Hi, Alex--
On Aug 31, 2018, at 3:49 PM, Alex wrote:
> The interface does show some packet loss:
>
> br0: flags=4163 mtu 1500
> [ ... ]
>RX packets 1610535 bytes 963148307 (918.5 MiB)
>RX errors 0 dropped 5066 overruns 0 frame 0
>
> Is some packet loss such as the above to
On Apr 11, 2018, at 4:26 PM, Mark Boolootian wrote:
>>> As far as I know, a host with on an IPv6 address is only ever
>>> going to perform lookups. I'd be very interested to know
>>> if there are cases where that isn't true.
>>
>> Well, if you run nslookup or dig -t a,
On Apr 11, 2018, at 3:49 PM, Mark Boolootian wrote:
>
>>> I'll give those tools a try, but I don't understand how my client is
>>> requesting
>> an A record. It only has IPv6 networking. DNS64 should be requesting an
>> A record, but that the client should see is the converted
On Apr 11, 2018, at 3:32 PM, Rick Tillery wrote:
> I'll give those tools a try, but I don't understand how my client is
> requesting an A record. It only has IPv6 networking. DNS64 should be
> requesting an A record, but that the client should see is the converted
On Apr 11, 2018, at 3:09 PM, Rick Tillery wrote:
> I appear to have my NAT64+DN64 IPv6 -> IPv4 network configured correctly, as
> I can access IPv4 only Internet sites, e.g. from my browser. But some tools
> don't seem to work the way I think they should.
>
> One
On Apr 14, 2017, at 2:40 PM, McDonald, Daniel (Dan)
wrote:
> Setting up global server load balancing seems easy enough – just add ns
> records pointing at the load balancer and away you go:
>
> example.com. 38400INSOAns20.example.net.
On Jan 4, 2017, at 4:11 PM, Debarghya Mandal wrote:
> Hi,
> I am kind of new to bind. I have a few queries about it.
>
> 1. Is there a way to load custom DNS record from zone file?
Yes; that's exactly what zone files are for.
> I have some schematized data that I
Hi--
On Apr 10, 2013, at 1:07 PM, Jim Pazarena wrote:
So I have another domain which will not reverse resolve for me:
mail.tysers.com which also appears to be:
mail.tyser.co.uk
80.169.188.226
the IP, will not reverse resolve (for me) yet, once again,
google (8.8.8.8) CAN RESOLVE IT.
Hi--
On Mar 14, 2013, at 12:04 PM, Manish Rane wrote:
I right now have NS server hosted with ISP and I am planning to set up my own
BIND servers. Now I would like to understand that I need to ask my Registrar
to populate the entry of my new NS server which would take 4-6 hours to
propagate
Hi, Dwayne--
On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote:
I would like for users inside my network to not be able to do ssl searches
with google, because of cipa compliance issues.
OK, so you should block port tcp/443 to Google's network addresses
(approximately 173.194.79.0/24) on
Hi--
On Feb 18, 2013, at 2:07 PM, Lyle Giese wrote:
Recently I moved this domain(lcrcomputer.net) to a registrar that suports
DNSSEC and inserted the DS record for this domain. I checked DNSSEC via
http://dnsviz.net and http://dnssec-debugger.verisignlabs.com. Both show
DNSSEC is
On Jan 16, 2013, at 12:40 PM, Dave Warren wrote:
Is there anything technically wrong with having a SOA MNAME field that isn't
listed as a NS record?
Sure. The SOA MNAME is expected to be the primary master nameserver for the
zone; it's where things like dhcpd and such send dynamic updates
On Jan 16, 2013, at 1:42 PM, Barry Margolin wrote:
In article mailman.1077.1358370123.11945.bind-us...@lists.isc.org,
Chuck Swiger cswi...@mac.com wrote:
On Jan 16, 2013, at 12:40 PM, Dave Warren wrote:
Is there anything technically wrong with having a SOA MNAME field that
isn't listed
On Jan 16, 2013, at 4:30 PM, Barry Margolin wrote:
[ ... ]
On Jan 16, 2013, at 12:40 PM, Dave Warren wrote:
Is there anything technically wrong with having a SOA MNAME field that
isn't listed as a NS record?
Sure. The SOA MNAME is expected to be the primary master nameserver for
the
Hi--
On Dec 3, 2012, at 3:30 PM, Novosielski, Ryan wrote:
I don't know if there's an easy, or even moderately easy way to do
this, but can one somehow figure out/get a list of all domains for
which the nameserver is set to a given IP/server name?
