bind-users Digest V5 #20
Dave Comcast
dgattis at comcast.net
Sat Jan 25 14:19:39 UTC 2003
How do I unsubscribe?
:-)
----- Original Message -----
From: "BIND Users Mailing List" <bind-users at isc.org>
To: "bind-users digest users" <ecartis at isc.org>
Sent: Wednesday, January 22, 2003 2:50 AM
Subject: bind-users Digest V5 #20
> bind-users Digest Tue, 21 Jan 2003 Volume: 05 Issue: 020
>
> In This Issue:
> Re: named gets swapped in and out
> setting up root server
> failed while receiving responses: unexpected message id
> problem with time
> Re: DNS , Sendmail bug lists
> Re: problem with time
> Nslookup returns "no answer" but dig works?!
> cc tld
> bind 9.2.1 cache flushing
> How to query two forwarders, even if the first one gave a ne
> dns win2000 server, active directory
> upgrading bind
> DNS question from a network guy
> Re: DDNS-Updates with nsupdate or compareable
> Re: DNS question from a network guy
> Re: bind 9.2.1 cache flushing
> Re: Denied Query
> Re: Nslookup returns "no answer" but dig works?!
> Re: How to query two forwarders, even if the first one gave
> Re: upgrading bind
> Re: DNS question from a network guy
> Re: DNS question from a network guy
> BIND Master, Win2k Slave problem
> Re: reverse delegating range of ip addresses
> Re: dns win2000 server, active directory
> Re: bind performance woes on solaris
> Re: bind performance woes on solaris
> Re: dns win2000 server, active directory
> Re: reverse delegating range of ip addresses
> Re: failed while receiving responses: unexpected message id
> Re: Question
> Re: no more TCP clients: quota reached
> How many public DNS servers are there on the web?
> Re: DNS question from a network guy
> Re: dns win2000 server, active directory
> Re: How many public DNS servers are there on the web?
> Re: DNS question from a network guy
> Logging Name Queries and Forwarding
> DNS slave to pull multiple primaries
> What an authorative nameserver is down?
> Action in case of RR not found
> Re: What an authorative nameserver is down?
> Re: Logging Name Queries and Forwarding
> Dynamic Update
> DNS a website
> Re: Question
>
> ----------------------------------------------------------------------
>
> From: Marc Haber <mh+usenet0236 at zugschl.us>
> Subject: Re: named gets swapped in and out
> Date: Tue, 21 Jan 2003 08:45:44 +0100
>
>
>
> phn at icke-reklam.ipsec.nu wrote:
> >if query-logging is considered to heavy, a dump with rndc dumpdb
> >will give clues of what teh cache consist of.
>
> Good idea. Thanks.
>
> Greetings
> Marc
>
> --
> -------------------------------------- !! No courtesy copies, please
!! -----
> Marc Haber | " Questions are the | Mailadresse im
Header
> Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32
15
> Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31
29
>
> ------------------------------
>
> From: "euphoria nostagalia" <mehane at hotmail.com>
> Subject: setting up root server
> Date: Tue, 21 Jan 2003 08:13:24 +0000
>
>
>
> hello all
>
> i have linux 7.2 and bind 9.2 , and now i want to know the procedure of
> setting up root server in the following format:
> my nameservers r:
> 192.168.0.4 =ns2.kk.org
> 192.168.5.5=ns1.kk.org
> my root server and zone as follows:
> root = tld
> bb.root
> kk.bb.root
>
> could anyone help me in this regard..
> thanks
>
>
>
>
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 09:18:17 +0100
> From: Patrick Viola <pviola at de.cw.net>
> Subject: failed while receiving responses: unexpected message id
>
>
> Hi,
> I have a prob with a bind version 9.2.
> With some zones I always get the message
> "failed while receiving responses: unexpected message id".
> I can do a dig axfr and look in the zone. I can't see any prob.
>
> Anybody know this problem and can tell me a way to fix it?
> Or can give me a little hint, how I can load the zones anyway?
>
> ~Patrick
>
>
>
>
>
> ------------------------------
>
> From: "dimis" <dk at infodomi.gr>
> Subject: problem with time
> Date: Tue, 21 Jan 2003 11:32:17 +0200
>
> Hi!!! My suse 7.1 linux server has wrong time. It goes 2 hours +. Would i
> have a problem with dns server bind 8.2.4 if i change the time with the
> right one?
> Thanks
>
>
>
> ------------------------------
>
> From: Simon Waters <Simon at wretched.demon.co.uk>
> Subject: Re: DNS , Sendmail bug lists
> Date: Tue, 21 Jan 2003 09:37:03 +0000
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Veeraraju_Mareddi wrote:
> >
> > How do we know the bugs , any buglists subscription to get
> updated to recent
> > big list or any good site for this.
>
> BIND uses CERT for announcements of bugs. They have a list of
> known issues against versions at www.isc.org.
>
> Sendmail - wouldn't know, wouldn't use it, and offtopic but try
> http://www.sendmail.org/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+LRS9GFXfHI9FVgYRAhjrAKCHzUeUKh6Jfh4ZlV6YtCcZJyjs0wCg1x81
> ocEjo754WlLAzsPdhYpvjuQ=
> =NAvE
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> From: Simon Waters <Simon at wretched.demon.co.uk>
> Subject: Re: problem with time
> Date: Tue, 21 Jan 2003 10:25:15 +0000
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> dimis wrote:
> > Hi!!! My suse 7.1 linux server has wrong time. It goes 2 hours
> +. Would i
> > have a problem with dns server bind 8.2.4 if i change the time
> with the
> > right one?
>
> The correct way to adjust time on *nix servers is to stop all
> services, adjust time, and restart services.
>
> Since DNS is made redundant by multiple servers for both
> recursive clients, and authoritative servers, restarting BIND
> should never cause a problem unless one of your other servers is
> already down and you KNOW when that happens as you monitor RIGHT?!
>
> If correctness of operation is important follow the procedure,
> if it is a small box for personal use, where the worst that will
> happen if you'll waste your own time, sure set the clock and see
> if anything bad happens, never had anything serious bad on
> desktop *nix boxes happen from a cavalier approach to time, but
> there is always a first time!
>
> NTP daemon will set the clock continuously in small adjustments
> that should be safe, run it in future, and set time at boot
> using ntp command for such.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+LSAIGFXfHI9FVgYRAnkOAJ4/Kf/1+AD0ZJH1AMrxIu7BQyF+ZwCaAy9/
> xiDwIPrpd6BbmNrWzjh+0ck=
> =gYv/
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> From: savuud at atc.no (Savuud)
> Subject: Nslookup returns "no answer" but dig works?!
