f



Re: BIND 8.2.7 master ixfr to 9.2.2 slave #4

At 1:59 PM -0400 2005-05-04, Mike Mitchell wrote:

>  About once a day I have a BIND 9.2.2 slave truncate a zone after an IXFR
>  from a BIND 8 master.  The packet trace shows the master sending an IXFR
>  response containing only two SOA records.

	Don't use IXFR with BIND-8.  The code changed multiple times, and 
was always not-quite-there.  Use AXFR, or some other means to get the 
information transmitted.  Or upgrade to BIND-9, where IXFR was 
finally made to work right.

-- 
Brad Knowles, <brad@stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.


0
Brad
5/5/2005 1:01:34 AM
comp.protocols.dns.bind 16245 articles. 1 followers. Post Follow

0 Replies
682 Views

Similar Articles

[PageSpeed] 21

Reply:

Similar Artilces:

Re: BIND 8.2.7 master ixfr to 9.2.2 slave #2
Mayer () gis ! Net writes: > Don't use IXFR on BIND 8. It never quite worked right and it got > rewritten > 3 times. It works correctly in BIND 9. > Danny That response is similar to Patient: Doctor, it hurts when I do this. Doctor: Don't do it. I'll admit that their might be bugs in BIND 8's implementation of IXFR, but they shouldn't cause BIND 9 to blow away it's zone information. This smells like a small bug in BIND 8 tickling a large bug in BIND 9. I've diff'd the bin/named/ns_ixfr.c and bin/named/ns_xfr.c code between 8.2.7 and 8.4.6 and the only change of significance I saw was the code sequence "db_freedata(rp->r_dp); rp->r_dp =3D NULL;" in 8.2.7 was replaced in 8.4.6 with "db_detach(&rp->r_dp);". "db_detach()" maintains a reference count to the data and calls "db_freedata()" when the count reaches zero. It also sets the pointer to NULL, so it's equivalent to the old "db_freedata(rp->rdp); rp->rdp =3D NULL;" sequence. The other changes are minor portability changes and support for IPv6, With the exception of the bug fix for bug #1490. That bug fix (which I wrote) only affects truncating the IXFR log when it exceeds maximum size, not responding to IXFR requests. It looks to me like the bug in 8.2.7 (if there is one) is still present in 8.4.6, and would therefore affect bind 9.2.2 slaves. My question is if th...

RE: BIND 8.2.7 master ixfr to 9.2.2 slave #7
At 5:50 PM -0400 2005-05-05, Mike Mitchell wrote: > According to Cricket Liu, IXFR has been supported in BIND 8 > since 8.2.2. See > http://www.fruug.org/Archive/2000-05/bind_822.pdf I am familiar with the features that were supposed to be present in BIND-8 -- I was a technical reviewer of his book. > if you don't believe me. If IXFR is so broken in BIND 8, > why is the code still present in 8.4.6? Why isn't it > at least ifdef'd out so it's not an option? You'd have to ask the people at ISC. My belief is that the code should be completely removed. > Why is the answer "don't do that" instead of "hmm.. Lets > see if we can fix the bug"? Because fixing the bug took a complete rewrite of all of BIND to get it to work correctly for BIND-9, and they've been trying to fix it for *YEARS* under BIND-8, and still haven't gotten it to work correctly. -- Brad Knowles, <brad@stop.mail-abuse.org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info. ...

RE: BIND 8.2.7 master ixfr to 9.2.2 slave #8
Due to circumstances beyond my control I cannot use BIND 9 until it supports the "fixed" rrset-order. Until that time BIND 9 is useless to me. In fact, it's worse than useless, because another administrative group insists on running BIND 9 and it doesn't play well with BIND 8. I set up my master BIND 8 server with two network interfaces. The slaves are configured to use IXFR on the primary interface, and AXFR on the secondary interface. That way if the IXFR fails AXFR is used immediately and the zone is transferred. I implemented this several years ago and hadn't had a problem until BIND 9 was brought into the mix. BIND 9.2.5 seems to work with BIND 8, but earlier versions don't. It's probably because of this Bug-fix: 1722. [bug] Don't commit the journal on malformed ixfr streams. [RT #12519] ISC's download page for 9.2.5 (released March 2005) shows about 30 upcoming fixes. The download page for 8.4.6 (released January 2005) shows about 20 upcoming fixes. That doesn't look like dead code to me. -----Original Message----- From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On = Behalf Of Jim Reid Sent: Friday, May 06, 2005 3:19 AM To: Mike Mitchell Cc: Brad Knowles; bind-users@isc.org Subject: Re: BIND 8.2.7 master ixfr to 9.2.2 slave=20 >>>>> "Mike" =3D=3D Mike Mitchell <Mike.Mitchell@sas.com> writes: Mike...

