f



Re: Trouble with key option (bind 9.2.4) #2

> Mark Andrews schrieb:
> 
> [snip]
> 
> > 	And you included the file /etc/named.keys where in named.conf?
> 
> In the global options section.

	Well there is your problem.  Keys definitions are not supposed
	to be inside the options block.
 
> -- 
> Olaf Martens               Linux User #246244    http://counter.li.org/
> Hugo-Luther-Str. 8         E-Mail: olafmartens@arcor.de
> 38118 Braunschweig         Fon: +49-531-314834
> "Who the heck is General Failure, and why is he reading my harddisk?"
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org


0
Mark
4/5/2005 12:40:07 AM
comp.protocols.dns.bind 16245 articles. 1 followers. Post Follow

0 Replies
511 Views

Similar Articles

[PageSpeed] 47

Reply:

Similar Artilces:

Re: Trouble with key option (bind 9.2.4)
> Greetings! > > I'm attempting to set up a dial-in server that has both a named and a dhcpd > running. So far everything works fine. > However, I intend to allow dhcpd to do dynamic zone updates, but when I try t > o > convince bind to accept a key option (I need this one for authenticating my > dhcpd against the named) I get the following error message: > > /etc/named.keys:4: unknown option 'key' > > /etc/named.keys is included in named.conf and has the following contents: > > # generated by genDDNSkey on Sat Apr 2 18:50:34 CEST 2005 > > key DHCP_UPDATER { > algorithm hmac-md5; > secret "bla-blub"; > }; > > According to the book "DNS and BIND" this should be correct, yet named refuse > s > to accept that option. To bypass the problem for now I have set named to chec > k > the IP address of the originating update request. > In contrast, dhcpd takes the very same statement without a complaint. > What gives? > > FYI: > I'm using SuSE 9.2 (kernel 2.6.8-24.13) > BIND: 9.2.4 > DHCP: 3.0.1 > > Any help would be greatly appreciated. > > -- > Olaf Martens Linux User #246244 http://counter.li.org/ > Hugo-Luther-Str. 8 E-Mail: olafmartens@arcor.de > 38118 Braunschweig Fon: +49-531-314834 > "Who the heck is General Failure, and why is he r...

Re: Migration from BIND 4.9 to 9.2 or Microsoft DNS #2
Mokwena Motseto <MotsetM@sapo.co.za> wrote: >> Do you know of any problems I might encounter if I migrate to Microsoft >> DNS I don't what version it is, or if it has versions at all phn@icke-reklam.ipsec.nu replied: > You won't get support from this forum :-) Sorry to disappoint Peter, but there have been discussions of the interaction between MS W2k (or W2k+3) DNS Server and BIND in the on this list (and on its now-defunct sister list bind9-users@isc.org). Check the list archives. Discussions of BIND interoperability with other DNS software is n...

Re: Can I have a HPUX bind 4.9.7 slaved to a Solaris bind 9.2.2 master ?
>>>>> "Terry" == Terry Pike <terry.j.pike@gsk.com> writes: Terry> I have a HPUX bind 4.9.7 master server that I want to Terry> convert to a slave server. I want to create a new master Terry> on Solaris bind 9.2.2. Terry> Question: will the V4.9.7 server accept zone transfers from Terry> V9.2.2 ?? Of course. Why shouldn't it? The zone transfer protocol hasn't changed. However BIND9 by default tries a more efficient data transfer scheme that long-dead stuff like BIND4 doesn't understand. This behaviour ...

Bind 9.2.4 slaving problem [bind 9.2.1 and bind 8.3.3]
Greetings. I have a master name server running BIND 9.2.1 [Debian Woody - server not available on the Internet] and a slave server running bind 9.2.4 [Debian Sarge - not currently available on the Internet] and two others running bind 8.3.3 [Debian Woody - on the Internet]. The 9.2.1 is a master for all the others to slave from. I have an entry in a zone defined on the master as the following: > $ORIGIN example.com. > spamhaus-datafeed IN NS local-rbl-a > spamhaus-datafeed IN NS local-rbl-b When I issue the following command: #> host -t nx spamhaus-datafeed.example.com 127.0.0.1 on the master server OR the BIND 8.3.3 servers I get an answer pointing me in the right direction. On the Sarge 9.2.4 however I get a: "Host spamhaus-datafeed.example.com not found: 2(SERVFAIL)" error. I can see the records in the local db file on all machines. The 8.3.3 machines are a little more verbose in that they list the TTL for each record, the 'IN' record qualifier and a fully qualified hostname at the end of the record [ex. local-rbl-a.example.com.]. The 9.2.4 machine simply lists a record without the TTL, without the 'IN' qualifier, and without the $ORIGIN on the hostname at the end of the record [ex. local-rbl-a]. I have looked through the DNS and BIND book from O'Reilly but it has not led me to anything helpful. The closest I've come to finding something referring to this issue is...