It's easy enough to test whether a specific
Hi--
On Nov 29, 2012, at 3:00 PM, Jose Manuel Delgado G. wrote:
I have the following problem in resolving my DNS using Bind 9, sends me an
error connection time out, no servers Could be reached. that way I can avoid
giving these errors and how I can reduce the time of the response?
this
On Nov 29, 2012, at 3:34 PM, Jose Manuel Delgado G. wrote:
about the other question, as to reduce the response time of my server when
the domain does not exist?
BIND implements negative caching of NXDOMAIN responses:
% dig www.does.not.exist. @localhost
[ ... ]
;; -HEADER- opcode: QUERY,
Hi--
On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote:
The report must also address these two specific questions:
• Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any
browser?
• What happens if we remove the forwarders option from named.conf?
I can't
Hi--
On Oct 19, 2012, at 11:25 AM, John Miller wrote:
Hello everyone,
Perhaps a Cisco list is a better destination for this, but I've seen a
similar post here in the past couple of months, so posting here as well.
I'm trying to get our Cisco ACE set up appropriately to handle DNS
Hi--
On Oct 19, 2012, at 1:04 PM, John Miller wrote:
IMO, the only boxes which should have IPs in both public and private
netblocks should be your firewall/NAT routing boxes.
That's how we usually have our servers set up--the load balancer gets the
public IPs, the servers get the private
Hi--
On Oct 17, 2012, at 11:17 AM, Manson, John wrote:
From time to time I notice a large number of queries like these to one of my
external dns servers:
14:14:40.01407 121.10.105.66 - 143.231.1.67 DNS C gop.gov. Internet * ?
[ ... ]
14:14:40.98668 121.10.105.66 - 143.231.1.67 DNS C
On Sep 14, 2012, at 4:37 AM, Kaushal Shriyan wrote:
Can someone please point me to setup High Availability BIND DNS Server
on CentOS Linux version 5.8?
Sure; read the fine BIND ARM:
http://www.isc.org/software/bind/documentation
Setup and register as many nameservers for your domains as
On Sep 14, 2012, at 4:36 PM, Kaushal Shriyan wrote:
Thanks for the reply. Basically i am setting up Internal DNS Server
within the same DC. Will Master Slave Replication suit the need?
Yes. (Oh, there are other ways of doing replication, but AFXR works fine.)
and any step by step guide and
On Jul 12, 2012, at 2:27 AM, Dns Administrator wrote:
Hi bind-users,
please excuse my ignorance being a novice to dns, but is there some way of
disabling or choking Any type requests?
Sure-- a firewall or even taking a pair of wire-cutters to the ethernet cable
will accomplish that. :-)
On Jul 12, 2012, at 7:16 AM, Lightner, Jeff wrote:
Your answer was clearly meant to be tongue in cheek but I'm not sure you
understood.
Please allow me to reassure you that I understood the intent of the question.
:-)
The point was that if one isn't clear about what one should allow and
On Jun 25, 2012, at 2:13 PM, Srinivas Krishnan wrote:
The RFC rules on CNAMEs is fairly tight but I am seeing an increasing
amount of traffic with misconfigured CNAMEs some of which are accepted
by BIND as valid responses. The examples capture three trends, note
these are actual responses:
On Jun 25, 2012, at 2:34 PM, Srinivas Krishnan wrote:
You are using a caching resolver to check the responses and you only see
response after its been resolved by Google's DNS server.
The overwhelming majority of Internet users are using caching resolvers running
at their ISP, employer, etc.
On Jun 13, 2012, at 3:02 PM, Dan Letkeman wrote:
I understand the concept, as I have read many documents like that. I
am more interested in a real world example of how much free memory for
caching is recommended for an average server.
The OS likes to keep a few megabytes of prezeroed pages
Hi--
On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote:
we are running an authorative name server for some domains. After some time
our ISP has now delegated the reverse name lookups to our server. We are
running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reverse
name
On Apr 12, 2012, at 3:38 PM, Dustin Moon wrote:
Any Reason people could see why this config would not allow remote systems
that can ping this server to do lookups on it?
Why, yes-- see the following line:
allow-query { localhost; };
...?
Regards,
--
-Chuck
On Apr 12, 2012, at 3:52 PM, Dustin Moon wrote:
#allow-query { any; };
Commenting it out entirely is *not* the same thing as changing it to a setting
which allows remote clients to make queries.
