Re: ISO or virtual appliance

2013-08-22 Thread Mike 
On 13-08-22 05:10 PM, Warren Kumari wrote:
> This assumes that the machine going off-line is the only failure mode
> -- if the "service" (like http) on goes down, but named continues
> answering you will be hurting users. W

Agreed - it's pretty simple to run something that checks HTTP's health
and if its bad, alarms and kills off named.

-- 
Looking for (employment|contract) work in the
Internet industry, preferably working remotely. 
Building / Supporting the net since 2400 baud was
the hot thing. Ask for a resume! ispbuil...@gmail.com

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Warren Kumari 

On Aug 22, 2013, at 4:06 PM, Mike  wrote:

> On 13-08-22 01:39 AM, Manish Rane wrote:
>> Well the main idea behind and have been struggling to configure for
>> almost last one year is to have a open source alternative to DNS Based
>> failover/System monitoring thus have inbound loadbalancer.
> 
> Easy solution -
> 
> have two nameservers / load balancers, ns1.yourdomain and
> ns2.yourdomain, each returning their own IP in response to lookups.
> 
> If one goes offline... users will never receive a reply from it with its
> IP, and never go to it.
> 
> problem with this solution?


This assumes that the machine going off-line is the only failure mode -- if the 
"service" (like http) on goes down, but named continues answering you will be 
hurting users.

W

> you need to manually update both domain
> servers when you make changes, not just one. This may or may not be an
> issue for you.
> 
> 
> -- 
> Looking for (employment|contract) work in the
> Internet industry, preferably working remotely. 
> Building / Supporting the net since 2400 baud was
> the hot thing. Ask for a resume! ispbuil...@gmail.com
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

-- 
A. No
Q. Is it sensible to top-post?


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Mike 
On 13-08-22 01:39 AM, Manish Rane wrote:
> Well the main idea behind and have been struggling to configure for
> almost last one year is to have a open source alternative to DNS Based
> failover/System monitoring thus have inbound loadbalancer.

Easy solution -

have two nameservers / load balancers, ns1.yourdomain and
ns2.yourdomain, each returning their own IP in response to lookups.

If one goes offline... users will never receive a reply from it with its
IP, and never go to it.

problem with this solution? you need to manually update both domain
servers when you make changes, not just one. This may or may not be an
issue for you.


-- 
Looking for (employment|contract) work in the
Internet industry, preferably working remotely. 
Building / Supporting the net since 2400 baud was
the hot thing. Ask for a resume! ispbuil...@gmail.com

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread btb 

On 2013.08.22 00.39, Manish Rane wrote:

Well the main idea behind and have been struggling to configure for
almost last one year is to have a open source alternative to DNS
Based failover/System monitoring thus have inbound loadbalancer.


i guess it's worth noting, since i don't believe it's yet been
mentioned, that dns offers really only a very crude form of load
balancing, and does not do high availability at all. yes, there is all
sorts of trickery that can be done, like changing zone data when certain
events happen, and very low ttls, but these things are fundamentally at
odds with both the nature of how dns works, and the essence of a
courteous dns admin.

there are numerous layers of caching, from the client directly 
contacting the authoritative nameserver all of the way through to often 
the operating system's resolver libraries and ultimately the program 
which instantiated the request to begin with.


this heavy, fundamental dependence on caching means that there will be
consistent failures experienced by users [especially if you are talking
about high availability], since they will not necessarily see the
updated zone data immediately upon failure of the service. this is also
a function of the service/protocol/program in question, as there may not
be iteration through the returned addresses upon failure.

in terms of courtesy, theoretically, as a general rule, ttls should be 
encouraged to be higher, rather than lower [as is the essence of having 
a mechanism to cache the result in the first place], and thus 
encouraging use of unnecessarily low ttls is in contrast to a large part 
of the spirit of dns - that one can avoid unnecessary bandwidth 
consumption just because you might want to change your data. that is not 
to say that there are not legitimate applications for lower ttls [any 
dns admin knows that there of course are] - just that the goal should 
begin life as an attempt to publish higher ttls, not lower ttls.


in short, although rr dns can be [and often is] a part of load
balancing, there are ultimately almost always better ways to do it, and
certainly better ways to do high availability.

