domain.comX, domain.comXX
Ryan McCain
Ryan.McCain at dss.state.la.us
Tue Aug 21 19:40:09 UTC 2007
That is surely strange. I will delete the X|XX|XXX files. Make sure the named.conf doesnt refer to any X|XX|XXX and restart named. I'll see if they re-populate.
Thanks, Ryan
>>> On Tue, Aug 21, 2007 at 1:21 PM, in message
<46CB2D41.1030306 at mailnetwork.co.uk>, "Andy Shellam (Mailing Lists)"
<andy.shellam-lists at mailnetwork.co.uk> wrote:
> Hi Ryan,
>
> It looks like what someone previously suggested, that the
> "domainX|XX|XXX" files are duplicated zone files that either someone's
> used, perhaps for testing purposes, or to secure a previous zone while
> some change was being made, or maybe by some automated process? I must
> admit off the top of my head, I can't think of any automated process
> that would do this.
>
> If you take, for example, the zone "citigroup.net" - your
> "citigroup.netXX" file is the current live file (as specified by
> named.conf).
>
> There is something to be gathered looking at the dates - these new files
> starting appearing somewhere between the 17th and 21st August, according
> to your file list (as the old ones were last modified on the 17th.)
> They all look the same size, though, so it's unlikely anything's changed
> within the files themselves, although I'd use a comparison tool (such as
> diff or WinMerge just to be sure.)
>
> My first port of call would be to look at what was running on the server
> on the 17th August, and also what's special about the zones that have
> got an "X|XX|XXX" brother, compared to those that haven't.
>
> Andy.
>
> Ryan McCain wrote:
>> Sorry for the late response.
>>
>> I will respond to everyones questions in this email to save congestion in
> the list.
>>
>> -We are using BIND 9.3.2-17.4 on SLES 10 (kernel 2.6.16.21-0.8-bigsmp)
>>
>> - I am the only one who is touching DNS on secondary server in question.
> There are Windows admins who could be adding DNS records on the primary
> server. I can't imagine them creating duplicate zones though.
>>
>> - Here is a directory listing of the zones on the secondary server. Notice
> the X and XX zone files..
>> -rw-r--r-- 1 named named 319 2007-08-21 12:56 0.in-addr.arpa
>> -rw-r--r-- 1 named named 1535 2007-08-17 11:40 114.10.in-addr.arpa
>> -rw-r--r-- 1 named named 1535 2007-08-21 12:46 114.10.in-addr.arpaX
>> -rw-r--r-- 1 named named 2049 2007-08-21 12:48 115.10.in-addr.arpa
>> -rw-r--r-- 1 named named 941 2007-08-21 12:55 116.10.in-addr.arpa
>> -rw-r--r-- 1 named named 323 2007-08-21 12:55 117.10.in-addr.arpa
>> -rw-r--r-- 1 named named 1263 2007-08-21 12:53 118.10.in-addr.arpa
>> -rw-r--r-- 1 named named 3655 2007-08-21 12:57 119.10.in-addr.arpa
>> -rw-r--r-- 1 named named 17566 2007-08-21 12:45 120.10.in-addr.arpa
>> -rw-r--r-- 1 named named 1581 2007-08-21 12:50 121.10.in-addr.arpa
>> -rw-r--r-- 1 named named 2275 2007-08-21 12:49 122.10.in-addr.arpa
>> -rw-r--r-- 1 named named 827 2007-08-21 12:57 123.10.in-addr.arpa
>> -rw-r--r-- 1 named named 3589 2007-08-21 12:48 124.10.in-addr.arpa
>> -rw-r--r-- 1 named named 1388 2007-08-21 12:54 125.10.in-addr.arpa
>> -rw-r--r-- 1 named named 2749 2007-08-21 12:56 126.10.in-addr.arpa
>> -rw-r--r-- 1 named named 369 2007-08-21 12:57 127.in-addr.arpa
>> -rw-r--r-- 1 named named 431 2007-08-17 11:16 citigroup.net
>> -rw-r--r-- 1 named named 431 2007-08-17 11:18 citigroup.netX
>> -rw-r--r-- 1 named named 431 2007-08-21 12:47 citigroup.netXX
>> -rw-r--r-- 1 named named 42065 2007-08-21 12:22 dss.state.la.us
>> -rw-r--r-- 1 named named 3568 2007-08-21 12:22 dss.state.la.us.jnl
>> -rw-r--r-- 1 named named 411 2007-08-17 11:18 ebtadmin.jpmorganchase.com
>> -rw-r--r-- 1 named named 411 2007-08-21 12:55 ebtadmin.jpmorganchase.comX
>> -rw-r--r-- 1 named named 418 2007-08-21 12:54 familiesla.com
>> -rw-r--r-- 1 named named 808 2007-08-21 12:54 familiesla.com.jnl
>> -rw-r--r-- 1 named named 425 2007-08-17 11:23 fostercare.la.gov
>> -rw-r--r-- 1 named named 425 2007-08-17 11:37 fostercare.la.govX
>> -rw-r--r-- 1 named named 425 2007-08-17 11:40 fostercare.la.govXX
>> -rw-r--r-- 1 named named 425 2007-08-21 12:56 fostercare.la.govXXX
>> -rw-r--r-- 1 named named 439 2007-08-17 11:28 fostercare.louisiana.gov
>> -rw-r--r-- 1 named named 439 2007-08-17 11:40 fostercare.louisiana.govX
>> -rw-r--r-- 1 named named 439 2007-08-21 12:53 fostercare.louisiana.govXX
>>
>> - Finally, below is my named.conf file....
