nslookup
Scott.McEwan at eu.nabgroup.com
Scott.McEwan at eu.nabgroup.com
Mon May 13 09:39:07 UTC 2002
Barry,
The only configuration for 'allow tranfer' that exists within the
/etc/named.conf file is for the transfer between the Primary & Secondary.
Which exists by Ip address.
Should there also be an entry in /etc/named.conf for the localhost??
Cheers.
BIND Users Mailing List <bind-users at isc.org> on 11/05/2002 07:50:01
To: bind-users digest users <ecartis at isc.org>
cc: (bcc: Scott McEwan/NSL/NAG_EUROPE)
Subject: bind-users Digest V4 #126
bind-users Digest Fri, 10 May 2002 Volume: 04 Issue: 126
In This Issue:
Re: Performance: BIND 8 vs BIND 9
Re: cnames round robin in bind8 doesn't work
Re: "Ghost" Host record - moving DNS to a new IP
Re: Performance: BIND 8 vs BIND 9
Re: MX Record
Re: 9.2.1 Memory usage
nslookup
Re: nslookup
Reverse DNS lookup
Re: need to start, stop and start again to run bind properly
Re: cnames round robin in bind8 doesn't work
zone reverse
Help! New zones not transferring
Re: "Ghost" Host record - moving DNS to a new IP
Re: need to start, stop and start again to run bind properly
Named CPU skyrockets for ActiveX objects in IE 5.5 browser
Re: Reverse DNS lookup
Re: need to start, stop and start again to run bind properly
Re: Help! New zones not transferring
Re: "Ghost" Host record - moving DNS to a new IP
Re: Help! New zones not transferring
slave whith bind 8
RE: IP Numbers
Re: IP Numbers
Re: slave whith bind 8
Re: Reverse DNS lookup
Re: "Ghost" Host record - moving DNS to a new IP
Re: Help! New zones not transferring
Re: "Ghost" Host record - moving DNS to a new IP
Re: Named CPU skyrockets for ActiveX objects in IE 5.5 brows
Re: zone reverse
RE: Win2K, BIND & Multi-master
Re: Named CPU skyrockets for ActiveX objects in IE 5.5 brows
RE: Reverse DNS lookup
----------------------------------------------------------------------
From: phn at icke-reklam.ipsec.nu
Subject: Re: Performance: BIND 8 vs BIND 9
Date: 10 May 2002 10:17:34 GMT
Simon Waters <Simon at wretched.demon.co.uk> wrote:
> "Sasso, John IT" wrote:
>>
>> I've been hearing second-hand that the performance of BIND 9 (w.r.t. #
>> requests/sec) is, well, terrible compared to BIND 8. I wish I could give
>> specific revisions, but such was not given to me. I have looked on the 'net
>> as well as Nominum's site for any papers or other info for BIND 8 vs BIND 9
>> benchmarks, but have not been able to find any. I am told that BIND 8 will
>> do about 8000 reqs/sec, whereas BIND 9 fairs worse.
>>
>> Is there any substantiation to these claims?
> Yes
> BIND 9 has lower maximum throughput. More recent versions of
> BIND 9 close the gap. BIND 9 also scales better with CPU as it
> is threaded (with BIND 8 you could run multiple instances on one
> machine, but that is wasteful of other resources), but you need
> two CPUs (more or less) to match the performance of 8.
> The actual requests per second depends on hardware you have.
> In many real life situations DNS performance is limited by
> network bandwidth not server or OS resources, many big sites run
> DNS happily on a few low end SUN or Intel PC's running BIND
> without any significant load.
> What sort of CPU and network utilisation do you see on your
> current nameservers? How many requests per second do you get at
> peak?
>> We were considering on moving
>> to BIND 9.2 in the near future, but not if its going to degrade performance.
> Somethings are more important than performance.
>> Any web pages and/or papers you can refer me to regarding performance issues
>> and comparisons would be greatly appreciated!
> Rick Jones at HP's Labs (Cupertino) has written a number of
> reports. Including direct head to heads of BIND 8 to BIND 9 on
> identical hardware, and running MS DNS on Win32, versus BIND on
> GNU/Linux and HP-UX. (For the record MS DNS on Win32, beat BIND
> on Linux, which beat BIND of HP-UX, all on the same IA64 IIRC,
> which I think backs up my statement that there are more
> important things than performance nicely).
Simon,
Do you have an URL to these tests ?
> He usually posts here when new ones are out, so check the
> archive.
--
Peter H?kanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
------------------------------
From: Dan Amthor <groups at lonx.net>
Subject: Re: cnames round robin in bind8 doesn't work
Date: Fri, 10 May 2002 12:23:40 +0200
On Friday 10 May 2002 00:18, pui ming Wong wrote:
> We've been running bind4 and the round robin of cnames are okay.
> Lately i tried bind 8 on a dns with the zone as slave to a
> another master.
> Under this zone, there are cnames mapped to several different
> hosts.
> Using nslookup to look for that cname, it always returns
> 1 host (same one each time) without round robbing to several
> other hosts
>
> Is there anything i can set to make it work?
Knowing they are illegal, Bind 8 however has a directive to make them work.
Have a look. Bind9 however, has not got it, so on the long run, you have to
find a different solution.
Regards
Dan
------------------------------
From: phn at icke-reklam.ipsec.nu
Subject: Re: "Ghost" Host record - moving DNS to a new IP
Date: 10 May 2002 10:38:16 GMT
Torsten Mueller <torsten at archesoft.de> wrote:
> Hello,
> moving a nameserver seems to be a tricky task ...
> I operate the DNS server ns2.xtremeweb.de at 62.206.178.60
> I registered the hostname ns2.xtremeweb.de (NSD6860-HST) with Versign
> 10-Sep-2001 with the IP 62.132.78.180
I don't know why you ever bothered to involve verisign - that
seems to be an error.
