Re: ISC DHCP does not work with BIND 9.10
dhcp is only expected to work with the generic library (and also disabling epoll), but this comment now seems to be obsolete as there's no generic (formerly called export) version of the library. Assuming the issue with epoll is somehow resolved, I suspect we'd need some run-time mechanism to enable the multiple task managers mode (while still enabling threads). As far as I know the current implementation doesn't allow it. Pretty much exactly correct. Our intention was to allow both named and dhcpd to use the same set of libisc and libdns libraries, no longer requiring separate libraries to be built for each; a global variable set at runtime (isc_bind9) takes the place of #ifdef BIND9, where the internal and export versions of the libraries had different behavior. We ran out of time on this project when we were working on BIND 9.10 and DHCP 4.3, and haven't had time to get back to it, so the work is largely but complete but not entirely. DHCP still needs some adaptations to deal with the new-style task manager, and libisc needs a runtime mechanism for choosing to use select vs epoll/kqueue/devpoll. I think there were a few other items on the to do list as well, but those were the big ones. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC DHCP does not work with BIND 9.10
On 02/19/2015 06:40 PM, 神明達哉 wrote: At Thu, 19 Feb 2015 18:17:13 +0100, Tomas Hozza tho...@redhat.com wrote: We have been linking DHCP against separately built BIND in the past and everything worked for years. Only thing that changed is that we updated latest BIND 9.9 to latest 9.10. Ah, I realized I was probably not clear enough about one important point: The two points that make this combination of DHCP and BIND9 unworkable is new in BIND 9.10. Up to 9.9 there's a separately built library named export library, which I guess you have been using. BIND 9.10 now builds a single unified library which is seemingly supposed to work both for BIND 9's internal applications and for other general applications (one possibility of which would be DHCP). But the unified library that would be used for BIND 9 has the two problems I mentioned and won't work for DHCP. If you don't mind still building a separate (set of) library, I believe you can use this workaround: - Build (libraries of) BIND 9 with --disable-epoll and --disable-threads Thank you ! Building BIND 9 with --disable-epoll --disable-threads make dhclient/dhcpd work when running in background. But it's still not possible to stop them, one has to use 'kill -9'. Any ideas ? -- Jiri ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.10.1-P2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlTmMrwACgkQL6j7milTFsG56gCfZBmkiO8rkThamB3mq9fpJLmk ptsAnjDyh3Ir19dwECwGwvCOkJ5mldjU =w3f+ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC DHCP does not work with BIND 9.10
At Thu, 19 Feb 2015 19:20:29 +0100, Jiri Popelka jpope...@redhat.com wrote: But it's still not possible to stop them, one has to use 'kill -9'. Any ideas ? Hmm, that's beyond my experiments. (Do you mean you cannot terminate them by SIGTERM?) Hopefully someone else has a clue. -- JINMEI, Tatuya ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ISC DHCP does not work with BIND 9.10
Hi all. There's [1] a packaging policy on Fedora, that packages can't be shipped with bundled libraries, which is a case of BIND bundled in DHCP tarball. We'd like to ship bind-9.10.2 dhcp-4.3.2 with next Fedora release (22). Problem is, that dhclient/dhcpd don't play well with bind-9.10. Jiri Popelka (the DHCP maintainer in Fedora) did some investigation and they can't be stopped (have to be 'kill -9'ed) and don't work at all when running in background. dhcpd - backtrace: #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x7f41c136a46b in isc.app_ctxrun () from /lib64/libisc.so.148 #2 0x7f41c24721e1 in dispatch () #3 0x7f41c24229cd in main () dhclient - backtrace: #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x7f9c1941f480 in run () from /lib64/libisc.so.148 #2 0x7f9c187ad52a in start_thread (arg=0x7f9c13885700) at pthread_create.c:310 #3 0x7f9c18cc779d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 dhcpd - strace: futex(0x7f41c23290bc, FUTEX_WAIT_PRIVATE, 1, NULL dhclient - strace: futex(0x7f9c1a3e80a4, FUTEX_WAIT_PRIVATE, 5, NULL Anybody has any idea what might cause this or where to start debugging ? We tried to build bind with '--with-locktype=standard' to no avail. [1] http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries Thank you! Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC DHCP does not work with BIND 9.10
