Re: bind 2.1a3 on centos 6.4
Or don't use nslint? Though nslint v2.1a3 was released on March 5th, 2002... that would make it pretty out of date to me. Especially since it seems a3, means alpha 3. The CHANGES file has v2.1 coming out on Feb 15, 2008. The latest version I have is v3.1 (Sep 11, 2010) -- one of the changes in this version is "update default location of named.conf" "@(#) $Id: nslint.c 256 2010-03-06 04:14:09Z leres $ (LBL)" 2009-10-14 puts the solaris version somewhere between v2.2 (2009-03-13) and v3.0 (2010-03-05) Under "v2.1" release it has: * Handle "srv" records * Fix some ttl parsing problems * Add "ignore" option * Hack in support for "view" * check for duplicate "cname" records. * upgrade to autoconf 2.61 they probably didn't hack in support for "view" until after a3?? When did "view" get introduced in bind? My experience has a huge gapI first did DNS in bind 4.x (on the other ISC, the first to have Motif available for their x86 Unix...acquired by Sun Microsystems after they were among the first to come out with SVR4 on x86...where the SVR4 was then pulled from market, so I continued to run their SVR3.2 system until finally our president caved on his anti-Sun position and I upgraded to Solaris/x86 2.5.1 (followed by me getting laid off...) Then I worked for a much larger company where somebody else managed DNS, where they would return requests saying they don't think its possible to do what I'm asking in DNS.Now I'm running DNS here...systems were mostly 9.4.x with a 9.6.x and later a stray that was running 9.3.x After I was left alone with DNS, everything went to 9.6.x, even though the reason for not was problems in forcing it to compile with openssl-0.9.7 for the older Solaris boxes (which I solved by upgrading openssl) - Original Message - > > Len, > > Following up on a hunch - I removed the "view" statement > and the second view from the named.conf. > > I get a screen full of errors when I ran nslint. > > Was headed for the release notes... but my machine was out of > service for several hours. > > Hope that I do not have to maintain a separate non-view version > of named.conf just for nslint. > > My Solaris nslint doesn't want to give new a version number, > but # strings reveals the following. > > # strings /usr/local/bin/nslint > @(#) Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, > 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009 > The Regents of the University of California. All rights reserved. > @(#) $Id: nslint.c 247 2009-10-14 17:54:05Z leres $ (LBL) > > > I'll see if I can't find the release notes. > At this point I don't know if handling views was a Solaris > enhancement > or something that has broken in newer nslint versions. Or what the > work-around is. > > Do you? > > thank you, > > Brian > > > On Fri, Jun 21, 2013 at 11:24:54AM -0700, Leonard Mills wrote: > > Hi Brian, > > > > I don't understand why you would expect to see errors, when nslint > > says: > > > > nslint: 0/131072 items used, 0 errors > > > > Zero items used/checked strongly implies zero errors can be > > detected. > > > > hth, > > Len > > > > > > > > > > > > > > > > From: Brian Cuttler > > >To: bind-users@lists.isc.org > > >Sent: Friday, June 21, 2013 10:35 AM > > >Subject: bind 2.1a3 on centos 6.4 > > > > > > > > > > > >Please let me know if there is a more appropriate list. > > > > > > > > > > > >Here is a question you probably don't hear every day. > > > > > >Background: > > >We are moving our DNS from a Solaris platform to Centos > > > > > >Action: > > >I installed > > >BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 > > >nslint-2.1a3-1.el6.rf.x86_64.rpm > > >rcs > > >sudo > > >etc > > > > > >on Centos and copied by zone files and config file. > > > > > >named seems to be working fine. > > > > > >I always run nslint when I make table changes, I ran nslint > > >on the tables on this machine and it reported no errors. > > > > > >Note that I have a "source" directory where I make changes, > > >and then I move the files to a working directory to for the > > >daemon to read. > > > > > ># /usr/bin/nslint -ddd -c /etc/dns-source/named.conf-test > > >nslint: doconf: opened /etc/dns-source/named.conf-test > > >nslint: doconf: opened nslint.conf > > >nslint: 0/131072 items used, 0 errors > > > > > >Problem - I know there are errors. This is a sample of the errors > > >I see on my current production machine. Some are resolvable, some > > >are intractable (I don't know if nslint can handle parked > > >domains). > > > > > >nslint: Missing "ptr": www.stemcell.ny.gov. -> 199.184.16.24 > > >nslint: Missing "a": sankoff.wadsworth.org. -> 199.184.28.112 > > >nslint: Missing "ptr": stemcellsny.com. -> 199.184.16.24 > > >nslint: 199.184.16.24 in use by stemcellny.com. and nystem.com. > > >nslint: Name referenced without other
Loopback configuration
