I got some bind servers doing iteration resolution, and return the
results to users. But I found that some names got too big TTLs, whose
RRs can not be replaced correctly by new RRs in time. This leads to
user‘s blame, we have to flush the caches by hand, and restart the
SOHO router to resolve the
Last day I tried new bind, and the crash when reloading comes.
The reload command: 'rndc -c etc/rndc.conf reload' or 'killall -HUP
named', the used rndc.conf was generated by 'rndc-confgen -r
/dev/urandom -t /chroot/'. And messages below comes from offline
debug.
[snipped]
21-Mar-2012 16:46:12.56
2012/6/19 Drunkard Zhang :
> I‘m working for a China ISP, with a very complex network arch. One of
> these complex things is the CDN of ICP returned a bunch of IP
> addresses, which distributed in geographically varies, and some IP
> addresses located way far from us. So I want do so
2012/7/10 Shon Stephens :
> Dear All,
>
> I am running the version of BIND provided by RPM packages with RHEL
> 6.2. This is a new server build replacing a previous server. That host was
> running an earlier version of BIND and and earlier version of RHEL. The
> config files have remained rela
2012/7/16 Eivind Olsen :
> Den 15. juli 2012 kl. 16:57 skrev Benny Pedersen :
>
>> change to gentoo/funtoo ?
>
> Some might prefer to run the same Linux distribution on all their servers,
> changing to something like Gentoo just to get BIND running seems a bit
> overkill.
>
For critical services,
2012/7/17 Fr34k :
> We have been monitoring the same.
>
> Google found an unrelated, yet similar, issue a few years ago:
> http://pages.cs.wisc.edu/~plonka/netgear-sntp/#ToC16
>
>
>> Hi,
>>
>> Recently, I have been watching on one DNS server a lot of queries from a
>> customer to ¨time-b.netgear.co
2012/7/27 Yingdi Yu :
> Hi,
>
> Is there anyone who knows how long an answer that fails in verification can
> stay in the bad cache of BIND? Thanks!
>
Try max-ncache-ttl option.
>From ARM:
max-ncache-ttl
To reduce network traffic and increase performance, the server stores
negative answers. max-nc
2013/3/19 Gerry Reno :
> Using BIND 9.8.2
>
> When you setup Samba 4 AD DC using BIND9_DLZ and your domain has external
> servers (eg: www,mail) at external providers
> this means that the ISP and the internal network nameservers will both have
> SOA record for the domain.
>
> /etc/resolv.conf lo
2013/6/14 Phil Mayers :
> On 14/06/13 15:27, Manson, John wrote:
>>
>> We are running Bind 9.9.2 and would like to invoke the rate-limit option
>> but named says ‘unknown option’.
>>
>> Do we need to upgrade bind to get this option?
>
>
> You need to apply the patches here:
>
> http://ss.vix.su/~vj
2013/6/15 Vernon Schryver :
>> From: Drunkard Zhang
>
>> Great patchset, and I found this docs will be in ARM:
>>
>> [ rate-limit {
>> [ responses-per-second number ; ]
>> [ referrals-per-second number ; ]
>> [ nodata-per-second number ; ]
>>
2014-03-02 3:04 GMT+08:00 /dev/rob0 :
> On Sat, Mar 01, 2014 at 03:35:25PM +, Phil Mayers wrote:
>> On 01/03/2014 14:30, Chuck Anderson wrote:
>>
>> >How should these rules be changed to adhere to the Best Practices
>> >while not breaking anything and still allowing the servers to do
>> >their
Hi, all. I'm using bind-9.7.2-P3, and I want to get query log, I
pasted related configuration below:
options {
directory "/var/";
forward only;
#listen-on port 53 { 10.198.2.249; 127.0.0.1; };
forwarders {
8.8.8.8;
};
pid-file "file-n
I just add these in default named.conf:
zone "speedtest.360.cn" {
type forward;
forwarders { 211.161.192.1; };
};
which reacts like this:
17:20:09 ~ $ dig +nocmd speedtest.360.cn @211.161.192.146 +multiline
+noall +answer
speedtest.360.cn. 34 IN CNAME speedtest.360.cn.cloud
2011/2/22 Florian Weimer :
> * Drunkard Zhang:
>
>> The upstream DNS server 211.161.192.1 did responsed correctly, by
>> analysis via tcpdump. But why bind didn't use THE RESPONSE, but
>> resolves again from root-servers.