>>
>> # Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
>> # All rights reserved.
>> #
>> # Author: Frank Bodammer, Lars Mueller <lmuelle at suse.de>
>> #
>> # /etc/named.conf
>> #
>> # This is a sample configuration file for the name server BIND 9. It works
> as
>> # a caching only name server without modification.
>> #
>> # A sample configuration for setting up your own domain can be found in
>> # /usr/share/doc/packages/bind/sample-config.
>> #
>> # A description of all available options can be found in
>> # /usr/share/doc/packages/bind/misc/options.
>>
>> options {
>>
>> # The directory statement defines the name server's working
> directory
>>
>> directory "/var/lib/named";
>>
>> # Write dump and statistics file to the log subdirectory. The
>> # pathenames are relative to the chroot jail.
>>
>> dump-file "/var/log/named_dump.db";
>> statistics-file "/var/log/named.stats";
>>
>> # The forwarders record contains a list of servers to which queries
>> # should be forwarded. Enable this line and modify the IP address
> to
>> # your provider's name server. Up to three servers may be listed..
>>
>> #forwarders { 192.0.2.1; 192.0.2.2; };
>>
>> # Enable the next entry to prefer usage of the name server declared
> in
>> # the forwarders section.
>>
>> #forward first;
>>
>> # The listen-on record contains a list of local network interfaces to
>> # listen on. Optionally the port can be specified. Default is to
>> # listen on all interfaces found on your system. The default port
> is
>> # 53.
>>
>> #listen-on port 53 { 127.0.0.1; };
>>
>> # The listen-on-v6 record enables or disables listening on IPv6
>> # interfaces. Allowed values are 'any' and 'none' or a list of
>> # addresses.
>>
>> listen-on-v6 { any; };
>>
>> # The next three statements may be needed if a firewall stands
> between
>> # the local server and the internet.
>>
>> #query-source address * port 53;
>> #transfer-source * port 53;
>> #notify-source * port 53;
>>
>> # The allow-query record contains a list of networks or IP addresses
>> # to accept and deny queries from. The default is to allow queries
>> # from all hosts.
>>
>> #allow-query { 127.0.0.1; };
>>
>> # If notify is set to yes (default), notify messages are sent to
> other
>> # name servers when the the zone data is changed. Instead of
> setting
>> # a global 'notify' statement in the 'options' section, a separate
>> # 'notify' can be added to each zone definition.
>>
>> notify no;
>> include "/etc/named.d/forwarders.conf";
>> };
>>
>> # To configure named's logging remove the leading '#' characters of the
>> # following examples.
>> #logging {
>> # # Log queries to a file limited to a size of 100 MB.
>> # channel query_logging {
>> # file "/var/log/named_querylog"
>> # versions 3 size 100M;
>> # print-time yes; // timestamp log entries
>> # };
>> # category queries {
>> # query_logging;
>> # };
>> #
>> # # Or log this kind alternatively to syslog.
>> # channel syslog_queries {
>> # syslog user;
>> # severity info;
>> # };
>> # category queries { syslog_queries; };
>> #
>> # # Log general name server errors to syslog.
>> # channel syslog_errors {
>> # syslog user;
>> # severity error;
>> # };
>> # category default { syslog_errors; };
>> #
>> # # Don't log lame server messages.
>> # category lame-servers { null; };
>> #};
>>
>> # The following zone definitions don't need any modification. The first one
>> # is the definition of the root name servers. The second one defines
>> # localhost while the third defines the reverse lookup for localhost.