Hello, I have a new router that is apparently making it impossible for me to view my personal sites from behind the router by domain name, a function that is necessary. I can see the sites by local 192.168 ip address and port number and others have confirmed they are available on the www, so the server is running and named is resolving properly outside the LAN. This is the hosts.conf, where I think my error might lie: > ## > # Host Database > # > # localhost is used to configure the loopback interface > # when the system is booting. Do not change this entry. > ## > 127.0.0.1 localhost web2 > 255.255.255.255 broadcasthost > ::1 localhost > fe80::1%lo0 localhost > 184.70.190.122 mail.normanfournier.com mail web1-ext > 184.70.190.126 web2.normanfournier.com www web2-ext > 192.168.0.1 nf-telus-gw-int > 192.168.0.100 norman-desktop > 192.168.0.101 ns2 > 184.70.190.122 ns1 I *added* these lines to the bottom of hosts.conf > 192.168.0.101 creativeprocess.biz > 192.168.0.101 thecocoapod.com > 192.168.0.101 rogueagent.ca > 192.168.0.101 e4edmonton.com > 192.168.0.101 brandasset.net > 192.168.0.101 greaterthanhtml.com > 192.168.0.101 kawacatoose.com I rebooted and something killed my mailserver when I did this, and I still could now view the sites by domain name behind the router, so I reverted to the old file. Is here another place I should add the domain names, is there an error in my syntax (this has worked perfectly before) or it this the entirely wrong place to be looking to solve this problem? Thank you. Norman___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Loopback configuration
None of what you've described seems to have anything to do with bind But, if you are running bind... there are a number of ways that you could have bind return the internal IP to internal users, and return the external IP to everybody else. Can even do this if your internal DNS server is not connected to the external DNS servers in any way ( Hard to say why your mail server was killed by the host file overrideperhaps its using the external names to know what its external IP is, and it suddenly ceased to be an external. Or perhaps it requires forward and reverse lookups to be correct, and you don't have your DNS configured to return the correct fqdn for 192.168.0.101. Probably not, because there's no reverse for 184.70.190.126hmmm, maybe it doesn't like that there's no longer an MX record for any of the domains now...where MX points to a different IP (184.70.190.122). - Original Message - > > Hello, > > > I have a new router that is apparently making it impossible for me to > view my personal sites from behind the router by domain name, a > function that is necessary. I can see the sites by local 192.168 > ip address and port number and others have confirmed they are > available on the www, so the server is running and named is > resolving properly outside the LAN. > > > This is the hosts.conf, where I think my error might lie: > > > > > > ## > # Host Database > # > # localhost is used to configure the loopback interface > # when the system is booting. Do not change this entry. > ## > 127.0.0.1 localhost web2 > 255.255.255.255 broadcasthost > ::1 localhost > fe80::1%lo0 localhost > 184.70.190.122 mail.normanfournier.com mail web1-ext > 184.70.190.126 web2.normanfournier.com www web2-ext > 192.168.0.1 nf-telus-gw-int > 192.168.0.100 norman-desktop > 192.168.0.101 ns2 > 184.70.190.122 ns1 > > > > > > I *added* these lines to the bottom of hosts.conf > > > > > > 192.168.0.101 creativeprocess.biz > 192.168.0.101 thecocoapod.com > 192.168.0.101 rogueagent.ca > 192.168.0.101 e4edmonton.com > 192.168.0.101 brandasset.net > 192.168.0.101 greaterthanhtml.com > 192.168.0.101 kawacatoose.com > > > I rebooted and something killed my mailserver when I did this, and I > still could now view the sites by domain name behind the router, so > I reverted to the old file. Is here another place I should add the > domain names, is there an error in my syntax (this has worked > perfectly before) or it this the entirely wrong place to be looking > to solve this problem? > > > Thank you. > > > Norman > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Loopback configuration
