Re: problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((
On 23.06.2010 / 17:51:24 +1000, Mark Andrews wrote: In message aanlktinjqorplnyqj5tso2tdwlt_ropzdmrymoiph...@mail.gmail.com, Piff writes: Mark, more than once you have blamed firewal but I have tested without firewall and NSxx.DOMAINCONTROL.COM do not answer to dig +dnssec. Wrong. The nameserver DO answer these queries. # dig +dnssec @ns33.domaincontrol.com. replacementservices.com. ; DiG 9.3.6-P1 +dnssec @ns33.domaincontrol.com. replacementservices.com. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 41760 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;replacementservices.com. IN A ;; ANSWER SECTION: replacementservices.com. 3600 IN A 72.32.12.235 ;; AUTHORITY SECTION: replacementservices.com. 3600 IN NS ns33.domaincontrol.com. replacementservices.com. 3600 IN NS ns34.domaincontrol.com. This dig query timeouts on my side, checked from 3 different IPs from 3 different AS (autonomous systems). ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: our isp not supports EDNS?
Mark, please see below... On 04.05.2010 / 14:31:25 +1000, Mark Andrews wrote: In message y2sf7e964441005031927m7774769ev280156817d8b4...@mail.gmail.com, Je ff Pang writes: Hello, Following the discussions in the list, I made a test on one of our servers, which is in an ISP's datacenter. The result is below: $ dig +short rs.dns-oarc.net txt rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. 218.204.255.72 DNS reply size limit is at least 490 218.204.255.72 lacks EDNS, defaults to 512 Tested at 2010-05-04 02:23:51 UTC Does this mean our ISP's filrewall block EDNS query/response? Maybe / maybe not. It could just mean that the nameserver itself doesn't support EDNS. How bad it is, if providers server doesn't support/make eDNS queries? Does eDNS support/usage is for DNSSEC protocol only? I mean, that my collegue propose to use the following statement in named.conf: server 0.0.0.0/0 { edns no; }; in fix to the broken servers, which are doesn't support eDNS queries, for example ns51 / ns52.domaincontrol.com ( which are hosting a lot of domains http://www.statsinfinity.com/ns_parent_zone_info/DOMAINCONTROL.COM and dig +bufsize requests to them are ending with a timeout, so it probably just firewall'ed for packets more than 512 bytes long). ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: our isp not supports EDNS?
Thanks Bill. I'm well aware of dns-oarc tests... but they are no more than firewall / dns packet size tests. My idea/concern is what could be wrong/broken (except of DNSSEC), if we disable eDNS on our servers - I need to carry this idea to my collegue. My quick test show that disabling edns per 0/0 { edns no;}; doesn't broke resolving/anything (except of dnssec queries). On 22.06.2010 / 10:14:36 -0700, Bill Buhlman wrote: another example: dig +short rs.dns-oarc.net txt rst.x3827.rs.dns-oarc.net. rst.x3837.x3827.rs.dns-oarc.net. rst.x3843.x3837.x3827.rs.dns-oarc.net. Tested at 2010-06-22 17:11:44 UTC 169.199.1.1 sent EDNS buffer size 4096 169.199.1.1 DNS reply size limit is at least 3843 --- On Tue, 6/22/10, Anatoly Pugachev ma...@team.co.ru wrote: From: Anatoly Pugachev ma...@team.co.ru Subject: Re: our isp not supports EDNS? To: Mark Andrews ma...@isc.org Cc: Jeff Pang pa...@arcor.de, bind-us...@isc.org Date: Tuesday, June 22, 2010, 8:58 AM Mark, please see below... On 04.05.2010 / 14:31:25 +1000, Mark Andrews wrote: In message y2sf7e964441005031927m7774769ev280156817d8b4...@mail.gmail.com, Je ff Pang writes: Hello, Following the discussions in the list, I made a test on one of our servers, which is in an ISP's datacenter. The result is below: $ dig +short rs.dns-oarc.net txt rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. 218.204.255.72 DNS reply size limit is at least 490 218.204.255.72 lacks EDNS, defaults to 512 Tested at 2010-05-04 02:23:51 UTC Does this mean our ISP's filrewall block EDNS query/response? Maybe / maybe not. It could just mean that the nameserver itself doesn't support EDNS. How bad it is, if providers server doesn't support/make eDNS queries? Does eDNS support/usage is for DNSSEC protocol only? I mean, that my collegue propose to use the following statement in named.conf: server 0.0.0.0/0 { edns no; }; in fix to the broken servers, which are doesn't support eDNS queries, for example ns51 / ns52.domaincontrol.com ( which are hosting a lot of domains http://www.statsinfinity.com/ns_parent_zone_info/DOMAINCONTROL.COM and dig +bufsize requests to them are ending with a timeout, so it probably just firewall'ed for packets more than 512 bytes long). ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: manage large dns record
There's $INCLUDE zone directive in bind zone file, read more in bind docs. Hope this helps. On 19.11.2009 / 15:40:32 +0700, Sokvantha YOUK wrote: Dear ALL, Could you advice me what is the good way to manage large dns record in zone file? I'm using bind v9, currently I need to add around 20 000 hostname but it is a pain to put them in one single file. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers (Re: ISC BIND 9.7.0b1 is now available)