Why don't you use one of the good registries in germany
BTW your current set of ns for xtremeweb.de is :
xtremeweb.de. 86400 IN NS ns2.xtremeweb.de.
xtremeweb.de. 86400 IN NS ns1.granitecanyon.com.
xtremeweb.de. 86400 IN NS ns1.xtremeweb.de.
however ns1.granitecanyon.com. is not refreshing itself correctly,
it might be left trying to refresh from your old master.
> I moved the server from the IP 62.132.78.180 to 62.206.178.60 in March
> 2002
> That's why i updated NSD6860-HST to the new IP on 23-Mar-2002 (Verisign)
> Some users, who have used my server for dns told me , that there is in
> the whois
> output the old IP of ns2.xtremeweb.de for their domains.
> After research i found out, that there exists a NS8822-HST which holds
> the old IP.
> I didn't create this host record.
> The whois links for the hosts:
>
https://www.netsol.com/cgi-bin/whois/whois?STRING=NSD6860-HST&SearchType=ha&STRING2.x=24&STRING2.y=10
> and
> http://ws.arin.net/cgi-bin/whois.pl?queryinput=NS8822-HST
> Is there a way to delete this record NS8822-HST (i didn't create it) ?
> Is there a way to find out, who created this record (to ask him/her to
> delete the
> record) ?
> I already contacted 3 times in the last 7 days Verisign about this
> issue,
> but they didn't respond to me.
> Yesterday i contacted arin.net and i hope that i get more answers from
> them.
> Thank you for your help.
> Torsten
--
Peter H?kanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
------------------------------
From: Simon Waters <Simon at wretched.demon.co.uk>
Subject: Re: Performance: BIND 8 vs BIND 9
Date: Fri, 10 May 2002 13:04:50 +0100
phn at icke-reklam.ipsec.nu wrote:
>
> Do you have an URL to these tests ?
ftp://ftp.cup.hp.com/dist/networking/briefs/
Either Rick doesn't go big on indexing, or he keeps the indexes
close to his chest.
I'm not sure which one has the Win32 results - but the recent
per server results show BIND 8 v BIND 9 on same hardware.
Switching on optimisation in the C compiler does appear to lift
peak throughput by about 50% on HP-UX, which is a lot cheaper
than buying bigger hardware ;)
------------------------------
Subject: Re: MX Record
From: dbotham at edeltacom.com
Date: Fri, 10 May 2002 08:40:03 -0400
1. rtfm for sendmail (or what ever mail program you are using), it will
tell you how to configure your mail server to listen on a differennt port.
Regardless, DNS has nothing to do with "what port your mail server listens
on".
2. If you are interested in stopping others from using your mail servers
as a relay, changing the port it listens on is not the answer. Continue
rtfm for your mail program and find the sections on Relay and Anit Spam.
You have probably fiugred out by this time that your post was way off
subject for this list...
David
|---------+---------------------------->
| | "OSC" |
| | <ohsc99 at hotmail.c|
| | om> |
| | Sent by: |
| | bind-users-bounce|
| | @isc.org |
| | |
| | |
| | 05/08/2002 12:18 |
| | AM |
| | Please respond to|
| | "OSC" |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: comp-protocols-dns-bind at isc.org
|
| cc:
|
| Subject: MX Record
|
>------------------------------------------------------------------------------------------------------------------------------|
|---------+---------------------------->
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
>------------------------------------------------------------------------------------------------------------------------------|
Hi,
I would like to configure my SMTP to use other port other than 25. Anyone
any idea how that can be done.
This is to help to filter crooks who try to use my SMTP to sent emails.
Thanks in advance.
OSC
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: MX Record
Date: Fri, 10 May 2002 14:19:32 GMT
In article <abf5sk$bc15$1 at isrv4.isc.org>, OSC <ohsc99 at hotmail.com> wrote:
>I would like to configure my SMTP to use other port other than 25. Anyone
>any idea how that can be done.
>
>This is to help to filter crooks who try to use my SMTP to sent emails.
>Thanks in advance.
Moving your SMTP server to a different port will stop the crooks. But it
will also stop all the legitimate mail, since normal mail clients and SMTP
servers will try to connect to it on port 25. So you might as well just
shut off the SMTP server entirely.
If you posted this to the BIND group hoping to find something you could put
in DNS to tell all these other servers what port you're on, you're out of
luck. The only thing available for mail routing is MX records, which only
specifies an alternate hostname, not an alternate port.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: 9.2.1 Memory usage
Date: Fri, 10 May 2002 14:31:55 GMT
In article <abfrll$bj60$1 at isrv4.isc.org>,
Udo Erdelhoff <ue at nathan.ruhr.de> wrote:
>In other words, the answer to your question is: It depends on the
>traffic and the zones you have. ;-)
Also the configuration. You can reduce your memory usage significantly
using the "host-statistics no" option.
Here's one of our authoritative servers, hosting over 32,000 zones:
PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND
26995 root 1 -14 0 372M 334M run 670.1H 46.15% named
and here's one of our caching servers, handing 300-400 queries/sec, and
which has been up for over 3 weeks:
PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND
14083 root 1 -4 0 284M 271M run 81.5H 29.27% named
We have host-statistics disabled on the caching server.
Both of these are running BIND 8, not BIND 9, but I suspect the results
would be similar.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: Scott.McEwan at eu.nabgroup.com
Date: Fri, 10 May 2002 15:40:19 +0100
Subject: nslookup
Folk
got a bit of a strange one here,
When i try and list all the zones that are associated with the primary DNS, it
spits out an 'unspecified error'.
As far as I know, both the primary and secondary are functioning correctly.
However, when I try the same command on the secondary DNS it does as it is asks.
smcewan at symutil$nslookup
Default Server: localhostAddress:
127.0.0.1> ls -d eu.nag.net
[localhost]
*** Can't list domain eu.nag.net:Unspecified error
>
any help would be greatly appreciated.