Regards,
--
-Chuck
___
Please visit
On Apr 11, 2012, at 10:26 AM, mfla wrote:
We use 3 BIND each is configured as Master.
Each domain is configure with 3 NS records according to the above 3 BIND.
What happens for end users when tthey try to access the domain but one of the
BIND server is down ?
Assuming all of the clients were
Hi--
On Apr 9, 2012, at 9:55 AM, Marseglia, Michael wrote:
[ ... ]
When configuring BIND for an internal corporate network with a thousand
clients should any of the default values be tweaked? I’ve searched for
tuning guidance but I haven’t found any yet.
I’ve taken interest in the
On 4/5/2012 5:08 AM, Matus UHLAR - fantomas wrote:
Hello,
our customer (an ISP) reported that his clients have problems resolving sites
like facebook, youtube, aplestores and that the problems only affect apple
computers.
I notice many requests for dns service discovery:
Apr 5 09:47:20 t03
Hi, Matus--
Your anti-spam measures block direct delivery. ab...@codefab.com works fine
(it goes to me, as does postmaster@); I don't know why you would try to do an
RFC-ignorant lookup on the hostname in the PTR record
Regards,
--
-Chuck
begin forwarded message
This is the
On 4/2/2012 10:37 PM, Keith Burgoyne wrote:
[ ... ]
I've recently replaced the master server at 24.222.7.11, and am now running
bind 9.7.3.
My question is: I keep seeing log entries like
Apr 2 23:24:17 clementine named[5870]: lame server resolving
'comuna.silverorange.com' (in
On 4/3/2012 10:14 AM, Barry Margolin wrote:
In articlemailman.419.1333434497.63724.bind-us...@lists.isc.org,
Chuck Swigercswi...@mac.com wrote:
[ ... ]
Does the following help:
http://www.dnsvalidation.com/reports/4f7a96b37d79ee376912
On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote:
I accidentally changed the serial number to one bigger than 32 bits and now
I'm trying to reset the serial number. Following the manual of Bind9 I tried
to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave
is not
On Mar 12, 2012, at 8:09 AM, Romgo wrote:
Dear community,
I do have many error in my Bind's log file such as :
client 192.168.201.1#29404: error sending response: host unreachable
It seems that I have an iptables issue as each time I shut iptables I don't
have anymore this message
On Mar 12, 2012, at 1:24 PM, Romgo wrote:
Here is my Iptables configuration for bind :
# prod.dns.in
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
192.168.201.2 -s 0/0
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
192.168.201.2 -s 0/0
Hi--
On Feb 27, 2012, at 12:14 PM, M. Meadows wrote:
But
dig e.hushpuppies-australia.com +nssearch @8.8.8.8
Yields no nameserver list.
+nssearch does SOA lookups for each of the nameservers, but
ns.domainnetwork.se (and so forth) only returns an SOA record for
Hi, Gaurav--
On Feb 17, 2012, at 11:15 AM, Gaurav kansal wrote:
I want to know how AKAMAI works
They work well. :-)
May be this is not the right forum to ask but I am asking this here because
AKAMAI heavily depend on its HL-DNS and LL-DNS AND these DNS Servers answer
the query based
On Feb 14, 2012, at 11:11 AM, Alan Clegg wrote:
On 2/14/2012 1:42 PM, Chuck Swiger wrote:
ISC's BIND has (or had) a MINTTL value of 5 minutes / 300 seconds.
It's probably unreasonable to expect other platforms to refetch DNS
records faster than that.
Uh... no. BIND has always respected
On Feb 14, 2012, at 2:16 PM, Mark Andrews wrote:
ISC's BIND has (or had) a MINTTL value of 5 minutes / 300 seconds.
It's probably unreasonable to expect other platforms to refetch DNS
records faster than that.
To the best of my knowlege this is just plain wrong.
Look at BIND-4.8.3 and
On Jan 15, 2012, at 8:41 AM, Markus Braun wrote:
DNSMASQ is basically a DNS forwarder but it has a bunch of other
features. Check the Wikipedia page on it and if you have questions
please ask on their mailing list or forum.
Regarding BIND, if you have issues with your server returning
Hi--
On Jan 12, 2012, at 5:04 PM, Chris McCraw wrote:
But those aren't an option here - they both need to serve the same
domain and both need to allow local DDNS updates visible from both
sides, and work in the absence of a network between the two. I've
done some searching and it does not
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
Unfortunately as I learning BIND more, I understand that it is not
very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
Regards,
--
-Chuck
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
Why not at least allow this as an option?