> Date: 21 Jan 2003 03:33:27 -0800
>
>
>
> I'm having a strange problem, nslookup replies "No answer" when
> checking a zone on the dns server. However dig works without a hitch.
> We have checked if the problem was related to the firewall, even
> though we turned of the firewall nslookup replied no answer. My
> question is, could this be a problem related to the sone file? Perhaps
> it dislikes how the sone files are formatted?
>
> Here is a printout of one query made by nslookup:
> QUESTIONS:
> bestwestern.no, type = A, class = IN
> ANSWERS:
> AUTHORITY RECORDS:
> -> bestwestern.no
> origin = etype.nettdesign.no
> mail addr = hostmaster.nettdesign.no
> serial = 2002012101
> refresh = 3600
> retry = 900
> expire = 3600000
> minimum = 3600
> ADDITIONAL RECORDS:
> ------------
> *** Can't find bestwestern.no: No answer
>
> Here is a query on atc.no
> ------------
> QUESTIONS:
> atc.no, type = A, class = IN
> ANSWERS:
> -> atc.no
> internet address = 195.159.120.8
> AUTHORITY RECORDS:
> -> atc.no
> nameserver = ns2.atc.no.
> -> atc.no
> nameserver = ns.atc.no.
> ADDITIONAL RECORDS:
> ------------
> Non-authoritative answer:
> Name: atc.no
> Address: 195.159.120.8
>
> Strange enough, the query on atc.no works.
> If any of you guys have any idea on how to solve this, please tell :)
>
> - Savuud
>
> ------------------------------
>
> From: "William Stacey" <staceyw at mvps.org>
> Subject: cc tld
> Date: Tue, 21 Jan 2003 09:05:13 -0500
>
> Was the "cc" tld every used for anything other then for ccTLD of Cocos
> Islands?
> tia
>
> -- wjs
>
>
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 09:54:31 -0800 (PST)
> From: Angela Chow <angie at krypt.com>
> Subject: bind 9.2.1 cache flushing
>
>
> hi all,
>
> is there a way we can tell bind 9.2.1 to not flush the cache? i'd like to
> keep the cache for about a week or so and not have it flush/clear every
> hour.
>
> any help is apprieciated.
>
> thanks!
>
> -angie
>
>
> ------------------------------
>
> From: "H. Faber" <hf at ake-software.de>
> Subject: How to query two forwarders, even if the first one gave a
negative
> Date: Tue, 21 Jan 2003 15:49:21 +0100
>
>
>
> Hi,
>
> my server is connected to the internet as well as to a company network.
> The company network provides its own dns server that resolves local
> names to their local ip addresses. My server is running bind9-9.1.3-252.
> I put the companies dns server and the one from my ISP into the
> forwarders option of the named.conf. Unfortunately bind does not query
> the companies dns server after getting a negative answer from the ISPs
> dns server.
>
> Do I have to set up a separate zone for the companies network? Or is
> there an option to tell bind to query all the servers available in the
> forwarders variable?
>
> H. Faber
>
>
> ------------------------------
>
> From: "Frank W. Vans Evers" <fvansev1 at tampabay.rr.com>
> Subject: dns win2000 server, active directory
> Date: Tue, 21 Jan 2003 16:35:27 GMT
>
> I have installed server with AD and DNS all basic stuff, nothing fancy.
> When I enter nslookup in the commnad window I do not resolve my DNS host
> name. Everything seems to work but that one thing. What I am
overlooking?
>
> TIA
>
> /s/ Frank W. Vans Evers
> fvansev1 at tampabay.rr.com
>
>
> ------------------------------
>
> From: "Pedro Marques" <pedromarques at seara.com>
> Subject: upgrading bind
> Date: Tue, 21 Jan 2003 18:10:32 -0000
>
>
> Hi,
>
> I'm upgrading BIND 8 -> 9 in the master server.
> Is it mandatory to upgrade in all slave servers?
> They're all running BIND 8.
>
> Thanks,
> Pedro
>
>
> ------------------------------
>
> From: "dzember" <dzember at cisco.com>
> Subject: DNS question from a network guy
> Date: Tue, 21 Jan 2003 13:31:24 -0500
>
> I am not a DNS guru. I did search the archives first...
>
> If you have two or more records for a host, DNS will use round robin in
its
> replies... What is the behavior if you delegate a domain, for instance
> www.mydomain.com to two name servers?
>
> in the mydomain.com name server...
>
>
> www in ns ns3.mydomain.com
> in ns ns4.mydomain.com
>
> ns3 in a 192.168.1.10
> ns4 in a 192.168.2.10
>
>
> Thanks in advance for any help.
>
> David
>
>
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 15:02:31 -0500
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> Subject: Re: DDNS-Updates with nsupdate or compareable
>
>
> Falk Husemann wrote:
>
> > Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >
> > Hello!
> >
> > > Just give the input file as the last parameter on the command line, or
> > > pipe the commands to nsupdate.
> >
> > This is exactly my problem. How does such a file need to be layouted?
> > I've seen some strange things (like an EOT in a File) around in the Web.
>
> Look at the nsupdate man page. I can't imagine why an embedded EOT would
be
> necessary (except maybe on wintel).
>
> > Another Thing is the IP-Question. Does anyone know how I can get it for
> > a specific (ippp0 for example) Netword-Device?
>
> Using what language/API/OS? In C on Unix, there are ways to step through
> the interface list and look at the properties of each interface. The exact
> specifics of the API may differ between flavors of Unix (AIX was
> particularly painful, I seem to recall). As for other languages/APIs/OSes,
> I wouldn't know...
>
> > BTW: Is there a way to show my zone-file using nsupdate or any other
> > tool?
>
> Remotely, you mean?
>
> You can retrieve the *data* of your zone using utilities like "dig" or the
> zone-transfer capabilities of the Net::DNS Perl module. "dig" will even
> format that data in master-file format, by default, so it'll look like a
> zonefile. Note that for zone transfers to work, you either need to have
> zone-transfers unrestricted on the authoritative server, or you need an
> "allow-transfer" clause in order to permit it.
>
> *BUT*, this is just the *data* of the zone. It's not an exact copy of the
> zone file. All of the comments, formatting (including any $INCLUDE or
other
> directives) will not be present in the zone-transfer data. If you want a
> literal copy of the zone *file*, you'll have to resort to more generic,
> non-DNS-specific methods like FTP, scp, NFS or whatever.
