"Good" TTL value for DDNS clients ?
Hello I'm setting up a DDSN server , following the ISC documentation it is working nicely. But I would like some guidance on setting up the TTL value for DHCP/DDNS clients. We use a lot of dual boot machines WINDOWS/LINUX and with default parameters the DDNS record isn't removed from the DDNS when a user switch from one OS to another. Any info help welcome. Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AW: ipv6 PTR in zone file
On 4/13/2011 6:58 PM, Michel de Nostredame wrote: > Not sure how large will be the effort to add a new directive into > BIND, but that just a feed back, and wish, from me and my team > members, who needs to maintain few hundreds of statically assigned IPs > for servers and CE/PE routers. Dynamic zones and the judicious use of "arpaname" seems like the best bet to me (without adding extra code to BIND, that is). AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
SOA RNAME Value
Hello List, When troubleshooting a particular reverse delegated zone to us we used the normal "d/26.c.b.a.in-addr.arpa" naming for the zone. A couple of zones did not get served correctly (tried on BIND 9.7.0-P2 and 9.7.3) and any query for a record within these zones always came back with a SERVFAIL. After coming thru all of the syntax in the config and zone everything checked out as valid. I enabled debug logging which didn't really yield any useful data. I tried running debug on the named-checkzone and everything came back clean. Web searches were not very helpful especially since I didn't really know what search keywords to use. Eventually I compared one working reverse delegated zone to one of the problem ones with a more granular eye and I noticed the RNAME in the SOA was different where the SERVFAIL one had "hostmaster" and the working one had "hostmaster.domain.com.". I thought well I might as try it out and replaced the "hostmaster" with "hostmaster.domain.com." and sure enough it was serving the domain just fine after that. So I know you can get away with using just "hostmaster" in the RNAME field if your zone/domain actually makes sense but in this case it was not working and I can only think it has to do with the slash "/" character in the zone name. Is this behavior documented? Is it perhaps a bug? Certainly I personally will remember this as an issue going forward but will others run into this trouble as well? Am I way off base on thinking it should have been more easily identifiable what the problem is with using the debug logs and debug named-checkzone tool? I know the RNAME field should just be set to an appropriate value but does anyone generally even use the RNAME? The authoritative name servers are giving an NXDOMAIN or SERVFAIL or whatever it's not like you can even see the SOA anyways. Thanks for any insight!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AW: ipv6 PTR in zone file
On Apr 13, 2011, at 4:58 PM, Michel de Nostredame wrote: On Tue, Apr 12, 2011 at 3:41 AM, Niall O'Reilly wrote: On 12 Apr 2011, at 10:49, Michel de Nostredame wrote: Thanks Walter and Marco. Those two tool/method do resolve short term needs. Thanks again. (btw, the URL form Walter should be ftp://ftp.bieringer.de/pub/linux/IPv6/ipv6calc/ ) Beside them, is any potential possibility to have something build-in in BIND config/zone file as kind of beautiful (my, and my team, personal point of view) solution? Anyone knows if there was any similar discussions inside BIND developer group before? Not that I recall. I'm not sure what benefit you see in adding a feature to the BIND server and tools. I should have thought that a suitable script, either for provisioning your zone file(s) or for applying a dynamic update, would both relieve any burden you currently have, and leave you more flexibility than would an extension to BIND. If there is $REVERSE (or some similar directive) can put inside ZONE file and named.conf file, then it would be a good help for those people who need to manually manage PTR records. From regular people point of view, it could be easier to read, maintain and less possible of human errors. Not sure how large will be the effort to add a new directive into BIND, but that just a feed back, and wish, from me and my team members, who needs to maintain few hundreds of statically assigned IPs for servers and CE/PE routers. Back in the good old days, when DNS administrators didn't have fancy tools, there was a common solution to this problem. I wrote a little script which took a host name and an IP address (IPv4, but the idea would be the same for IPv6) and generated the forward DNS "A" record for this and append it, or insert it, into the forward zone file. Then, this same script would then take this same information and add the appropriate "PTR" into the appropriate reverse zone file. The "h2n" script was another tool commonly used to manage DNS information from the contents of the /etc/hosts file. The problem with introducing some new directive into BIND is that your idea of what would be the appropriate zones files to work with may not be the same as someone else. For example, in the forward zone, would assigning MX records be the "correct" result also? There are too many possibilities to allow solving everyone's needs. This is something that needs to be done by the DNS administrator who understands the needs of the zone. (At least in my very humble opinion). Bill Larson ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AW: ipv6 PTR in zone file