Scott
______________________________________________________________________
The information contained in this message is confidential and may also be
privileged. It is intended only for the addressee named above. The unauthorised
use, disclosure, copying or alteration of this message is strictly prohibited.
If you are not the addressee (or responsible for delivery of the message to the
addressee), please notify the originator immediately by return message and
destroy the original message. This message and any attachments have been scanned
for viruses prior to leaving the originators network. The originator does not
guarantee the security of this message and will not be responsible for any
damages arising from any alteration of this message by a third party or as a
result of any virus being passed on. All financial transactions or instructions
must be carried out in accordance with existing mandates and product terms and
conditions.
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: nslookup
Date: Fri, 10 May 2002 14:58:40 GMT
In article <abgmg1$c4t3$1 at isrv4.isc.org>,
<Scott.McEwan at eu.nabgroup.com> wrote:
>got a bit of a strange one here,
>When i try and list all the zones that are associated with the primary DNS, it
>spits out an 'unspecified error'.
>As far as I know, both the primary and secondary are functioning correctly.
>However, when I try the same command on the secondary DNS it does as it is
asks.
>
>
>smcewan at symutil$nslookup
>Default Server: localhostAddress:
> 127.0.0.1> ls -d eu.nag.net
>[localhost]
>*** Can't list domain eu.nag.net:Unspecified error
Do you have "allow-transfer" configured in the named.conf file? Does it
include "localhost"?
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: "Johnathan Leppert" <leppert at insight.rr.com>
Subject: Reverse DNS lookup
Date: Fri, 10 May 2002 07:30:17 GMT
Hi,
I am a T1 customer and whenever I do forward lookups on my domain, it yields
the correct IP. However, when I do a reverse lookup based upon my IP it
yields something like [myip].cust.provider.net. I don't currently run my own
nameservers, I use Public DNS. What type of bind configuration would allow
me to provide reverse lookup services for my IP, so my IP wouldn't be
resolved to that myip.cust.provider.net.? Does it have something to do with
the in-addr.arpa config, because I see this often when I do reverse lookups
by IP.
Thanks,
Johnathan
------------------------------
From: dt at dtinnovations.com (=?ISO-8859-1?Q?Dirk_Thannh=E4user?=)
Subject: Re: need to start, stop and start again to run bind properly
Date: 10 May 2002 02:20:01 -0700
I've found out something interesting.
The named - start problem does not occur when i boot the server (i
have disabled starting named during boot process) and then login to
the server via ssh from my laptop then 'su -' to root and start
'named' .
In other cases (starting it from the consolse or boot process) it
sucks.
This ist strange, isn't it?
------------------------------
From: daniel amthor <da at dertext.com>
Subject: Re: cnames round robin in bind8 doesn't work
Date: Fri, 10 May 2002 12:22:15 +0200
On Friday 10 May 2002 00:18, pui ming Wong wrote:
> We've been running bind4 and the round robin of cnames are okay.
> Lately i tried bind 8 on a dns with the zone as slave to a
> another master.
> Under this zone, there are cnames mapped to several different
> hosts.
> Using nslookup to look for that cname, it always returns
> 1 host (same one each time) without round robbing to several
> other hosts
>
> Is there anything i can set to make it work?
Knowing they are illegal, Bind 8 however has a directive to make them work.
Have a look. Bind9 however, has not got it, so on the long run, you have to
find a different solution.
Regards
Dan
------------------------------
From: "Anasoft" <anasoft at anasoft.ma>
Subject: zone reverse
Date: Fri, 10 May 2002 10:40:34 +0100
Hello,
My isp my cree a zone puts back 159.251.62.in-addr.arpa With a whois on
ripe.net
inetnum: 62.251.159.96 - 62.251.159.127
netname: ANASOFT
descr: ANASOFT SARL ? Fes
country: MA
admin-c: Ba347-RIPE
tech-c: Ba347-RIPE
rev-srv: dns1.anasoft.ma
rev-srv: dns2.anasoft.ma
But when I make :
host -a 62.251.159.115 ns.ripe.net
Using domain server:
Name: ns.ripe.net
Address: 193.0.0.193
Aliases:
rcode = 3 (Non-existent domain), ancount=0
Host not found.
How to make(do) so that it(he) finds my domain 159.251.62.in-addr.arpa
Plz help me
Excuse me i dont speak good english :)
------------------------------
From: "Joe Doe" <jj at jj.com>
Subject: Help! New zones not transferring
Date: Fri, 10 May 2002 15:33:03 GMT
I'm running Bind 9.1.3 on Linux 7.2. I have a primary nameserver called ns
and a slave called ns2.
1st question: Do I need to make an entry in named.conf on the slave for
each zone or is this done automatically? I've been adding them manually so
far.
2nd question: When I initially setup the slave server(ns2) last week all the
zones transferred perfectly from ns to ns2. But yesterday I added another
zone on ns(which resolves fine) and added the new zone entry in named.conf
on ns2. But the zone file doesn't transfer over when I update the serial
number on ns and restart named. What do I need to do to transfer new zones.
Do I have to setup rndc? The documentation seems confusing on rndc. Any
help would be greatly appreciated.
------------------------------
From: Torsten Mueller <torsten at archesoft.de>
Subject: Re: "Ghost" Host record - moving DNS to a new IP
Date: Fri, 10 May 2002 14:10:33 +0200
phn at icke-reklam.ipsec.nu schrieb:
>
> Torsten Mueller <torsten at archesoft.de> wrote:
...
