Re: force to flush from jnl to zone files
Terry, rndc freeze zonename disables dynamic updates and syncs up the current zone data to the zone file. rndc thaw zone name when your done editing then file. Dan Sent from my iPad On Mar 19, 2011, at 7:57 AM, terry te...@list.dnsbed.com wrote: Hello, My BIND has been using dynamic updates for zone update. My question is, how to force to flush updated data from the *.jnl files to zone files? I know restarting bind can do that, but is there another better way? Thanks. Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Some hosts not resolving from No-IP by our DNS servers
Yeah.. in-ip.info is probably supposed to be no-ip.info? Dan Durrer No-IP On Mar 9, 2011, at 10:38 AM, Chuck Swiger wrote: Hi-- On Mar 9, 2011, at 10:25 AM, Frank Pikelner wrote: I'm having a problem resolving several hosts from NO-IP. When I attempt to resolve them from our DNS servers I get no reply (we can resolve other hosts). I'm not certain why the resolution stops. If I force a resolution using external DNS servers using dig (i.e. Google 8.8.8.8) the hosts resolve without problem. Here is the trace from our DNS server: dig oa.in-ip.info +trace I see NXDOMAIN for oa.in-ip.info here, and whois doesn't seem to believe that in-ip.info exists Regards, -- -Chuck ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Optimising rndc reload times on a slave server with 50,000 zones
Running off SSDs has also proved to help startup/reload times in our usage. Dan Durrer No-IP On Mar 2, 2011, at 5:32 AM, david klein r...@nachtmaus.us wrote: One other thing: on the filesystem in which reside directories that house the zone files, set the mount option noatime. This will improve the performance of re-reading the zone files because it will take out the necessity of updating a time-stamp for each read. -DTK On Mon, Feb 28, 2011 at 7:34 AM, david klein r...@nachtmaus.us wrote: 5 files in a single directory will make difficult for any filesystem. I would recommend breaking that out into groups of less than 1 per directory. For better performance, separate them onto directories that are on different spindles; the parallelization of seek (and with thousands of small files that can each be read in one or two reads, your disks will spend a lot of this time seeking) should show noticeable performance improvement. Do only some of the zones update at any given 15 minute cycle? If so, you may show an even bigger improvement by only reloading those that will have changed. On Sat, Feb 26, 2011 at 8:56 PM, Dennis Perisa dennis.per...@gmail.com wrote: Hi folks, I'm looking for suggestions to substantially improve reload times on a slave that is serving 50,000 zones (mostly customer zones). 'rndc reload' is being executed on the slave every 15 minutes. Due to the large number of zones to trawl through, the reload process is causing intermittent outages and/or significant delays to zone transfers. Here are some ideas I have: - use rndc reconfig instead - separate zone files into separate dirs to improve O/S performance (currently, all zone files are in a single dir) Are these viable options? Any other thoughts/suggestions? This is expected to be a short-term fix while we consider brute force approach of throwing more cpu/mem/IO at this. DP ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes? -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Do you guys have any hints yet on what it might look like or are you still looking for recommendations? Dan Durrer No-IP On Jul 30, 2010, at 10:44 AM, Evan Hunt wrote: Note that the syntax for this set of tools (dynamic zone creation) is a bit in flux and may be completely changed between 9.7.2 and 9.7.3. For that matter, I expect it to change significantly before the final release of 9.7.2. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Still not getting this to work just right, refused queries to newly added
zones.
If I config the zone as a master or as a slave it adds with a success from rndc.
Logs show sending notfies as master or completed zone transfer and zone system
file creation if slave.
Query to the newly added zone comes back as refused.
If I run reconfig it will start answering queries, but I'm guessing that is
because its just re-reading the include from new-zone-file. Am I missing
something here?
Dan
On Jul 29, 2010, at 5:33 PM, Dan Durrer wrote:
Alan,
So is managed.zone.list and zone.list named differently on purpose or is
that a typo?
Dan
On Jul 29, 2010, at 5:23 PM, Alan Clegg acl...@isc.org wrote:
On 7/29/2010 7:19 PM, Dan Durrer wrote:
Alan,
I was playing around with your example. I can get it to add the zone
( that is no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN:
sending notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and
I see that file being populated with the new zones statements I've
added via rndc.
The server however responds with a REFUSED for this zone or any
others done via addzone.
