Graphing Tool
I have several years of logs that I would like to 'put into' graphs to see the trending. I would like to 'import' the logs on a different server as I don't have to have 'real time' graphs.. Thx Charles ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance hit on Query logging
Eivind Olsen wrote, On 10/07/2010 04:36 PM: --On 7. oktober 2010 14.15.37 -0500 CT gro...@obsd.us wrote: 1) How do I deternine the number of threads Bind is currently using ? per the man page You could check the syslog, or use rndc: vimes# /usr/local/sbin/rndc status version: 9.7.1-P2 CPUs found: 1 worker threads: 1 ... 2) What is the preferred way to determine named utilization ? Are there measurable impacts to Query response not reflected in CPU load, Memory or IO? Not sure what you're after. Parameters to measure? Latency / response time? Regards Eivind Olsen Eivind Thx for the response.. I had forgot about the simple rndc solution.. We are having a discussion to determine if disabling query logging improves DNS response time, when you have a machine that is under 10% CPU utilization, I was looking to measure query times with and without query logging.. I know Disk I/O would have a an impact but I feel it would be very little. One party thinks that disabling query logging will give enormous performance gains, while 30% is a lot.. IMHO it is very negligible in CPU cycles when the named process only is taking up 10% CPU.. and less than 10% in RAM... Just looking for any suggested tests.. Thx Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: migrate to a different IP
Steve.. Much thanks for the suggestion.. My current platform is an ESX VM CentOS 5.5 (very minimal install and currently bind 9.6.2.. I can dual home it but need to really do some testing on bind listening on 2 IP addresses.. We were actually moving down this road.. (a new box) I have an external dns server that uses dnssec and bind 9.7.1-P2.. (compiled from source), will soon be on that platform with the new box.. Charles Ozoa, Steven wrote, On 08/25/2010 02:49 PM: if you've got spare hardware, you can set up a new server on the new IP, and make the old server a secondary. Phase it out over time. Alternatively, depending on the OS, you can set up a secondary ip address on the server and answer queries on both addresses on the same box. Again phase out the old address when possible. The first scenario may make it easier to detect queries to the old address, to make sure all clients have been migrated. Either way, you'll probably have to juggle hostnames somewhere along the way, but this shouldn't affect the clients, as they'll hit your servers by ip address. Steve Ozoa -Original Message- From: bind-users-bounces+steven.ozoa=broadvision@lists.isc.org [mailto:bind-users-bounces+steven.ozoa=broadvision@lists.isc.org]on Behalf Of CT Sent: Wednesday, August 25, 2010 12:17 PM To: bind-users@lists.isc.org Subject: migrate to a different IP Overview - internal DNS server with RFC1918 IP (old ip) - wish to move to a global unique IP but still remain internal (new ip) - keep the same name Clients would still use the old IP until the migration had been completed. What would be the preferred method to forward all requests from the old IP to the new IP..? The final config will be with the new box on the new IP address or am i barking up the wrong tree ?? Thx Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: PTR format question
Barry Margolin wrote, On 03/21/2010 04:22 AM: In article mailman.897.1269129914.21153.bind-us...@lists.isc.org, groups gro...@obsd.us wrote: I did not know there were MACROs available.. as I just inheirited this legacy system less than one month ago.. There aren't macros, just one special tool for creating a block of DNS entries that contain sequential numbers in them. Thx for the clarification. What does it being a legacy system have to do with it? It's running a recent version of BIND, that's all that matters for this. Bind is current.. yes.. I rebuilt the box.. the OS I know and can support.. The zone format specifically the PTR has been severely neglected and to me is legacy . And you saw the format of the PTR records.. There are several of those in that format .. The suggestion of the $GENERATE has been priceless ... Thx Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec signing tools
I should have been more specific.. What dnssec tools do the folks at ISC recommend.. I am scheduled for a 5 day class in Arlington, VA in May 2010 Thx Charles Greetings list.. I have recently assumed responsibility and did a complete rebuild of a Master DNS server running 9.6.1.P3. (will upgrade to 9.6.2 when SRPM is available) OS: CentOS 5.4 New to DNS administration but not new to Linux / UNIX.. I am looking at dnssec-tools for signing my 2 zones. Am curious if anyone on the list has used / is using this tool.. Thx Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec signing tools