Trouble with key option (bind 9.2.4)
Greetings! I'm attempting to set up a dial-in server that has both a named and a dhcpd running. So far everything works fine. However, I intend to allow dhcpd to do dynamic zone updates, but when I try to convince bind to accept a key option (I need this one for authenticating my dhcpd against the named) I get the following error message: /etc/named.keys:4: unknown option 'key' /etc/named.keys is included in named.conf and has the following contents: # generated by genDDNSkey on Sat Apr 2 18:50:34 CEST 2005 key DHCP_UPDATER { algorithm hmac-md5; secret "bla-blub"; }; According to the book "DNS and BIND" this should be correct, yet named refuses to accept that option. To bypass the problem for now I have set named to check the IP address of the originating update request. In contrast, dhcpd takes the very same statement without a complaint. What gives? FYI: I'm using SuSE 9.2 (kernel 2.6.8-24.13) BIND: 9.2.4 DHCP: 3.0.1 Any help would be greatly appreciated. -- Olaf Martens Linux User #246244 http://counter.li.org/ Hugo-Luther-Str. 8 E-Mail: olafmartens@arcor.de 38118 Braunschweig Fon: +49-531-314834 "Who the heck is General Failure, and why is he reading my harddisk?" ...

Re: Performance of Bind 9.2.3 vs BIND 4.8.3 #2
>>>>> "nishant" == nishant <nishant80@gmail.com> writes: nishant> But still i need to show that 'performance' wise BIND 9 nishant> is better than BIND 4. My previous posting did that. nishant> Can u please help me in deciding what kind of tests nishant> should i really be doing to show that BIND 9 'performs' nishant> better (or much better, as you say) than BIND 4? Look, stop wasting your time on this pointless make-work exercise. BIND4 is DEAD. Nobody should be running it. Consult the list arch...

RE: Re: Migration from BIND 4.9 to 9.2 or Microsoft DNS
Hi Sorry for the misunderstanding I was not looking for support, I was just asking from people, who have been in the same situation that I am in now What influenced their decision to choose what ever they chose to go with -----Original Message----- From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On Behalf Of phn@icke-reklam.ipsec.nu Sent: 11 October 2004 21:21 To: comp-protocols-dns-bind@isc.org Subject: Re: Migration from BIND 4.9 to 9.2 or Microsoft DNS Mokwena Motseto <MotsetM@sapo.co.za> wrote: > Hi > We are currently running BIND 4...

Migration from BIND 4.9 to 9.2 or Microsoft DNS #2
Hi We are currently running BIND 4.9 and we are under pressure to migrate at least to version 8 or 9 But there is a possibility of moving to a microsoft DNS on windows 2003 Our ISP's who host secondary zones for our domains are running BIND ver 9 What I want you guys to help me out with is the following Do you know of any problems I might encounter if I migrate to BIND ver 9 (latest) Do you know of any problems I might encounter if I migrate to Microsoft DNS I don't what version it is, or if it has versions at all Mokwena Motseto ...

[bind-users]Up-gradation of Bind 8.2.2 to Bind 9 on AIX 4.3.3
Hello, I have installed Bind 8.2.2 on AIX 4.3.3. Now we want to up-grade it to Bind9. Pl. Anyone know , how to up-grade Bind 8.2.2 to Bind 9 on AIX 4.3.3. ?? regards, Network Admin GNFC Ltd. India Ph: 91 79 26854515 postmaster@gnvfc.net wrote: > Hello, > I have installed Bind 8.2.2 on AIX 4.3.3. Now we want to up-grade it to Bind9. Pl. Anyone know , how to up-grade Bind 8.2.2 to Bind 9 on AIX 4.3.3. ?? > regards, > Network Admin > GNFC Ltd. > India > Ph: 91 79 26854515 Get the source from isc.org, unpack, read the documentation and go ahead. ...

Re: BIND 8.2.7 master ixfr to 9.2.2 slave #4
At 1:59 PM -0400 2005-05-04, Mike Mitchell wrote: > About once a day I have a BIND 9.2.2 slave truncate a zone after an IXFR > from a BIND 8 master. The packet trace shows the master sending an IXFR > response containing only two SOA records. Don't use IXFR with BIND-8. The code changed multiple times, and was always not-quite-there. Use AXFR, or some other means to get the information transmitted. Or upgrade to BIND-9, where IXFR was finally made to work right. -- Brad Knowles, <brad@stop.mail-abuse.org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info. ...

