Re: spf ent txt records.
Hello Hugo, You can try looking at your zone files for SPF records and/or TXT containing spf stuff. You con implement SPF records as you wish. Maybe you can take a look at: http://www.zytrax.com/books/dns/ch9/spf.html Saludos / Regards Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/3/13 hugo hugoo hugo...@hotmail.com Dear all, I received the following question and I am not able to aswer as spf records are still mysterious to me. We are using BIND 9.7. Thanks in advance for your answers, Hugo, Does our DNS-server support SPF-type records? Or do we put SPF-info in a TXT-record?** ** ** *Ref. : *Early implementations used TXT recordshttp://en.wikipedia.org/wiki/TXT_recordfor implementation before the new record type was commonly available in DNS software. Use of TXT records for SPF was intended as a transitional mechanism. However, according to the current RFC, RFC 4408http://tools.ietf.org/html/rfc4408, section 3.1.1, An SPF-compliant domain name SHOULD have SPF records of both RR types. A compliant domain name MUST have a record of at least one type, and as such, TXT record use is not deprecated.[2]http://en.wikipedia.org/wiki/Sender_Policy_Framework#cite_note-2 ** ** ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
Hello everybody. I have puppet running in my infraestructure and works like a charm. By the way, im using named+dlz and i really have forgotten about zone files tranfer and things like that. Hope that help, Kind regards, Leonardo Santagostini 2013/1/3 Warren Kumari war...@kumari.net On Jan 3, 2013, at 6:06 AM, Joerg Stephan johe.step...@ymail.com wrote: Hi all, we are currently using PowerDNS on our 12 Nameservers. Now we are thinking about a migration to bind. So we are seeking a way to distribute the named.conf.x for the several zonfiles. Currently this is solved by powerdns via mysql replication. Is there any tool in bind we could use. Generating the conf file and syncing via ssh/rsync is discussed on our side, and we hoped that there is a nicer way. Yup, have a look at Puppet. For the first while it will seem like way way more work than it is worth (and the whole declarative language bit makes my head hurt) but after investing a few hours getting things setup you'll wonder how you ever managed without it… Deploying a new server (or configs, etc to a bunch of servers) suddenly becomes trivial... Many registrys are testing the dns server if the zone is available during the registration. Genrating the new files via cron would cause the registration to fail. Setup Puppet to distribute the file, and then have an exec action that does: rndc addzone example.com '{type master; file master/example.com; };' on master(s) and: rndc addzone example.com '{type slave; master 192.0.2.1; };' on devices that you have told Puppet are slaves. After investing the time you'll wonder how you ever managed 2 boxes without it… More more info on Puppet at: http://puppetlabs.com/puppet/puppet-open-source/ and http://docs.puppetlabs.com/learning/ W Regards Jörg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- I think perhaps the most important problem is that we are trying to understand the fundamental workings of the universe via a language devised for telling one another when the best fruit is. --Terry Prachett ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
I see no problems. [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig www.kentlaw.iit.edu ; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 www.kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54160 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.kentlaw.iit.edu. IN A ;; ANSWER SECTION: www.kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 847 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:23:46 2012 ;; MSG SIZE rcvd: 53 *real0m0.854s* user0m0.000s sys 0m0.008s [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig kentlaw.iit.edu ; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 39163 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;kentlaw.iit.edu. IN A ;; ANSWER SECTION: kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 780 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:24:11 2012 ;; MSG SIZE rcvd: 49 *real0m0.799s* user0m0.004s sys 0m0.016s [ec2-user@domU-12-31-39-06-2E-64 ~]$ Hope that helps. regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2012/11/26 Chuck Swiger cswi...@mac.com Hi-- On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: The report must also address these two specific questions: • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.eduin any browser? • What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Q1 isn't related to DNS performance; both of the names you mention resolve to the same IP address via an A record. There wasn't a significant difference in response time I saw by loading the webpages (both took ~1.3 s per curl), but one likely could improve webserver performance by running Apache, nginx, or almost anything else instead of than Microsoft's IIS. The domain seems to be missing A records for your nameservers, however: http://www.dnsvalidation.com/reports/50b3b5167d79ee02b826 As for Q2, it depends on whether the nameservers you are pointing to do better in caching queries then your local nameservers would doing recursive lookups for themselves. If the local nameservers have poor connectivity compared to the forwarders, maybe, otherwise it's probably not helpful to use forwarders. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users