Thank you for your reply. On 02/19/2015 06:01 PM, 神明達哉 wrote: At Thu, 19 Feb 2015 17:26:19 +0100, Tomas Hozza tho...@redhat.com wrote: There's [1] a packaging policy on Fedora, that packages can't be shipped with bundled libraries, which is a case of BIND bundled in DHCP tarball. We'd like to ship bind-9.10.2 dhcp-4.3.2 with next Fedora release (22). Problem is, that dhclient/dhcpd don't play well with bind-9.10. Jiri Popelka (the DHCP maintainer in Fedora) did some investigation and they can't be stopped (have to be 'kill -9'ed) and don't work at all when running in background. First off, do you mean dhcp-4.3.2rc1? (I can't find a final release version of 4.3.2 on the ISC ftp site). I meant dhcp-4.3.2b1. Secondly: did you try to link libisc/libdns etc from bind-9.10.2 to dhcp-4.3.2(rc1) instead of the one included in the dhcp source directory? We are linking DHCP against separate build of BIND 9.10.2. In other words we don't use the bundled bind in DHCP sources. If so, unless something has substantially changed in the dhcp side, that wouldn't work in my experience for the following two reasons: 1. On Linux libisc would enable epoll by default. dhcp doesn't work well with it; you'll need a library built disabling the epoll support. 2. You stack trace seems to suggest libisc is built with enabling threads. dhcp doesn't work well with it either. Also possibly related to the second point, see comments in lib/isc/task.c: * For BIND9 internal applications: * when built with threads we use multiple worker threads shared by the whole * application. * when built without threads we share a single global task manager and use * an integrated event loop for socket, timer, and other generic task events. * For generic library: * we don't use either of them: an application can have multiple task managers * whether or not it's threaded, and if the application is threaded each thread * is expected to have a separate manager; no worker threads are shared by * the application threads. dhcp is only expected to work with the generic library (and also disabling epoll), but this comment now seems to be obsolete as there's no generic (formerly called export) version of the library. Assuming the issue with epoll is somehow resolved, I suspect we'd need some run-time mechanism to enable the multiple task managers mode (while still enabling threads). As far as I know the current implementation doesn't allow it. -- JINMEI, Tatuya We have been linking DHCP against separately built BIND in the past and everything worked for years. Only thing that changed is that we updated latest BIND 9.9 to latest 9.10. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC DHCP does not work with BIND 9.10
At Thu, 19 Feb 2015 17:26:19 +0100, Tomas Hozza tho...@redhat.com wrote: There's [1] a packaging policy on Fedora, that packages can't be shipped with bundled libraries, which is a case of BIND bundled in DHCP tarball. We'd like to ship bind-9.10.2 dhcp-4.3.2 with next Fedora release (22). Problem is, that dhclient/dhcpd don't play well with bind-9.10. Jiri Popelka (the DHCP maintainer in Fedora) did some investigation and they can't be stopped (have to be 'kill -9'ed) and don't work at all when running in background. First off, do you mean dhcp-4.3.2rc1? (I can't find a final release version of 4.3.2 on the ISC ftp site). Secondly: did you try to link libisc/libdns etc from bind-9.10.2 to dhcp-4.3.2(rc1) instead of the one included in the dhcp source directory? If so, unless something has substantially changed in the dhcp side, that wouldn't work in my experience for the following two reasons: 1. On Linux libisc would enable epoll by default. dhcp doesn't work well with it; you'll need a library built disabling the epoll support. 