Can I have a HPUX bind 4.9.7 slaved to a Solaris bind 9.2.2 master ?
I have a HPUX bind 4.9.7 master server that I want to convert to a slave server. I want to create a new master on Solaris bind 9.2.2. Question: will the V4.9.7 server accept zone transfers from V9.2.2 ?? Terry Pike <terry.j.pike@gsk.com> wrote: > I have a HPUX bind 4.9.7 master server that I want to convert to a > slave server. I want to create a new master on Solaris bind 9.2.2. > Question: will the V4.9.7 server accept zone transfers from V9.2.2 ?? A better question : why don't you upgrade to bind 9.2.3 ? -- Peter H�kanson IPSec...

Re: Migration from BIND 4.9 to 9.2 or Microsoft DNS
bind-users-bounce@isc.org wrote on 10/11/2004 11:27:26 AM: [clip...] > > Do you know of any problems I might encounter if I migrate to BIND ver 9 > (latest) You should not have any problems. However, you should read all the docs that come with BIND 9. If you start with the "README" file you will find this statement: "If you are upgrading from BIND 8, please read the migration notes in doc/misc/migration. If you are upgrading from BIND 4, read doc/misc/migration-4to9." I highly recommend going through all of the docs before m...

Re: Migration from BIND 4.9 to 9.2 or Microsoft DNS #3
"Mokwena Motseto" <MotsetM@sapo.co.za> wrote: >Hi > >Sorry for the misunderstanding > >I was not looking for support, I was just asking from people, who have >been in the same situation that I am in now > >What influenced their decision to choose what ever they chose to go >with My feeling from reading postings on this list for a number of years is that most people who are currently using BIND will stick with BIND. In general, there is a mistrust of MS code. There were interoperability problems with BIND and MS W2k DNS a few years ag...

Problem running bind 9.2.3, bind 9.2.4rc2 and bind 9.3.0beta2 on bsd/os 5.1
named.run gives me: 16-Apr-2004 17:35:17.656 starting BIND 9.3.0beta2 -d 9 -n 2 16-Apr-2004 17:35:17.668 found 1 CPU, using 2 worker threads 16-Apr-2004 17:35:17.679 loading configuration from '/etc/named.conf' 16-Apr-2004 17:35:17.705 set maximum stack size to 67108864: success 16-Apr-2004 17:35:17.706 set maximum data size to 1073741824: success 16-Apr-2004 17:35:17.706 set maximum core size to 0: success 16-Apr-2004 17:35:17.706 set maximum open files to 128: success 16-Apr-2004 17:35:17.719 listening on IPv4 interface lo0, 127.0.0.1#53 16-Apr-2004 17:35:17.720 clientmgr ...

Re: bind 9(.2.4) on solaris 10 #2
> I wish it were that simple for me. Unfortunately I have corporate > requirements and restrictions to work with and one of them happens to be > to have IPv6 disabled everywhere. =P So short sighted ... One could argue that 6to4 is only IPv4 :-) > Speaking of which, there appears to be a named.conf directive called > "listen-on-v6". Would the "listen-on" version imply IPv4 only? If so, > that would be an acceptable workaround. > > -Alex No. Named will make queries over IPv6 even if it won't accept them. > Mark Andrews wrote: > > You know there is a simple solution. Get IPv6 connectivity. > > If your ISP doesn't provide it there are plenty of tunnel > > brokers that will provide connectivity, often for free. > > That's how my home network get IPv6 connectivity. > > > > If you don't won't is use a tunnel then set up 6to4 support. > > > > Mark > > > > Note you will need IPv6 connectivity within the next few years. > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org > > > > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org ...

Re: BIND 9.4.2 on Solaris 8 #2
> >> Greetings, > >> > >> Newly compiled BIND 9.4.2 on Solaris 8 kicks errors like below, Although > >> named *appears* to be listening and functioning fine. > >> > >> Anyone have ideas what would cause the below errors? > > > > lib/isc/unix/entropy.c > > /* > > * Solaris 2.5.1 does not have support for sockets (S_IFSOCK), > > * but it does return type S_IFIFO (the OS believes that > > * the socket is a fifo). This may be an issue if we tell > > * the program to look at an actual FIFO as its source of > > * entropy. > > */ > > #if defined(S_ISSOCK) > > if (S_ISSOCK(_stat.st_mode)) > > is_usocket = ISC_TRUE; > > #endif > > #if defined(S_ISFIFO) && defined(sun) > > if (S_ISFIFO(_stat.st_mode)) > > is_usocket = ISC_TRUE; > > #endif > > > > Turn "defined(S_ISFIFO) && defined(sun)" into "0". > > > > Mark > > > >> 29-Nov-2007 15:56:27.069 starting BIND 9.4.2 -c /etc/named.conf -4 -g > >> 29-Nov-2007 15:56:27.091 loading configuration from '/etc/named.conf' > >> 29-Nov-2007 15:56:27.095 no IPv6 interfaces found > >> 29-Nov-2007 15:56:27.098 listening on IPv4 interface lo0, 127.0.0...