If i take the zone option statement in my_new_zones.dat and apply
them to named.conf and reconfig it resolves just fine. Anyone else
experiencing this?
include the my_new_zones.dat into your named.conf... my entire
named.conf on the sample system reads:
SNIP
options {
directory /etc/namedb;
dnssec-enable yes;
dnssec-validation yes;
new-zone-file /etc/namedb/managed.zone.list;
key-directory /etc/namedb/keys;
};
include /etc/namedb/zone.list;
SNIP
Note that the syntax for this set of tools (dynamic zone creation) is a
bit in flux and may be completely changed between 9.7.2 and 9.7.3. The
functionality will be there, but it might be a bit different in
implementation.. (beware!)
AlanC
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Alan,
I was playing around with your example. I can get it to add the zone ( that is
no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN: sending
notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and I see that
file being populated with the new zones statements I've added via rndc.
The server however responds with a REFUSED for this zone or any others done via
addzone.
If i take the zone option statement in my_new_zones.dat and apply them to
named.conf and reconfig it resolves just fine. Anyone else experiencing this?
Can't wait for this feature to become finalized :)
Dan Durrer
No-IP.com
On Jul 28, 2010, at 8:08 PM, Alan Clegg wrote:
On 7/28/2010 10:41 PM, Mike Flathers wrote:
Is there a patch for bind 9 to add new zones dynamically without
having to run rndc reconfig? The server stops answering queries when
reconfig is loading in the new config as the config grows this timeout
increases. I haven't hit the source code yet, but something like rndc
addzone zonename [config options | clone zone] would be nice :)
Look for it in BIND 9.7.2
Here's what I have that creates zones, makes them dynamic and signs them
with no human interference (producing the DS record for the parent):
==SNIP==
#!/bin/bash
cd /etc/namedb
cp template master/${1}
rndc addzone ${1} { type master\;\
file \master/${1}\\;\
update-policy local\; \
auto-dnssec maintain\; \
}\;
dnssec-keygen -f KSK -K /etc/namedb/keys $1
dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key ds/${1}
dnssec-keygen -K /etc/namedb/keys $1
rndc sign ${1}
==SNIP==
Yes, no error checking, etc, but it works well as a proof-of-concept...
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Alan,
So is managed.zone.list and zone.list named differently on purpose or is that
a typo?
Dan
On Jul 29, 2010, at 5:23 PM, Alan Clegg acl...@isc.org wrote:
On 7/29/2010 7:19 PM, Dan Durrer wrote:
Alan,
I was playing around with your example. I can get it to add the zone
( that is no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN:
sending notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and
I see that file being populated with the new zones statements I've
added via rndc.
The server however responds with a REFUSED for this zone or any
others done via addzone.
If i take the zone option statement in my_new_zones.dat and apply
them to named.conf and reconfig it resolves just fine. Anyone else
experiencing this?
include the my_new_zones.dat into your named.conf... my entire
named.conf on the sample system reads:
SNIP
options {
directory /etc/namedb;
dnssec-enable yes;
dnssec-validation yes;
new-zone-file /etc/namedb/managed.zone.list;
key-directory /etc/namedb/keys;
};
include /etc/namedb/zone.list;
SNIP
Note that the syntax for this set of tools (dynamic zone creation) is a
bit in flux and may be completely changed between 9.7.2 and 9.7.3. The
functionality will be there, but it might be a bit different in
implementation.. (beware!)
AlanC
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Load Balancer for DNS
Yes, we've been using the ip sla feature for some time now, works well. Bgp/ ospf via quagga also are great solutions . Dan Durrer No-ip.com Sent from my iPad On Apr 5, 2010, at 8:39 AM, Matthew Pounsett m...@conundrum.com wrote: On 2010/04/05, at 02:06, sasa sasa wrote: Hello everyone, Any one used any load balancer for DNSs? any recommendation? it's 2 caching-only DNSs, and I'd like to make a load balance between them using software. Unless you're willing to spend a lot of money, load balancers are generally not the best way to go. They tend to be specced out for average internet traffic, which has a much lower packets/megabit ratio than DNS traffic does. You're much better off using routing protocols to balance traffic between DNS servers. Have a look at this[1] how-to .. it'll point you to a technote by ISC about how to do OSPF anycast within a LAN, as well as explain a slightly simpler (but Cisco-only) solution. Cheers, Matt [1] http://mpounsett.blogspot.com/2009/02/load-balancing-dns-using-ciscos-ip-sla.html ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