>
>
> - Kevin
>
>
>
>
> ------------------------------
>
> Subject: no more TCP clients: quota reached
> Date: Tue, 21 Jan 2003 14:20:39 -0600
> From: Martin McCormick <martin at dc.cis.okstate.edu>
>
> We have been running BIND 9.2.1 for many months with no
> problem at all when we suddenly started getting
> messages in the log of the format shown in the subject line.
>
> Shortly after that, the named process died. After
> restarting it, all is well again. What quota was exceeded? Bind
> was extremely busy at the time. I think we have been running
> this version of bind since last June and this is the first time
> it has just died on its own.
>
> It is one good piece of software, but something went
> wrong today.
>
>
> Martin McCormick WB5AGZ Stillwater, OK
> OSU Center for Computing and Information Services Network Operations Group
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 15:26:38 -0500
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> Subject: Re: DNS question from a network guy
>
>
> dzember wrote:
>
> > I am not a DNS guru. I did search the archives first...
> >
> > If you have two or more records for a host, DNS will use round robin in
its
> > replies... What is the behavior if you delegate a domain, for instance
> > www.mydomain.com to two name servers?
> >
> > in the mydomain.com name server...
> >
> > www in ns ns3.mydomain.com
> > in ns ns4.mydomain.com
> >
> > ns3 in a 192.168.1.10
> > ns4 in a 192.168.2.10
>
> Queries for that name will be referred to those two nameservers, which are
> expected to have the same data for the zone. If the name owns multiple A
> records, then those nameservers *may* round-robin their responses,
depending
> on what nameserver software they are running and how they are configured.
>
> The decision of which nameserver to query is usually made on the basis of
> which nameserver has answered recent queries faster. Chances are, many if
not
> most of the queries will be sent from nameservers which don't have a good
> "scoresheet" of response times from your nameservers, so this tends to
inject
> a large random element into the nameserver-selection algorithm.
>
>
> - Kevin
>
>
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: bind 9.2.1 cache flushing
> Date: Wed, 22 Jan 2003 07:29:58 +1100
>
>
> >
> > hi all,
> >
> > is there a way we can tell bind 9.2.1 to not flush the cache? i'd like
to
> > keep the cache for about a week or so and not have it flush/clear every
> > hour.
> >
> > any help is apprieciated.
> >
> > thanks!
> >
> > -angie
>
> It doesn't flush the cache. It cleans *expired* entries
> from the cache that havn't been cleaned as a side effect
> of the normal lookup process. This is a garbage collection
> processes.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 15:34:10 -0500
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> Subject: Re: Denied Query
>
>
> Alex Tang wrote:
>
> > phn at icke-reklam.ipsec.nu wrote in message
news:<b0hesd$eg78$1 at isrv4.isc.org>...
> > > Alex Tang <cchytang at sinaman.com> wrote:
> > >
> > > > Dear All
> > >
> > > > I keep getting the following logs which shows that the dns server is
> > > > being queried his ip address ptr record from different IP. However,
> > > > the ptr is hosting by other name server. They should not query my
> > > > server. Do any one know why they (applications) query the ptr from
my
> > > > server instead of the authoritative server which is hosting the ptr
> > > > record.
> > >
> > > > eg.
> > >
> > > > 20-Jan-2003 17:25:49.285 security: notice: denied query from
> > > > [63.218.7.130].11853
> > > > for "1.110.83.203.in-addr.arpa" PTR/IN
> > >
> > > > 203.83.110.1 (dns1) is a new dns server and hosting some domains.
> > > > the ptr of 203.83.110.1 is hosting by the other server ns1.
> > >
> > > > Therefore, all request for querying the ptr of 203.83.110.1 should
go
> > > > to ns1 nor dns1(203.83.110.1)
> > >
> > > The client will ask the dns-servers listed in /etc/resolv.conf ( or
> > > simular) for everything.
> > >
> > > The client is not ( shall not) be smart and attempt to locate=20
> > > which servers are doing what domains, that's a nameserver task. Thus
> > > the client asks your nameserver all queries.=20
> >
> > Thanks you help.
> > Would you tell me that what is locate=20 and all queries.=20 ?
>
> Have you never seen extraneous "=20"s in people's email before? It's an
artifact
> of incompatibilities between various mail-user-agents' and/or gateways'
notions of
> how to handle the quoted-printable content-type. You should just read
those as the
> plain words "locate" and "all queries".
>
> > Why the
> > client ask /etc/resov.conf ? The file should be use by the name server
> > only.
>
> No, you've got that backwards: DNS *clients* use /etc/resolv.conf (on Unix
at
> least; Windows OS'es presumably use some sort of registry crud);
> BIND name*servers* use /etc/named.conf.
>
>
> - Kevin
>
>
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: Nslookup returns "no answer" but dig works?!
> Date: Wed, 22 Jan 2003 07:38:23 +1100
>
>
> >
> > I'm having a strange problem, nslookup replies "No answer" when
> > checking a zone on the dns server. However dig works without a hitch.
> > We have checked if the problem was related to the firewall, even
> > though we turned of the firewall nslookup replied no answer. My
> > question is, could this be a problem related to the sone file? Perhaps
> > it dislikes how the sone files are formatted?
> >
> > Here is a printout of one query made by nslookup:
> > QUESTIONS:
> > bestwestern.no, type = A, class = IN
> > ANSWERS:
> > AUTHORITY RECORDS:
> > -> bestwestern.no
> > origin = etype.nettdesign.no
> > mail addr = hostmaster.nettdesign.no
> > serial = 2002012101
> > refresh = 3600
> > retry = 900
> > expire = 3600000
> > minimum = 3600
> > ADDITIONAL RECORDS:
> > ------------
> > *** Can't find bestwestern.no: No answer
> >
> > Here is a query on atc.no
> > ------------
> > QUESTIONS:
> > atc.no, type = A, class = IN
> > ANSWERS:
> > -> atc.no
> > internet address = 195.159.120.8
> > AUTHORITY RECORDS:
> > -> atc.no
> > nameserver = ns2.atc.no.
> > -> atc.no
> > nameserver = ns.atc.no.
> > ADDITIONAL RECORDS:
> > ------------
> > Non-authoritative answer:
> > Name: atc.no
> > Address: 195.159.120.8
> >
> > Strange enough, the query on atc.no works.
> > If any of you guys have any idea on how to solve this, please tell :)
>
> You need learn how to inteperate nslookups answers.
>
> "No answer" means that it got no answer that contained the
> type you were requesting.
>
> It returns a different message if it get no replies from
> the nameserver (No response from server).