On Tue, Apr 12, 2011 at 3:41 AM, Niall O'Reilly wrote: > On 12 Apr 2011, at 10:49, Michel de Nostredame wrote: >> Thanks Walter and Marco. Those two tool/method do resolve short term >> needs. Thanks again. >> (btw, the URL form Walter should be >> ftp://ftp.bieringer.de/pub/linux/IPv6/ipv6calc/ ) >> >> Beside them, is any potential possibility to have something build-in >> in BIND config/zone file as kind of beautiful (my, and my team, >> personal point of view) solution? >> >> Anyone knows if there was any similar discussions inside BIND >> developer group before? > > Not that I recall. > > I'm not sure what benefit you see in adding a feature to > the BIND server and tools. I should have thought that a > suitable script, either for provisioning your zone file(s) > or for applying a dynamic update, would both relieve any > burden you currently have, and leave you more flexibility > than would an extension to BIND. If there is $REVERSE (or some similar directive) can put inside ZONE file and named.conf file, then it would be a good help for those people who need to manually manage PTR records. From regular people point of view, it could be easier to read, maintain and less possible of human errors. Not sure how large will be the effort to add a new directive into BIND, but that just a feed back, and wish, from me and my team members, who needs to maintain few hundreds of statically assigned IPs for servers and CE/PE routers. -- Michel~ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
strange dig response querying my subdomain zone
Hello. if I query my domain zone with dig I have correct values as response. dig mydomain.com SOA now if I query one of my subdomains dig subodmain.mydomain.com SOA in the response I have a ANSWER SECTION and AUTHORITY SECTION. but I do not have an ADDICTIONAL SECTION and I did not expect it to happen. What this should be due to ? what kind of error in the configuration ? I am sure the delegation and glue records are OK. thank you Rick ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How best to strip references to managed-keys.bind, bind.keys, rndc.key
Trying to get a clean set of logs. I'm guessing this has something to do with redefining 'view _default' and I'm having challenges figuring out how to do this. Someone point me to where _default is defined in the docs and I'll just remove appropriate references to the mentioned files. Thanks. -- Love feeling your best ever, all day, every day? Click http://RadicalHealth.com for the easy way! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Fwd: GSS-TSIG with a change root enviroment
-- Forwarded message -- From: Juergen Dietl Date: 2011/4/13 Subject: Re: GSS-TSIG with a change root enviroment To: Abdulla Bushlaibi Hello, thanx for the -g hint. Now I see the same thing I saw yesterday in the syslog. For any reason the syslog dont show anything since yesterday - but thats another story. When I use bind with the -t parameter (change root) I get the following error: 13-Apr-2011 13:10:17.956 default realm from krb5.conf (EXAMPLE.TEST) does not match tkey-gssapi-credential (DNS/dns1.example.t...@example.test) 13-Apr-2011 13:10:17.956 configuring TKEY: failure 13-Apr-2011 13:10:17.956 loading configuration: failure 13-Apr-2011 13:10:17.956 exiting (due to fatal error) When I start it without -t all is OK. But I need the change root for security reasons. I put they krb5.keytab in /etc/ and /root-envirment/etc but didnt help. Is there anybody where it works with the -g parameter? thanx so far, Juergen 2011/4/13 Abdulla Bushlaibi > Hey Juergen, > > You could try running bind with -g option and see what the logs tell you. > > Best Regards > > > > > On 13/04/2011 1:11 PM, Juergen Dietl wrote: > > Hello, > > I set up gss-tsig and working fine with bind 9.7.3 and bind 9.8. Now I > tried it on a 2nd server that uses 2 instances of bind. One for primary one > for secondary. For this the primary bind starts with the "-t parameter" > which tells him to use a change root enviroment. If I start the bind this > way I dont get any error messages but it do not start. > > Is there anything I must pay attention if I want to use bind and gss-tsig > in a change root envirement? > > thanx for any hints, > cheers, > Juergen > > > ___ > bind-users mailing > listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GSS-TSIG with a change root enviroment
Hey Juergen, You could try running bind with -g option and see what the logs tell you. Best Regards On 13/04/2011 1:11 PM, Juergen Dietl wrote: Hello, I set up gss-tsig and working fine with bind 9.7.3 and bind 9.8. Now I tried it on a 2nd server that uses 2 instances of bind. One for primary one for secondary. For this the primary bind starts with the "-t parameter" which tells him to use a change root enviroment. If I start the bind this way I dont get any error messages but it do not start. Is there anything I must pay attention if I want to use bind and gss-tsig in a change root envirement? thanx for any hints, cheers, Juergen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
GSS-TSIG with a change root enviroment
Hello, I set up gss-tsig and working fine with bind 9.7.3 and bind 9.8. Now I tried it on a 2nd server that uses 2 instances of bind. One for primary one for secondary. For this the primary bind starts with the "-t parameter" which tells him to use a change root enviroment. If I start the bind this way I dont get any error messages but it do not start. Is there anything I must pay attention if I want to use bind and gss-tsig in a change root envirement? thanx for any hints, cheers, Juergen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users