Re: BIND 8.2.7 master ixfr to 9.2.2 slave
----- Original Message Follows ----- > I have a BIND 8.2.7 master supplied by a third party (MetaInfo). It > is feeding zones to a 9.2.2 slave. Occasionally the 9.2.2 system will > complain about missing NS records for a zone and I have to delete the > zone file from the slave and restart the nameserver. An AXFR from the > 9.2.2 system shows a zone with an SOA and one or two other records, > when it should contain a hundred or so records. After deleting the > zone file and restarting 9.2.2, the AXFR shows the correct > information. > > I have a packet trace where the 9.2.2 system performs an IXFR query. > The answer section from the 8.2.7 system only contains two identical > SOA records, with serial numbers one more than the query contained. > Immediately after the response the 9.2.2 system complains about the > zone missing NS records and I have to restart the nameserver. > > It is probably an error that the 8.2.7 system sends two identical SOA > records, but the 9.2.2 system shouldn't truncate the zone. I can't > upgrade the 8.2.7 system because it's supplied by MetaInfo. I can > upgrade the 9.2.2 systems. Was this bug fixed in 9.2.5? I found this > in the CHANGES file: > > 1722. [bug] Don't commit the journal on malformed ixfr > streams. > [RT #12519] > > Has anyone seen anything similar? > > Mike...

BIND 8.2.7 master ixfr to 9.2.2 slave #2
> I have a BIND 8.2.7 master supplied by a third party (MetaInfo). > It is feeding zones to a 9.2.2 slave. Occasionally the 9.2.2 > System will complain about missing NS records for a zone and I > have to delete the zone file from the slave and restart the > nameserver. An AXFR from the 9.2.2 system shows a zone with an > SOA and one or two other records, when it should contain a > hundred or so records. After deleting the zone file and > restarting 9.2.2, the AXFR shows the correct information. >=20 > I have a packet trace where the 9.2.2 system performs an IXFR > query. The answer section from the 8.2.7 system only contains > two identical SOA records, with serial numbers one more than the > query contained. Immediately after the response the 9.2.2 > system complains about the zone missing NS records and I have to > restart the nameserver. >=20 > It is probably an error that the 8.2.7 system sends two identical > SOA records, but the 9.2.2 system shouldn't truncate the zone. I > can't upgrade the 8.2.7 system because it's supplied by MetaInfo. > I can upgrade the 9.2.2 systems. Was this bug fixed in 9.2.5? I > found this in the CHANGES file: >=20 > 1722. [bug] Don't commit the journal on malformed ixfr = streams. > [RT #12519] >=20 > Has anyone seen anything similar? >=20 > Mike Mitchell > Mike.Mitche...

Re: BIND 8.2.7 master ixfr to 9.2.2 slave #3
About once a day I have a BIND 9.2.2 slave truncate a zone after an IXFR from a BIND 8 master. The packet trace shows the master sending an IXFR response containing only two SOA records. The SOA records are = identical, with serial numbers one more than the IXFR request. I found this in RFC 1995: 4. Response Format If incremental zone transfer is not available, the entire zone is returned. The first and the last RR of the response is the SOA record of the zone. I.e. the behavior is the same as an AXFR response except the query type is IXFR. I read this to indicate that two SOA records in a row would be an empty zone, so it makes sense that BIND 9 is truncating the zone. This points the finger back at BIND 8. I haven't found the root cause of the = problem in BIND 8, but I have developed a patch against BIND 8.4.6 that aborts the query instead of sending a two-SOA response. Could someone look at the patch and let me know if it's the right approach? I have it in testing now but it takes some time before the two-SOA response is triggered.=20 Here's a unified diff against BIND 8.4.6: --- src/bin/named/ns_ixfr.c.orig 2003-11-23 18:43:35.000000000 -0500 +++ src/bin/named/ns_ixfr.c 2005-05-04 11:38:22.000000000 -0400 @@ -189,7 +189,7 @@ struct databuf *old_soadp; ns_delta *dp; ns_updrec *rp; - int foundsoa; + int foundsoa, foundother; =20 zp =3D &zones[qsp->xfr.zone]; soa_dp ...