>
> Unfortunately, the informatio
The upstream DNS server 211.161.192.1 did responsed correctly, by
analysis via tcpdump. But why bind didn't use THE RESPONSE, but
resolves again from root-servers.
>>>
>>> Unfortunately, the information provided by 211.161.192.1 must be
>>> discarded because that is server is not au
2011/2/22 Florian Weimer :
> * Drunkard Zhang:
>
>> My capture command: tcpdump -s 0 -nnnvvv -w 360.cn-`date +%Y%m%d`.pcap
>> udp port 53
>>
>> 17:59:36 ~ $ dig +nocmd speedtest.360.cn @211.161.192.1 +multiline
>> +noall +answer
>> speedtest.360.cn.
I got 4 DNSs doing recursive resolution, which splited into 2 groups,
and a couple of dns caches. Each group of recursion DNS using their
own net link, which is different.
Here's problem: I want a dns-cache to use one group of recursion DNS
as their forwarders, and use another group as backup. ( I
2011/9/20 Drunkard Zhang :
> I got 4 DNSs doing recursive resolution, which splited into 2 groups,
> and a couple of dns caches. Each group of recursion DNS using their
> own net link, which is different.
>
> Here's problem: I want a dns-cache to use one group of recu
>> When I query a name, the dns-cache queries forwarders for gTLDs
>> instead of using local hint file, why?
>
> local "hint" file? I'm not sure what you mean here.
This file just replace the original root-servers with all my 4
recursive DNS's domain name and IP, nothing other.
>>
>> And the dns-
> Why are you going through all of these gyrations? The forwarding algorithm
> in BIND has for a long time been based on RTT, so if one forwarder, or a set
> of forwarders, stops working, the other(s) will be used automatically. In
> other words, forwarder failover works without any special configu
>> Oops, I misunderstood. But I want to resolve this problem: take
>> news.qq.com for example, I DID saw that it's unresolvable to one group
>> (they returned NXDomain), at meantime it's no problem to another
>> group, and "dig news.qq.com +trace" returned correct answer on both
>> group. It seems
2011/9/23 Kevin Darcy :
> On 9/21/2011 10:01 PM, Drunkard Zhang wrote:
>>>
>>> Why are you going through all of these gyrations? The forwarding
>>> algorithm
>>> in BIND has for a long time been based on RTT, so if one forwarder, or a
>>> set
>&g
oes not, because it follows the hierarchy down and asks different
>>> nameservers). In other words, you're shooting yourself in the foot with
>>> your
>>> hints-file trickery.
>
> On 23.09.11 08:49, Drunkard Zhang wrote:
>>
>> No, I got 2 layers of DN
I am designing a big deploy system, which will implement via DNS. The
demond is misc, one of them is conditionally resolve, which means that
if one CDN node near unavailable, or latency increased significantly,
no matter why, I want bind to give another second best result, which
located in distant
www.21photo.cn resolution failed on my dns, bind returned SERVFAIL,
this is my trace using "named -u named -d 2 -g". It seems like that
bind use IPv6 first, while there's no IPv6 configed, bind just
returns SERVFAIL, instead of resolve using IPv4 address. How can I fix
this?
02-Feb-2012 14:00:57.
I read some bind code mentioned in this trace, I think the reason of
SERVFAIL should be like this:
> 14:42:40 ~ $ dig +nocmd +multiline +noall +answer www.21photo.cn
> 14:42:42 ~ $ dig +nocmd +multiline +noall +answer a.dns.cn.
> a.dns.cn. 4818 IN A 203.119.25.1
> 14:42:56 ~ $ dig +n
2012/2/2 Mark Andrews :
>
> Nameservers *cannot* be CNAMEs. In this case both nameservers listed in
> the parent zone are CNAMEs. The delegation needs to be fixed.
>
> Mark
Got you. I'll try to contact their DNS administrator to fix. Thx
___
Please vis
2012/2/2 Mark Andrews :
>
> CNAME as nameservers *cannot* be made reliable. Static-stub
> can be used as a workaround but it doesn't scale.
> Misconfiguration like this just need to be fixed.
Thanks, I digged rfcs, and found THE misconfig scene in rfc1912:
2.4 CNAME records
2012/2/2 Mark Andrews :
>
> CNAME as nameservers *cannot* be made reliable. Static-stub
> can be used as a workaround but it doesn't scale.
> Misconfiguration like this just need to be fixed.
Thanks, I digged rfcs, and found THE misconfig scene in rfc1912:
2.4 CNAME records
29 matches
Mail list logo
