e: Thursday, June 1, 2017 at 12:27 AM
To: Mathew Ian Eis <mathew@nau.edu>, "bind-users@lists.isc.org"
<bind-users@lists.isc.org>
Subject: RE: Tuning suggestions for high-core-count Linux servers
Cheers Matthew.
1) Not seeing that error, seeing this one in
360k qps is actually quite good… the best I have heard of until now on EL was
180k [1]. There, it was recommended to manually tune the number of subthreads
with the -U parameter.
Since you’ve mentioned rmem/wmem changes, specifically you want to:
1. check for send buffer overflow; as indicated
What you are describing more generally sounds like what is known as split-view
or split-horizon DNS. In short, you split all (or part by virtue of delegation
or forwarders) of your namespace into “internal” and “external” partitions;
this is documented in the context of BIND here:
content from old and new nameservers, that will be easy
in this case since all are slaves to the same (hidden) master.
Thanks again,
Mathew Eis
Northern Arizona University
-Original Message-
From: Mark Andrews <ma...@isc.org>
Date: Monday, March 6, 2017 at 5:32 PM
To: Mathew I
Hi BIND,
Hoping someone in the community will have experience with this.
We are looking to migrate off a set of nameservers to another set of
nameservers. For all practical considerations, both sets of servers are slave
to the same hidden master, which yields interesting considerations that
ps -C named -o start,lstart is the time since the process was started.
One can also force BIND to “reset” with a SIGHUP without actually stopping and
starting the daemon.
This will cause (among many other things) the pid file to be reset. (You can
also find a “general: notice: running” about
Hi BIND,
We are running BIND behind a Citrix NetScaler (v 11.0) load balancer, and
recently had a report that BIND 9.11 is unable to resolve names from our public
nameservers.
The issue can be easily reproduced with the BIND 9.11 client, e.g.: $ dig
nau.edu @a.ns.nau.edu (will return status:
and external for both the master and slave server?
Sorry for all the questions, its just that I'm very new to this view thing, as
you might have guessed:)
On Thu, Aug 18, 2016 at 9:50 PM, Mathew Ian Eis
<mathew@nau.edu<mailto:mathew@nau.edu>> wrote:
I think you are pretty clos
I think you are pretty close. One detail that you appear to be missing are is
in the linked document:
server 10.0.1.1 {
/* Deliver notify messages to external view. */
keys { external-key; };
};
Your slaves should have a similar statement in each view with the IP of the
master and the relevant
rom: Tony Finch <d...@dotat.at>
Date: Thursday, July 14, 2016 at 3:17 AM
To: Mathew Eis <mathew@nau.edu>
Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: Re: auto-dnssec maintain and DNSKEY removal
Mathew Ian Eis <mathew@nau.edu> wro
,
Mathew Eis
-Original Message-
From: Tony Finch <d...@dotat.at>
Date: Wednesday, July 6, 2016 at 2:48 AM
To: Mathew Eis <mathew@nau.edu>
Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: Re: auto-dnssec maintain and DNSKEY removal
Mathew
gt;
Subject: Re: auto-dnssec maintain and DNSKEY removal
Mathew Ian Eis <mathew@nau.edu> wrote:
>
> > Are you allowing enough time for named to go through a zone key maintenance
> > cycle? (which is hourly if I remember correctly)
>
> I’m not sure, it sounds
nd-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: Re: auto-dnssec maintain and DNSKEY removal
Mathew Ian Eis <mathew@nau.edu> wrote:
>
> We think that in some cases, named may be choosing to use a key past the
> removal date (as in [2]), while our file maint
Hi BIND,
The documentation for auto-dnssec maintain suggests that named will remove
DNSKEYs from zones when the deletion time marked in the metadata occurs [1].
Unfortunately, it seems this is not always the case.
We are currently trying to diagnose the source of residual DNSKEYs in our zones
I support the license change as well, and I’d like to specifically applaud the
use of a license that still allows for commercial use even while nicely asking
for the re-contribution of any improvements.
(speaking for myself and not the University)
-Mathew Eis
g.
what would you put in the NS/SOA records to keep the master hidden and the
slaves non-authoritative?
Thanks again,
-Mathew Eis
From: John W. Blue [john.b...@rrcic.com]
Sent: Monday, April 04, 2016 7:12 PM
To: Mathew Ian Eis; bind-users@lists.isc.org
Subject
Hi BIND,
I have a question about authoritative servers in a split horizon environment
(suppose two views “internal” and “external”).
Is is necessary to have separate internal authoritative (listed in internal
zone NS records, but not in whois or external NS records) servers, if the
internal
mes unresponsive with high load
>
>Hello Mathew,
>
>On Fri, Apr 01, 2016 at 04:01:04PM +, Mathew Ian Eis wrote:
>> What OS are you running your BIND server on? Is it virtualized?
>
>Linux Kernel 3.4.111 with glibc 2.22, 32bit, not virtualized. No distribution -
>everyt
What OS are you running your BIND server on? Is it virtualized?
Is it fully unresponsive, or could it be simply taking longer to respond than
your client timeout?
Cheers,
Mathew Eis
Northern Arizona University
Information Technology Services
mathew@nau.edu
(928) 523-2960
ind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: Re: Interesting behavior with wildcard domains
On 24/02/2016 09:13, Mathew Ian Eis wrote:
Hi BIND,
I've encountered (quite by accident) an interesting behavior in BIND with
wildcard domains:
The relevant configuration is a zo
Howdy Mark,
Can you please clarify the best practice for this?
> Recursive servers (honouring RD=1) however can be authoritative for zones.
In this context of "authoritative", do you mean that they can be fully
functional slaves and have a complete copy of the zone information?
I would
Organization: RTFM
Reply-To: bind-users@lists.isc.org
Date: Thursday, August 20, 2015 at 4:59 PM
To: bind-users@lists.isc.org
Subject: Re: DNSSEC secondary (free)
On Thu, Aug 20, 2015 at 06:29:57PM +, Mathew Ian Eis wrote:
I believe Hurricane Electric’s free DNS https://dns.he.net/
supports DNSSEC
I believe Hurricane Electric’s free DNS https://dns.he.net/ supports DNSSEC if
you do zone transfers to them. (No personal experience, but we’ve been
considering using them for the same purpose, and they seem to have a good
community reputation).
Mathew Eis
Northern Arizona University
From:
Howdy BIND,
We’ve been troubleshooting an issue with iOS print discovery using DNS-SD for
the last several weeks. We made a little bit of a breakthrough this evening
when we observed in a packet trace that the response case was fully lowercase,
regardless of the query case. It seems iOS is
-Original Message-
From: Tony Finch d...@dotat.at
Date: Friday, May 22, 2015 at 2:32 AM
To: Mathew Eis mathew@nau.edu
Cc: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: random latency in named
Mathew Ian Eis mathew@nau.edu wrote:
* The OS is RHEL 6.6; we just
Hi BIND,
I’ve been trying to track down the source of random latency in our production
servers, without much luck. At random intervals - several times an hour - named
appears to suddenly stop processing queries for around 0-2500ms, only to resume
moments later. This of course introduces
26 matches
Mail list logo
