from:"Dns Admin"

Re: bind 9.11.2 - domain and subdomain with one zone does not work

2020-04-03 Thread Dns Admin

Hi ?
   You have delegated the domain "sub.test.local" but you have no zone
statement for this  zone.
Suggest you create  a db.sub.test.local zone file and update your
configuration with

 zone "sub.test.local" IN {
type master;
file "db.sub.test.local";
};

And remove the following from the db.test.local zone file:

$ORIGIN sub.test.local.
localhost   A   127.0.0.1
t30 A   127.0.0.2

Br Peter


On 03/04/2020 08:19, mail-list-us...@materna.de wrote:
> Good morning,
>
> we try to use  in our zone files for easy including of new sub domains.
> While it worked on my test system, in production we get either NXDOMAIN or 
> SERVFAIL,
> both use bind 9.11.2 from the distro. Level 10 debug with all possible logs 
> enabled did gave no answer.
> Maybe someone on this list will find our problem, like in the past.
> named.conf from test system, besides of the amount of zones the same as 
> production:
> ---
>
> options {
>   allow-transfer { none;};
>   check-names master ignore;
>   check-names slave ignore;
>   check-names response ignore;
>   directory "/var/lib/named";
>   managed-keys-directory "/var/lib/named/dyn/";
>   dump-file "/var/log/named_dump.db";
>   statistics-file "/var/log/named.stats";
>   listen-on-v6 { any; };
>   notify no;
>   forward only;
>   forwarders { 127.0.0.1; };
>   allow-recursion { 127.0.0.1; };
>   allow-query { 127.0.0.1; };
> response-policy {
> zone "testoverride" log no;
>   zone "logoverride" log yes;
> };
>
> disable-empty-zone 
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
> };
>
> acl AllowDDNS { 127.0.0.1/32; };
>
> include "/etc/rndc.key";
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
>
> view public {
>   zone "." in {
>   type hint;
>   file "db.hint";
>   };
>
>   zone "localhost" in {
>   type master;
>   file "localhost.zone";
>   };
>
>   zone "0.0.127.in-addr.arpa" in {
>   type master;
>   file "127.0.0.zone";
>   };
>
>   zone 
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
>   type master;
>   file "127.0.0.zone";
>   };
>
> zone "test.local" IN {
> type master;
> file "db.test.local";
> };
>
>   zone "testoverride" {
>   type master;
>   file "Multistuff";
>   allow-query { AllowDDNS; };
>   allow-update { AllowDDNS; };
>   };
>
> zone "logoverride" {
> type master;
> file "LogStuff";
> allow-query { AllowDDNS; };
> allow-update { AllowDDNS; };
> };
>
> };
>
> logging {
>
> channel default_syslog {
> # Send most of the named messages to syslog.
> syslog local2;
> severity debug;
> };
>
> channel audit_log {
> #Send the security related messages to a separate file.
> syslog local2;
> severity debug;
> print-time yes;
> };
>
> channel null {
> null;
> };
>
>
>  category default { default_syslog;   };
>  category config { default_syslog;   };
>  category dispatch { default_syslog;   };
>  category network { default_syslog;   };
>  category general { default_syslog;   };
>  category resolver { default_syslog;  };
>  category cname { default_syslog;  };
>  category delegation-only { default_syslog;  };
>  category lame-servers { default_syslog;  };
>  category edns-disabled { default_syslog;  };
>  category dnssec { default_syslog;  };
>  category notify { default_syslog;  };
>  category xfer-in { default_syslog;  };
>  category xfer-out { default_syslog;  };
>  category update{ default_syslog;  };
>  category update-security { default_syslog;  };
>  category client{ default_syslog;  };
>  category security { default_syslog;  };
>  category rate-limit { default_syslog;  };
>  category spill { default_syslog;  };
>  category database { default_syslog;  };
>  category rpz { default_syslog;  };
>  category dnstap { default_syslog;  };
>  category queries { default_syslog; };
>  category query-errors { default_syslog; };
>
>
> };
> ---
>
> The zone file:
> ---
> $ORIGIN .
> $TTL 604800 ; 1 week
> test.local IN SOA  mytest.test.local. root.test.local. (
> 2020040123 ; serial
> 1800   ; refresh (30 minutes)
> 900; retry (15 minutes)
>

Re: Options for build configure documented anywhere?