>
> Mark
> >
> > - Savuud
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: How to query two forwarders, even if the first one gave a
negative
> Date: Wed, 22 Jan 2003 07:40:36 +1100
>
>
> >
> > Hi,
> >
> > my server is connected to the internet as well as to a company network.
> > The company network provides its own dns server that resolves local
> > names to their local ip addresses. My server is running bind9-9.1.3-252.
>
> BIND 9.1.3 is well passed its "use by" date.
> http://www.isc.org/products/BIND/bind-security.html
>
> > I put the companies dns server and the one from my ISP into the
> > forwarders option of the named.conf. Unfortunately bind does not query
> > the companies dns server after getting a negative answer from the ISPs
> > dns server.
> >
> > Do I have to set up a separate zone for the companies network? Or is
> > there an option to tell bind to query all the servers available in the
> > forwarders variable?
>
> You have to do selective forwarding. See zone type forward.
>
> Mark
> >
> > H. Faber
> >
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: upgrading bind
> Date: Wed, 22 Jan 2003 07:42:10 +1100
>
>
> >
> > Hi,
> >
> > I'm upgrading BIND 8 -> 9 in the master server.
>
> See doc/misc/migration.
>
> > Is it mandatory to upgrade in all slave servers?
> > They're all running BIND 8.
>
> No.
>
> > Thanks,
> > Pedro
> >
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 14:43:14 -0600
> From: Pete Ehlke <pde at ehlke.net>
> Subject: Re: DNS question from a network guy
>
>
> On Tue, Jan 21, 2003 at 03:26:38PM -0500, Kevin Darcy wrote:
> >
> > The decision of which nameserver to query is usually made on the basis
of
> > which nameserver has answered recent queries faster. Chances are, many
if not
> > most of the queries will be sent from nameservers which don't have a
good
> > "scoresheet" of response times from your nameservers, so this tends to
inject
> > a large random element into the nameserver-selection algorithm.
> >
> That's BIND's behaviour. Other implementations are known to randmly or
> pseudo-randomly query all the listed servers, to query all of them in
> parallel, and to query all of them in parallel the first time and latch
> on to the first one that responds, forsaking all the others.
>
> -Pete
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: DNS question from a network guy
> Date: Wed, 22 Jan 2003 07:48:21 +1100
>
>
> > I am not a DNS guru. I did search the archives first...
> >
> > If you have two or more records for a host, DNS will use round robin in
its
> > replies... What is the behavior if you delegate a domain, for instance
> > www.mydomain.com to two name servers?
> >
> > in the mydomain.com name server...
> >
> >
> > www in ns ns3.mydomain.com
> > in ns ns4.mydomain.com
> >
> > ns3 in a 192.168.1.10
> > ns4 in a 192.168.2.10
> >
> >
> > Thanks in advance for any help.
> >
> > David
>
> Well they will be handed out in the order specified in named.conf.
> The caching servers will use which ever nameserver that responds
> fastest. The rtt estimates will be computed as a side effect of
> normal query traffic.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: "King, Michael" <MKing at bridgew.edu>
> Subject: BIND Master, Win2k Slave problem
> Date: Tue, 21 Jan 2003 16:37:20 -0500
>
>
> Hi, first posting to the list, so please be gentle (Little confused as to
> which list I should use also):
>
> I've been trying to get our Win2k servers to be secondary (slaves) for our
> BIND 9.2.2rc1 master.
>
> Things have been a little hokey however.
>
> The following error has been showing up in my log.
>
> Jan 21 16:22:24 watson named[7024]: client 192.168.254.2#1234: transfer of
> '206.207.in-addr.arpa/IN': AXFR started
> Jan 21 16:22:27 watson named[7024]: socket.c:1100: unexpected error:
> Jan 21 16:22:27 watson named[7024]: internal_send: 192.168.254.2#1234:
> Connection reset by peer
> Jan 21 16:22:27 watson named[7024]: client 192.168.254.2#1234: transfer of
> '206.207.in-addr.arpa/IN': send: connection reset
>
> So it looks like the Windows 2000 DNS server has been hanging up on the
BIND
> machine when AXFR's happen, but IXFR's appear to be ok. The serial's are
> updating, and new records are getting added, just not the 2000 or so
> machines that haven't refreshed their lease on the DHCP Server, and are
> already in the zone.
>
> Attaching my config file below.
> Two additional questions about the below config file. The
Transfer-format,
> can Windows2000 support many-answers? (this was my first troubleshooting
> test. Second, if there is anything glaringly obvious wrong, don't be
afraid
> to chime out. I don't know any better.
>
> Mike
>
>
> options {
> transfer-format one-answer;
> pid-file "/var/named/named.pid";
> also-notify { 192.168.254.3; 192.168.254.2;};
> };
>
> key watson.bridgew.edu {
> Not shown, but it's there, and it works.
> };
>
> acl "transfer-list" {
> { 192.168.254.3; //Tinais1
> 192.168.254.2; //Tinais2
> };
> };
>
> zone "." {
> type hint;
> file "/etc/named/named.ca";
> };
>
> zone "reshall.bridgew.edu" {
> type master;
> file "/etc/named/master/reshall.bridgew.edu";
> allow-query {
> any;
> };
> allow-update { key watson.bridgew.edu; };
> allow-transfer {
> transfer-list;
> };
>
> };
>
> zone "168.192.in-addr.arpa" {
> type master;
> file "/etc/named/master/168.192.in-addr.arpa";
> allow-update {key watson.bridgew.edu; };
> allow-transfer {
> transfer-list;
> };
> allow-query {
> any;
> };
> };
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 16:46:41 -0500
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> Subject: Re: reverse delegating range of ip addresses
>
>
> Doug Barton wrote:
>
> > Kimo R. wrote:
> > > Hello,
> > >
> > > I have a class C 192.168.1.0/24. I would like to delegate a range
> > > 39-50. In 1.168.192.in-addr.arpa, I add
> > > $GENERATE 39-50 $ NS ns1.otherserver.com.
> > > $GENERATE 39-50 $ NS ns2.otherserver.com.
> >
> > This isn't exactly how this kind of thing is usually done. In order for
> > this to work the servers you're delegating to would have to have zones
> > for each one of those individual IP addresses. It would be easier to do
> > an RFC 2317 delegation. In the 1.168.192.in-addr.arpa zone you would do
> > this:
> >
> > $ORIGIN 1.168.192.in-addr.arpa.
> > 39-50 NS ns1.otherserver.com.
> > 39-50 NS ns2.otherserver.com.
