BIND 9.6.2 server on a CentOS VM -- works fine
> off our network (connected via Verizon Wireless), but does not work on
> campus.
>
> What I don't quite understand is why querying say 8.8.8.8 with a copy of
> dig on our network would work. Isn't the same thing ultimately going to
> have to pass through the same place in our firewall/network eventually
> whether it's a nameserver asking for it or a client?
So it was a two part problem, one that pertains to BIND and one that
pertains to the firewall.
1) I had max-udp-size=512, which is what I understood to be the prudent
thing to have configured if your firewall had a DNS packet limit of 512.
For whatever reason, that turned out not to be correct.
2) In the firewall we had a packet size limit of 512 for non-EDNS
traffic and "client auto" for EDNS traffic. However, in our version of
firewall firmware, this does not work (a bug), so all of our traffic was
effectively limited to 512.
What I haven't yet figured out is why #1 would cause the connectivity
problem that it did to the .gov DNS servers. It appears that perhaps
something was destroying the fragmented packets. I'd be curious if
there's someone out there who knows more than me and could help explain.
- --
- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1VyzgACgkQmb+gadEcsb4jDQCfUM3JoQNNg8kluYVaM7n4o/l0
W6MAoMzkyoKjJZntBUlvO0iLkjPkfq0l
=/R/g
-END PGP SIGNATURE-
<>___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: multi-master with mysql backend
I understand you, but the advantage of having mysql backend is that if one of the two servers dies, the other keeps running with up to date informations, and can also be updated wit new informations. When the other server comes up again it will automatically sync itself using mysql replica mechanism. if I use file backend I have to manually sync it, and how to keep tracks of modifications ? for this I choose mysql backend Riccardo On 2/11/11 10:29 PM, David Sparro wrote: On 2/9/2011 7:12 PM, fddi wrote: I could succesfully setup bind with mysql backend and it works using bind-mysql driver. everything works except that nsupdate will no longer work. is this normal ?? requests sent for adding a RR using nsupdate are ignored by named when using mysqldb backend while they are honoured and served when using normal file backend. is this a normal behaviour ? how to use nsupdate even if with a different backend which is not the default file backend ? If you are using nsupdate to make changes to your hosted zones, couldn't you simply change the process to send the update to both servers separately. Make each server a master with a standard file for the backend data. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: multi-master with mysql backend
On 2/9/2011 7:12 PM, fddi wrote: I could succesfully setup bind with mysql backend and it works using bind-mysql driver. everything works except that nsupdate will no longer work. is this normal ?? requests sent for adding a RR using nsupdate are ignored by named when using mysqldb backend while they are honoured and served when using normal file backend. is this a normal behaviour ? how to use nsupdate even if with a different backend which is not the default file backend ? If you are using nsupdate to make changes to your hosted zones, couldn't you simply change the process to send the update to both servers separately. Make each server a master with a standard file for the backend data. -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 SERVFAIL on some .gov addresses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/10/2011 04:19 PM, Chuck Swiger wrote:
> On Feb 10, 2011, at 12:39 PM, Ryan Novosielski wrote:
>> health.nyc.gov query-errors:
>>
>> 10-Feb-2011 15:32:30.682 query-errors: debug 1: client
>> 130.219.34.129#55935: query failed (SERVFAIL) for health.nyc.gov/IN/MX
>> at query.c:4630
>> 10-Feb-2011 15:32:30.682 query-errors: debug 2: fetch completed at
>> resolver.c:3057 for health.nyc.gov/MX in 0.46: failure/success
>> [domain:nyc.GOV,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:4,findfail:0,valfail:0
>
> The adberr count looks like it can only be incremented by two code sections
> in lib/dns/resolver.c:
>
> if (result != ISC_R_SUCCESS) {
> if (result == DNS_R_ALIAS) {
> /*
> * XXXRTH Follow the CNAME/DNAME chain?
> */
> dns_adb_destroyfind(&find);
> fctx->adberr++;
> }
> }
>
> [ ...and... ]
>
> if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0)
> fctx->lamecount++; /* cached lame server */
> else
> fctx->adberr++; /* unreachable server, etc. */
>
> This implies a connectivity issue between your client and the nyc.gov
> nameservers, I think.
> But there are local wizards lurking who are much more familiar with the code
> than I
It is starting to appear as if this is an issue relating to EDNS, though
I can't see specifically how. It does not appear to even be a size
related issue, but instead possibly something to do with packet
fragmentation. I built a BIND 9.6.2 server on a CentOS VM -- works fine
off our network (connected via Verizon Wireless), but does not work on
campus.
What I don't quite understand is why querying say 8.8.8.8 with a copy of
dig on our network would work. Isn't the same thing ultimately going to
have to pass through the same place in our firewall/network eventually
whether it's a nameserver asking for it or a client?
- --
- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1VfigACgkQmb+gadEcsb6i8gCgm2YnVtwVFTycUKK/JQgM9eTP
6WoAnAuZ31BQR4+xdWbyc9+tur1joI9i
=CIn8
-END PGP SIGNATURE-
<>___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
additional empty zones
Hello, Is it possible to add additional zones as empty? Is that a planned feature? I have many manually configured zones that are not empty by default in BIND. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.6.3 crashing on Freebsd 7.3
running bind 9.6.3 installed from ports on Freebsd 7.3 (amd64) Getting this error in my local log 10-Feb-2011 21:12:13.711 general: rbtdb.c:1506: INSIST(((unsigned int)((&(node)->references)->refs)) == 0&& node->data == ((void *)0)) failed 10-Feb-2011 21:12:13.711 general: exiting (due to assertion failure) Anyone else run into this? Any pointers on where to look for more info on this? Thanks, -- Joshua Frugé jfru...@lsu.edu ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named_dump - record where answer came from?
Hello, can named remember and log where the answer came from, when dumping a database? Last two days I've been solving similar problem - cached NXDOMAIN for .sk domain that do and did really exist. I know some of .sk servers run still on BIND8 that has some implementation flaws, but can any of them cause this kind of error? There are the cached record from named dump database. www.porada.sk. 11629 \-ANY ;-$NXDOMAIN ; sk. SOA ns.sk-nic.sk. hostmaster.sk-nic.sk. 2011021040 28800 7200 360 86400 nemetko.sk. 11172 \-ANY ;-$NXDOMAIN ; sk. SOA ns.sk-nic.sk. hostmaster.sk-nic.sk. 2011020956 28800 7200 360 86400 I'd really like to know where these came from. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?
Dnia 2011-02-10 15:49 Walter Smith napisał(a): >Oh - the original thought was to re-shuffle/clean-up zone(s) on Master...and since Slave(s) has this "nice" $ORIGIN paragraphs - would be nice to combine all these unique $ORIGINs back on Master... I personally find only one $ORIGIN at start of zone, and later using only relative names much more readable. >By-the-way --- is there any simple way (WITHOUT modifying named.conf) to "axfr" zone within Master/Slave/loopback? as said before, from slave (And maybe some other hosts, depending what you have in named.conf) dig axfr @master your.zone > your.zone.dump maybe add +noall +answer to get rid of (most) comments and useless stuff. And you will get double SOA record, at start and end of file. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