192.168.0.101 is in the non-routeable address block https://en.wikipedia.org/wiki/Private_network On Sat, Jun 22, 2013 at 2:00 PM, Lawrence K. Chen, P.Eng. wrote: > None of what you've described seems to have anything to do with bind > > But, if you are running bind... there are a number of ways that you could > have bind return the internal IP to internal users, and return the external > IP to everybody else. Can even do this if your internal DNS server is not > connected to the external DNS servers in any way ( > > Hard to say why your mail server was killed by the host file > overrideperhaps its using the external names to know what its external > IP is, and it suddenly ceased to be an external. Or perhaps it requires > forward and reverse lookups to be correct, and you don't have your DNS > configured to return the correct fqdn for 192.168.0.101. Probably not, > because there's no reverse for 184.70.190.126hmmm, maybe it doesn't > like that there's no longer an MX record for any of the domains now...where > MX points to a different IP (184.70.190.122). > > - Original Message - > > > > Hello, > > > > > > I have a new router that is apparently making it impossible for me to > > view my personal sites from behind the router by domain name, a > > function that is necessary. I can see the sites by local 192.168 > > ip address and port number and others have confirmed they are > > available on the www, so the server is running and named is > > resolving properly outside the LAN. > > > > > > This is the hosts.conf, where I think my error might lie: > > > > > > > > > > > > ## > > # Host Database > > # > > # localhost is used to configure the loopback interface > > # when the system is booting. Do not change this entry. > > ## > > 127.0.0.1 localhost web2 > > 255.255.255.255 broadcasthost > > ::1 localhost > > fe80::1%lo0 localhost > > 184.70.190.122 mail.normanfournier.com mail web1-ext > > 184.70.190.126 web2.normanfournier.com www web2-ext > > 192.168.0.1 nf-telus-gw-int > > 192.168.0.100 norman-desktop > > 192.168.0.101 ns2 > > 184.70.190.122 ns1 > > > > > > > > > > > > I *added* these lines to the bottom of hosts.conf > > > > > > > > > > > > 192.168.0.101 creativeprocess.biz > > 192.168.0.101 thecocoapod.com > > 192.168.0.101 rogueagent.ca > > 192.168.0.101 e4edmonton.com > > 192.168.0.101 brandasset.net > > 192.168.0.101 greaterthanhtml.com > > 192.168.0.101 kawacatoose.com > > > > > > I rebooted and something killed my mailserver when I did this, and I > > still could now view the sites by domain name behind the router, so > > I reverted to the old file. Is here another place I should add the > > domain names, is there an error in my syntax (this has worked > > perfectly before) or it this the entirely wrong place to be looking > > to solve this problem? > > > > > > Thank you. > > > > > > Norman > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Secondary DNS question...
stariononline.com has two NSes listed, ns1.starionhost.net [74.87.108.83] and ns2.starionhost.net [64.136.200.138]. But the first one does not seem to want to respond (http://goo.gl/s41wN and http://dnscheck.iis.se/ and http://www.zonecut.net/dns/index.cgi are just a few examples) to a few of the online checkers. I checked with some others and it looks like you have no SOA set for for ns1.starionhost.net: C:\>dig SOA starionline.com @ns1.starionhost.net ; <<>> DiG 9.8.0-P1 <<>> SOA starionline.com @ns1.starionhost.net ;; global options: +cmd ;; connection timed out; no servers could be reached C:\> Though the second one has one: C:\>dig SOA starionline.com @ns2.starionhost.net ; <<>> DiG 9.8.0-P1 <<>> SOA starionline.com @ns2.starionhost.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7010 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;starionline.com. IN SOA ;; ANSWER SECTION: starionline.com.86400 IN SOA ns1.starionhost.net. info.starionhost.net. 2008 3600 ;; AUTHORITY SECTION: starionline.com.86400 IN NS ns1.starionhost.net. starionline.com.86400 IN NS ns2.starionhost.net. ;; ADDITIONAL SECTION: ns1.starionhost.net.86400 IN A 74.87.108.83 ns2.starionhost.net.86400 IN A 64.136.200.138 ;; Query time: 74 msec ;; SERVER: 64.136.200.138#53(64.136.200.138) ;; WHEN: Sat Jun 22 20:51:12 2013 ;; MSG SIZE rcvd: 157 C:\> And confirmed here: http://dns.squish.net/traverses/79b8efe4a31e6ddfce28f6abac444601 Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of SH Development Sent: Thursday, June 20, 2013 10:03 PM To: bind-users@lists.isc.org Subject: Secondary DNS question... Our secondary DNS machine went down (and unnoticed for 24 hours). Today, we had multiple people calling about email that hadn't come in, and trouble with outgoing emails not going out. Our primary DNS was up the whole time. So my question is, why would my secondary being down, and only my primary being up cause so many problems? I thought the whole idea behind having two DNS servers on different networks was to never have a failure like this. My understanding was that when DNS is queried, the one that responds fastest is the information that is used. If the secondary is down, then the primary would by default always be fastest (and only). I think I reasonably understand basic DNS and the setup, but this has me thinking that something isn't set up right. Can anyone shed any light on what might have happened here? Could my primary not be responding as it should? All the tests I have run on it show that it is responding normally. Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