> > I registered the hostname ns2.xtremeweb.de (NSD6860-HST) with Versign
> > 10-Sep-2001 with the IP 62.132.78.180
>
> I don't know why you ever bothered to involve verisign - that
> seems to be an error.
i have to agree
>
> Why don't you use one of the good registries in germany
>
> BTW your current set of ns for xtremeweb.de is :
> xtremeweb.de. 86400 IN NS ns2.xtremeweb.de.
> xtremeweb.de. 86400 IN NS ns1.granitecanyon.com.
> xtremeweb.de. 86400 IN NS ns1.xtremeweb.de.
>
> however ns1.granitecanyon.com. is not refreshing itself correctly,
> it might be left trying to refresh from your old master.
the serials are now in sync ;-)
The problem is not the domain xtremeweb.de itself, but com/net/org
domains,
which use the dns server (That was the only reason to register the host
at Verisign).
On 15% of these domains is in the whois output the old IP to be seen.
That's why i searched for the reason of this and found this "ghost" host
record
in the arin whois database. I don't know, if this is the real reason for
the
false whois output, but it is a starting point for my investigations.
Greetings Torsten
------------------------------
Date: Fri, 10 May 2002 10:01:44 -0700
From: Pete Ehlke <pde at ehlke.net>
Subject: Re: need to start, stop and start again to run bind properly
On Fri, May 10, 2002 at 02:20:01AM -0700, Dirk Thannh?user wrote:
>
> I've found out something interesting.
> The named - start problem does not occur when i boot the server (i
> have disabled starting named during boot process) and then login to
> the server via ssh from my laptop then 'su -' to root and start
> 'named' .
> In other cases (starting it from the consolse or boot process) it
> sucks.
> This ist strange, isn't it?
I've lost the context of this thread, but I suspect that you have a
machine with a ppp connection or some other network link whose setup
is not necessarily complete at the time your boot scripts attempt to
start named.
-Pete
------------------------------
From: "JB" <usenet at joshuabranch.com>
Subject: Named CPU skyrockets for ActiveX objects in IE 5.5 browser
Date: Tue, 7 May 2002 15:48:38 -0400
I noticed that when I visit the WSJ Online (online.WSJ.com), and I say yes
to permitting ActiveX objects to run, named CPU goes up to and remains
around 60%! If I refresh the page, but then say no to permitting ActiveX
objects to run on the page, then named CPU usages remains below 1%, usually
at 0%! The results are 100% consistent with whether or not I permit the
ActiveX advertisements to run on the page.
I found this to be true for any ActiveX object at the WSJ website. Saying
yes to an ActiveX object at AltaVista didn't do it.
After installing Bind 9 I added one zone to it. Yet, I did not point any
DNS server entries for any registered domain to BIND's public IP, so the
Internet should not even know it exists unless they scan my ports. Indeed,
I have done nothing but installed and run it.
Does anyone know why this might be happening? I am running W2K.
JB
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: Reverse DNS lookup
Date: Fri, 10 May 2002 17:03:28 GMT
In article <abgtqa$c2m7$1 at isrv4.isc.org>,
Johnathan Leppert <leppert at insight.rr.com> wrote:
>I am a T1 customer and whenever I do forward lookups on my domain, it yields
>the correct IP. However, when I do a reverse lookup based upon my IP it
>yields something like [myip].cust.provider.net. I don't currently run my own
>nameservers, I use Public DNS. What type of bind configuration would allow
>me to provide reverse lookup services for my IP, so my IP wouldn't be
>resolved to that myip.cust.provider.net.? Does it have something to do with
>the in-addr.arpa config, because I see this often when I do reverse lookups
>by IP.
You need your provider to customize your reverse DNS in one of two ways:
1) Change the reverse DNS entry to contain your custom hostname.
2) Delegate the reverse DNS for your address to some other nameservers,
e.g. ns1.granitecanyon.com and ns2.granitecanyon.com. In this case, you
would then have to create this reverse domain on the GC nameservers, just
as you did for your forward domain.
But for most people this isn't necessary. There's nothing wrong with
having two names (one in your domain, and the other in cust.provider.net)
resolve to the same IP, and the reverse lookup only has to resolve to one
of them.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
Date: Fri, 10 May 2002 13:07:46 -0400
From: Joseph S D Yao <jsdy at center.osis.gov>
Subject: Re: need to start, stop and start again to run bind properly
On Fri, May 10, 2002 at 02:20:01AM -0700, Dirk Thannh?user wrote:
>
> I've found out something interesting.
> The named - start problem does not occur when i boot the server (i
> have disabled starting named during boot process) and then login to
> the server via ssh from my laptop then 'su -' to root and start
> 'named' .
> In other cases (starting it from the consolse or boot process) it
> sucks.
> This ist strange, isn't it?
Could it be that you're starting 'bind' before doing something that it
needs, such as enabling the network interfaces? Just a wild guess ...
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
------------------------------
From: phn at icke-reklam.ipsec.nu
Subject: Re: Help! New zones not transferring
Date: 10 May 2002 17:37:42 GMT
Joe Doe <jj at jj.com> wrote:
> I'm running Bind 9.1.3 on Linux 7.2. I have a primary nameserver called ns
You better upgrade. 9.1.3 was novel a long time ago.
> and a slave called ns2.
> 1st question: Do I need to make an entry in named.conf on the slave for
> each zone or is this done automatically? I've been adding them manually so
> far.
Yes. You must create named.conf for all namservers. And they must
describe all zones.
Automating this is of course possible, you could generate the configfiles
and transport them with rsync ( or any other method). Just pick the
method you find will return it's investment in time.
> 2nd question: When I initially setup the slave server(ns2) last week all the
> zones transferred perfectly from ns to ns2. But yesterday I added another
> zone on ns(which resolves fine) and added the new zone entry in named.conf
> on ns2. But the zone file doesn't transfer over when I update the serial
> number on ns and restart named. What do I need to do to transfer new zones.
> Do I have to setup rndc? The documentation seems confusing on rndc. Any
> help would be greatly appreciated.
