Hello,
I'm trying to run a local caching-only nameserver (bind-9.3.3) on Linux
in order to bypass my ISP's name-servers, and most things work fine,
except some domains behave strangely.
For example, forecast.weather.gov has a TTL of 5 seconds.
My initial look-up works correctly, and the
On 1/05/10 7:10 PM, Server Administrator server53a...@gmail.com wrote:
I tried OARC's DNS Reply Size Test on two of my name servers, both on
the same network, behind the same firewall router.
Both came back and reported DNS reply size limit is at least 3843
(results below).
Is 3843
I fear I've missed something important.
My Network admin is saying his understanding is we MUST make changes for
this 5/5 change on the root servers. I was under the impression that
until we decide to implement DNSSEC ourselves we don't need to do
anything on our end to continue resolving.
Hello I have one domain
test.com with namserver ns.test.com (10.0.0.1)
and a subdomain
cr.test.com with nameserver ns.cr.test.com (10.1.0.1)
my problem is that if I update hostnames inside test.com zone
updates are not seen by cr.test.com nameserver
they are seen if I restart named on
Date: Mon, 03 May 2010 17:37:46 +0200
From: fddi f...@gmx.it
To: Bind Users Mailing List bind-users@lists.isc.org
Subject: problem with domain and sub-domain configuration
X-FuHaFi: 0.68005
Hello I have one domain
test.com with namserver ns.test.com (10.0.0.1)
and a
On 5/3/2010 4:36 PM, Lightner, Jeff wrote:
It sounds as if he read an article saying we have to implement DNSSEC on
our DNS servers or we'll quit working on 5/5? Is that the case?
Also what is the drop dead date/time if so? 5/5 Midnight UTC? Some
other time?
You don't need to do
On Fri, Apr 30, 2010 at 11:55:48PM -0700, Cathy Almond wrote:
Hi Ray,
I'd recommend not using type 'any' in your tests - the results won't
always be what you expect. ANY is a diagnostic query type - and what a
recursive nameserver does when it receives it will depend on what it has
already
On 01/-10/37 13:59, Kalman Feher wrote:
Second, make sure the tested effective size appears in your named.conf in
the options statement edns-udp-size on your resolver.
In your case:
edns-udp-size 3843;
Mine are all saying x.x.x.x sent EDNS buffer size 4096 when I run the
dns-oarc.net
I hadn't done any tests because as noted below I was unaware there was
any testing needed. I was responding in thread that seemed relevant.
Someone replied off list suggesting I do
dig @b.root-severs.net com +dnssec +notcp
then
dig @b.root-servers.net com +dnssec +tcp.
The latter responded
At Thu, 29 Apr 2010 14:53:44 -0700,
Dale Kiefling dale.kiefl...@cbs.com wrote:
We have a Bind 9.7.0-P1 instance that is throwing the following errors:
21-Apr-2010 16:59:00.173 general: error: socket: file descriptor exceeds
limit
(1024/1024)
The fact that the FD limit is 1024 suggests your
On 3/05/10 7:34 PM, Lightner, Jeff jlight...@water.com wrote:
There is no EDNS entry in my named.conf. Do I need one, given that
above worked?
You probably should. Your resolver is saying its capable of handling 4096,
but apparently your network path may not support that. The changes on the
To follow up on Peter's question what does it mean if one sees the
reply size limit is at least with a value lower than the advertised
EDNS buffer size?
This link talks about various scenarios but not that one so I'm not sure
if this means Peter and I need to be concerned.
I saw similar results
On 3/05/10 9:54 PM, Lightner, Jeff jlight...@water.com wrote:
On doing that however, I now see the advertised value is 3839 but the
at least value is 3828 on one and 3827 on the other as shown below.
Based on that it appears one should NOT set the edns-udp-size as it
doesn't fix the
Thanks.
Is there something in the world know to be exactly 4096 or are you suggesting I
somehow craft a record of that size?
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
Kalman
I posted a note just before this so not sure if you saw that.
In that I noted my set of EDNS seemed to be contra-indicated as default
is 4096. Setting it to the lower value worked to set advertised value
but in turn the lower value reduced again so it seems one would never be
able to advertise
All,
There has been quite a bit of FUD bouncing around the net regarding the
May 5th signing of the root zone and the sky falling (or at least
massive failures across the internet). I have been asked multiple times
about how I was going to prevent the internet from collapsing for my users.