The system resolver will happily provide answers based upon data from
Hi--
On Oct 17, 2011, at 3:37 PM, Karl Auer wrote:
To see it, do (for example):
dig+trace biplane.com.au ns
Some such queries return correctly, some end up in a BHR loop.
I don't see a bad horizontal referral being returned anywhere, but I do get
errors against ppsdns6.pps.com.au since
On Oct 13, 2011, at 7:57 AM, Moser, Stefan (SIDB) wrote:
in customer migrations, when we shift customers from an old DNS environment
to a new DNS environment, there are sometimes situations where we have to
keep the same domain (let’s say “example.com”) both on the old DNS-server and
on the
On Sep 21, 2011, at 12:56 PM, Adamiec, Lawrence wrote:
Is it possible to have one IP in multiple zone files for forward lookups?
Yes.
What type of troubles would be encountered?
None. This sort of thing is very commonly done, for example with
shared/virtual webservers.
Regards
--
-Chuck
On Sep 14, 2011, at 5:09 PM, Ronald F. Guilmette wrote:
In message cf550bd6-ba85-4cb3-8b03-e4e1b0829...@mac.com, you wrote:
Sigh: your mail server is blacklisting email from mac.com.
Yes. Sorry about that. Too much spam from there and no indication
that anybody there gives a damn that that
On Sep 14, 2011, at 2:27 PM, Ronald F. Guilmette wrote:
The second part however seems to go more to my question, which is What is
the resolver supposed to do when some knucklehead breaks the rules and puts
a CNAME in with some other stuff?
Depends on which query one issued. The very next
fields:
Message-id: 2be47d87-8417-4055-8466-f47cd7fdb...@mac.com
Date: Wed, 14 Sep 2011 14:52:34 -0700
From: Chuck Swiger cswi...@mac.com
To: Ronald F. Guilmette r...@tristatelogic.com
Subject: Re: Proper CNAME interpretation
Your message cannot be delivered to the following recipients
Hi, Dennis--
On Aug 9, 2011, at 7:31 AM, Dennis Perisa wrote:
We are running a number of BIND 9.7.3-p3 caching nameservers. In the
last couple of months, we've observed the memory utilisation of named
increasing at a steady rate of 1-2% per day on our busiest resolver
with no indication of
Hi--
On Aug 8, 2011, at 1:15 PM, Mark K. Pettit wrote:
My resolvers, running BIND 9.7.3P3, are having a difficult time resolving the
MX record for the zone epza.gov.tw..
[ ... ]
But if I query any of [abc].twnic.net.tw. directly for the IP address of
dns.epza.gov.tw, I get an answer.
On Jul 21, 2011, at 3:02 PM, Sathyan Arjunan (sarjunan) [CONTRACTOR] wrote:
Recent days, I am facing frequent caching issues with my DNS servers which
are responsible for recursive lookup to external queries. As a temporary
solution, we used to refresh the named daemon to clear the cache. To
On Jul 15, 2011, at 12:24 PM, Joshua Beard wrote:
Greetings,
I've noticed a specific client machine doing a crap load of reverse lookups
in my named logs. It's just reverse lookups for our internal network, and
just from that machine. I can't see that this machine is looking up anything
On Jul 11, 2011, at 1:25 PM, Jonathan Kamens wrote:
Even if PowerDNS is the only source of this issue, and even if the new
version of PowerDNS is released tomorrow, I'm sure there will still be sites
running the old version a year from now. So just relying on a PowerDNS
release to fix this
On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote:
Does anyone have idea on following... Apart from bind9 query log, is it
possible to log response returned to client?
Sure: use tcpdump, wireshark, or another network sniffer of your choice and
observe DNS responses to the clients you're
On Jun 23, 2011, at 1:27 PM, Stefan Certic wrote:
Thanks Chuck
Yes, that would be a solution, but i need logs processed through syslog and
stored into database (matching the initial query from query log).
Why do you need to send this information via syslog to a database?
Pharsing tcpdump
On Jun 23, 2011, at 2:28 PM, Stefan Certic wrote:
It is Enum server, and logging is taking care of billing process.