Have you read the syslog ? What does it read ?
( if not , don't bother, upgrade to 9.2.0 or better 9.2.1 )
--
Peter H?kanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: "Ghost" Host record - moving DNS to a new IP
Date: Fri, 10 May 2002 18:20:36 GMT
In article <abfrlk$b8vh$1 at isrv4.isc.org>,
Torsten Mueller <torsten at archesoft.de> wrote:
>The whois links for the hosts:
>https://www.netsol.com/cgi-bin/whois/whois?STRING=NSD6860-HST&SearchType=ha&STRING2.x=24&STRING2.y=10
>and
>http://ws.arin.net/cgi-bin/whois.pl?queryinput=NS8822-HST
>
>
>Is there a way to delete this record NS8822-HST (i didn't create it) ?
>Is there a way to find out, who created this record (to ask him/her to
>delete the
>record) ?
As far as I know, Host objects in the ARIN database do not get put into DNS
(glue records are never needed in IN-ADDR.ARPA). In any case, that host
object exists because the following network registration references it.
Most likely, it was created by the coordinator of the network, so he should
be able to correct it.
Des Moines Area Community College (NET-DMACC)
2006 South Ankeny Boulevard
Ankeny, IA 50021
US
Netname: DMACC
Netblock: 161.210.0.0 - 161.210.255.255
Coordinator:
Ollie, Jeffrey C [System Administrator] (JO88-ARIN)
jcollie at DMACC.CC.IA.US
+1-515-965-7057 (FAX) +1-515-965-7305
Domain System inverse mapping provided by:
NS00.DMACC.CC.IA.US 161.210.216.100
ZEUS.DMACC.CC.IA.US 161.210.216.101
DNS1.ICN.STATE.IA.US 165.206.53.253
NS3.DNSMADEEASY.COM 64.50.168.189
NS2.XTREMEWEB.DE 62.132.78.180
Record last updated on 18-Feb-2002.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: Torsten Mueller <torsten at archesoft.de>
Subject: Re: Help! New zones not transferring
Date: Fri, 10 May 2002 19:42:34 +0200
Joe Doe schrieb:
>
> I'm running Bind 9.1.3 on Linux 7.2. I have a primary nameserver called ns
> and a slave called ns2.
Maybe you should upgrade bind ?!
> 1st question: Do I need to make an entry in named.conf on the slave for
> each zone or is this done automatically? I've been adding them manually so
> far.
Yes
> 2nd question: When I initially setup the slave server(ns2) last week all the
> zones transferred perfectly from ns to ns2. But yesterday I added another
> zone on ns(which resolves fine) and added the new zone entry in named.conf
> on ns2. But the zone file doesn't transfer over when I update the serial
> number on ns and restart named. What do I need to do to transfer new zones.
> Do I have to setup rndc? The documentation seems confusing on rndc. Any
> help would be greatly appreciated.
Maybe you should take a look in the logs.
If you changed the serial on ns there is an entry like "loaded serial
xxx"
If you added ns2 in your zone file on ns as a nameserver, ns should send
a notify
to ns2
Look in your logs what's going on.
Torsten
------------------------------
Date: Fri, 10 May 2002 13:18:03 -0700
Subject: IP Numbers
From: Jeff Grossman <jeff at stikman.com>
I always see references to IP blocks at 127.0.0.0/24 or 127.0.0.0/16. What
do the last two digits after the "/" mean?
Can somebody point me somewhere where I can find this information out?
Thanks,
Jeff
--
Jeff Grossman (jeff at grossman.name)
------------------------------
From: "Giuliano Silva" <giuliano at tj.go.gov.br>
Subject: slave whith bind 8
Date: Thu, 9 May 2002 18:59:12 -0300
Hello everyone,
I, m a user of bind 8 and i?m having problens with the slave server, or better,
setting a slave in a primary server. I read in someware that i simply need to
insert a line like
};
zone "domain.br." {
type master;
file "zone/domain.br";
allow-transfer{
xxx.yyy.zzz.aaa;
};
Where "xxx.yyy.zzz.aaa" is the ip address of my bind slave server.
But, when i do this my primary no more working propely.
What is really necessary to do in the primary to have a slave server?
Thank you
P.s. my English is very poor, becouse i?m braziliam, so i?m sorry for anything.
------------------------------
From: "Wanda Perez, TRI" <WPerez at tricom.com.do>
Subject: RE: IP Numbers
Date: Fri, 10 May 2002 16:24:37 -0400
Hi Jeff, I hope the table help you
Regards Wanda
block size dotted decimal addresses networks
/13 255.248.0.0 512,000 8 class B's or 2048 class C's
/14 255.252.0.0 256,000 4 class B's or 1024 class C's
/15 255.254.0.0 128,000 2 class B's or 512 class C's
/16 255.255.0.0 64,000 1 class B or 256 class C's
/17 255.255.128.0 32,000 128 class C's
/18 255.255.192.0 16,000 64 class C's
/19 255.255.224.0 8,000 32 class C's
/20 255.255.240.0 4,000 16 class C's
/21 255.255.248.0 2,000 8 class C's
/22 255.255.252.0 1,000 4 class C's
/23 255.255.254.0 512 2 class C's
/24 255.255.255.0 256 1 class C
/25 255.255.255.128 128 1/2 class C
/26 255.255.255.192 64 1/4 class C
/27 255.255.255.224 32 1/8 class C
/28 255.255.255.240 16 1/16 class C
/29 255.255.255.248 8 1/32 class C
/30 255.255.255.252 4 1/64 class C
/31 255.255.255.254 2 1/128 class C
/32 255.255.255.255 1 1/256 class C
-----Original Message-----
From: Jeff Grossman [mailto:jeff at stikman.com]
Sent: Friday, May 10, 2002 4:18 PM
To: Bind List
Subject: IP Numbers
I always see references to IP blocks at 127.0.0.0/24 or 127.0.0.0/16. What
do the last two digits after the "/" mean?