2019-12-23 Thread Dns Admin

Hi Brett,

./configure -h

Will give you list of the available options.

Peter

On 23/12/2019 06:38, Brett Delmage wrote:
> I'm building bind-9.15.7 on Ubuntu 18.04, so I can try some of the
> newest features.
>
> I have never built bind before. I configured and compiled using the
> default options just fine, after installing a few reqiasite libraries.
> I was pleasantly suprised.
>
> Next, I would like to build with the same options as the distro
> default bind9-9.11.3+dfsg uses as a starting point. So I ran named -V
> to get the as-built options, below.
>
> Are the build configure switches for 9.15 documented clearly anywhere?
> I've looked all over and cannot find descriptions anywhere to help me
> decide which ones I need.
>
> Thank you.
>
> Brett
>
> --build=x86_64-linux-gnu \
> --prefix=/usr/local \
> --includedir=/usr/local/include \
> --mandir=/usr/local/share/man \
> --infodir=/usr/local/share/info \
> --sysconfdir=/etc/bind915 \
> --localstatedir=/var \
> --localstatedir=/ \
> --disable-silent-rules \
> --libdir=/usr/lib/x86_64-linux-gnu \
> --libexecdir=/usr/lib/x86_64-linux-gnu \
> --disable-maintainer-mode \
> --disable-dependency-tracking \
> --sysconfdir=/etc/bind- \
> --with-python=python3 \
> --enable-threads \
> --enable-largefile \
> --with-libtool \
> --enable-shared \
> --enable-static \
> --with-gost=no \
> --with-openssl=/usr \
> --with-gssapi=/usr \
> --with-libjson=/usr \
> --without-lmdb \
> --with-gnu-ld \
> --with-geoip=/usr \
> --with-atf=no \
> --enable-ipv6 \
> --enable-rrl \
> --enable-filter- \
> --enable-native-pkcs11 \
> --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so \
> --with-randomdev=/dev/urandom \
> --with-eddsa=no \
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Dns Admin


Hi Patrik,

192.168.81.20 appears to be matched to the internal-enp1s0f3 view.
This view might not be able to resolve these external dns entries correctly

what do you get when you try

dig @192.168.81.20 com soa

and

dig @192.168.81.20 production.cloudflare.docker.com +trace

Kind Regards Peter



On 25/07/2018 12:08, Patrik wrote:

Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump 
this domain?

Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
    match-clients { "internal-enp1s0f3"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f3"; };
    notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };
    include "/etc/bind/named.conf.default-zones";

    zone "patrikx3.com " {
        type master;
        file "/etc/bind/zones/enp1s0f3/patrikx3.com 
";

        include "/var/lib/samba/private/named.conf.update";
    };

    zone "corifeus.com " {
        type master;
        file "/etc/bind/zones/enp1s0f3/corifeus.com 
";

    };

    include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
    match-clients { "internal-enp1s0f2"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f2"; };
     notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };

    include "/etc/bind/named.conf.default-zones";

    zone "patrikx3.com " {
        type master;
        file "/etc/bind/zones/enp1s0f2/patrikx3.com 
";

//        include "/var/lib/samba/private/named.conf.update";
    };

    zone "corifeus.com " {
        type master;
        file "/etc/bind/zones/enp1s0f2/corifeus.com 
";

    };

//    include "/var/lib/samba/private/named.conf";

};


view "external" {
    match-clients { any; };

    recursion no;
    additional-from-auth no;
    additional-from-cache no;

//    allow-transfer { any; }; // temporarily allowed for debugging 
purposes

    allow-transfer { none; };

//    zone "namesystem.tk " IN {
//        type master;
//        file "/etc/bind/zones/external.namesystem.tk 
";

//    };
};


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Dns Admin


Hi Patrik,

I don't see any SERVFAIL querying for this  record.  maybe 
your"internal-enp1s0f3" view is configured to bump this domain?