I don't see why you need to preserve queries and responses, unless you plan to
charge differently for different DNS requests. Can't you just track traffic
per client using
On Jun 7, 2011, at 11:07 AM, Sri Harsha Yalamanchili wrote:
Not much luck using tcpdump either. We know, from both the query_log and
tcpdump logging, that the queries are going out. But we never get a reply
back. That's the confusing part. The Google DNS server replies back but not
our own
On May 20, 2011, at 4:41 PM, Noel Rocha wrote:
# Showing activate date
$ cat Kmydomain.com.+005+48738.key | grep Activate
; Activate: 20110520203500 (Fri May 20 17:35:00 2011)
This (20110520203500)2011/05/20 20:35:00 isn't Fri May 20 17:35:00 2011. :(
Anyone have idea how to solve this
On Apr 28, 2011, at 3:23 AM, Havard Eidnes wrote:
www.apple.com. 281 IN CNAME www.isg-apple.com.akadns.net.
www.isg-apple.com.akadns.net. 60 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 17295 IN CNAME e3191.c.akamaiedge.net.
...
As a matter of terminology, in the quoted
On Apr 28, 2011, at 11:52 AM, Doug Barton wrote:
Agreed. Akamai's EdgeSuite doesn't provide IPv6 records at this time,
but e3191.c.akamaiedge.net does have an A record.
I understand what you're saying, but I've always referred to such a thing as
an empty CNAME chain because it
Hi--
On Apr 8, 2011, at 10:27 AM, kapetr wrote:
After connect to them (new network device created - tun or tap and
default route changes) my BIND is not able to reach other (root)
nameservers. And resolve requests fails.
This is due to how you are operating your VPN. Change it to only add a
On Apr 8, 2011, at 1:07 PM, kapetr wrote:
I absolutely do not understand your answer.
OK.
I use the VPT to anonymisation. I need all traffic to go over the VPN.
OK. That's not the usual method of operation for a routed VPN, but is more
commonly used when doing bridging.
The VPN must be
On Apr 8, 2011, at 2:23 PM, kapetr wrote:
What does:
dig +short rs.dns-oarc.net txt
...do when your VPN tunnel is up?
After VPN up and restart of BIND:
hugo@duron650:~$ dig +short rs.dns-oarc.net txt
;; connection timed out; no servers could be reached
hugo@duron650:~$
Hmm. Your
On Mar 15, 2011, at 11:08 AM, Martin McCormick wrote:
Is there a recommended set of firewall rules that insure that all
necessary DNS traffic can enter and leave, even the larger
packets that result from dns-sec?
# allow UDP DNS queries out to the world, and in to your nameservers
## It's
Hi--
On Mar 9, 2011, at 10:25 AM, Frank Pikelner wrote:
I'm having a problem resolving several hosts from NO-IP. When I attempt to
resolve them from our DNS servers I get no reply (we can resolve other
hosts). I'm not certain why the resolution stops. If I force a resolution
using external
On Feb 10, 2011, at 11:26 AM, Ryan Novosielski wrote:
dig: isc_socket_create: address family not supported
I've read that I shouldn't let this error message lead me anywhere in
particular. Does anyone have some advice for where to start
troubleshooting?
The error message you mention is
On Feb 10, 2011, at 12:39 PM, Ryan Novosielski wrote:
health.nyc.gov query-errors:
10-Feb-2011 15:32:30.682 query-errors: debug 1: client
130.219.34.129#55935: query failed (SERVFAIL) for health.nyc.gov/IN/MX
at query.c:4630
10-Feb-2011 15:32:30.682 query-errors: debug 2: fetch completed at
On Jan 26, 2011, at 6:02 PM, p...@mail.nsbeta.info wrote:
When talk to others, I never describe it clearly for naming bind.
is it bind or Bind or BIND? is bind an abbreviation word?
Yes, BIND is an acronym for Berkeley Internet Name Daemon.
Regards,
--
-Chuck
Hi, Dough--
On Dec 21, 2010, at 2:22 PM, Doug Barton wrote:
On 12/16/2010 14:48, Chuck Swiger wrote:
Hi, bind-users--
I'd recently updated a machine to FreeBSD 7-STABLE, and I've noticed
that named from the base system (which claims to be BIND 9.4-ESV-R4)
is using more than twice as much
On Dec 21, 2010, at 4:34 PM, Doug Barton wrote:
You're combining too many variables. Whilst on the same platform (presumably
FreeBSD 7) install dns/bind94, run your tests. Then deinstall that, and
install dns/bind96; then run your tests.
I suspect that what you're seeing is actually a
Hi, bind-users--
I'd recently updated a machine to FreeBSD 7-STABLE, and I've noticed that named
from the base system (which claims to be BIND 9.4-ESV-R4) is using more than
twice as much memory as it used to:
PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND
706
77 matches
Mail list logo