RE: BIND 8.2.7 master ixfr to 9.2.2 slave #5
I'd love to upgrade to BIND-9, but BIND-9 doesn't support rrset-order { class IN type A name "sas.com" order fixed; }; According to Cricket Liu, IXFR has been supported in BIND 8 since 8.2.2. See=20 http://www.fruug.org/Archive/2000-05/bind_822.pdf if you don't believe me. If IXFR is so broken in BIND 8, why is the code still present in 8.4.6? Why isn't it at least ifdef'd out so it's not an option? Why is the answer "don't do that" instead of "hmm.. Lets see if we can fix the bug"? Mike Mitchell -----Original Message----- From: Brad Knowles [mailto:brad@stop.mail-abuse.org]=20 Sent: Wednesday, May 04, 2005 9:02 PM To: Mike Mitchell Cc: bind-users@isc.org Subject: Re: BIND 8.2.7 master ixfr to 9.2.2 slave At 1:59 PM -0400 2005-05-04, Mike Mitchell wrote: > About once a day I have a BIND 9.2.2 slave truncate a zone after an = IXFR > from a BIND 8 master. The packet trace shows the master sending an = IXFR > response containing only two SOA records. Don't use IXFR with BIND-8. The code changed multiple times, and=20 was always not-quite-there. Use AXFR, or some other means to get the=20 information transmitted. Or upgrade to BIND-9, where IXFR was=20 finally made to work right. --=20 Brad Knowles, <brad@stop.mail-abuse.org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor S...

Re: BIND 8.2.7 master ixfr to 9.2.2 slave #6
>>>>> "Mike" == Mike Mitchell <Mike.Mitchell@sas.com> writes: Mike> Why is the answer "don't do that" instead of "hmm.. Lets see Mike> if we can fix the bug"? Because BIND8 is pretty much dead code. ...

Re: Can I have a HPUX bind 4.9.7 slaved to a Solaris bind 9.2.2 master ?
>>>>> "Terry" == Terry Pike <terry.j.pike@gsk.com> writes: Terry> I have a HPUX bind 4.9.7 master server that I want to Terry> convert to a slave server. I want to create a new master Terry> on Solaris bind 9.2.2. Terry> Question: will the V4.9.7 server accept zone transfers from Terry> V9.2.2 ?? Of course. Why shouldn't it? The zone transfer protocol hasn't changed. However BIND9 by default tries a more efficient data transfer scheme that long-dead stuff like BIND4 doesn't understand. This behaviour ...

BIND 8.2.7 master ixfr to 9.2.2 slave
I have a BIND 8.2.7 master supplied by a third party (MetaInfo). It is feeding zones to a 9.2.2 slave. Occasionally the 9.2.2 system will = complain about missing NS records for a zone and I have to delete the zone file = from the slave and restart the nameserver. An AXFR from the 9.2.2 system = shows a zone with an SOA and one or two other records, when it should contain = a hundred or so records. After deleting the zone file and restarting = 9.2.2, the AXFR shows the correct information. I have a packet trace where the 9.2.2 system performs an IXFR query. = The answer section from the 8.2.7 system only contains two identical SOA = records, with serial numbers one more than the query contained. Immediately = after the response the 9.2.2 system complains about the zone missing NS = records and I have to restart the nameserver. It is probably an error that the 8.2.7 system sends two identical SOA = records, but the 9.2.2 system shouldn't truncate the zone. I can't upgrade the = 8.2.7 system because it's supplied by MetaInfo. I can upgrade the 9.2.2 = systems. Was this bug fixed in 9.2.5? I found this in the CHANGES file: 1722. [bug] Don't commit the journal on malformed ixfr = streams. [RT #12519] Has anyone seen anything similar? Mike Mitchell Mike.Mitchell@sas.com ...

