RE: Digging to the final IP
We’re using this in a bash shell script. I don’t think there’s a native shell command to get the IP, so I’ll use a mixture of host and dig as necessary. Thanks, Frank From: Fajar A. Nugraha [mailto:w...@fajar.net] Sent: Sunday, October 19, 2014 11:04 PM To: Frank Bulk Cc: comp-protocols-dns-b...@isc.org Subject: Re: Digging to the final IP What are you using this for? If it's part of a script, it might be easier to just use gethostbyname. For example, in php: http://php.net/manual/en/function.gethostbyname.php , Returns the IPv4 address or a string containing the unmodified hostname on failure. -- Fajar On Mon, Oct 20, 2014 at 10:43 AM, Frank Bulk frnk...@iname.com mailto:frnk...@iname.com wrote: Thanks, what I ended up using. Didn't think that there was anything host could do that dig couldn't do. Frank -Original Message- From: bind-users-boun...@lists.isc.org mailto:bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org mailto:bind-users-boun...@lists.isc.org ] On Behalf Of Barry Margolin Sent: Sunday, October 19, 2014 5:00 AM To: comp-protocols-dns-b...@isc.org mailto:comp-protocols-dns-b...@isc.org Subject: Re: Digging to the final IP In article mailman.1097.1413711142.26362.bind-us...@lists.isc.org mailto:mailman.1097.1413711142.26362.bind-us...@lists.isc.org , Sten Carlsen st...@s-carlsen.dk mailto:st...@s-carlsen.dk wrote: Would host be closer to what you want? Host also tells you about aliases it encounters along the way. -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! On 19 Oct 2014, at 08:05, Karl Auer ka...@biplane.com.au mailto:ka...@biplane.com.au wrote: On Sun, 2014-10-19 at 00:26 -0500, Frank Bulk wrote: Is there a dig option that will list out the final (IPs) or query result?? By default, even with +short, it can list intermediate CNAME(s) and not what IP(s) that CNAME may have. Not great, but might be enough to be helpful: dig +nonssearch $1 | egrep -i STATUS|^$1 Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au mailto:ka...@biplane.com.au ) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Compromised BIND?
Yes, this message arrived in my Inbox 44 minutes after it was sent. Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Warren Kumari Sent: Tuesday, May 31, 2011 4:59 PM To: Warren Kumari Cc: bind-users@lists.isc.org Subject: Re: Compromised BIND? Does anyone else find the bind-users list to be very slow? webster.isc.org (localhost [IPv6:::1]) Tue, 31 May 2011 19:48:30 + - webster.isc.org (webster.isc.org) Tue, 31 May 2011 20:52:09 + Or is it just me seeing this? W On May 31, 2011, at 4:17 PM, Warren Kumari wrote: On May 31, 2011, at 3:22 PM, Kevin Darcy wrote: On 5/31/2011 2:38 PM, Supersonic wrote: I have a BIND 9.8.0-P2 server instance running on a production server. Doing what, exactly? Resolving internal names only? Resolving Internet names? Acting as an authoritative server for internal clients? Internet clients? Some combination of the above? My firewall is showing repeated attempts by named.exe to connect to IP addresses in foreign countries on ports , 6667 and 6669 - common IRC ports used by worms/trojans/zombies. Checking my named.exe file, it shows that it is unchanged from the installation source. Is this connection normal? Should I be allowing it? TCP connections or UDP packets? If you're serving authoritative data to Internet clients, then my guess is your firewall simply isn't stateful enough to realize that these are responses to DNS queries that originally came in from Internet clients using those port numbers. Just because they are common IRC ports used by worms/trojans/zombies doesn't preclude them from also being chosen at random as the source ports of incoming queries to your nameserver. Responses go back to the same port from which the query was received. Can you make a distribution of ports and see if it contacts other port numbers with approximately the same frequency? I'm guessing this is just the FW / IDS being helpful W If they're outgoing TCP connections, I'd be worried. Offhand, I can't think of any legitimate reason why named would be trying to TCP-connect to any port other than 53. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Nslookup not showng TTL
You can do an ipconfig /displaydns to see some TTL info. Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John Horne Sent: Thursday, October 15, 2009 3:07 AM To: Bind users Subject: Nslookup not showng TTL Hello, Using BIND 9.5.1 it seems that the nslookup command is not showing the TTL value of found records. It makes no difference if I set 'debug' or 'd2'. Example: == nslookup set debug www.plymouth.ac.uk Server: 127.0.0.1 Address:127.0.0.1#53 QUESTIONS: www.plymouth.ac.uk, type = A, class = IN ANSWERS: - www.plymouth.ac.uk canonical name = extranet.plymouth.ac.uk. - extranet.plymouth.ac.uk internet address = 141.163.163.185 AUTHORITY RECORDS: - plymouth.ac.uk nameserver = dns0.plymouth.ac.uk. - plymouth.ac.uk nameserver = dns1.plymouth.ac.uk. ADDITIONAL RECORDS: - dns0.plymouth.ac.uk internet address = 141.163.1.250 - dns1.plymouth.ac.uk internet address = 141.163.177.1 www.plymouth.ac.uk canonical name = extranet.plymouth.ac.uk. Name: extranet.plymouth.ac.uk Address: 141.163.163.185 == How can I see the TTL value using nslookup? Thanks, John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
NS validation?
