Resign a zone

2011-11-08 Thread rams 
Hi ,
I have signed zone  and already i have resigned two times. Now again i am
resigning zone but after resign zone , RRSIG values are not changed. the
same old values displaying. Any wrong in me. Could you please guide me how
to change RRSIG values.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Resign a zone

2011-11-08 Thread Torinthiel 

On 2011-11-08 10:34, rams wrote:

Hi ,
I have signed zone  and already i have resigned two times. Now again i
am resigning zone but after resign zone , RRSIG values are not changed.
the same old values displaying. Any wrong in me. Could you please guide
me how to change RRSIG values.


There could be several issues with this, please give some more info. How 
are you signing your zone? dnssec-signzone? automatically using bind? 
Some other software?


If you're using dnssec-signzone and pass it old signed zone data it 
regenerates signatures only if signature end time falls within a period 
defaulting to 1/4 signature valitity time (so with default signature 
period it's 7.5 days). If you re-sign your zone say 10 days in advance, 
it won't change old signatures. You can change it with -i. Other 
software probably behaves similarly.


Also, if you're signing your zone off-line and upload it to bind, did 
you remember to change SOA and reload master?

Regards,
 Torinthiel

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Subdomain Issue

2011-11-08 Thread trm asn 
Dear List,

Please help me out to investigate the below scenario .

I have one domain "example.com"

$TTL 300
@   IN  SOA ns4.example.com. postmaster.example.com. (

  200806  ; Serial Number
10800   ; Refresh after 3 hours
3600; Retry after 1 hour
604800  ; Expire after 1 week
300 ) ; Minimum TTL of 1 day
; Name servers
IN  NS  ns4.example.com.
IN  NS  ns2.example.com.
IN  NS  ns1.example.com.

INA203.39.45.19
INMXmail.goole.com.
wwwINCNAMEexample.com.
aINA203.39.45.20
bINA203.39.45.21
*testINNSns1973.hostgator.com.
testINNSns1974.hostgator.com.*

named-checkzone  example.com named.example.com.forward < No Error


The moment I have done the "rndc reload example.com", the domain and all
subdomain were became not resolvable.

After commenting out below entries & rndc reload , all back to normal.
*;testINNSns1973.hostgator.com.
;testINNSns1974.hostgator.com.*

Please help me out on this issue.

/\
Tarak
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Subdomain Issue

2011-11-08 Thread Vinny_Abello 
I would think named-checkzone would complain, but are you missing a new line 
after the last NS record?

-Vinny

From: bind-users-bounces+vinny_abello=dell@lists.isc.org 
[mailto:bind-users-bounces+vinny_abello=dell@lists.isc.org] On Behalf Of 
trm asn
Sent: Tuesday, November 08, 2011 9:58 AM
To: bind-users@lists.isc.org
Subject: Subdomain Issue

Dear List,

Please help me out to investigate the below scenario .

I have one domain "example.com"

$TTL 300
@   IN  SOA ns4.example.com. 
postmaster.example.com. (

  200806  ; Serial Number
10800   ; Refresh after 3 hours
3600; Retry after 1 hour
604800  ; Expire after 1 week
300 ) ; Minimum TTL of 1 day
; Name servers
IN  NS  ns4.example.com.
IN  NS  ns2.example.com.
IN  NS  ns1.example.com.

INA203.39.45.19
INMXmail.goole.com.
wwwINCNAMEexample.com.
aINA203.39.45.20
bINA203.39.45.21
testINNSns1973.hostgator.com.
testINNSns1974.hostgator.com.

named-checkzone  example.com named.example.com.forward < No 
Error


The moment I have done the "rndc reload example.com", the 
domain and all subdomain were became not resolvable.

After commenting out below entries & rndc reload , all back to normal.
;testINNSns1973.hostgator.com.
;testINNSns1974.hostgator.com.

Please help me out on this issue.

/\
Tarak
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Subdomain Issue

2011-11-08 Thread Matus UHLAR - fantomas 

On 08.11.11 20:27, trm asn wrote:

I have one domain "example.com"

[...]

*testINNSns1973.hostgator.com.
testINNSns1974.hostgator.com.*

[...]

what are these supposed to mean?


After commenting out below entries & rndc reload , all back to normal.
*;testINNSns1973.hostgator.com.


this is an error probably


;testINNSns1974.hostgator.com.*

Please help me out on this issue.


however those entries seem to be invalid to me
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Subdomain Issue

2011-11-08 Thread Kevin Darcy 

On 11/8/2011 4:39 PM, Matus UHLAR - fantomas wrote:

On 08.11.11 20:27, trm asn wrote:

I have one domain "example.com"

[...]