Kind Regards Peter

dig aax-eu.amazon-adsystem.com 

; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com.    IN  

;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com. 60  IN  SOA ns-924.amazon.com. 
root.amazon.com. 1532498091 3600 900 7776000 60


;; Query time: 67 msec
;; SERVER: 205.166.94.20#53(205.166.94.20)
;; WHEN: Wed Jul 25 05:59:58 UTC 2018
;; MSG SIZE  rcvd: 110


On 25/07/2018 07:52, Patrik wrote:

Hello!

How are you?
I started having a problem with BIND9. Something must have changed, 
because I start getting SERVFAIL a lot.

Looks like this:
25-Jul-2018 07:44:09.647 client @0x7fa268223c10 192.168.78.30#56577 
(aax-eu.amazon-adsystem.com ): view 
internal-enp1s0f3: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 
(aax-eu.amazon-adsystem.com ): view 
internal-enp1s0f2: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2440c7ef0 
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f3: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 
(aax-eu.amazon-adsystem.com ): view 
internal-enp1s0f2: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0 
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f3: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2340836e0 
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f2: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0 
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f2: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885


To me, it looks like, the requests try the  ipv6 addresses but 
they are not in IPv6 and because of that it gives a SERVFAIL.
Is there a way to give a priority to the BIND9 request before the IPv6 
and first try the IPv4 and if there is no IPv4 result, then try IPv6. 
Because now, it gives a few SERVFAIL (I have to refresh the browser, 
to make it work to get), I guess, get the IPv4 if only works after a 
few refreshes.

Even, if I do a dig on it iit shows, there is no :
root@server:/etc/nginx/sites-enabled# dig aax-eu.amazon-adsystem.com 



; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com 


;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com .INA

;; ANSWER SECTION:
aax-eu.amazon-adsystem.com . 
60INA52.94.216.48


;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com . 
860INNSns-921.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-911.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-932.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-931.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-912.amazon.com .
aax-eu.amazon-adsystem.com

Fwd: New BIND release candidates are available: 9.9.13rc1, 9.10.8rc1, 9.11.4rc1, 9.12.2rc1, and 9.13.1

2018-06-22 Thread Dns Admin


   Re: Bind 9.9.13rc1

I note that the "--enable-dnstap" options has been removed.
Is dnstap now enabled by default?

Thanks in advance Peter



 Forwarded Message 
Subject: 	New BIND release candidates are available: 9.9.13rc1, 
9.10.8rc1, 9.11.4rc1, 9.12.2rc1, and 9.13.1

Date:   Thu, 14 Jun 2018 13:04:00 -0800
From:   Michael McNally 
To: bind-annou...@lists.isc.org



New release candidates are available for upcoming maintenance releases
in the 9.9, 9.10, 9.11, and 9.12 stable release branches of BIND.

Also, a new release is available in the 9.13 unstable development branch.

Release notes can be found with the releases or in the ISC Knowledge Base:

 9.9.13rc1:  https://kb.isc.org/article/AA-01619
 9.10.8rc1:  https://kb.isc.org/article/AA-01618
 9.11.4rc1:  https://kb.isc.org/article/AA-01620
 9.12.2rc1:  https://kb.isc.org/article/AA-01621

 9.13.1: https://kb.isc.org/article/AA-01622
___
bind-announce mailing list
bind-annou...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-announce

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: notify explicit and also-notify

2018-05-04 Thread Dns Admin


Hi Blason,

My understanding is that if there is no "notify no;" statement, then 
bind will send notifies to all name servers for a given zone.


Also notify pertains too the notification of name servers not included 
in zone data.


Kind Regards Peter


On 04/05/2018 05:51, Blason R wrote:

Hi,

So I was playing with these two statements and wanted to know 
something on also-notify.


also-notify by default will update slaves about delta changes on port 
TCP/53 if not explicitly set right?


e.g.
also-notify {10.0.1.2; "notify-them" port 2034;};


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind 9.11.2 - domain and subdomain with one zone does not work

Re: Options for build configure documented anywhere?

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Fwd: New BIND release candidates are available: 9.9.13rc1, 9.10.8rc1, 9.11.4rc1, 9.12.2rc1, and 9.13.1

Re: notify explicit and also-notify

6 matches

Site Navigation

Mail list logo

Footer information