> > $GENERATE 39-50 $ CNAME $.39-50
> >
> > Then the name servers you're delegating to just need one zone,
> > 39-50.1.168.192.in-addr.arpa.
>
> Well, for only 12 reverse names, it could go either way. I personally
> think that delegating each reverse name is a more logical,
> easy-to-understand way of doing "classless delegation" than RFC 2317-style
> aliasing, but of course the price to be paid is more delegations in the
> parent zone, and more zones to be defined/maintained on the delegated
> nameservers. At a certain point, these disadvantages outweigh the
> advantages, but different folks will put that "more-pain-than-gain" line
> in different places.
>
>
> - Kevin
>
>
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 16:47:55 -0500
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> Subject: Re: dns win2000 server, active directory
>
>
> "Frank W. Vans Evers" wrote:
>
> > I have installed server with AD and DNS all basic stuff, nothing fancy.
> > When I enter nslookup in the commnad window I do not resolve my DNS host
> > name. Everything seems to work but that one thing. What I am
overlooking?
>
> Is it a BIND nameserver that you have installed? This a BIND users list.
>
>
> - Kevin
>
>
>
>
> ------------------------------
>
> From: Rick Jones <foo at bar.baz.invalid>
> Subject: Re: bind performance woes on solaris
> Date: 21 Jan 2003 21:33:05 GMT
>
> Simon Waters <Simon at wretched.demon.co.uk> wrote:
> > One document down in the ftp server has Rick with a B1750 getting
> > over 7000 qps, and he isn't paid to make Solaris look good (although
> > I think we can trust his objectivity, he probably isn't as hot on
> > Solaris optimisation as he is on HP-UX).
>
> Nope, I'm not paid to make Solaris look good :) However, if I put-out
> really bogus stuff on the competitors it wouldn't do me much good.
> So, I have to put-in at least a little effort :) So, I make sure that
> the add-on NIC is in the most capable PCI slot, and I don't just
> compare with -g compilation on the competing box :)
>
> >
ftp://ftp.cup.hp.com/dist/networking/briefs/compet_dns_server_results.txt
>
> Typcially, when I am "hunting" for compiler options to use, I start
> with the closest SPECint disclosure, and often as not, take options
> from the NNN.gcc component as a starting point.
>
> rick jones
> --
> Wisdom Teeth are impacted, people are affected by the effects of events.
> these opinions are mine, all mine; HP might not want them anyway... :)
> feel free to post, OR email to raj in cup.hp.com but NOT BOTH...
>
> ------------------------------
>
> From: Rick Jones <foo at bar.baz.invalid>
> Subject: Re: bind performance woes on solaris
> Date: 21 Jan 2003 21:24:00 GMT
>
> Christoph Weber-Fahr <cwf-ml at arcor.de> wrote:
> > - there is an HP paper [4] putting achievable numbers
> > on Intel and HP hardware up to 8000/13000 rps for Bind9 and
> > Bind8 respectively
> > ...
> > [4]
> >
ftp://ftp.cup.hp.com/dist/networking/briefs/cc3300_dns_server_results.txt
>
> Under the base (?) URL, there is also a "compet" DNS serer paper that
> has some numberf from a 280 IIRC.
>
> Also, I have stumbled across what was probably obvious to some others,
> that the number of authoritative servers for a domain may have an
> effect on the perf of a caching-only server. That has led to my
> updating the DNS server papers for the lp2000r (lp2kr_) and the j6700
> to show the delta on the same named binary from before and after a
> change in the HP DNS infrastructure. Makes drawing comparisons to
> some of the older writeups (such as the compet one) a bit more
> difficult. Sigh. What I get for being lazy and just drafting off of
> the in-place infrastructure :)
>
> rick jones
> --
> these opinions are mine, all mine; HP might not want them anyway... :)
> feel free to post, OR email to raj in cup.hp.com but NOT BOTH...
>
> ------------------------------
>
> From: "William Stacey" <staceyw at mvps.org>
> Subject: Re: dns win2000 server, active directory
> Date: Tue, 21 Jan 2003 16:50:41 -0500
>
> ask this at microsoft.public.win2000.dns.
>
> -- wjs
>
> "Frank W. Vans Evers" <fvansev1 at tampabay.rr.com> wrote in message
> news:b0k26c$1url$1 at isrv4.isc.org...
> > I have installed server with AD and DNS all basic stuff, nothing fancy.
> > When I enter nslookup in the commnad window I do not resolve my DNS host
> > name. Everything seems to work but that one thing. What I am
> overlooking?
> >
> > TIA
> >
> > /s/ Frank W. Vans Evers
> > fvansev1 at tampabay.rr.com
> >
> >
>
>
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 14:43:30 -0800 (PST)
> From: Doug Barton <DougB at DougBarton.net>
> Subject: Re: reverse delegating range of ip addresses
>
>
> On Tue, 21 Jan 2003, Kevin Darcy wrote:
>
> > Doug Barton wrote:
> > >
> > > $ORIGIN 1.168.192.in-addr.arpa.
> > > 39-50 NS ns1.otherserver.com.
> > > 39-50 NS ns2.otherserver.com.
> > > $GENERATE 39-50 $ CNAME $.39-50
> > >
> > > Then the name servers you're delegating to just need one zone,
> > > 39-50.1.168.192.in-addr.arpa.
> >
> > Well, for only 12 reverse names, it could go either way. I personally
> > think that delegating each reverse name is a more logical,
> > easy-to-understand way of doing "classless delegation" than RFC
2317-style
> > aliasing, but of course the price to be paid is more delegations in the
> > parent zone, and more zones to be defined/maintained on the delegated
> > nameservers. At a certain point, these disadvantages outweigh the
> > advantages, but different folks will put that "more-pain-than-gain" line
> > in different places.
>
> Agreed, but since the original poster was missing the forest for the
> delegation trees, I thought another way of looking at it might help. Not
> to mention, when I first started doing rfc 2317 delegations I also found
> them cumbersome and difficult to understand, but now that I've done dozens
> of them over the years (and taught several of our ISP's how to do them
> properly), they seem quite "natural" to me.
>
> Each to his own,
>
> Doug
>
> --
> "We have known freedom's price. We have shown freedom's power.
> And in this great conflict, ... we will see freedom's victory."
> - George W. Bush, President of the United States
> State of the Union, January 28, 2002
>
> Do YOU Yahoo!?
>
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: failed while receiving responses: unexpected message id
> Date: Wed, 22 Jan 2003 09:44:21 +1100
>
>
> >
> > Hi,
> > I have a prob with a bind version 9.2.
