Hi,
We have a intel solaris 9 and bind9.5.1-P3 inside it. The named suddenly
stopped at this morning. Here is it left:
..
11-Aug-2009 06:09:14.466 general: error: failed to start watching FD (512):
invalid file
11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512):
inv
Regarding question 2, is it possible for the name server to respond servfail
and then BIND could contact other servers?
On Fri, Aug 7, 2009 at 3:10 PM, Luis Silva wrote:
>
>
> On Fri, Aug 7, 2009 at 11:03 AM, Matus UHLAR - fantomas <
> uh...@fantomas.sk> wrote:
>
>> On 07.08.09 10:50, Luis Si
Sorry for the spam, but again regarding question 2, is it possible for the
name server to respond without the authoritative flag set and then BIND
could contact other servers?
On Tue, Aug 11, 2009 at 11:24 AM, Luis Silva wrote:
> Regarding question 2, is it possible for the name server to respon
ulimit -a ? Looks like as max open file descriptor limit exceeded.
On FreeBSD/Linux boxes I use MONIT (http://mmonit.com/monit/) то check
and restart bind.
BBB Kee wrote:
Hi,
We have a intel solaris 9 and bind9.5.1-P3 inside it. The named suddenly
stopped at this morning. Here is it left:
Good morning,
I've conducted two maintenance windows to upgrade our BIND primary
server to the new code to address the recent security vulnerability, but
cannot get past the error below. I have Openssl 9.8.0k installed. I have
no problems running tests from the openssl prompt. I have tried
ex
Jonathan,
On Mon, Aug 10, 2009 at 5:30 PM, Jonathan
Petersson wrote:
> Hi all,
>
> This is probably somewhat of an un-legit way of using whois but I'm
> curious as to whether it would be possible to install an internal
> whois server that responds with the appropriate prefix-data upon
> request fo
Hello!
If you don't need DNSSEC for your zones, you can compile bind without
SSL support, like "./configure --with-openssl=no"
On 11.08.2009 / 07:28:31 -0400, Emery wrote:
> Good morning,
>
> I've conducted two maintenance windows to upgrade our BIND primary
> server to the new code to address
I was getting the same results on a couple of Solaris 9 on x86 servers.
During a code review, a coworker found some fairly major changes in how
BIND does things between 9.5.0-P2 and 9.5.1-P3.
We had to backport just the security fix from 9.5.1-P3 to 9.5.0-P2 to
address the sock->pending_recv err
That's not what SERVFAIL is for.
You need a different architecture. If you want to resolve both internal
and external names, then you need a version of the zone that has *both*
sets of names in it. Your architecture should be built around that concept.
Hi,
I have below configuration.
DNS server1 -- Forwarder
DNS server2-- Authoritative
I am seeing following errors on server1.
general: error: internal_send: 192.168.2.222#53: Destination address
required
general: error: /lib/isc/unix/errno2result.c:116: unexpected
On Aug 11, 2009, at 12:39 PM, kalpesh varyani wrote:
Hi,
I have below configuration.
DNS server1 -- Forwarder
DNS server2-- Authoritative
I am seeing following errors on server1.
general: error: internal_send: 192.168.2.222#53: Destination address
required
g
thanks for your quick reply
I am seen below error msg " once per 60sec" and no seen any query failure.
general: error: internal_send: 192.168.2.222#53: Destination address
required
general: error: /lib/isc/unix/errno2result.c:116: unexpected
error:
general: error: unable to convert errno to isc
"#53" designates *port* 53. Nothing unusual about that.
To me, this looks more like a kernel issue-- EDESTADDRREQ is what you
get if you try to send data via a UDP socket that's not connect()ed.
BIND keeps good track of what's connect()ed and what isn't; it's like
the kernel is losing the asso
Hi Kevin,
Thanks a lot.
Please find the more details for the same.
BIND version : 9.3.6
OS version : HP-UX 11.23
I have look at the *socket.c* file and seen that "
This error indicates that sendmsg(2) failed with EDESTADDREG ".
---
Well, you could file a bug report, but I'm not aware of this error
happening on other platforms, so it might end up being a kernel issue of
some sort.
- Kevin
kalpesh varyani wrot
I would recommend tracing or similar to find out why your named daemon
is not able to send to the IP address being logged. You may find that
there are network connectivity issues or that the remote IP is sending
back an ICMP response.
The reason this particular logged error is seen on HP-UX is se
Emery wrote:
>I've conducted two maintenance windows to upgrade our BIND primary
>server to the new code to address the recent security vulnerability, but
>cannot get past the error below. I have Openssl 9.8.0k installed. I have
>no problems running tests from the openssl prompt. I have tried
On 11.08.09 08:37, Nelson Serafica wrote:
> Currently I have primary (ns1) and secondary (ns2) dns on the same
> network. I'm now doing redundancy and planning to put secondary to
> another isp. I have now setup the new secondary dns on the another
> network.
>
> I change the allow-transfer { 1.
On 11.08.09 13:27, Nelson Serafica wrote:
> I need to set bind to listen to all address. I'm using AMAZON EC2
no, you don't. you configure listening IPs/ports by using listen-on and
listen-on-v6.
query-source only configures from which IP/port will your requests come
from.
--
Matus UHLAR - fant
In message <4a8155df.8010...@gmail.com>, Emery writes:
> Good morning,
>
> I've conducted two maintenance windows to upgrade our BIND primary
> server to the new code to address the recent security vulnerability, but
> cannot get past the error below.
One can compile and test named at
In message <4a820186.20...@gmail.com>, Emery writes:
> This is a multi-part message in MIME format.
> --000608010205070908020408
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
>
> Mark,
>
> I am not really sure which error is the ac
thanks for reply.
This issue is seen only on hp-ux 11.11/11.23 env. I have checked the
configuration and
environment issue not finding anything wrong.
Regards
Kalpesh
On Tue, Aug 11, 2009 at 11:20 PM, Cathy Almond wrote:
> I would recommend tracing or similar to find out why your named daem
Mark -
Thanks for your notes. I will attempt to find a window to update the
system patch level. This is especially frustration because I performed
the upgrade on a disaster recovery system last week and it worked
flawlessly. Hopefully patching the system will get us there. If so, I'll
be sure
Hi,
On Tue, Aug 11, 2009 at 7:01 PM, Dmitry Rybin wrote:
> ulimit -a ? Looks like as max open file descriptor limit exceeded.
>
time(seconds)unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes)8480
coredump(blocks) unlimited
nofiles(descripto
It works! Thanks for the advise.
Your named is clearly not transferring to 1.2.3.4, but you apparently did
not move the ns2 to new IP so it still tries to fetch zone(s) from old IP.
Move ns2 to 5.6.7.8 and it will ask fot transfers from that IP.
___
On Tue, Aug 11, 2009 at 7:26 PM, Gordon Ewasiuk wrote:
> I was getting the same results on a couple of Solaris 9 on x86 servers.
> During a code review, a coworker found some fairly major changes in how
> BIND does things between 9.5.0-P2 and 9.5.1-P3.
>
> We had to backport just the security fix
26 matches
Mail list logo