A business customer of ours could not change their DNS entry at Register.com from ns1.mtcnet.net/ns1.netins.net. After 10 failed attempts thru register.com to register domain to ns1.mtcnet.net and ns1.netins.net, I contacted Register.com and escalated this call to their highest tech authority. I found out that Register.com uses 'VeriSign' as its DNS Registered Validator. Apparently when I transferred this domain name from a different registrar I was supposed to use a special DNS Registration thru VeriSign option (who knew?) then transfer this to register.com For some reason VeriSign doesn't have NS1.MTCNET.NET on its list as registered DNS. Go figure. Ever heard of this before? Frank attachment: winmail.dat___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: SERVFAIL issues
My bad. Let me restate the request -- that all the information available via XML in the HTML statistics channel is also printed out when issuing rndc stats. Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc. org] On Behalf Of Barry Margolin Sent: Monday, January 19, 2009 9:47 PM To: comp-protocols-dns-b...@moderators.individual.net Subject: Re: SERVFAIL issues In article gl3gns$1is...@sf1.isc.org, Frank Bulk frnk...@iname.com wrote: Sorry for not being more clear. It's my understanding that rndc stats dumps only a subset of what ARM provides. You still don't make sense. ARM is documentation, it doesn't provide any statistics. ARM = Administrator's Reference Manual for BIND. Regards, Frank -Original Message- From: JINMEI Tatuya / 神明達哉 [mailto:jinmei_tat...@isc.org] Sent: Monday, January 19, 2009 1:38 PM To: Frank Bulk Cc: bind-us...@isc.org Subject: Re: SERVFAIL issues At Sat, 17 Jan 2009 00:37:25 -0600, Frank Bulk frnk...@iname.com wrote: Thanks for the info -- is there a way that there can be feature parity, at least in terms of stats reported, between ARM and rndc stats? I don't understand the question...what do you mean by 'feature parity between ARM and rndc stats'? Anyway, the fact is that the ARM describes both the output of 'rndc stats' and the output from a HTML statistics channel (to some extent). In general, what is described in the ARM should be consistent with the actual behavior. Of course, there can always be a discrepancy between a manual (ARM) and the software behavior as long as it's done by a human. Please file a bug report if you find one. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: SERVFAIL issues
Yes, I read that last night before posting. I changed it to 256M. Is there a way using rndc to see if that took? And how do I see how much of the cache has been used? I don't want to provision more than necessary. This server acts as a secondary DNS entry for about 6000 broadband customers and is an authoritative DNS server for 100+ domains. Frank -Original Message- From: Fr34k [mailto:freaknet...@yahoo.com] Sent: Friday, January 16, 2009 8:45 AM To: frnk...@iname.com; bind-users@lists.isc.org Subject: Re: SERVFAIL issues Hello, Has the max-cache-size setting in named.conf been considered? If not, note that in early releases of 9.5.x max-cache-size is 32M by default instead of unlimited as in 9.4.x From the CHANGES file with the bind-9.5.0-P2 source: max-cache-size defaults to 32M Using: max-cache-size 0 ; will restore previous behavior (unlimited). The ultimate setting would need to be considered for the environment BIND is running in. FWIW, we use max-cache-size 0 ; without issue. You can search this list archives for max-cache-size for previous discussions on this. Thanks. - Original Message From: Frank Bulk frnk...@iname.com To: bind-users@lists.isc.org Sent: Thursday, January 15, 2009 6:57:10 PM Subject: SERVFAIL issues http://marc.info/?l=bind-usersm=122239920822324w=2 http://marc.info/?l=bind-usersm=122243068905656w=2 We upgraded to 9.5.0-P1 when the Kaminsky DNS vulnerability was announced and have had intermittent issues with SERVFAIL problems for some DSL modems that don't properly fail over to a secondary DNS server. A packet capture showed that certain domains would result in a SERVFAIL, and once that domain was identified, if we did a dig against it we had the same result. We've had to stop and start the named service about half a dozen times this fall to resolve the issue. We upgraded to 9.5.0-P2 in early November, hoping that this issue would be resolved. But today we experienced the problem again. A customer couldn't query a site, although everything seemed correct. I captured all their traffic and the trace showed that the DNS server was issuing a SERVFAIL. I stopped and then started named and immediately all was well. Since we sometimes reload named when adding/modifying domains, or at other times use rndc, I'm not sure if that cleared things up such that this is the first time I recall having this problem in 2 months. Is this intermittent SERVFAIL issue resolved in 9.5.1-P1? Frank ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users