Gary Wallis wrote, On 03/20/2010 04:52 PM: groups wrote: I should have been more specific.. What dnssec tools do the folks at ISC recommend.. I am scheduled for a 5 day class in Arlington, VA in May 2010 Thx Charles Greetings list.. I have recently assumed responsibility and did a complete rebuild of a Master DNS server running 9.6.1.P3. (will upgrade to 9.6.2 when SRPM is available) OS: CentOS 5.4 New to DNS administration but not new to Linux / UNIX.. I am looking at dnssec-tools for signing my 2 zones. Am curious if anyone on the list has used / is using this tool.. Thx Charles Charles, You can do all you need with these two: dnssec-keygendnssec-signzone These ARE from the ISC and come with BIND 9 since I think 9.3. Cheers! Gary ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Gary.. Thx for the response.. Some other group is using some Windows based tool to sign and to me was a rather arduous process.. Was checking since all I don't do Windows.. :P Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
PTR format question
In the process of cleaning up a much neglected PTR file Bind: 9.6.2.1 OS: CentOS 5.4 Current PTR in this format: (1 tab between entries) $ORIGIN 58.172.in-addr.arpa. $ORIGIN 0.58.172.in-addr.arpa. 11PTRnat-172-58-0-11.example.com. 12PTRnat-172-58-0-12.example.com. ... $ORIGIN 58.172.in-addr.arpa. $ORIGIN 1.58.172.in-addr.arpa. 21PTRnat-172-58-1-21.example.com. 22PTRnat-172-58-1-22.example.com. ... $ORIGIN 58.172.in-addr.arpa. $ORIGIN 2.58.172.in-addr.arpa. 31 PTR nat-172-58-2-31.example.com. 32 PTR nat-172-58-2-32.example.com. ... I have to redo the entire subnets.. it will be a very large file.. My question is this the most efficient way to do this..? Thx Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: PTR format question
groups wrote: In the process of cleaning up a much neglected PTR file Bind: 9.6.2.1 OS: CentOS 5.4 Current PTR in this format: (1 tab between entries) $ORIGIN 58.172.in-addr.arpa. $ORIGIN 0.58.172.in-addr.arpa. 11PTRnat-172-58-0-11.example.com. 12PTRnat-172-58-0-12.example.com. ... $ORIGIN 58.172.in-addr.arpa. $ORIGIN 1.58.172.in-addr.arpa. 21PTRnat-172-58-1-21.example.com. 22PTRnat-172-58-1-22.example.com. ... $ORIGIN 58.172.in-addr.arpa. $ORIGIN 2.58.172.in-addr.arpa. 31 PTR nat-172-58-2-31.example.com. 32 PTR nat-172-58-2-32.example.com. ... $ORIGIN 0.58.172.in-addr.arpa. $GENERATE 11-... $ PTR nat-172-58-0-$.example.com. $ORIGIN 1.58.172.in-addr.arpa. $GENERATE 21-... $ PTR nat-172-58-1-$.example.com. Do note that these ranges look suspicious. AlanC ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Alan.. I inherited this box.. and am really wanting to make this much more simple since this isn't my primary job.. I just changed the some of the numbers.. this is the actual format of my real PTR zone file. I am going to read up on $GENERATE function.. Reminds me of my macros on my OpenBSD firewall.. Much Thanks.. Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: PTR format question
First off, please don't grab an unrelated message and reply to it when starting a new thread. Please actually post a new message. Doug.. I grabbed the wrong thread.. Actually double posted too.. :-/ In the process of cleaning up a much neglected PTR file Bind: 9.6.2.1 OS: CentOS 5.4 Current PTR in this format: (1 tab between entries) $ORIGIN 58.172.in-addr.arpa. $ORIGIN 0.58.172.in-addr.arpa. Including $ORIGIN in the body of the zone file is usually a bad idea, and almost always unnecessary. It's definitely a bad idea to do it twice in a row with different $ORIGINs, and a worse idea to include that same thing multiple times. 11PTRnat-172-58-0-11.example.com. 12PTRnat-172-58-0-12.example.com. I have to redo the entire subnets.. it will be a very large file.. My question is this the most efficient way to do this..? Sorry, it's not at all clear what you have to change. Are you saying that you have to change the hostnames for all the PTRs in the zone? If so, and you're doing the same kind of pattern-based hostnames you could simply use $GENERATE. Something like: $GENERATE 0-255 $ PTR dynamic-172-58-0-$.example.com. You can read more about $GENERATE in the ARM. hth, Doug I did not know there were MACROs available.. as I just inheirited this legacy system less than one month ago.. Trying to do my best since this isn't my only job.. :P Thx for the reply.. Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnssec signing tools
Greetings list.. I have recently assumed responsibility and did a complete rebuild of a Master DNS server running 9.6.1.P3. (will upgrade to 9.6.2 when SRPM is available) OS: CentOS 5.4 New to DNS administration but not new to Linux / UNIX.. I am looking at dnssec-tools for signing my 2 zones. Am curious if anyone on the list has used / is using this tool.. Thx Charles ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users