Can I have a HPUX bind 4.9.7 slaved to a Solaris bind 9.2.2 master ?
I have a HPUX bind 4.9.7 master server that I want to convert to a slave server. I want to create a new master on Solaris bind 9.2.2. Question: will the V4.9.7 server accept zone transfers from V9.2.2 ?? Terry Pike <terry.j.pike@gsk.com> wrote: > I have a HPUX bind 4.9.7 master server that I want to convert to a > slave server. I want to create a new master on Solaris bind 9.2.2. > Question: will the V4.9.7 server accept zone transfers from V9.2.2 ?? A better question : why don't you upgrade to bind 9.2.3 ? -- Peter H�kanson IPSec...

Bind 9.2.4 slaving problem [bind 9.2.1 and bind 8.3.3]
Greetings. I have a master name server running BIND 9.2.1 [Debian Woody - server not available on the Internet] and a slave server running bind 9.2.4 [Debian Sarge - not currently available on the Internet] and two others running bind 8.3.3 [Debian Woody - on the Internet]. The 9.2.1 is a master for all the others to slave from. I have an entry in a zone defined on the master as the following: > $ORIGIN example.com. > spamhaus-datafeed IN NS local-rbl-a > spamhaus-datafeed IN NS local-rbl-b When I issue the following command: #> host -t nx spamhaus-datafeed.example.com 127.0.0.1 on the master server OR the BIND 8.3.3 servers I get an answer pointing me in the right direction. On the Sarge 9.2.4 however I get a: "Host spamhaus-datafeed.example.com not found: 2(SERVFAIL)" error. I can see the records in the local db file on all machines. The 8.3.3 machines are a little more verbose in that they list the TTL for each record, the 'IN' record qualifier and a fully qualified hostname at the end of the record [ex. local-rbl-a.example.com.]. The 9.2.4 machine simply lists a record without the TTL, without the 'IN' qualifier, and without the $ORIGIN on the hostname at the end of the record [ex. local-rbl-a]. I have looked through the DNS and BIND book from O'Reilly but it has not led me to anything helpful. The closest I've come to finding something referring to this issue is...

Re: Performance of Bind 9.2.3 vs BIND 4.8.3 #2
>>>>> "nishant" == nishant <nishant80@gmail.com> writes: nishant> But still i need to show that 'performance' wise BIND 9 nishant> is better than BIND 4. My previous posting did that. nishant> Can u please help me in deciding what kind of tests nishant> should i really be doing to show that BIND 9 'performs' nishant> better (or much better, as you say) than BIND 4? Look, stop wasting your time on this pointless make-work exercise. BIND4 is DEAD. Nobody should be running it. Consult the list arch...

[bind-users]Up-gradation of Bind 8.2.2 to Bind 9 on AIX 4.3.3
Hello, I have installed Bind 8.2.2 on AIX 4.3.3. Now we want to up-grade it to Bind9. Pl. Anyone know , how to up-grade Bind 8.2.2 to Bind 9 on AIX 4.3.3. ?? regards, Network Admin GNFC Ltd. India Ph: 91 79 26854515 postmaster@gnvfc.net wrote: > Hello, > I have installed Bind 8.2.2 on AIX 4.3.3. Now we want to up-grade it to Bind9. Pl. Anyone know , how to up-grade Bind 8.2.2 to Bind 9 on AIX 4.3.3. ?? > regards, > Network Admin > GNFC Ltd. > India > Ph: 91 79 26854515 Get the source from isc.org, unpack, read the documentation and go ahead. ...

Re: Migration from BIND 4.9 to 9.2 or Microsoft DNS #2
Mokwena Motseto <MotsetM@sapo.co.za> wrote: >> Do you know of any problems I might encounter if I migrate to Microsoft >> DNS I don't what version it is, or if it has versions at all phn@icke-reklam.ipsec.nu replied: > You won't get support from this forum :-) Sorry to disappoint Peter, but there have been discussions of the interaction between MS W2k (or W2k+3) DNS Server and BIND in the on this list (and on its now-defunct sister list bind9-users@isc.org). Check the list archives. Discussions of BIND interoperability with other DNS software is n...