*testINNSns1973.hostgator.com.
testINNSns1974.hostgator.com.*

[...]

what are these supposed to mean?


After commenting out below entries & rndc reload , all back to normal.
*;testINNSns1973.hostgator.com.


this is an error probably


;testINNSns1974.hostgator.com.*

Please help me out on this issue.


however those entries seem to be invalid to me

Matus,
I think his mail client added those asterisks to 
indicate "bold" text. I don't think they're in the original zonefile 
source text.




- Kevin


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Subdomain Issue

2011-11-08 Thread Stacey Marshall 
Responses in-line.

On 8 November 2011 14:57, trm asn  wrote:

> Dear List,
>
> Please help me out to investigate the below scenario .
>
> I have one domain "example.com"
>
> $TTL 300
> @   IN  SOA ns4.example.com. postmaster.example.com. (
>

The @ above says to use $ORIGIN, which by default is set to  the name
specified to the name statement in 'named.conf'.  It would be helpful to
provide that file and the version of bind your using (named -v).


>   200806  ; Serial Number
>

Trust serial number is being incremented after each change and before each
'rndc reload example.com'.


> 10800   ; Refresh after 3 hours
> 3600; Retry after 1 hour
> 604800  ; Expire after 1 week
> 300 ) ; Minimum TTL of 1 day
>



> ; Name servers
> IN  NS  ns4.example.com.
> IN  NS  ns2.example.com.
> IN  NS  ns1.example.com.
>
> INA203.39.45.19
> INMXmail.goole.com.
>

All records above have been for "example.com.".  There are three advertised
nameservers, one of which is the same as in the SOA.  But note none of them
have been given an address record.  How is a server to contact them?  How
is this one to notify them?

wwwINCNAMEexample.com.
> aINA203.39.45.20
> bINA203.39.45.21
> *testINNSns1973.hostgator.com.
> testINNSns1974.hostgator.com.*
>

Test is sub-domain delegated to two external hosts.  As their domain names
are different the address for those should not be list in this zone file;
indeed they are not.



> named-checkzone  example.com named.example.com.forward < No Error
>
>
> The moment I have done the "rndc reload example.com", the domain and all
> subdomain were became not resolvable.
>
> After commenting out below entries & rndc reload , all back to normal.
> *;testINNSns1973.hostgator.com.
> ;testINNSns1974.hostgator.com.*
>
> Please help me out on this issue.
>
>
I wonder if the server is wondering how its going to contact those other
name servers to tell them the changes.  But then why does changing it back,
removing the child delegation then work?

I'd like to see your dig query and response before and afterwards, but
first you might want to help yourself by running named in the foreground
with debugging enabled to see what's happening when you start your server,
query it, reload the zone and query it again.  Run 'named -g -d 3' for
starters and see what that gives you.

Stace

> /\
> Tarak
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CNAME logging

2011-11-08 Thread Mike Vallabh 

Hi,

Is it possible to find out whether or not a CNAME is being used?
I'm using BIND 9.2.2-P1 and am currently logging everything I can think of.

logging {
  channel everything {
  file "/tmp/named_messages";
  severity debug 1;
  print-category yes;
  print-severity yes;
  print-time yes;
 } ;

category default  {everything; };
category queries  {everything; };
category lame-servers { null; };
}

We literally have hundreds of CNAME records and I am trying to remove 
all the ones no longer required.
I realise I could just remove them and see what breaks but that wouldn't 
be very friendly.


Cheers,
Mike Vallabh
<>___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: CNAME logging

2011-11-08 Thread Mark Andrews 

In message <4eb9e275.6010...@waikato.ac.nz>, Mike Vallabh writes:
> Hi,
> 
> Is it possible to find out whether or not a CNAME is being used?
> I'm using BIND 9.2.2-P1 and am currently logging everything I can think of.
> 
> logging {
>channel everything {
>file "/tmp/named_messages";
>severity debug 1;
>print-category yes;
>print-severity yes;
>print-time yes;
>   } ;
> 
>  category default  {everything; };
>  category queries  {everything; };
>  category lame-servers { null; };
> }
> 
> We literally have hundreds of CNAME records and I am trying to remove 
> all the ones no longer required.
> I realise I could just remove them and see what breaks but that wouldn't 
> be very friendly.
> 
> Cheers,
> Mike Vallabh

Turn on query logging and extract the query names.  Extract the
owner names of the CNAMES records from the the zones.  Find the
common set of names.  Next find the target names of those CNAME and
extract them from the remaining CNAMES.  Repeat until you have no
more new CNAME matches.  Whatever is left was not looked up during
the sample period.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users