Re: designing the DNS from the scratch

2017-07-10 Thread Leonardo Rodrigues 

Em 10/07/17 11:12, Matthew Seaman escreveu:


Or you could buy a service from one of a number of DNS service providers
who provide pretty much exactly what I described.  That will still be
quite expensive, but not to the extent that it would cause inadvertent
emission of bodily fluids.



I have been using Amazon AWS Route 53 DNS services and i'm loving 
them. The price is really low for the availability i'm experiencing, the 
easy management.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: different result between normal query and zone transfer

2017-07-10 Thread Tony Finch 
Reindl Harald  wrote:
>
> well, bind10 is dead so far and at least no longer a ISC project

Catalog zones are a BIND 9.11 feature.

https://kb.isc.org/article/AA-01432/81/BIND-9.11.0-Release-Notes.html#relnotes_features

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Forth, Tyne, Dogger, Fisher, North German Bight: Cyclonic 4 or 5, increasing 6
at times. Slight or moderate. Rain or thundery showers. Good, occasionally
poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: different result between normal query and zone transfer

2017-07-10 Thread Reindl Harald 



Am 10.07.2017 um 18:48 schrieb Tony Finch:

Darcy Kevin (FCA)  wrote:


There is no "automatic" mechanism within BIND to tell replicas to start
slaving new zones.


Fans of new features pop up in response to say, you might be able to use
catalog zones to automatically configure replication :-)

https://kb.isc.org/article/AA-01401/0/A-short-introduction-to-Catalog-Zones.html


This guide shows the basic usage of catalog zones - how to add set up a 
master and slave provisioned using catalog zone, how to add a new zone 
to the catalog zone and how to possibly automate it. In this guide we'll 
be using three servers - master running on 10.53.0.1 and two slaves 
running on 10.53.0.2 and 10.53.0.3. To make it easier to try out this 
example on your own system, we are using unprivileged ports 5300 and 
9953, for DNS and RNDC respectively.


well, bind10 is dead so far and at least no longer a ISC project
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: different result between normal query and zone transfer

2017-07-10 Thread Tony Finch 
Darcy Kevin (FCA)  wrote:

> There is no "automatic" mechanism within BIND to tell replicas to start
> slaving new zones.

Fans of new features pop up in response to say, you might be able to use
catalog zones to automatically configure replication :-)

https://kb.isc.org/article/AA-01401/0/A-short-introduction-to-Catalog-Zones.html

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Trafalgar: North or northwest 5 or 6, decreasing 4 at times, then occasionally
7 later. Moderate or rough, occasionally slight in far southeast. Occasional
rain in north. Good, occasionally moderate in north.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: different result between normal query and zone transfer

2017-07-10 Thread Darcy Kevin (FCA) 
The bottom line is that a *zone* is the basic administrative unit of 
AXFR/IXFR-based replication. If you create a new zone and you want a replica to 
serve it, you need to configure the replica to replicate it. There is no 
"automatic" mechanism within BIND to tell replicas to start slaving new zones. 
If you have a common provisioning/configuration-control mechanism, then this 
can be quite convenient, but it sounds like this is between you and your ISP, 
so I assume that no such common framework exists. You have to follow their 
procedures for getting the new zone transfer definition established, whether 
that be a phone call, an email, filling out an online form, something like that.


- Kevin



-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of MAYER 
Hans
Sent: Sunday, July 09, 2017 1:14 AM
To: bind-users@lists.isc.org
Subject: Re: different result between normal query and zone transfer


Hi Steven, 

Many thanks for your answer. 
Isn’t there a flag or option to say handle all sub-zones like normal A or CNAME 
records too ? 

// Hans



> On 6 Jul 2017, at 15:05, Steven Carr  wrote:
> 
> On 6 July 2017 at 12:29, MAYER Hans  wrote:
>> For me this looks like a bug. Why is the answer for a normal query different 
>> than the answer from a zone transfer ?
>> Or do I miss a special flag for this setup ?
>> I am using BIND 9.11.1  but I had the same issue with older 
>> versions too.
> 
> A zone transfer is transferring the contents of the zone, the zone in 
> question is 'iiasa.ac.at', but you've also created a subzone 
> 'test44.iiasa.ac.at' which is a completely separate point of 
> administration that just happens to hide records inside of the parent 
> zone. So on your slaves you will also need to slave the subzone if you 
> want it to override the records there.
> 
> A query will traverse the tree until it finds the lowest point of 
> delegation with which to obtain a response from.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

