Re: Upstart job for BIND9
I don't think it's wise to respawn named without knowing why it crashed. This could lead to repeated crashed and system overload. 1. I have a system whose only reason to exist is running bind, once bind stops I don't mind the whole system overload, crash or go to hell. 2. When I've seen that my bind is down, the first thing I did is restarting it. I don't know why it crashed and probably never will, yet I don't see it as valid reason to never start bind again. You'd need to configure at least number of restarts allowed in specified time... Agree. That's why there's a restart limit 3 [times in] 10 [seconds] in my upstart job. if it's production system, it should have backupe, shouldn't it? Yeah, I don't see how it related though. Alex, net-me.net ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Expiration TTLs
What is a good compromise on zone expiration TTLs? Our DNS is authoritative for AD DNS and we want to make sure we force records to refresh but do not want to expose ourselves to the risk of zone failures. Thanks Paul___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Expiration TTLs
Wes, Thanks for the quick response. Are you authoritative for AD and, if yes, how many masters do you have for the AD domain? We have a single hidden master pair for our AD and core domains and are set for 2 hours. We lost a device and never got alerts for the failure until after the zones failed. I am looking for some added security to avoid a failure but still want to make sure changes are propagated efficiently. Is there another factor that I should be using to define this value? Our refresh is set for 40 minutes. Paul From: Wes Zuber w...@uia.net To: Paul Romano ittec...@yahoo.com Cc: bind-us...@isc.org bind-us...@isc.org Sent: Saturday, December 1, 2012 3:56 PM Subject: Re: Expiration TTLs We go with 1 hour. --Wes On Dec 1, 2012, at 12:17 PM, Paul Romano ittec...@yahoo.com wrote: What is a good compromise on zone expiration TTLs? Our DNS is authoritative for AD DNS and we want to make sure we force records to refresh but do not want to expose ourselves to the risk of zone failures. Thanks Paul ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[no subject]
In message 20121130125333.gc9...@fantomas.sk, Matus UHLAR - fantomas writes: On 29.11.12 18:34, Jose Manuel Delgado G. wrote: about the other question, as to reduce the response time of my server when the domain does not exist? it is not the domain does not exist problem. This is the the only nameserver for a domain times out problem, which can be only avoided either by fixing the server or making it answer. Since there is just no workaround, the only thing bind can do is to query (and timeout). # dig @8.8.8.8 videolinedvd.com 2012/11/29 Chuck Swiger cswi...@mac.com You've got two nameservers for the domain per WHOIS as: Domain servers in listed order: NS1.VIDEOLINEDVD.COM NS2.VIDEOLINEDVD.COM ...but they don't have A records setup. Your nameservers must have A records: actually, they have glue A record in .com zone: ;; AUTHORITY SECTION: videolinedvd.com. 172800 IN NS ns1.videolinedvd.com. videolinedvd.com. 172800 IN NS ns2.videolinedvd.com. ;; ADDITIONAL SECTION: ns1.videolinedvd.com. 172800 IN A 72.167.164.36 ns2.videolinedvd.com. 172800 IN A 72.167.164.36 But when the recursive nameserver asks for the records for these two nameservers it gets told that the name is not valid and as the zone is more authorative than the parent the glue records get wiped out. The recursive server then has no address records for the nameservers and cached records that say that there are no records at those names. Further lookups fail for that zone. The zone is improperly delegated. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users