-ben
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Leonard Mills 
That appears to be a strange desire.  If you need such high levels of "never 
allow a normal retry" you might look at using either Prolexic or Akami services 
to create a geographically-diverse network topology.  Or even a simple 3DNS or 
router package at your borders with a few inner-DMZ systems to handle the load.

Using http to determine if DNS services are running is a very unusual 
complication.

Hth
Len





>
> From: Manish Rane 
>To: John Miller  
>Cc: bind-users  
>Sent: Wednesday, August 21, 2013 9:39 PM
>Subject: Re: ISO or virtual appliance
> 
>
>
>Well the main idea behind and have been struggling to configure for almost 
>last one year is to have a open source alternative to DNS Based 
>failover/System monitoring thus have inbound loadbalancer. 
>Where DNS server monitors the hosts on particular port and if any of the fails 
>it removes the entry from zone and populate the entry with low TTL. 
>Just to give example. say I have two Public IP addresses natted with one 
>public IP 
>1.1.1.1  ---> 192.168.1.10
>2.2.2.2 ---> 192.168.1.10
>
>
>www.example.com  A   300    1.1.1.1
>www.example.com  A   300     2.2.2.2
>
>
>So, DNS will monitor the host on port 80 and as soon as it detects that either 
>of the host/link is down it would remove the associated entry and re-populate 
>the entries
>
>
>Is any one aware of such solution readily available? I believe I already 
>posted similar question but havent heard much positive things.
>
>
>
>
>
>
>On Thu, Aug 22, 2013 at 1:45 AM, John Miller  wrote:
>
>Hi Manish,
>>
>>You can always grab a pre-canned ISO from turnkeylinux.org.  You could also 
>>use Puppet or Chef recipes to get BIND up and running.  I'm sure someone also 
>>has a Vagrant box available -- try vagrantbox.es.
>>
>>Generally speaking, though, if you're using an appliance in production, you 
>>need to understand the innards and be prepared to do your own maintenance, or 
>>you need to pay someone for support.
>>
>>John
>>
>>
>>
>>On 08/21/2013 02:34 PM, Manish Rane wrote:
>>
>>Hi Guys,
>>>
>>>Is there any ISO or virtual appliance available for BIND? Which ease out
>>>the deploy and configuration task.
>>>
>>>
>>>
>>>
>>>___
>>>Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>>unsubscribe from this list
>>>
>>>bind-users mailing list
>>>bind-users@lists.isc.org
>>>https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>>
>
>___
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
>from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
>
>___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Manish Rane 
That seems to be a dead link. I am unable to down load the file.

--
Thanks and Regards,
Manish R


On Thu, Aug 22, 2013 at 9:05 PM, Mike Mitchell wrote:

>  lbnamed is a DNS server written in Perl.  You delegate a zone to it, and
> let it dynamically figure out the best IP address to return.
>
>  See http://www.stanford.edu/~riepel/lbnamed/
>
>  There are 3rd-party appliances that do similar functions, such as F5's
> GTM or Cisco's GSS.
>
>  Mike Mitchell
>  --
> *From:* Manish Rane [manish...@gmail.com]
> *Sent:* Thursday, August 22, 2013 5:05 AM
> *To:* Mike Mitchell
> *Cc:* Steven Carr; bind-users
>
> *Subject:* Re: ISO or virtual appliance
>
>   Well, I was thinking on the same line. Use nagios plugins check_tcp and
> monitor the status. The only challenge I am seeing here is updating zone
> and nsupdate I believe can only work with Dynamic zones and not with static
> entries.
>
>  Sed/awk might not scale well if the zone count increases hence wondering
> if there are any php/jsp developers available in this community who can
> take this up a anew open source project just like developing solution
> similar to F5 GTM/LTM.
>
>  I guess if we use mysql as a backend to store the zone or entries then
> by passing the queries we can alter the zone file. But again challenges are
> how to run a check_tcp  from front end or pass the output of that command
> so that appropriate changes will be done in zone file.
>
>  Any ideas guys??
>
>
>
> On Thu, Aug 22, 2013 at 1:16 PM, Mike Mitchell wrote:
>
>>  Several years ago I used a Perl script called "lbnamed" that monitored
>> status and returned the host IP address that was least loaded.
>>
>>  Mike Mitchell
>>
>>
>>
>>  Original message 
>> From: Steven Carr 
>> Date: 08/21/2013 10:25 PM (GMT-08:00)
>> To: bind-users 
>> Subject: Re: ISO or virtual appliance
>>
>>
>>   On 22 August 2013 05:39, Manish Rane  wrote:
>> > So, DNS will monitor the host on port 80 and as soon as it detects that
>> > either of the host/link is down it would remove the associated entry and
>> > re-populate the entries
>> >
>> > Is any one aware of such solution readily available? I believe I already
>> > posted similar question but havent heard much positive things.
>>
>> The only open source "appliance" I'm aware of is
>> http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it
>> proxies the traffic on a virtual IP address to balance/provide HA.
>>
>> The easiest method if you want to do it by DNS is a simple script that
>> is cron'd to run every X minutes and either use `nsupdate` to push
>> updates to the records or sed/awk to rename records and then reload
>> zone files. Not sure what you are struggling with, this is something
>> that can be knocked together in a matter of minutes by any
>> scripter/programmer. If you have a monitoring system like Nagios you
>> could use the various hooks it provides to run scripts when something
>> happens/changes state rather than writing your own custom monitoring
>> piece.
>>
>> Steve
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Strange problem with a query deleting a record...

2013-08-22 Thread johnh 
Greetings All,

First of all, I apologize if this is out of place - I'm having a very 
strange issue that is either a problem with bind itself, or at least, 
affecting it.  Summary:

For only ONE address, whenever I attempt to access it through my squid 
proxy, the record disappears from DNS, and the retry time changes too. 
Essentially, accessing www.thisdomain.com works, but a link to a portal on 
that page to the subdomain login.thisdomain.com causes the problem.  I'm 
willing to bet the problem lies with squid, but as to how it could 
possibly change a record in bind... Well, I'm stumped.  If you don't go 
through squid, everything works.  All other requests to bind for the 
address of the host in question work fine. Here's a the output of dig from 
before accessing the page through squid:

; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45037
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;login.thisdomain.com.IN  A

;; ANSWER SECTION:
login.thisdomain.com. 17  IN  A   111.222.333.123

;; AUTHORITY SECTION:
thisdomain.com. 168319  IN  NS  ns1.thisdomain.com.
thisdomain.com. 168319  IN  NS  ns2.thisdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 22 12:29:57 2013
;; MSG SIZE  rcvd: 88

You can do anything to request the address from bind and it works, 
*except* try to access it through squid.  Bypassing squid and going 
directly through the firewall works fine.

Now, immediately after you try to access it through squid:

; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43943
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;login.thisdomain.com.IN  A

;; AUTHORITY SECTION:
thisdomain.com. 298 IN  SOA ns1.thisdomain.com. 
serv.anotherdomain.com. 2006062510 3600 3600 2592000 300

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 22 12:30:06 2013
;; MSG SIZE  rcvd: 95

After the 5-minute retry shown above expires, the original record 
reappears.

Ideas?  I'm stumped.  It seems like squid is somehow able to corrupt 
bind's info, but I can't imagine how.

-John

--
Please consider the environment before printing this e-mail.
 
