Re: Malformed transaction errors
On 19 Oct 2020, at 08:57, Bob McDonald wrote: > When you talk about "putting the .jnl file aside" what are you doing? > Stopping named THEN deleting the .jnl file? I did not delete the file. I stopped named and moved the file, then restarted named. After everything seemed to be working, then I removed the file. > Using rndc sync -clean ? In the case of the rndc command, you > don't need to cycle named. That's good to know, will try the next time if goes pear-shaped. > What user is named running as? Are the directory permissions for the > directory housing the .jnl file correct? There are many domains, all with same permissions (bind/bind). -- And what rough beast, its hour come round at last, Slouches towards Bethlehem to be born? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forwarders used in order or based on RTT ?
On Mon, Oct 19, 2020 at 11:26 AM Victoria Risk wrote: > > The ARM was updated in 9.16.6. Sorry it took us so long! > > from https://gitlab.isc.org/isc-projects/bind9/-/issues/2030 > Forwarders are typically used when an administrator does not wish for > all the servers at a given site to interact directly with the rest of > the Internet. For example, a common scenario is when multiple internal > DNS servers are behind an Internet firewall. Servers behind the firewall > forward their requests to the server with external access, which queries > Internet DNS servers on the internal servers' behalf. > > Another scenario (largely now superseded by Response Policy Zones) is to > send queries first to a custom server for RBL processing before > forwarding them to the wider Internet. > > There may be one or more forwarders in a given setup. The order in which > the forwarders are listed in ``named.conf`` does not determine the > sequence in which they are queried; rather, ``named`` uses the response > times from previous queries to select the server that is likely to > respond the most quickly. A server that has not yet been queried is > given an initial small random response time to ensure that it is tried > at least once. Dynamic adjustment of the recorded response times ensures > that all forwarders are queried, even those with slower response times. > This permits changes in behavior based on server responsiveness. Awesome, thank you -- that's clean and easy to understand. W > > Vicky > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forwarders used in order or based on RTT ?
The ARM was updated in 9.16.6. Sorry it took us so long! from https://gitlab.isc.org/isc-projects/bind9/-/issues/2030 Forwarders are typically used when an administrator does not wish for all the servers at a given site to interact directly with the rest of the Internet. For example, a common scenario is when multiple internal DNS servers are behind an Internet firewall. Servers behind the firewall forward their requests to the server with external access, which queries Internet DNS servers on the internal servers' behalf. Another scenario (largely now superseded by Response Policy Zones) is to send queries first to a custom server for RBL processing before forwarding them to the wider Internet. There may be one or more forwarders in a given setup. The order in which the forwarders are listed in ``named.conf`` does not determine the sequence in which they are queried; rather, ``named`` uses the response times from previous queries to select the server that is likely to respond the most quickly. A server that has not yet been queried is given an initial small random response time to ensure that it is tried at least once. Dynamic adjustment of the recorded response times ensures that all forwarders are queried, even those with slower response times. This permits changes in behavior based on server responsiveness. Vicky ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forwarders used in order or based on RTT ?
On Sun, Oct 18, 2020 at 2:32 PM @lbutlr wrote: > > On 16 Oct 2020, at 08:36, Bob Harold wrote: > > That is certainly not obvious. How do I request improving the manual? > > > > "in turn" would seem to imply "in order", and the order would logically be > > the order I listed them.] > > I disagree. In turn means one is tried, then if that fails the next is tried. > There is no implication at all that the order they are tried in is the order > specified. > > It would not hurt anything to say they were tried in turn accords to RTT, but > as it stands the documentation doesn’t say what you think it says. > > Again, "in turn" doesn’t mean "in the order I expect" it simply means one > after another until all are checked (or one succeeds). "In turn" might not strictly mean in the order listed (the definitions converge around 1: "in succession", or 2: a causal step from a previous outcome), but there is *implication* that it is in the order listed. If I said "The carolers visited the houses in turn", the *implication* is that they visited the first house, then the second, then the third, etc and not the first, then the seventeenth, etc. Yes, there is ambiguity - it appears that this usage is that the succession is "in RTT order", and not "in listed order", but the fact that it is ambiguous, and people are unsure what is meant, demonstrates a bug in the documentation. W > > > -- > "Are you pondering what I'm pondering?" > "Wuh, I think so, Brain, but I prefer Space Jelly." > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Malformed transaction errors
On 19 Oct 2020, at 00:54, Matus UHLAR - fantomas wrote: > On 18.10.20 11:00, @lbutlr wrote: >> I am getting the following error on one specific domain and I am unsure how >> to fi it. Searching for the error lead to suggestions about not running >> multiple copies of bind on the same machine, but that is not the case here >> (and it is only affecting one domain). >> >> named[652] malformed transaction: example.com.signed.jnl last serial >> 2018022385 != transaction first serial 2018022384 >> named[652] zone example.com/IN: zone_resigninc:dns_journal_write_transaction >> -> unexpected error >> named[652] malformed transaction: example.com.signed.jnl last serial >> 2018022385 != transaction first serial 2018022384 >> named[652] zone example.com/IN: zone_resigninc:dns_journal_write_transaction >> -> unexpected error >> >> If I put aside the jnl file and stop/start bind the error goes away, but >> eventually it comes back, always for the same domain. >> >> (Setup is DNS primary on on machine and a secondary server on a separate >> machine. Errors are on the primary server.) > > what's the primary server? maybe broken DNS implementation Bind $CURRENT ((9.16.7)), though this has been happening sporadically for months. Stopping and starting bind after removing the jnl files seems to fix it for quite awhile Other than the logged error there seems to be no other side-effect of this, the domain continues to resolve. I suspect it might have something to do with the DNSEC self-updating, but that is only a guess based on the fact it takes a long time to recur. -- Mirrors contain infinity. Infinity contains more things than you think. Everything, for a start. Including hunger. Because there's a million billion images, but only one soul to go around. --Witches Abroad ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Malformed transaction errors
On 18.10.20 11:00, @lbutlr wrote: I am getting the following error on one specific domain and I am unsure how to fi it. Searching for the error lead to suggestions about not running multiple copies of bind on the same machine, but that is not the case here (and it is only affecting one domain). named[652] malformed transaction: example.com.signed.jnl last serial 2018022385 != transaction first serial 2018022384 named[652] zone example.com/IN: zone_resigninc:dns_journal_write_transaction -> unexpected error named[652] malformed transaction: example.com.signed.jnl last serial 2018022385 != transaction first serial 2018022384 named[652] zone example.com/IN: zone_resigninc:dns_journal_write_transaction -> unexpected error If I put aside the jnl file and stop/start bind the error goes away, but eventually it comes back, always for the same domain. (Setup is DNS primary on on machine and a secondary server on a separate machine. Errors are on the primary server.) what's the primary server? maybe broken DNS implementation -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