On Mon, May 03, 2010 at 01:16:53PM -0700, David Miller wrote:
All,
There has been quite a bit of FUD bouncing around the net regarding the
May 5th signing of the root zone and the sky falling (or at least
massive failures across the internet). I have been asked multiple times
about how
On 05/03/10 14:56, Kalman Feher wrote:
You probably should. Your resolver is saying its capable of handling 4096,
but apparently your network path may not support that. The changes on the
The network path to dns-oarc.net doesn't, but that doesn't really mean
anything. To some resolvers,
Yes I do update the serial,
in fact I wrote to the list because I cannot find an explanation...
thanks
Rick
Gregory Hicks wrote:
Date: Mon, 03 May 2010 17:37:46 +0200
From: fddi f...@gmx.it
To: Bind Users Mailing List bind-users@lists.isc.org
Subject: problem with domain and sub-domain
I was using the Java tester on a Windows system and saw the same
4096/3843 as I'd seen with DIG and just now noticed this comment in its
results:
Note: There will always be a difference between the announced and
measured buffer size because of the algorithm used. However this
difference should
In message 201005030503.49752.j...@aexorsyst.com, John Z. Bohach writes:
Hello,
I'm trying to run a local caching-only nameserver (bind-9.3.3) on Linux
in order to bypass my ISP's name-servers, and most things work fine,
except some domains behave strangely.
For example,
On 05/03/10 08:37, fddi wrote:
Hello I have one domain
test.com with namserver ns.test.com (10.0.0.1)
and a subdomain
cr.test.com with nameserver ns.cr.test.com (10.1.0.1)
my problem is that if I update hostnames inside test.com zone
updates are not seen by cr.test.com
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look at removing the limit at some point in the future
when possible.
Doing this will simply perpetuate
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look at removing the limit at some point
In message 20100503163413.ga2...@esri.com, Ray Van Dolson writes:
On Fri, Apr 30, 2010 at 11:55:48PM -0700, Cathy Almond wrote:
Hi Ray,
I'd recommend not using type 'any' in your tests - the results won't
always be what you expect. ANY is a diagnostic query type - and what a
On 05/03/10 16:46, Ray Van Dolson wrote:
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look
On Mon, May 03, 2010 at 04:54:38PM -0700, Doug Barton wrote:
On 05/03/10 16:46, Ray Van Dolson wrote:
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with
In message 4bdf4b79.4050...@ou.edu, Peter Laws writes:
On 05/03/10 16:19, Mark Andrews wrote:
The test is a rough guide to the maximum packet size supported by the path.
So what would be the point of using edns-udp-size to something even
smaller? None I can see ...
What am I
In article mailman.1343.1272903565.21153.bind-us...@lists.isc.org,
Gregory Hicks ghi...@hicks-net.net wrote:
Date: Mon, 03 May 2010 17:37:46 +0200
From: fddi f...@gmx.it
To: Bind Users Mailing List bind-users@lists.isc.org
Subject: problem with domain and sub-domain configuration
Hello,
Following the discussions in the list, I made a test on one of our
servers, which is in an ISP's datacenter.
The result is below:
$ dig +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
218.204.255.72 DNS reply size
Yes, I get all that. But earlier in the thread, I noted that:
Mine are all saying x.x.x.x sent EDNS buffer size 4096 when I run the
dns-oarc.net test, which I assume is the default. I, too, get the 3843 at
least value.
Why would I set it to 3843? Wouldn't I want it to be set to 4096 even if
In message 789398ea51916246a8016370ebc0231f0f3...@it-rome.sooner.net.ou.edu,
Laws, Peter C. writes:
Yes, I get all that. But earlier in the thread, I noted that:
Mine are all saying x.x.x.x sent EDNS buffer size 4096 when I run the
dns-oarc.net test, which I assume is the default. I,
In message y2sf7e964441005031927m7774769ev280156817d8b4...@mail.gmail.com, Je
ff Pang writes:
Hello,
Following the discussions in the list, I made a test on one of our
servers, which is in an ISP's datacenter.
The result is below:
$ dig +short rs.dns-oarc.net txt
33 matches
Mail list logo