This e-mail is intended only for the named person or entity to which it
is addressed and contains valuable business information that is
privileged, confidential and/or otherwise protected from disclosure.
Dissemination, distribution or copying of this e-mail or the information
herein by anyone other than the intended recipient, or an employee, or
agent responsible for delivering the message to the intended recipient,
is strictly prohibited.  All contents are the copyright property of the
sender.  If you are not the intended recipient, you are nevertheless
bound to respect the sender's worldwide legal rights.  We require that
unintended recipients delete the e-mail and destroy all electronic
copies in their system, retaining no copies in any media.  If you have
received this e-mail in error, please immediately notify us by calling
our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com.
We appreciate your cooperation.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: ISO or virtual appliance

2013-08-22 Thread Mike Mitchell 
lbnamed is a DNS server written in Perl.  You delegate a zone to it, and let it 
dynamically figure out the best IP address to return.

See http://www.stanford.edu/~riepel/lbnamed/

There are 3rd-party appliances that do similar functions, such as F5's GTM or 
Cisco's GSS.

Mike Mitchell

From: Manish Rane [manish...@gmail.com]
Sent: Thursday, August 22, 2013 5:05 AM
To: Mike Mitchell
Cc: Steven Carr; bind-users
Subject: Re: ISO or virtual appliance

Well, I was thinking on the same line. Use nagios plugins check_tcp and monitor 
the status. The only challenge I am seeing here is updating zone and nsupdate I 
believe can only work with Dynamic zones and not with static entries.

Sed/awk might not scale well if the zone count increases hence wondering if 
there are any php/jsp developers available in this community who can take this 
up a anew open source project just like developing solution similar to F5 
GTM/LTM.

I guess if we use mysql as a backend to store the zone or entries then by 
passing the queries we can alter the zone file. But again challenges are how to 
run a check_tcp  from front end or pass the output of that command so that 
appropriate changes will be done in zone file.

Any ideas guys??



On Thu, Aug 22, 2013 at 1:16 PM, Mike Mitchell 
mailto:mike.mitch...@sas.com>> wrote:
Several years ago I used a Perl script called "lbnamed" that monitored status 
and returned the host IP address that was least loaded.

Mike Mitchell



 Original message 
From: Steven Carr mailto:sjc...@gmail.com>>
Date: 08/21/2013 10:25 PM (GMT-08:00)
To: bind-users mailto:bind-users@lists.isc.org>>
Subject: Re: ISO or virtual appliance


On 22 August 2013 05:39, Manish Rane 
mailto:manish...@gmail.com>> wrote:
> So, DNS will monitor the host on port 80 and as soon as it detects that
> either of the host/link is down it would remove the associated entry and
> re-populate the entries
>
> Is any one aware of such solution readily available? I believe I already
> posted similar question but havent heard much positive things.

The only open source "appliance" I'm aware of is
http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it
proxies the traffic on a virtual IP address to balance/provide HA.

The easiest method if you want to do it by DNS is a simple script that
is cron'd to run every X minutes and either use `nsupdate` to push
updates to the records or sed/awk to rename records and then reload
zone files. Not sure what you are struggling with, this is something
that can be knocked together in a matter of minutes by any
scripter/programmer. If you have a monitoring system like Nagios you
could use the various hooks it provides to run scripts when something
happens/changes state rather than writing your own custom monitoring
piece.

Steve
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc flush and TTL values

2013-08-22 Thread Barry Margolin 
In article ,
 sumsum 2000  wrote:

> Yes, i do have other zones beside makemytrip.com. Thanks for the info

In particular, do you use forwarders for abc.com, and are you forwarding 
to a caching server?