>>
>> zone "." in {
>> type hint;
>> file "root.hint";
>> };
>>
>> zone "localhost" in {
>> type master;
>> file "localhost.zone";
>> };
>>
>> zone "0.0.127.in-addr.arpa" in {
>> type master;
>> file "127.0.0.zone";
>> };
>>
>> # Include the meta include file generated by createNamedConfInclude. This
>> # includes all files as configured in NAMED_CONF_INCLUDE_FILES from
>> # /etc/sysconfig/named
>>
>> include "/etc/named.conf.include";
>>
>> ###Forward Records
>> zone "familiesla.com" in {
>> masters { 172.20.11.237; };
>> file "slave/familiesla.com";
>> type slave;
>> };
>> logging {
>> category default { log_syslog; };
>> channel log_syslog { syslog; };
>> };
>> zone "dss.state.la.us" in {
>> masters { 172.20.11.237; };
>> file "slave/dss.state.la.us";
>> type slave;
>> };
>> zone "citigroup.net" in {
>> masters { 172.20.11.237; };
>> file "slave/citigroup.netXX";
>> type slave;
>> };
>> zone "ebtadmin.jpmorganchase.com" in {
>> masters { 172.20.11.237; };
>> file "slave/ebtadmin.jpmorganchase.comX";
>> type slave;
>> };
>> zone "fostercare.la.gov" in {
>> masters { 172.20.11.237; };
>> file "slave/fostercare.la.govXXX";
>> type slave;
>> };
>> zone "fostercare.louisiana.gov" in {
>> masters { 172.20.11.237; };
>> file "slave/fostercare.louisiana.govXX";
>> type slave;
>> };
>>
>>
>> ###Reverse Records
>>
>> zone "114.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/114.10.in-addr.arpaX";
>> type slave;
>> };
>> zone "115.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/115.10.in-addr.arpa";
>> type slave;
>> };
>> zone "116.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/116.10.in-addr.arpa";
>> type slave;
>> };
>> zone "117.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/117.10.in-addr.arpa";
>> type slave;
>> };
>> zone "118.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/118.10.in-addr.arpa";
>> type slave;
>> };
>> zone "119.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/119.10.in-addr.arpa";
>> type slave;
>> };
>> zone "120.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/120.10.in-addr.arpa";
>> type slave;
>> };
>> zone "121.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/121.10.in-addr.arpa";
>> type slave;
>> };
>> zone "122.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/122.10.in-addr.arpa";
>> type slave;
>> };
>> zone "123.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/123.10.in-addr.arpa";
>> type slave;
>> };
>> zone "124.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/124.10.in-addr.arpa";
>> type slave;
>> };
>> zone "125.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/125.10.in-addr.arpa";
>> type slave;
>> };
>> zone "126.10.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/126.10.in-addr.arpa";
>> type slave;
>> };
>> zone "127.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/127.in-addr.arpa";
>> type slave;
>> };
>> zone "0.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/0.in-addr.arpa";
>> type slave;
>> };
>> zone "1.168.in-addr.arpa" in {
>> masters { 172.20.11.237; };
>> file "slave/1.168.in-addr.arpa";
>> type slave;
>> };
>>
>>
>>
>>>>> On Fri, Aug 17, 2007 at 6:30 PM, in message
>>>>>
>> <DE3D6118-4D2E-49A4-9124-0614390C57FB at swcp.com>, Bill Larson <wllarso at swcp.com>
>> wrote:
>>
>>> On Aug 17, 2007, at 5:02 PM, Kevin Darcy wrote:
>>>
>>>
>>>> Ryan McCain wrote:
>>>>
>>>>> I noticed a few of the zones I pull down have the main zone file,
>>>>> domain.com, then a few others, domain.comX, domain.comXX, etc.
>>>>> Can someone explain what is going on here or forward me to the
>>>>> appropriate link to read about this.
>>>>>
>>>>> I googled for "bind comXX" and nothing came up.
>>>>>
>>> I'd take a guess that someone created some additional zones, possibly
>>> for internal use or maybe testing.
>>>
>>> Ryan, why not post your named.conf file? This isn't anything
>>> standard, so you are making us do some heavy duty crystal ball gazing
>>> while trying to help you out.
>>>
>>> Bill Larson
>>>
>>>
>>>> Hmmm... What version of BIND is this? My initial thought was that
>>>> these
>>>> were temporary zone files of some sort, but BIND 9 uses the
>>>> "tmp-XXXXXXXXXX" template for its temp files (see the #define TEMPLATE
>>>> in lib/isc/unix/file.c), and I've verified this with truss on a
>>>> Solaris box:
>>>>
>>>> /2: open("tmp-QJkiFMUAqe", O_RDWR|O_CREAT|O_EXCL, 0666) = 9
>>>>
>>>> I suppose an older version of BIND (8 or 4) might have formed temp
>>>> names
>>>> by just appending Xs to the the zone name, but I don't specifically
>>>> remember that convention.
>>>>
>>>> Are you sure the "XX" filenames aren't defined anywhere in your
>>>> named.conf?
>>>>
>>>> - Kevin
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
>> !DSPAM:37,46cb2a7a107505884010870!
>>
>>
>>
>>
More information about the bind-users
mailing list