Can somebody point me somewhere where I can find this information out?
Thanks,
Jeff
--
Jeff Grossman (jeff at grossman.name)
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: IP Numbers
Date: Fri, 10 May 2002 20:28:11 GMT
In article <abhaa7$ccnb$1 at isrv4.isc.org>,
Jeff Grossman <jeff at grossman.name> wrote:
>I always see references to IP blocks at 127.0.0.0/24 or 127.0.0.0/16. What
>do the last two digits after the "/" mean?
The number of bits in the address that represent the network portion,
versus the host portion. /24 is equivalent to a 255.255.255.0 network
mask, while /16 is equivalent to 255.255.0.0.
>Can somebody point me somewhere where I can find this information out?
It was probably introduced in the RFC 1519, which introduced CIDR
(Classless Inter-Domain Routing).
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: slave whith bind 8
Date: Fri, 10 May 2002 20:30:57 GMT
In article <abhacr$cg5a$1 at isrv4.isc.org>,
Giuliano Silva <giuliano at tj.go.gov.br> wrote:
>I, m a user of bind 8 and i?m having problens with the slave server, or
>better, setting a slave in a primary server. I read in someware that i
>simply need to insert a line like
>
>};
>
> zone "domain.br." {
> type master;
> file "zone/domain.br";
> allow-transfer{
> xxx.yyy.zzz.aaa;
>};
>
>
>
>
>Where "xxx.yyy.zzz.aaa" is the ip address of my bind slave server.
>
>But, when i do this my primary no more working propely.
You have unmatched braces -- you don't have a '}' to match the '{' after
'allow-transfer'.
>What is really necessary to do in the primary to have a slave server?
Nothing. By default, BIND allows anyone address to perform zone
transfers. You only need 'allow-transfer' if you want to block zone
transfers done by any other address.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: "Anasoft" <anasoft at anasoft.ma>
Subject: Re: Reverse DNS lookup
Date: Fri, 10 May 2002 20:42:09 +0100
I want that on irc the converssion of my ip is of type poste1.mydomaine.com
is not as ip
tnks
"Barry Margolin" <barmar at genuity.net> a ?crit dans le message news:
abguq3$c8oc$1 at isrv4.isc.org...
> In article <abgtqa$c2m7$1 at isrv4.isc.org>,
> Johnathan Leppert <leppert at insight.rr.com> wrote:
> >I am a T1 customer and whenever I do forward lookups on my domain, it
yields
> >the correct IP. However, when I do a reverse lookup based upon my IP it
> >yields something like [myip].cust.provider.net. I don't currently run my
own
> >nameservers, I use Public DNS. What type of bind configuration would
allow
> >me to provide reverse lookup services for my IP, so my IP wouldn't be
> >resolved to that myip.cust.provider.net.? Does it have something to do
with
> >the in-addr.arpa config, because I see this often when I do reverse
lookups
> >by IP.
>
> You need your provider to customize your reverse DNS in one of two ways:
>
> 1) Change the reverse DNS entry to contain your custom hostname.
>
> 2) Delegate the reverse DNS for your address to some other nameservers,
> e.g. ns1.granitecanyon.com and ns2.granitecanyon.com. In this case, you
> would then have to create this reverse domain on the GC nameservers, just
> as you did for your forward domain.
>
> But for most people this isn't necessary. There's nothing wrong with
> having two names (one in your domain, and the other in cust.provider.net)
> resolve to the same IP, and the reverse lookup only has to resolve to one
> of them.
>
> --
> Barry Margolin, barmar at genuity.net
> Genuity, Woburn, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the
group.
>
------------------------------
From: Mark_Andrews at isc.org
Subject: Re: "Ghost" Host record - moving DNS to a new IP
Date: Sat, 11 May 2002 07:50:07 +1000
> In article <abfrlk$b8vh$1 at isrv4.isc.org>,
> Torsten Mueller <torsten at archesoft.de> wrote:
> >The whois links for the hosts:
> >https://www.netsol.com/cgi-bin/whois/whois?STRING=NSD6860-HST&SearchType=ha&
> STRING2.x=24&STRING2.y=10
> >and
> >http://ws.arin.net/cgi-bin/whois.pl?queryinput=NS8822-HST
> >
> >
> >Is there a way to delete this record NS8822-HST (i didn't create it) ?
> >Is there a way to find out, who created this record (to ask him/her to
> >delete the
> >record) ?
>
> As far as I know, Host objects in the ARIN database do not get put into DNS
> (glue records are never needed in IN-ADDR.ARPA). In any case, that host
> object exists because the following network registration references it.
> Most likely, it was created by the coordinator of the network, so he should
> be able to correct it.
Well I know that some of the host entries in the APNIC database
make it into the zone as the nameservers live in the reverse
zone they serve. ns1.2.3.4.in-addr.arpa is a legal hostname.
I wouldn't be suprised if ARIN and RIPE have some also.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
------------------------------
From: "Mark Damrose" <mdamrose at elgin.cc.il.us>
Subject: Re: Help! New zones not transferring
Date: Fri, 10 May 2002 17:15:06 -0500
"Joe Doe" <jj at jj.com> wrote in message news:abguf8$cadr$1 at isrv4.isc.org...
> I'm running Bind 9.1.3 on Linux 7.2. I have a primary nameserver called
ns
> and a slave called ns2.
>
> 1st question: Do I need to make an entry in named.conf on the slave for
> each zone or is this done automatically? I've been adding them manually so
> far.
>
> 2nd question: When I initially setup the slave server(ns2) last week all
the
> zones transferred perfectly from ns to ns2. But yesterday I added another
> zone on ns(which resolves fine) and added the new zone entry in named.conf
> on ns2. But the zone file doesn't transfer over when I update the serial
> number on ns and restart named. What do I need to do to transfer new
zones.