2017-07-10 Thread Matthew Seaman 
On 2017/07/10 14:16, Matus UHLAR - fantomas wrote:
>>> But you do know the approximate speed of light in a vacuum?
> 
> there's always dark in my vacuum, so the speed of light doesn't apply
> there.
> 
> On 10.07.17 09:02, wbr...@e1b.org wrote:
>> More importantly, what is the speed of light in a fiberoptic connection?
>> Speed of electrons in copper wire?
> 
> speed of electrical field, which is the same as speed of light.
> electrons are much slower.
> 
> however, the longest distances on earth are about 2km, which requires
> at least 67ms for signal to get there and 133ms to get back.
> in reality there's some small delay on each network device in the path, so
> the 3ms can only be achieved on short distances.
> 

Indeed.  Assuming the OP was talking about providing an authoritative
service -- that is, to allow the rest of the world to look up their
customer's domains -- then if they went back to their customer with a
more realistic target of say a 95th-percentile limit of a sub-50ms RTT
for users in urban North America, Europe, Russia, Japan and other
locations with a well developed Internet infrastructure, that could be
achieved by putting DNS servers in strategically located POPs on each
continent and using anycast routing to direct traffic to the nearest
location.

Which would be eye-wateringly expensive to do for just one client,
unless they needed about as much capacity as a middle-sized ccTLD.

Or you could buy a service from one of a number of DNS service providers
who provide pretty much exactly what I described.  That will still be
quite expensive, but not to the extent that it would cause inadvertent
emission of bodily fluids.

On the other hand, if they were talking about providing a recursive DNS
caching service to allow their customer's servers to look stuff up from
the internet, then a 3ms RTT is not impossible so long as

   * the DNS machines are sufficiently close to the client's machines
 that you can readily achieve sub-3ms ping RTTs between them

   * the 3ms limit *only* applies to responses from cached data.

There's clearly no way you can guarantee <3ms if your recursive server
needs to talk to a machine on the other side of the planet where it
takes at least 200ms just to get packets there and back again.

Cheers,

Matthew




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

2017-07-10 Thread Matus UHLAR - fantomas 

But you do know the approximate speed of light in a vacuum?


there's always dark in my vacuum, so the speed of light doesn't apply there.

On 10.07.17 09:02, wbr...@e1b.org wrote:

More importantly, what is the speed of light in a fiberoptic connection?
Speed of electrons in copper wire?


speed of electrical field, which is the same as speed of light.
electrons are much slower.

however, the longest distances on earth are about 2km, which requires
at least 67ms for signal to get there and 133ms to get back.
in reality there's some small delay on each network device in the path, so
the 3ms can only be achieved on short distances.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

2017-07-10 Thread Ray Bellis 
On 10/07/2017 14:02, wbr...@e1b.org wrote:

> ~3 x 10**8 m/s
> 
> More importantly, what is the speed of light in a fiberoptic connection? 

~0.66c

> Speed of electrons in copper wire?

Individual electrons move *very* slowly - it's the electric *field* that
moves at between 0.5c and 1c.

https://en.wikipedia.org/wiki/Velocity_factor

cheers,

Ray

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

2017-07-10 Thread wbrown 
> But you do know the approximate speed of light in a vacuum?

~3 x 10**8 m/s

More importantly, what is the speed of light in a fiberoptic connection? 
Speed of electrons in copper wire?



Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: restarting bind fixes some resolution issues

2017-07-10 Thread Sam Wilson 

On 2017-07-09 15:04:53 +, Matus UHLAR - fantomas said:


On 09.07.17 14:36, Dario Corti wrote:
Hi, I occasionally have issues updating some packages, with the package 
manager saying that it cannot resolve deb.nodesource.com. I'm using 
1:9.9.5.dfsg-9+deb8u11 and I verified that a bind restart fixes the 
problem every time (even if technically the domain CAN be resolved also 
before the restart).


https://mxtoolbox.com/SuperTool.aspx?action=dns%3adeb.nodesource.com=toolpage 


http://dnscheck.pingdom.com/?domain=deb.nodesource.com

both checkers report errors...

I issued a dig before and after the restart and it does report 
something different, but I'm unable to understand it, so I wonder if 
anyone can suggest a possible reason for this.


Before: https://pastebin.com/7qZUmPKA
After: https://pastebin.com/U0DUhE20


i don't see any difference here, both cases report deb.nodesource.com to be
a CNAME to d2buw04m05mirl.cloudfront.net - maybe you should look up that one
next time problem appears.


What's different is the authority section.  In neither case does it 
provide the expected NS records for nodesource.com or cloudfront.net, 
or even NS records for d2buw04m05mirl.cloudfront.net, which my servers 
have cached.  There is something odd about the configuration.


Sam

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users