JINMEI, we're not using sparc for our bind installations, but this is a feedback on your 'call for testers' (bind compilation went successfully on both compilers): solaris 10 sparc, sun studio 12u1 compiler: $ uname -a SunOS chuck 5.10 Generic_141414-10 sun4u sparc SUNW,Sun-Fire-V440 $ cc -V cc: Sun C 5.10 SunOS_sparc 2009/06/03 [tests]$ ./backtrace_test isc_backtrace_gettrace failed: not implemented [tests]$ echo $? 1 solaris 10 sparc, sun gcc compiler: $ gcc -v Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs Configured with: /sfw10/builds/build/sfw10-patch/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/ccs/bin/as --without-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared Thread model: posix gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) [tests]$ ./backtrace_test isc_backtrace_gettrace failed: not implemented ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: call for testers
Solaris 10 sparc running on T5120 $ uname -a SunOS hosting1 5.10 Generic_137111-04 sun4v sparc SUNW,SPARC-Enterprise-T5120 $ gcc -v Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs Configured with: /sfw10/builds/build/sfw10-patch/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/ccs/bin/as --without-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared Thread model: posix gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) $ ./backtrace_test isc_backtrace_gettrace failed: not implemented $ echo $? 1 Debian 5 sparc running on Sun E250 $ gcc -v Using built-in specs. Target: sparc-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --with-cpu=v8 --with-long-double-128 --enable-checking=release --build=sparc-linux-gnu --host=sparc-linux-gnu --target=sparc-linux-gnu Thread model: posix gcc version 4.3.2 (Debian 4.3.2-1.1) $ uname -a Linux squat 2.6.26-2-sparc64-smp #1 SMP Sun Jun 21 05:58:06 UTC 2009 sparc64 GNU/Linux $ ./backtrace_test isc_backtrace_gettrace failed: not found $ echo $? 1 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.5.1-P3 compilation problems.
Hello! If you don't need DNSSEC for your zones, you can compile bind without SSL support, like ./configure --with-openssl=no On 11.08.2009 / 07:28:31 -0400, Emery wrote: Good morning, I've conducted two maintenance windows to upgrade our BIND primary server to the new code to address the recent security vulnerability, but cannot get past the error below. I have Openssl 9.8.0k installed. I have no problems running tests from the openssl prompt. I have tried exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory and have run the compilation with the --with-openssl=/usr/local/ssl switch to no avail. I am running Solaris 10 Sparc - ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9.6.1 stops after few hours.
On 07.07.2009 / 11:55:34 -0400, Rob Payne wrote: What do you mean by stop? Did the daemon crash, simply not respond to queries, or something else? I don't know if this is the same as what Laurence is seeing. Testing 9.6.1 on Solaris 10/sparc, with a local build (THREADS, no MEMFILL, openssl 0.9.8k) the server stops responding to queries made from the network (LAN), until a local query comes in (dig @localhost ...). We're using 9.6.0-P1 in solaris 10 x86 zone, acting as both recursive and authoritative server (a bit loaded, like 1k concurrent recursive queries during daytime hours seen with 'rndc status') and don't seeing any problems with it. Bind was configured as './configure --with-openssl=no' since we don't use DNSSEC. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
servfail on 9.6.1rc1
Hello. Installed bind-9.6.1rc1 for the query-errors category debugging. Server is a usual recursive server on solaris 10 x86 with 4Gb of RAM. Named was compiled with SunStudio 12 compiler suite as: CFLAGS=-m32 -xarch=sse2 ./configure --prefix=/ --with-openssl=no make named.conf without any views defined, max-cache-size is set to 1500m usual daily load shown with 'rndc status' is 1500 recursive clients. $ prstat PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 19567 bind 232M 228M sleep 590 0:12:08 19% named/7 Here's what I've got in the logs: first query: 28-May-2009 05:57:40.578 query-errors: debug 1: client 213.33.171.242#1130: query failed (SERVFAIL) for 5.126.208.91.IN-ADDR.ARPA/IN/PTR at query.c:4619 28-May-2009 05:57:40.578 query-errors: debug 2: fetch completed at resolver.c:2908 for 5.126.208.91.IN-ADDR.ARPA/PTR in 0.000163: out of memory/success [domain:91.in-addr.arpa,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] second same query coming to server resolving properly (NOERROR) Can you please help me to investigate what is wrong? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named querylog, cache hit
Hello! This is a request to enhancement. Is it possible to make named querylog log somehow if clients query hit the server cache or not, not regarding to other logged query options (like +EDC). Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users