>
> No such beastie. 9.2 is as collection of versions.
> Was that 9.2.0, 9.2.1 or 9.2.2rc1?
>
> > With some zones I always get the message
> > "failed while receiving responses: unexpected message id".
> > I can do a dig axfr and look in the zone. I can't see any prob.
> >
> > Anybody know this problem and can tell me a way to fix it?
> > Or can give me a little hint, how I can load the zones anyway?
> >
> > ~Patrick
>
> The master server is not putting the correct id in the
> message headers in the response. Depending upon which
> version of dig you are using it may not be checking them.
>
> The SOA and IXFR responses MUST have the correct id. The
> first message of the AXFR response MUST have the correct id.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 17:48:37 -0500
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> Subject: Re: Question
>
>
> Brett wrote:
>
> > I fully admit I haven't done much research in to this, but in thise case
I'm
> > not quite sure what I should be looking at.
> >
> > I'm having some issues with DNS at the moment. My DNS setup is slightly
> > wrong (primary and secordary points to the same system, though different
IP
> > addrs, this will change eventually...). For the most part it works
because
> > the DNS is retried multiple times, however what would cause the
following:
> >
> > > forums.ws
> > Server: UnKnown
> > Address: 192.168.0.1
> >
> > DNS request timed out.
> > timeout was 2 seconds.
> > *** Request to UnKnown timed-out
> > > forums.ws
> > Server: UnKnown
> > Address: 192.168.0.1
> >
> > Name: forums.ws
> > Address: 66.11.167.33
> >
> > > forums.ws
> > Server: UnKnown
> > Address: 192.168.0.1
> >
> > DNS request timed out.
> > timeout was 2 seconds.
> > *** Request to UnKnown timed-out
> > > forums.ws
> > Server: UnKnown
> > Address: 192.168.0.1
> >
> > DNS request timed out.
> > timeout was 2 seconds.
> > *** Request to UnKnown timed-out
> > > forums.ws
> > Server: UnKnown
> > Address: 192.168.0.1
> >
> > Name: forums.ws
> > Address: 66.11.167.33
> >
> > etc etc etc. for other sites the DNS seems to be much better. Seems like
a
> > lot of time outs to me. And some implementations of SMTP (i.e. whatever
the
> > heck hotmail uses in the backend) gives up too quickly and dumps the
e-mail.
>
> Well, you haven't really given us a lot of information to go on here. How
is
> your nameserver configured to resolve Internet names? Does it use
forwarding?
> Do the queries have to traverse a firewall? How fast and reliable is your
> network connection, and particularly your connectivity to the forums.ws
> nameservers? How much capacity do you have on your nameserver? If you're
> running on a multiprocessor box, are you running a multi-threading capable
> version (9) of BIND? Do you have enough RAM? How busy is the box answering
> queries?
>
> The only thing out of the ordinary I notice about the forums.ws domain is
that,
> although the domain is delegated to 2 nameservers, only 1 of those is
published
> in the NS records, so that one nameserver is going to get the lion's share
of
> the queries, and if it happens to get bogged down from time to time,
queries
> will time out.
>
>
> - Kevin
>
>
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: no more TCP clients: quota reached
> Date: Wed, 22 Jan 2003 09:54:01 +1100
>
>
> > We have been running BIND 9.2.1 for many months with no
> > problem at all when we suddenly started getting
> > messages in the log of the format shown in the subject line.
> >
> > Shortly after that, the named process died. After
> > restarting it, all is well again. What quota was exceeded? Bind
> > was extremely busy at the time. I think we have been running
> > this version of bind since last June and this is the first time
> > it has just died on its own.
> >
> > It is one good piece of software, but something went
> > wrong today.
>
> If you hunt around in the logs you should see a INSIST
> failure from line 68 of quota.c.
>
> Upgrade to 9.2.2rc1.
>
> >
> > Martin McCormick WB5AGZ Stillwater, OK
> > OSU Center for Computing and Information Services Network Operations
Group
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: rob at c-people.com (Robert Pye)
> Subject: How many public DNS servers are there on the web?
> Date: 21 Jan 2003 14:14:09 -0800
>
>
>
> I've been trying to find out (with little success do far, how many
> public DNS servers are there on the web?
>
> Can someone please help?
>
> Many thanks,
>
> Rob Pye
> rob at c-people.com
>
> ------------------------------
>
> From: "William Stacey" <staceyw at mvps.org>
> Subject: Re: DNS question from a network guy
> Date: Tue, 21 Jan 2003 17:01:36 -0500
>
> <Mark_Andrews at isc.org> wrote in message
news:b0kc1p$2ecg$1 at isrv4.isc.org...
> >
> > > I am not a DNS guru. I did search the archives first...
> > >
> > > If you have two or more records for a host, DNS will use round robin
in
> its
> > > replies... What is the behavior if you delegate a domain, for instance
> > > www.mydomain.com to two name servers?
> > >
> > > in the mydomain.com name server...
> > >
> > >
> > > www in ns ns3.mydomain.com
> ...
> > Well they will be handed out in the order specified in named.conf.
> > The caching servers will use which ever nameserver that responds
> > fastest. The rtt estimates will be computed as a side effect of
> > normal query traffic.
> >
> > Mark
>
> Don't all NSs get a random RTT below anything that would occur in normal
> operation. This way, all NSs will eventually be used and have an actual
RTT
> calculated. The lowest RTT will be used first. Is this still correct?
If
> so, I assume round-robin or subnet sorting would have no effect on NS
> selection? tia
>
> -- wjs
>
>
>
> ------------------------------
>
> Date: Tue, 21 Jan 2003 18:58:38 -0500
> From: Danny Mayer <mayer at gis.net>
> Subject: Re: dns win2000 server, active directory
>
>
> At 11:35 AM 1/21/03, Frank W. Vans Evers wrote:
> >I have installed server with AD and DNS all basic stuff, nothing fancy.
> >When I enter nslookup in the commnad window I do not resolve my DNS host
> >name. Everything seems to work but that one thing. What I am
overlooking?
>
> That this is the BIND newsgroup and not the Microsoft newsgroup.
>
> Danny
>
> >TIA
> >
> >/s/ Frank W. Vans Evers
> >fvansev1 at tampabay.rr.com
>
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: How many public DNS servers are there on the web?
> Date: Wed, 22 Jan 2003 11:35:31 +1100
>
>
> > I've been trying to find out (with little success do far, how many
> > public DNS servers are there on the web?
> >
> > Can someone please help?