Re: BIND 9.4.2 on Solaris 8 #2
> >> Greetings, > >> > >> Newly compiled BIND 9.4.2 on Solaris 8 kicks errors like below, Although > >> named *appears* to be listening and functioning fine. > >> > >> Anyone have ideas what would cause the below errors? > > > > lib/isc/unix/entropy.c > > /* > > * Solaris 2.5.1 does not have support for sockets (S_IFSOCK), > > * but it does return type S_IFIFO (the OS believes that > > * the socket is a fifo). This may be an issue if we tell > > * the program to look at an actual FIFO as its source of > > * entropy. > > */ > > #if defined(S_ISSOCK) > > if (S_ISSOCK(_stat.st_mode)) > > is_usocket = ISC_TRUE; > > #endif > > #if defined(S_ISFIFO) && defined(sun) > > if (S_ISFIFO(_stat.st_mode)) > > is_usocket = ISC_TRUE; > > #endif > > > > Turn "defined(S_ISFIFO) && defined(sun)" into "0". > > > > Mark > > > >> 29-Nov-2007 15:56:27.069 starting BIND 9.4.2 -c /etc/named.conf -4 -g > >> 29-Nov-2007 15:56:27.091 loading configuration from '/etc/named.conf' > >> 29-Nov-2007 15:56:27.095 no IPv6 interfaces found > >> 29-Nov-2007 15:56:27.098 listening on IPv4 interface lo0, 127.0.0...

Re: Issue with case changing from master on BIND 9 to slave on BIND 8 #2
Mark Andrews writes: > > > > In message <9fc47420fb263da9eda170166fd4db07@cornell.edu>, John Wobus writes: > > Some years ago, I had that issue. The problem was that the > > zone transfer compression mechanism could change the case > > of individual names. This was fixed in some release of bind > > (after 9.2.1, if I remember correctly), and bind release notes > > would pinpoint the exact version with the change. > > You will need BIND 9.4.0 or later for the master. > > 1811. [func] Preserve the case ...

Upgradeing from bind 8.2.2 to bind 8.3.4
Hi, I need to upgrade the bind on my mail server running Solaris 8 from Bind 8.2.2 to Bind 8.3.4. Could any body help with installation procedure on how to go about this. Thanks and Best Regards, Nsikak ****************************************************************** Nsikak Bassey Systems Engineer Schlumberger Infomation Solutions (SIS) Port-Harcourt, Nigeria. Tel: +234-084-239464 Ext. 4314 Mobile: +234-080-37026195 Fax: 234-084-235582 mailto: nbassey@slb.com, nsikak_bassey@yahoo.com ****************************************************************** ...

Re: BIND DNS 9.2.3/Slave Zone Transfers #2
> Thanks Mark for your reply. > > I am not sure what you are talking, not a Linux guru by a long shot, > newbie. > Does this mean I should remove the "listen-on-v6 { any; };" line from > the named.conf Well if you only want named to only listen on certain IPv4 interfaces yes. If named is supposed to be listening on all IPv4 interfaces no. > And what is match-mapped-addresses; how to use? options { match-mapped-addresses yes; }; All this is documented. > Again, thanks a bunch > > Steve Daniel > > -- Mark ...

Re: Can I use bind 8.x conf files with bind 9.2.3? #2
> Hi Bill Larson, > > Many thanks for your response. Actually I didn't find any step by step > guide for the installation and configuration of BIND 9. I have managed > to install and configure Bind 9 with basic configuration but still a lot > more to do. If you can help me in this I shall be very thank full to > you. I use to get the following error for a zone file which is running > fine with bind 8. Also I have included the zone file and named.conf, so > that you can have a look not only on this error but also suggest me how > is my named.conf. S...

