purpose of the RIR(for example RIPE) domain: object
Hi, what is the purpose of RIPE database domain: objects? Are they practically used for something? And according to RIPE database manual, nserver attribute under domain object specifies nameservers of the domain- has this some sort of practical use or is it just informative field(it's not mandatory according to whois -h whois.ripe.net -t domain)? regards, martin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: purpose of the RIR(for example RIPE) domain: object
On 19.12.11 10:32, Martin T wrote: what is the purpose of RIPE database domain: objects? Are they practically used for something? And according to RIPE database manual, nserver attribute under domain object specifies nameservers of the domain- has this some sort of practical use or is it just informative field(it's not mandatory according to whois -h whois.ripe.net -t domain)? reverse delegations in RIPE are done through RIPE database domain: objects. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Cache only and reverse mapping
On 12/16/2011 11:22 AM, sasa sasa wrote: I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation tree (answering world), and I know about cache vulnerabilities so I was wondering what is the best solution for ISPs? By separating cache from authorities, you mean implementing 2 DNSs (2 different IPs)? This doesn't sound practical. Wait, it's not practical for an ISP to serve different logical functions on different IP addresses? What kind of ISP is this? - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Cache only and reverse mapping
I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation tree (answering world), and I know about cache vulnerabilities so I was wondering what is the best solution for ISPs? By separating cache from authorities, you mean implementing 2 DNSs (2 different IPs)? This doesn't sound practical. Wait, it's not practical for an ISP to serve different logical functions on different IP addresses? What kind of ISP is this? :) My fault, apparently I was not thinking straight, I was thinking that we should give customers 2 DNSs IPs for 2 separate functions!! Now I feel totally stupid, thanks Kevin. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-usersto unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
recursive clients quota maxes out when dnssec-validate and dlv-lookaside set to auto
version: 9.8.1-P1 We're seeing a lot of no more recursive clients: quota reached log messages on a dns resolver we're running when we try to set dnssec-validate and dlv-lookaside set to auto (and queries time out). Before the change, we're running this: dnssec-enable yes; dnssec-validation yes; dnssec-lookaside . trust-anchor dlv.isc.org; With the bundled bind.keys for this distro. What we're finding is that we only return authenticated data on domains using dlv lookaside. So then we try this: dnssec-enable yes; dnssec-validation auto; dnssec-lookaside auto; and we alternatively try removing the dlv.isc.org key from managed-keys or leaving it in. My understanding is that bind would authenticate any signed zones who have their DS recs at a signed parent via the normal methods, or else check anything that doesn't via dnssec lookaside. And it sorta almost works. Except what happens when we restart or reconfigure bind is that the number of recursive clients skyrockets to the maximum (currently the default 1000) in under a minute and then everything starts failing or timing out with a lot of those aforementioned log messages. As soon as we back out these changes, the levels drop just as fast and run usually under 10 clients with occasional spikes up to 20 or so. We've also tried raising recursive-clients in options but the 1000 default seems to stick, not sure what's up there. Any pointers appreciated. -mark -- Mark Jeftovic, Founder CEO, easyDNS Technologies Inc. Company Website: http://easydns.com Read My Blog:http://markable.com +1-416-535-8672 ext 225 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
added new name server to zone are missing from the slave