> 
> 
> On Thu, Aug 22, 2013 at 5:11 PM, Barry Margolin  wrote:
> 
> > In article ,
> >  sumsum 2000  wrote:
> >
> > > This is my configuration for  positive and negative cache TTL.
> > >
> > > view "newDNS" IN {
> > > max-cache-ttl 300;
> > > max-ncache-ttl 200;
> > >
> > > zone  "makemytrip.com" IN  {
> > > type forward;
> > > forwarders {192.168.215.101;};
> > > forward only;
> > > };
> > >
> > > When I run dig abc.com for the first time, the TTL shows 135 and when I
> > > rndc flush, i expect the TTL to start again afresh, without the knowledge
> > > of the previous query, but i get a TTL say 133 and further queries
> > followed
> > > by rndc flush gives the reduced TTL values.
> > >
> > > rndc flush, flushes the cache, but the TTL is not reset. Is this the
> > > expected behavior.
> > > Thanks
> > > S
> >
> > Do you use forwarders for other zones beside makemytrip.com? If you
> > forward to a caching server, you'll get their TTLs when you re-query
> > afte flushing, not the TTLs from the authoritative servers.
> >
> > --
> > Barry Margolin
> > Arlington, MA
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc flush and TTL values

2013-08-22 Thread sumsum 2000 
Yes, i do have other zones beside makemytrip.com. Thanks for the info


On Thu, Aug 22, 2013 at 5:11 PM, Barry Margolin  wrote:

> In article ,
>  sumsum 2000  wrote:
>
> > This is my configuration for  positive and negative cache TTL.
> >
> > view "newDNS" IN {
> > max-cache-ttl 300;
> > max-ncache-ttl 200;
> >
> > zone  "makemytrip.com" IN  {
> > type forward;
> > forwarders {192.168.215.101;};
> > forward only;
> > };
> >
> > When I run dig abc.com for the first time, the TTL shows 135 and when I
> > rndc flush, i expect the TTL to start again afresh, without the knowledge
> > of the previous query, but i get a TTL say 133 and further queries
> followed
> > by rndc flush gives the reduced TTL values.
> >
> > rndc flush, flushes the cache, but the TTL is not reset. Is this the
> > expected behavior.
> > Thanks
> > S
>
> Do you use forwarders for other zones beside makemytrip.com? If you
> forward to a caching server, you'll get their TTLs when you re-query
> afte flushing, not the TTLs from the authoritative servers.
>
> --
> Barry Margolin
> Arlington, MA
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc flush and TTL values

2013-08-22 Thread Barry Margolin 
In article ,
 sumsum 2000  wrote:

> This is my configuration for  positive and negative cache TTL.
> 
> view "newDNS" IN {
> max-cache-ttl 300;
> max-ncache-ttl 200;
> 
> zone  "makemytrip.com" IN  {
> type forward;
> forwarders {192.168.215.101;};
> forward only;
> };
> 
> When I run dig abc.com for the first time, the TTL shows 135 and when I
> rndc flush, i expect the TTL to start again afresh, without the knowledge
> of the previous query, but i get a TTL say 133 and further queries followed
> by rndc flush gives the reduced TTL values.
> 
> rndc flush, flushes the cache, but the TTL is not reset. Is this the
> expected behavior.
> Thanks
> S

Do you use forwarders for other zones beside makemytrip.com? If you 
forward to a caching server, you'll get their TTLs when you re-query 
afte flushing, not the TTLs from the authoritative servers.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: after Install

2013-08-22 Thread Phil Mayers 

On 22/08/13 11:05, Nidal Shater wrote:

Hi
After I installed bind9, by using configuration,make and make install,
I typed "/etc/init.d/named restart" to test Bind, but linux(centos6.3)
return this :
"/etc/init.d/named: No such file or directory"


"make install" does not install a SysV init script. You need to provide 
one yourself. Most bind packages (RPM, deb) come with an init script to 
suit the system. The source tarball does not, IIRC.



could you help me to get rid of it please ?