Migration from BIND 4.9 to 9.2 or Microsoft DNS #2
Hi We are currently running BIND 4.9 and we are under pressure to migrate at least to version 8 or 9 But there is a possibility of moving to a microsoft DNS on windows 2003 Our ISP's who host secondary zones for our domains are running BIND ver 9 What I want you guys to help me out with is the following Do you know of any problems I might encounter if I migrate to BIND ver 9 (latest) Do you know of any problems I might encounter if I migrate to Microsoft DNS I don't what version it is, or if it has versions at all Mokwena Motseto ...

Upgrading Bind-8.2.2-P5 to 8.4.7
I want to upgrade DNS (Primary & Slave) could someone guide me to do this upgrading successfully ( 1. What are the steps to be consider before upgrading? 2. Which first server to start upgrade ? 3. What is the possiblities of failed upgrading? 4. How to Rollback of the Bind 8.2.2-P5 if the upgrade of 8.4.7 failed? -- With Regards Yasser Al-Shaqsi ...

Re: Very odd errors from bind 9.2.2 #2
Ok, turns out you were right: On Sat, 25 Oct 2003 Mark_Andrews@isc.org wrote: > > Suddenly, with _no change in configuration_, I am seeing these three > > errors in /var/log/messages every time I HUP my named process: > > > > Oct 24 22:56:38 ns1 named[8255]: dns_master_load: /etc/namedb/s/.:1: > > unexpected end of line > > Oct 24 22:56:38 ns1 named[8255]: dns_master_load: /etc/namedb/s/.:1: > > unexpected end of input > > Oct 24 22:56:38 ns1 named[8255]: zone ./IN: loading master file > > /etc/namedb/s/.: unexpected end o...

Does 4/2/2= (4/2)/2 =1 OR = 4/(2/2)=4
I don't have matlab and I am trying to translate some simple matlab code. Does 4/2/2 = (4/2)/2 = 1 or 4/2/2 = 4/(2/2) = 4 On 9/11/2012 9:43 AM, sarah.englander@gmail.com wrote: > I don't have matlab and I am trying to translate some simple matlab code. > > Does 4/2/2 = (4/2)/2 = 1 yes. At a given precedence level (and obviously two of the same operators are the same level) evaluation proceeds from LtoR. ....snip... <http://www.mathworks.com/help/techdoc/matlab_prog/f0-40063.html#f0-38155> -- dpb <none@non.net> wrote in message <...

Web resources about - Re: BIND 8.2.7 master ixfr to 9.2.2 slave #4 - comp.protocols.dns.bind

Master craftsman - Wikipedia, the free encyclopedia
A master craftsman or master tradesman (sometimes called only master or grandmaster , German : Meister ) was a member of a guild . In the European ...

Woolworths loses Masters hardware boss Matt Tyson
The man who ran Masters is heading for the checkout.

Woolworths loses Masters hardware boss Matt Tyson
The man who ran Masters is heading for the checkout.

Opinion: Why an iPhone master key is better than a backdoor, but still too dangerous
... between a backdoor into iPhones – which is what law enforcement agencies have so far been calling for – and what we might term a master key, ...

Become a sword master and defeat your foes in The Swords
The Swords Fruit Ninja Become a sword master and defeat your foes in The Swords is a story by AppAdvice.com AppAdvice - iPhone, iPad, iPod, ...

WRESTLING ROUNDUP: River Valley, Yuba City combine to send seven to Masters
WRESTLING ROUNDUP: River Valley, Yuba City combine to send seven to Masters Appeal-Democrat River Valley High's wrestling team placed fifth ...

Apple Pushes Back Against Government Efforts to Get Master Key
Apple Inc. pushed back against U.S. government efforts to get it to help unlock an iPhone used by the San Bernardino attacker in December, as ...

Jeb Bush: "Master of manipulation" Donald Trump fears me
As George W. Bush stumps for Jeb Bush in South Carolina, Donald Trump is reminding voters about the former president's decision to invade Iraq ...

Get on track to master Ruby on Rails
If you’re interested in developing web apps, you’ll want to get familiar with Ruby. This powerful application framework is fundamental to some ...

John Kasich Braves Stephen Colbert Show To Insist GOP His “Vehicle, Not My Master”
GOP presidential hopeful John Kasich braved Stephen Colbert ’s show last night to pitch his candidacy and dodge questions as to whether President ...

Resources last updated: 2/22/2016 10:15:00 AM