2. You stack trace seems to suggest libisc is built with enabling threads. dhcp doesn't work well with it either. Also possibly related to the second point, see comments in lib/isc/task.c: * For BIND9 internal applications: * when built with threads we use multiple worker threads shared by the whole * application. * when built without threads we share a single global task manager and use * an integrated event loop for socket, timer, and other generic task events. * For generic library: * we don't use either of them: an application can have multiple task managers * whether or not it's threaded, and if the application is threaded each thread * is expected to have a separate manager; no worker threads are shared by * the application threads. dhcp is only expected to work with the generic library (and also disabling epoll), but this comment now seems to be obsolete as there's no generic (formerly called export) version of the library. Assuming the issue with epoll is somehow resolved, I suspect we'd need some run-time mechanism to enable the multiple task managers mode (while still enabling threads). As far as I know the current implementation doesn't allow it. -- JINMEI, Tatuya ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC DHCP does not work with BIND 9.10
At Thu, 19 Feb 2015 18:17:13 +0100, Tomas Hozza tho...@redhat.com wrote: We have been linking DHCP against separately built BIND in the past and everything worked for years. Only thing that changed is that we updated latest BIND 9.9 to latest 9.10. Ah, I realized I was probably not clear enough about one important point: The two points that make this combination of DHCP and BIND9 unworkable is new in BIND 9.10. Up to 9.9 there's a separately built library named export library, which I guess you have been using. BIND 9.10 now builds a single unified library which is seemingly supposed to work both for BIND 9's internal applications and for other general applications (one possibility of which would be DHCP). But the unified library that would be used for BIND 9 has the two problems I mentioned and won't work for DHCP. If you don't mind still building a separate (set of) library, I believe you can use this workaround: - Build (libraries of) BIND 9 with --disable-epoll and --disable-threads - Install them into somewhere else than where other BIND 9 libs and apps are installed - Use them to build DHCP -- JINMEI, Tatuya ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
caching-only name server
Hi
I understand that I need the below snip in my /etc/named.conf
---snip ---
// Two corporate subnets we wish to allow queries from.
acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
options {
// Working directory
directory /etc/namedb;
allow-query { corpnets; };
};
// Provide a reverse mapping for the loopback
// address 127.0.0.1
zone 0.0.127.in-addr.arpa {
type master;
file localhost.rev;
notify no;
};
What else do I need along with the above to function as a caching only name
server.
looks like the default /etc/named.conf is designed to run much more than
caching server
--default---
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file /etc/named.iscdlv.key;
managed-keys-directory /var/named/dynamic;
};
logging {
channel default_debug {
file data/named.run;
severity dynamic;
};
};
zone . IN {
type hint;
file named.ca;
};
include /etc/named.rfc1912.zones;
include /etc/named.root.key;
---
also,
Is it possible to have this running in my client machines ?
Thanks,
Vijay
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Share RPZ Zones between views
Hi all ! I'm having a problem guys, I want to know if there's a way to share RPZ zones between views in a single server. Let's say that I have a view common and I have in there a zone called porn with all the domains that I want to block, then I have 2 views that matches for 2 different IP sources and I want to also block the zone porn in those 2 views, is there a way to share the already loaded zone in the common view in order to save memory on the server ? I would really appreciate any help with this, Thanks! Jose Alonso -- [image: image.png] http://www.transtelco.net/ | Jose A. Hernandez | RD Manager | MX: +52 (656) 257-1189 | US: +1 (915) 534-8116 CONFIDENTIALITY NOTICE: This communication is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient of this information, you are notified that any use, dissemination, distribution, or copying of the communication is strictly prohibited. AVISO DE CONFIDENCIALIDAD: Esta comunicación es sólo para el uso de la persona o entidad a la que se dirige y puede contener información privilegiada, confidencial y exenta de divulgación bajo la legislación aplicable. Si no es el destinatario de esta información, se le notifica que cualquier uso, difusión, distribución o copia de la comunicación está estrictamente prohibido. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