Hi. I have added 2 new name servers ns3 and ns4 to my zone, when I use dig against the master they are shown in the list. When I do a dig against the slave only the original servers ns1 and ns2 are there, I have deleted the slave zones files and even after transferring the zone again I get the same results. Master (ns1): root@ns1:~ # dig @127.0.0.1 mydom.com ; DiG 9.2.4 @127.0.0.1 mydom.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61847 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;mydom.com. IN A ;; ANSWER SECTION: mydom.com. 86400 IN A x.x.64.254 ;; AUTHORITY SECTION: mydom.com. 86400 IN NS ns4.mydom.com. mydom.com. 86400 IN NS ns1.mydom.com. mydom.com. 86400 IN NS ns2.mydom.com. mydom.com. 86400 IN NS ns3.mydom.com. ;; ADDITIONAL SECTION: ns1.mydom.com. 86400 IN A x.x.64.242 ns2.mydom.com. 86400 IN A x.x.64.254 ns3.mydom.com. 68400 IN A x.x.32.7 ns4.mydom.com. 68400 IN A x.x.32.9 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 20 15:06:52 2011 ;; MSG SIZE rcvd: 183 Slave (ns3): root@ns3:/var/lib/bind# dig @127.0.0.1 mydom.com ; DiG 9.7.1-P2 @127.0.0.1 mydom.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 38068 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;mydom.com. IN A ;; ANSWER SECTION: mydom.com. 86400 IN A x.x.64.254 ;; AUTHORITY SECTION: mydom.com. 86400 IN NS ns1.mydom.com. mydom.com. 86400 IN NS ns2.mydom.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 20 15:06:29 2011 ;; MSG SIZE rcvd: 83 Any suggestions what would cause this ? Thanks G ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: added new name server to zone are missing from the slave
In article mailman.568.1324347014.68562.bind-us...@lists.isc.org, Gregory Machin g...@linuxpro.co.za wrote: Hi. I have added 2 new name servers ns3 and ns4 to my zone, when I use dig against the master they are shown in the list. When I do a dig against the slave only the original servers ns1 and ns2 are there, I have deleted the slave zones files and even after transferring the zone again I get the same results. Did you increment the serial number on the master? Master (ns1): root@ns1:~ # dig @127.0.0.1 mydom.com ; DiG 9.2.4 @127.0.0.1 mydom.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61847 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;mydom.com. IN A ;; ANSWER SECTION: mydom.com. 86400 IN A x.x.64.254 ;; AUTHORITY SECTION: mydom.com. 86400 IN NS ns4.mydom.com. mydom.com. 86400 IN NS ns1.mydom.com. mydom.com. 86400 IN NS ns2.mydom.com. mydom.com. 86400 IN NS ns3.mydom.com. ;; ADDITIONAL SECTION: ns1.mydom.com. 86400 IN A x.x.64.242 ns2.mydom.com. 86400 IN A x.x.64.254 ns3.mydom.com. 68400 IN A x.x.32.7 ns4.mydom.com. 68400 IN A x.x.32.9 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 20 15:06:52 2011 ;; MSG SIZE rcvd: 183 Slave (ns3): root@ns3:/var/lib/bind# dig @127.0.0.1 mydom.com ; DiG 9.7.1-P2 @127.0.0.1 mydom.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 38068 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;mydom.com. IN A ;; ANSWER SECTION: mydom.com. 86400 IN A x.x.64.254 ;; AUTHORITY SECTION: mydom.com. 86400 IN NS ns1.mydom.com. mydom.com. 86400 IN NS ns2.mydom.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 20 15:06:29 2011 ;; MSG SIZE rcvd: 83 Any suggestions what would cause this ? Thanks G -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: added new name server to zone are missing from the slave
Did you increment the Serial Number in SOA?? -Original Message- From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org [mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of Gregory Machin Sent: Tuesday, 20 December, 2011 7:40 AM To: bind-us...@isc.org Subject: added new name server to zone are missing from the slave Hi. I have added 2 new name servers ns3 and ns4 to my zone, when I use dig against the master they are shown in the list. When I do a dig against the slave only the original servers ns1 and ns2 are there, I have deleted the slave zones files and even after transferring the zone again I get the same results. Master (ns1): root@ns1:~ # dig @127.0.0.1 mydom.com ; DiG 9.2.4 @127.0.0.1 mydom.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61847 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;mydom.com. IN A ;; ANSWER SECTION: mydom.com. 86400 IN A x.x.64.254 ;; AUTHORITY SECTION: mydom.com. 86400 IN NS ns4.mydom.com. mydom.com. 86400 IN NS ns1.mydom.com. mydom.com. 86400 IN NS ns2.mydom.com. mydom.com. 86400 IN NS ns3.mydom.com. ;; ADDITIONAL SECTION: ns1.mydom.com. 86400 IN A x.x.64.242 ns2.mydom.com. 86400 IN A x.x.64.254 ns3.mydom.com. 68400 IN A x.x.32.7 ns4.mydom.com. 68400 IN A x.x.32.9 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 20 15:06:52 2011 ;; MSG SIZE rcvd: 183 Slave (ns3): root@ns3:/var/lib/bind# dig @127.0.0.1 mydom.com ; DiG 9.7.1-P2 @127.0.0.1 mydom.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 38068 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;mydom.com. IN A ;; ANSWER SECTION: mydom.com. 86400 IN A x.x.64.254 ;; AUTHORITY SECTION: mydom.com. 86400 IN NS ns1.mydom.com. mydom.com. 86400 IN NS ns2.mydom.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 20 15:06:29 2011 ;; MSG SIZE rcvd: 83 Any suggestions what would cause this ? Thanks G ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users