>
> Every nameserver listed in the public DNS is a public server
> as it is offering data to the public. If it doesn't allow
> public access it shouldn't be listed. There are literally
> millions of these servers scattered around the world.
>
> On top of that there are servers that allow recursive
> services to the world. Again there are millions of these
> but there is no formal list. Note just because they allow
> it doen't mean they want random people using there servers.
>
> Your ISP should have resursive servers for you to use or
> you can setup your own recursive servers. There should be
> no need to look other resursive servers.
>
> Mark
>
> > Many thanks,
> >
> > Rob Pye
> > rob at c-people.com
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: DNS question from a network guy
> Date: Wed, 22 Jan 2003 11:55:02 +1100
>
>
> > <Mark_Andrews at isc.org> wrote in message
news:b0kc1p$2ecg$1 at isrv4.isc.org...
> > >
> > > > I am not a DNS guru. I did search the archives first...
> > > >
> > > > If you have two or more records for a host, DNS will use round robin
in
> > its
> > > > replies... What is the behavior if you delegate a domain, for
instance
> > > > www.mydomain.com to two name servers?
> > > >
> > > > in the mydomain.com name server...
> > > >
> > > >
> > > > www in ns ns3.mydomain.com
> > ...
> > > Well they will be handed out in the order specified in named.conf.
> > > The caching servers will use which ever nameserver that responds
> > > fastest. The rtt estimates will be computed as a side effect of
> > > normal query traffic.
> > >
> > > Mark
> >
> > Don't all NSs get a random RTT below anything that would occur in normal
> > operation. This way, all NSs will eventually be used and have an actual
RTT
> > calculated. The lowest RTT will be used first. Is this still correct?
If
> > so, I assume round-robin or subnet sorting would have no effect on NS
> > selection? tia
>
> BIND 8 uses bands 64 ms wide with the first band being
> 32 ms wide, topology is a second order effect.
>
> BIND 9 just uses the rtt estimate.
>
> RTT estimates of unused servers drop on each query which
> eventually causes named to try them.
>
> RTT estimates of server that fail to respond are raised
> reducing the probability of the server being used first for
> the next query.
>
> RTT estimates of the current server is adjusted based on
> current RTT and previous RTTs.
>
> Unless you are measuring at cpu rates there are no RTT
> estimates that cannot occur including zero. Sub milli-
> second RTT are possible as are sub microsecond RTTs. RTT
> is normally measures in milliseconds as that best fits speed
> of light around the world. It can also cope with multi second
> RTT responses that occur with some nameservers.
>
> Mark
>
> > -- wjs
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: alii at paul.rutgers.edu (Syed Ali)
> Subject: Logging Name Queries and Forwarding
> Date: 21 Jan 2003 16:19:03 -0800
>
>
>
> Hello,
>
> I would like our name server, BIND v9.2.2rc1 running on Solaris 8, to
> log all name query requests and forward them to another name server.
> Any help on how to set this up would be appreciated.
>
> I know how to setup a forwarder, however if I understand correctly, a
> name server will only forward queries for zones for which is it not
> authoritative. I would like my name server to forward requests even
> for the zone for which is it authoritative, i.e., any query at all,
> and I would like the bind server to log all requests.
>
> Basically I am retiring a DNS server and want to forward all queries
> to the new DNS server, so that I can catch those users who have not
> updated their DNS server entries to point to the new server and
> continue using the old one. This way their queries still get resolved
> and I find out who they are so I can contact them and ask them to
> change their DNS server entries, thereby causing the least amount of
> disruption.
>
> Thank you!
>
> ------------------------------
>
> From: gary.smith at primeexalia.com (Gary Smith)
> Subject: DNS slave to pull multiple primaries
> Date: 21 Jan 2003 15:55:45 -0800
>
>
>
> We have a few front end DNS servers on our DMZ that pull the selected
> zones from an internal DNS server. The zones they pull are dom1.com,
> dom2.com, dom3.com, etc.
>
> Because we have over 500 domains in our list we would like to just
> have the front end DNS server slave all of the domains housed by the
> backend dns server. Is there a simple way of doing this? I know that
> I can create a master named.conf file for all of the slave servers and
> just distribute but even then it is possible to get typos.
>
> Any ideas? Any suggestions?
>
> Thanks in advance,
>
> Gary Smith
>
> ------------------------------
>
> From: stewart.james+google at vu.edu.au (Stewart James)
> Subject: What an authorative nameserver is down?
> Date: 21 Jan 2003 16:57:44 -0800
>
>
>
> Hi,
>
> I have never come accross this problem before but have experienced it
> twice in a week, so I thought I would ask.
>
> I recently took a complaint from a user that they could not connect to
> a website. I looked into this, and the issue was one of the domains
> name servers was down.
>
> I honestly thought that in that situation my nameserver should list
> that server as "unavailable" for a little while and check any of the
> other name servers for the domain it was looking up. This behaviour
> was not occuring, and it meant that people using my DNS server could
> not get to anything inside that domain.
>
>
> I running Debian woody, with 8.3.3 supplied by Debian.
>
> WHat is the ocrrent behaviour for bind if someones nameserver is down?
>
> Thanks,
>
> Stewart James
>
> ------------------------------
>
> From: "Abdul Aziz" <nawaa at hotmail.com>
> Subject: Action in case of RR not found
> Date: Wed, 22 Jan 2003 06:17:36 +0500
>
>
>
>
> Hi,
>
> I was trying to modify the BIND code a bit, to change the way it resolves
an
> address. For my experimentation i need to change the behavior of the DNS
> server when it fails to resolve the query. Instead of sending back a
> negative response, i want it to perform few extra steps e.g. consult a
> separate database etc, before sending the negative repsonse.
>
> Can any body help me with poiting out the exact file and place where this
> modifcation should be done.
>
> Thanks,
> Abdul Aziz
>
>
>
>
> _________________________________________________________________
> Add photos to your messages with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail
>
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: What an authorative nameserver is down?
> Date: Wed, 22 Jan 2003 12:28:38 +1100
>
>
> >
> > Hi,
> >
> > I have never come accross this problem before but have experienced it
> > twice in a week, so I thought I would ask.
> >
> > I recently took a complaint from a user that they could not connect to
> > a website. I looked into this, and the issue was one of the domains
> > name servers was down.
> >
> > I honestly thought that in that situation my nameserver should list
> > that server as "unavailable" for a little while and check any of the
> > other name servers for the domain it was looking up. This behaviour
> > was not occuring, and it meant that people using my DNS server could
> > not get to anything inside that domain.