Grab this file and use it:

http://pkgs.fedoraproject.org/cgit/bind.git/tree/named.init?h=f15

...or see this excellent SRPM:

http://www.five-ten-sg.com/mapper/bind

...which also contains an init script.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Phil Mayers 

On 22/08/13 11:09, Niall O'Reilly wrote:


On 22 Aug 2013, at 10:49, Phil Mayers wrote:


* Make the service name a CNAME into another small dynamic
(sub-)zone. This is what most DNS-based LB do e.g. www.example.com
CNAME www.lb.example.com, then make "lb.example.com" a small,
dynamically-updated zone.


or delegate www.example.com as a tiny dynamic zone and update it
directly.


Sure, that too. One slight advantage of the lb.example.com is that you 
can CNAME multiple things into one dynamic zone, as opposed to a zone 
per-hostname.


Personally I'd just make the whole zone dynamic and stop doing static 
zonefiles, but then that's my taste.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Phil Mayers 

On 22/08/13 11:10, Manish Rane wrote:

Hmm...can you be please more elaboration. I mean in that case how the IP
addresses or A records will be removed as the one CNAME entry is pointed
to 2 hostsnames. Or would you want to monitor www.lb.example.com
 instead of www.example.com
 and keep example.com  as a
static entry?

I am sorry I am bit confused here.


You create "www.example.com CNAME www.lb.example.com" and leave it 
alone, forever


You then update "www.lb.example.com" to add and remove IP addresses as 
servers come online and offline, respectively.


You don't monitor the hostname - that would be idiotic. You monitor the 
backend webservers directly, and put the working server IPs into 
www.lb.example.com.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Manish Rane 
Hmm...can you be please more elaboration. I mean in that case how the IP
addresses or A records will be removed as the one CNAME entry is pointed to
2 hostsnames. Or would you want to monitor www.lb.example.com instead of
www.example.com and keep example.com as a static entry?

I am sorry I am bit confused here.

--
Thanks and Regards,
Manish R


On Thu, Aug 22, 2013 at 3:19 PM, Phil Mayers wrote:

> On 22/08/13 10:05, Manish Rane wrote:
>
>> Well, I was thinking on the same line. Use nagios plugins check_tcp and
>> monitor the status. The only challenge I am seeing here is updating zone
>> and nsupdate I believe can only work with Dynamic zones and not with
>> static entries.
>>
>
> Either:
>
>  * Make the zone dynamic.
>
>  * Make the service name a CNAME into another small dynamic (sub-)zone.
> This is what most DNS-based LB do e.g. www.example.com CNAME
> www.lb.example.com, then make "lb.example.com" a small,
> dynamically-updated zone.
>
> __**_
> Please visit 
> https://lists.isc.org/mailman/**listinfo/bind-usersto
>  unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Niall O'Reilly 

On 22 Aug 2013, at 10:49, Phil Mayers wrote:

> * Make the service name a CNAME into another small dynamic (sub-)zone. This 
> is what most DNS-based LB do e.g. www.example.com CNAME www.lb.example.com, 
> then make "lb.example.com" a small, dynamically-updated zone.

or delegate www.example.com as a tiny dynamic zone and update it 
directly.

Niall O'Reilly

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

after Install

2013-08-22 Thread Nidal Shater 
Hi
After I installed bind9, by using configuration,make and make install,
I typed "/etc/init.d/named restart" to test Bind, but linux(centos6.3) return 
this :
"/etc/init.d/named: No such file or directory"

could you help me to get rid of it please ?

Nidal

  ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Phil Mayers 

On 22/08/13 10:05, Manish Rane wrote:

Well, I was thinking on the same line. Use nagios plugins check_tcp and
monitor the status. The only challenge I am seeing here is updating zone
and nsupdate I believe can only work with Dynamic zones and not with
static entries.


Either:

 * Make the zone dynamic.