> Do I have to setup rndc? The documentation seems confusing on rndc. Any
> help would be greatly appreciated.
You've already been told to upgrade and check the logs, but it's not clear
from your description - did you restart *both* nameservers after you added
the new zone? The slave needs to be restarted in order to see the new zone
in the configuration.
------------------------------
From: Barry Margolin <barmar at genuity.net>
Subject: Re: "Ghost" Host record - moving DNS to a new IP
Date: Fri, 10 May 2002 22:20:18 GMT
In article <abhfne$chr3$1 at isrv4.isc.org>, <Mark_Andrews at isc.org> wrote:
> Well I know that some of the host entries in the APNIC database
> make it into the zone as the nameservers live in the reverse
> zone they serve. ns1.2.3.4.in-addr.arpa is a legal hostname.
Yeah, I guess this is legal, it just seems so unlikely that I'm surprised
they actually support it. In any case, if the server for a reverse domain
doesn't end in .IN-ADDR.ARPA it obviously can't require a glue record.
I tried all of the ARIN.NET servers, and none of them seemed to return glue
records for any of the servers for 210.161.in-addr.arpa.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
Date: Fri, 10 May 2002 15:35:17 -0400
From: Danny Mayer <mayer at gis.net>
Subject: Re: Named CPU skyrockets for ActiveX objects in IE 5.5 browser
At 11:29 PM 5/8/02, JB wrote:
>Interesting... after I let ActiveX/named(BIND) suck up CPU for about a
>minute, I only got one entry in the Application Log:
>
> query logging is now on
>
>At least now I know where the logging should go. Unfortunately, this seems
>to indicate that named is using up CPU without logging why. I bumped up
>debug level to 3, and refreshed, and still nothing.
If you are running on NT or W2K and you didn't create in named.conf a logging
category for queries, then it will go into the application event log. Use the
Event Viewer to get to it.
>In addition to ActiveX objects, I was also able to get it to occur for
>ActiveX objects loaded at Dictionary.com. However, WSJ.com is consistent
>100% of the time. Dictionary.com seems to rotate its advertisements, so you
>won't always get ActiveX.
>
>
>----- Original Message -----
>From: "Mark Damrose" <mdamrose at elgin.cc.il.us>
>To: <comp-protocols-dns-bind at isc.org>
>Sent: Wednesday, May 08, 2002 2:35 PM
>Subject: Re: Named CPU skyrockets for ActiveX objects in IE 5.5 browser
>
>
>"JB" <usenet at joshuabranch.com> wrote in message
>news:abbpha$97m5$1 at isrv4.isc.org...
> > Query logging... a concept who's time has come. I turn it on, but can't
>find a log anywhere. When looking at all the *.LOG files on my hard drive,
>the only one I don't recognize with recent additions is userenv.log. While
>I'd love to know what that is, and why it gets 5 new entries every 5
>minutes, I suspect it has nothing to do with BIND.
> >
>On unix machine it logs to the standard system log. Try looking in event
>viewer.
Danny
------------------------------
Date: Fri, 10 May 2002 19:35:16 -0400
From: Kevin Darcy <kcd at daimlerchrysler.com>
Subject: Re: zone reverse
Just because it is in RIPE WHOIS, does not necessarily mean that it has
been delegated. As you have discovered, and I have confirmed
independently, 159.251.62.in-addr.arpa has not been delegated by RIPE.
Talk to them about it.
- Kevin
Anasoft wrote:
> Hello,
> My isp my cree a zone puts back 159.251.62.in-addr.arpa With a whois on
> ripe.net
>
> inetnum: 62.251.159.96 - 62.251.159.127
> netname: ANASOFT
> descr: ANASOFT SARL =E0 Fes
> country: MA
> admin-c: Ba347-RIPE
> tech-c: Ba347-RIPE
> rev-srv: dns1.anasoft.ma
> rev-srv: dns2.anasoft.ma
>
> But when I make :
> host -a 62.251.159.115 ns.ripe.net
> Using domain server:
> Name: ns.ripe.net
> Address: 193.0.0.193
> Aliases:
>
> rcode =3D 3 (Non-existent domain), ancount=3D0
> Host not found.
>
> How to make(do) so that it(he) finds my domain 159.251.62.in-addr.arpa
> Plz help me
>
> Excuse me i dont speak good english :)
------------------------------
Date: Fri, 10 May 2002 19:47:48 -0400
From: Danny Mayer <mayer at gis.net>
Subject: RE: Win2K, BIND & Multi-master
At 01:11 PM 5/9/02, Cricket Liu wrote:
>Hi, John.
>
> > I've got a consultant here telling me that BIND can be set up with a
> > multi-master model.
>
>Hmm. I'm not exactly sure what he means by that. You can run
>multiple primary master name servers for a zone and synchronize
>them with a mechanism other than zone transfers, but that wouldn't
>handle dynamic updates very well.
What he really means is that DNS not BIND, ie W2K DNS, can be set up
to be multi-master. This means that you have to store the data in Active
Directory and Active Directory takes care of replicating the changes to
the other masters. The dynamic updates go to any master and Active
Directory takes care of the rest.
> > I've been trying to get it to work (for several days), but everything I
> > currently know about BIND 8.2.3-REL goes against having multiple
> > masters.
> >
> > Test #1: I've configured just 2 servers. A test domain -on server 1 is
> > configured as "master",
> > on server 2, it's a "slave". Using nsupdate, (while on DNS server #1) -
> > I add a record, the master sends a NOTIFY, it's received, the slave does
> > a AXFR, -and all's well. (I'd like for it to do a IXFR... I can't figure
> > that out either!)
>
>Better to do IXFR with BIND 9 than BIND 8.