> >
> > I running Debian woody, with 8.3.3 supplied by Debian.
> >
> > WHat is the ocrrent behaviour for bind if someones nameserver is down?
> >
> > Thanks,
> >
> > Stewart James
>
> It will try the other servers. If you want further help you need
> to supply details like the domain name. Which servers were down
> etc.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: Mark_Andrews at isc.org
> Subject: Re: Logging Name Queries and Forwarding
> Date: Wed, 22 Jan 2003 12:47:21 +1100
>
>
> > Hello,
> >
> > I would like our name server, BIND v9.2.2rc1 running on Solaris 8, to
> > log all name query requests and forward them to another name server.
> > Any help on how to set this up would be appreciated.
> >
> > I know how to setup a forwarder, however if I understand correctly, a
> > name server will only forward queries for zones for which is it not
> > authoritative. I would like my name server to forward requests even
> > for the zone for which is it authoritative, i.e., any query at all,
> > and I would like the bind server to log all requests.
> >
> > Basically I am retiring a DNS server and want to forward all queries
> > to the new DNS server, so that I can catch those users who have not
> > updated their DNS server entries to point to the new server and
> > continue using the old one. This way their queries still get resolved
> > and I find out who they are so I can contact them and ask them to
> > change their DNS server entries, thereby causing the least amount of
> > disruption.
> >
> > Thank you!
>
> Setup the new server preserving the serial number sequences
> for the zones the old server was master for. Make the old
> server a slave of the new server this will allow slaves of
> the old server to get up to date copies of the zones. Remove
> any NS references to the old server. Turn on query logging.
> Once the TTLs expire the only thing going to the old server
> should be traffic from hardcoded addresses (resolv.conf /
> named.conf / named.boot).
>
> The non-recursive queries will mainly be from slaves that need to
> be updated. The recursive queries will be from machines that
> need resolv.conf to be updated or need long running programs to be
> restarted (e.g. sendmail).
>
> Once you have fixed up all the old slaves you can just make
> named a caching server by removing the zone definitions.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
> ------------------------------
>
> From: mlbwong at yahoo.com (Perry811)
> Subject: Dynamic Update
> Date: 21 Jan 2003 17:29:45 -0800
>
>
>
> Is there a way to block dynamic update from outside of our hosted IP
> range? Is dynamic update using same set of tcp/udp 53 for updating
> master dns server?
>
> any help will be appreciated.
>
> ------------------------------
>
> From: "SJS" <alessan616 at hotmail.com>
> Subject: DNS a website
> Date: Wed, 22 Jan 2003 03:42:06 GMT
>
> We have a cable modem and I am forwarding some ports to out internal nic
> 192.168.1.4 which will be our internet and mail server. I have DNS
installed
> and looks like it is working. I told NETSOL to point to our DNS server. Do
I
> need to put anything in DNS to tell it out MAIL and WWW server is
> 192.168.1.4 or do I not need to? Thanks
>
>
> ------------------------------
>
> From: "Brett" <tempacc0302 at hostedscripts.com>
> Subject: Re: Question
> Date: Tue, 21 Jan 2003 23:52:19 -0500
>
>
> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:b0kj2l$34n7$1 at isrv4.isc.org...
> >
> > Brett wrote:
> >
> > > I fully admit I haven't done much research in to this, but in thise
case
> I'm
> > > not quite sure what I should be looking at.
> > >
> > > I'm having some issues with DNS at the moment. My DNS setup is
slightly
> > > wrong (primary and secordary points to the same system, though
different
> IP
> > > addrs, this will change eventually...). For the most part it works
> because
> > > the DNS is retried multiple times, however what would cause the
> following:
> > >
> > > > forums.ws
> > > Server: UnKnown
> > > Address: 192.168.0.1
> > >
> > > DNS request timed out.
> > > timeout was 2 seconds.
> > > *** Request to UnKnown timed-out
> > > > forums.ws
> > > Server: UnKnown
> > > Address: 192.168.0.1
> > >
> > > Name: forums.ws
> > > Address: 66.11.167.33
> > >
> > > > forums.ws
> > > Server: UnKnown
> > > Address: 192.168.0.1
> > >
> > > DNS request timed out.
> > > timeout was 2 seconds.
> > > *** Request to UnKnown timed-out
> > > > forums.ws
> > > Server: UnKnown
> > > Address: 192.168.0.1
> > >
> > > DNS request timed out.
> > > timeout was 2 seconds.
> > > *** Request to UnKnown timed-out
> > > > forums.ws
> > > Server: UnKnown
> > > Address: 192.168.0.1
> > >
> > > Name: forums.ws
> > > Address: 66.11.167.33
> > >
> > > etc etc etc. for other sites the DNS seems to be much better. Seems
like
> a
> > > lot of time outs to me. And some implementations of SMTP (i.e.
whatever
> the
> > > heck hotmail uses in the backend) gives up too quickly and dumps the
> e-mail.
> >
> > Well, you haven't really given us a lot of information to go on here.
How
> is
> > your nameserver configured to resolve Internet names? Does it use
> forwarding?
> > Do the queries have to traverse a firewall? How fast and reliable is
your
> > network connection, and particularly your connectivity to the forums.ws
> > nameservers? How much capacity do you have on your nameserver? If you're
>
> The server itself is in a telecom building in downtown toronto with a
pretty
> good connection. Generally ping replies are 20ms off hours and 80ms
durring
> peak hours.
>
> > running on a multiprocessor box, are you running a multi-threading
capable
> > version (9) of BIND? Do you have enough RAM? How busy is the box
answering
> > queries?
>
> Very few at the moment. 512MB ram.
>
> >
> > The only thing out of the ordinary I notice about the forums.ws domain
is
> that,
> > although the domain is delegated to 2 nameservers, only 1 of those is
> published
> > in the NS records, so that one nameserver is going to get the lion's
share
> of
> > the queries, and if it happens to get bogged down from time to time,
> queries
> > will time out.
>
> It is the same box at the moment. It's very log traffic....
>
> 11:49pm up 19 days, 11:19, 1 user, load average: 0.09, 0.04, 0.01
> RX bytes:349699071 (333.4 Mb) TX bytes:134219138 (128.0 Mb)
> Mem: 512900K av, 471988K used, 40912K free, 0K shrd, 120016K
> buff
> Swap: 1044216K av, 0K used, 1044216K free 274364K
> cached
>
>
> >
> >
> > - Kevin
> >
> >
> >
>
>
>
> ------------------------------
>
> End of bind-users Digest V5 #20
> *******************************
>
More information about the bind-users
mailing list