 * Make the service name a CNAME into another small dynamic (sub-)zone. 
This is what most DNS-based LB do e.g. www.example.com CNAME 
www.lb.example.com, then make "lb.example.com" a small, 
dynamically-updated zone.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

rndc flush and TTL values

2013-08-22 Thread sumsum 2000 
This is my configuration for  positive and negative cache TTL.

view "newDNS" IN {
max-cache-ttl 300;
max-ncache-ttl 200;

zone  "makemytrip.com" IN  {
type forward;
forwarders {192.168.215.101;};
forward only;
};

When I run dig abc.com for the first time, the TTL shows 135 and when I
rndc flush, i expect the TTL to start again afresh, without the knowledge
of the previous query, but i get a TTL say 133 and further queries followed
by rndc flush gives the reduced TTL values.

rndc flush, flushes the cache, but the TTL is not reset. Is this the
expected behavior.
Thanks
S
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Manish Rane 
Well, I was thinking on the same line. Use nagios plugins check_tcp and
monitor the status. The only challenge I am seeing here is updating zone
and nsupdate I believe can only work with Dynamic zones and not with static
entries.

Sed/awk might not scale well if the zone count increases hence wondering if
there are any php/jsp developers available in this community who can take
this up a anew open source project just like developing solution similar to
F5 GTM/LTM.

I guess if we use mysql as a backend to store the zone or entries then by
passing the queries we can alter the zone file. But again challenges are
how to run a check_tcp  from front end or pass the output of that command
so that appropriate changes will be done in zone file.

Any ideas guys??



On Thu, Aug 22, 2013 at 1:16 PM, Mike Mitchell wrote:

>  Several years ago I used a Perl script called "lbnamed" that monitored
> status and returned the host IP address that was least loaded.
>
>  Mike Mitchell
>
>
>
>  Original message 
> From: Steven Carr 
> Date: 08/21/2013 10:25 PM (GMT-08:00)
> To: bind-users 
> Subject: Re: ISO or virtual appliance
>
>
>  On 22 August 2013 05:39, Manish Rane  wrote:
> > So, DNS will monitor the host on port 80 and as soon as it detects that
> > either of the host/link is down it would remove the associated entry and
> > re-populate the entries
> >
> > Is any one aware of such solution readily available? I believe I already
> > posted similar question but havent heard much positive things.
>
> The only open source "appliance" I'm aware of is
> http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it
> proxies the traffic on a virtual IP address to balance/provide HA.
>
> The easiest method if you want to do it by DNS is a simple script that
> is cron'd to run every X minutes and either use `nsupdate` to push
> updates to the records or sed/awk to rename records and then reload
> zone files. Not sure what you are struggling with, this is something
> that can be knocked together in a matter of minutes by any
> scripter/programmer. If you have a monitoring system like Nagios you
> could use the various hooks it provides to run scripts when something
> happens/changes state rather than writing your own custom monitoring
> piece.
>
> Steve
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISO or virtual appliance

2013-08-22 Thread Mike Mitchell 
Several years ago I used a Perl script called "lbnamed" that monitored status 
and returned the host IP address that was least loaded.

Mike Mitchell



 Original message 
From: Steven Carr 
Date: 08/21/2013 10:25 PM (GMT-08:00)
To: bind-users 
Subject: Re: ISO or virtual appliance


On 22 August 2013 05:39, Manish Rane  wrote:
> So, DNS will monitor the host on port 80 and as soon as it detects that
> either of the host/link is down it would remove the associated entry and
> re-populate the entries
>
> Is any one aware of such solution readily available? I believe I already
> posted similar question but havent heard much positive things.

The only open source "appliance" I'm aware of is
http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it
proxies the traffic on a virtual IP address to balance/provide HA.

The easiest method if you want to do it by DNS is a simple script that
is cron'd to run every X minutes and either use `nsupdate` to push
updates to the records or sed/awk to rename records and then reload
zone files. Not sure what you are struggling with, this is something
that can be knocked together in a matter of minutes by any
scripter/programmer. If you have a monitoring system like Nagios you
could use the various hooks it provides to run scripts when something
happens/changes state rather than writing your own custom monitoring
piece.

Steve
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users