>
> > Test #2: I've configured just 2 servers. A test domain -on server 1 is
> > configured as "master",
> > on server 2, it's also a "master". When using nsupdate, again -on DNS
> > server #1, it sends the NOTIFY to server #2, but [I presume 'cause it's
> > also a master] I get:
> >
> > notify: info: NOTIFY(SOA) for non-secondary name
> >
> > ...and, as expected, the second "master" server ignores the update from
> > the "true" master.
>
>Yup.
>
> > I've been playing with "notify yes;".. and that doesn't make any
> > difference either.
>
>No, it wouldn't.
>
> > My goal is to find a way to get BIND 8.2.3 replication-model to mimmic
> > Win2K's DDNS. I need to allow for multiple company sites to each have
> > their own master for ....say... the adaptec.com zone. If a Win2K client
> > in one site does a dynamic update- it'll update the DNS server specified
> > in the clients DNS settings... right? That would be their *local* DNS
> > server.
>
>No, a dynamic update client can send an update to any name server.
>It figures out which name server to send the update to by looking
>up the SOA record for the domain name in the update. That domain
>name doesn't always have an SOA record, but even a negative answer
>returns the SOA record of the enclosing zone. The updater extracts
>the MNAME field and sends the update there.
>
>Does that mitigate your need for masters everywhere?
>
> > Any ideas on how can I get the other "master" DNS servers to see their
> > update (and do IXFR's)? I'm guessing master/slave is the ONLY way if we
> > want to stick
> > with BIND. And I REALLY want to stick with BIND!
>
>I don't think you can do what you're trying to do with BIND.
>But then I don't think you really need to.
You CAN what you need with BIND, it's just not multi-master. It's a different
design and it's called master/slave. Implement that you every works fine.
You can use IXFR for transferring just incremental changes and minimize
the loads on the machines.
>cricket
Danny
------------------------------
Date: Sat, 11 May 2002 00:18:59 -0400
From: Danny Mayer <mayer at gis.net>
Subject: Re: Named CPU skyrockets for ActiveX objects in IE 5.5 browser
At 07:40 PM 5/10/02, Erik Sliman wrote:
>The Application Log was retrieved with the event viewer. Since then I
>update named.conf to create a log file. It does the same thing to the text
>file, basically. It creates an entry each time I do a query with HOST,
>showing that it is logging queries. However, even when I reproduce the
>CPU/ActiveX/named problem, nothing else goes in the log. It looks like
>whatever is running in the named.exe process does not get logged, and
>probably has nothing to do with DNS queries, but only when certain ActiveX
>controls are running, which WSJ uses 100% of the time, and other sites, such
>as Dictionary.com, use some of the time, while others, like AltaVista.com,
>don't ever seem to invoke.
>
>Does the Windows port of BIND use ActiveX controls?
No. BIND uses straight ANSI C code. There is no ActiveX, COM, DCOM
or other technologies involved.
> Even if this is true,
>it still doesn't explain everything because:
>
>1> If BIND is not running, the overall CPU usage is much lower when the
>ActiveX controls run.
>2> If the web page is loaded with ActiveX controls, and THEN the named.exe
>service is started, the named.exe still picks up CPU enormously, taking it
>up near 60%.
I'd need to see some evidence.
>Both of these facts appears to reduce the likelyhood that the named.exe
>process is merely getting credit for the CPU usage of ActiveX controls that
>both it and IE are using. The latter goes against the theory becuase you
>would think that, of the very least, it would be credited to the first COM
>client to load the object. The first fact detracts from the theory because
>IE is not showing nearly the same CPU usage when run without BIND as BIND
>produces when the objects are loaded in IE.
>
>More than anything my curiosity is killing me. This seems to indicate a
>possible hole, to say the least. I know I had to upgrade Macromedia player
>recently because it's ActiveX object had a major security hole. This could
>be another since BIND runs with a lot of authority. This, of course, is
>part of the reason I have IE ask me whether or not I want to run an ActiveX
>object on a web page. If I don't trust the site, I say no. Of course, now
>I say no just to save CPU.
Danny
------------------------------
From: "Jeff Grossman" <jeff at stikman.com>
Subject: RE: Reverse DNS lookup
Date: Fri, 10 May 2002 22:49:08 -0700
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of
> Johnathan Leppert
> Sent: Friday, May 10, 2002 12:30 AM
> To: comp-protocols-dns-bind at isc.org
> Subject: Reverse DNS lookup
>
> Hi,
>
> I am a T1 customer and whenever I do forward lookups on my domain, it
yields
> the correct IP. However, when I do a reverse lookup based upon my IP
it
> yields something like [myip].cust.provider.net. I don't currently run
my own
> nameservers, I use Public DNS. What type of bind configuration would
allow
> me to provide reverse lookup services for my IP, so my IP wouldn't be
> resolved to that myip.cust.provider.net.? Does it have something to do
with
> the in-addr.arpa config, because I see this often when I do reverse
lookups
> by IP.
You will need to talk with your ISP and see if they will either change
their reverse DNS for your IP to what ever you want, or see if they will
let you run the reverse DNS for your IP.
Jeff
------------------------------
End of bind-users Digest V4 #126
********************************
______________________________________________________________________
The information contained in this message is confidential and may also be
privileged. It is intended only for the addressee named above. The unauthorised
use, disclosure, copying or alteration of this message is strictly prohibited.
If you are not the addressee (or responsible for delivery of the message to the
addressee), please notify the originator immediately by return message and
destroy the original message. This message and any attachments have been scanned
for viruses prior to leaving the originators network. The originator does not
guarantee the security of this message and will not be responsible for any
damages arising from any alteration of this message by a third party or as a
result of any virus being passed on. All financial transactions or instructions
must be carried out in accordance with existing mandates and product terms and
conditions.
More information about the bind-users
mailing list