Re: DNS bind-9.2.2-13 not working
The reason for specifying multiple servers is to provide REDUNDANCY. Giving two names to the same machine does not provide redunacy and just wastes bandwidth. ns1.polychip.net. 2D IN A 67.95.110.169 ns2.polychip.net. 2D IN A 67.95.110.169 I suspect you problem is a firewall. You need to open up both 53/UDP and 53/TCP. Mark > Hi, > > I have been trying to set up the dns for the past 1 week with no > luck..If i dig any other website from the local redhat linux machine > where this DNS is configured then it works fine, us...

RE: BIND 9.4.2-P1 and sockets? #2
Well, my question was exactly on this matter: named is quite capable of matching multiple queries and only asking one question. I didn't think that recursive clients was incremented even when matching multiple queries and recursing only once. Thank you Mark. Regards, Emmanuel -----Message d'origine----- De�: Mark_Andrews@isc.org [mailto:Mark_Andrews@isc.org] Envoy�: jeudi 10 juillet 2008 16:52 ��: TIRADO Emmanuel Ext DOE/DEPFS Cc�: bind-users@isc.org Objet�: Re: BIND 9.4.2-P1 and sockets? > Hello, > > I'm little confused about the new BIND 9.4.2-P1. > > I'm working at an ISP, and the servers are caching servers. > > I'm looking for some informations on the sockets and recursive clients. > > If I'm not wrong , rndc status prints the number of recursive clients. > (queries which we are really recursing for, not answers from the cache.) > > For example, in my case, I have : > > recursive clients: 387/19900/20000 > > Simultaneously, I do "netstat -anp | grep named | grep -v ":53" | wc -l" > and the result is : 182. > > Since BIND opens up a socket whith a high port to recurse, how can the > numbers be so different? named is quite capable of matching multiple queries and only asking one question. One query from a client can cause named to ask multiple questions simultaniously. There is no direct ...

Re: BIND 8.2.7 master ixfr to 9.2.2 slave #2
Mayer () gis ! Net writes: > Don't use IXFR on BIND 8. It never quite worked right and it got > rewritten > 3 times. It works correctly in BIND 9. > Danny That response is similar to Patient: Doctor, it hurts when I do this. Doctor: Don't do it. I'll admit that their might be bugs in BIND 8's implementation of IXFR, but they shouldn't cause BIND 9 to blow away it's zone information. This smells like a small bug in BIND 8 tickling a large bug in BIND 9. I've diff'd the bin/named/ns_ixfr.c and bin/named/ns_xfr.c code between 8.2.7 and 8.4.6 and the only change of significance I saw was the code sequence "db_freedata(rp->r_dp); rp->r_dp =3D NULL;" in 8.2.7 was replaced in 8.4.6 with "db_detach(&rp->r_dp);". "db_detach()" maintains a reference count to the data and calls "db_freedata()" when the count reaches zero. It also sets the pointer to NULL, so it's equivalent to the old "db_freedata(rp->rdp); rp->rdp =3D NULL;" sequence. The other changes are minor portability changes and support for IPv6, With the exception of the bug fix for bug #1490. That bug fix (which I wrote) only affects truncating the IXFR log when it exceeds maximum size, not responding to IXFR requests. It looks to me like the bug in 8.2.7 (if there is one) is still present in 8.4.6, and would therefore affect bind 9.2.2 slaves. My question is if th...

Re: Very odd errors from bind 9.2.2 #2
Ok, turns out you were right: On Sat, 25 Oct 2003 Mark_Andrews@isc.org wrote: > > Suddenly, with _no change in configuration_, I am seeing these three > > errors in /var/log/messages every time I HUP my named process: > > > > Oct 24 22:56:38 ns1 named[8255]: dns_master_load: /etc/namedb/s/.:1: > > unexpected end of line > > Oct 24 22:56:38 ns1 named[8255]: dns_master_load: /etc/namedb/s/.:1: > > unexpected end of input > > Oct 24 22:56:38 ns1 named[8255]: zone ./IN: loading master file > > /etc/namedb/s/.: unexpected end o...

Re: bind-9.2.4-16.EL4 problem #2
> Well, Thank you > But why is my bind behaving like this, i thought it might be caused by > the firewall DNS inspection and i removed it from the PIX but still the > same problem happens, i defined the edns packet size to be 512 and > still no luck??!! > when i restart the named everything resolves fine for a while and then > it returns to the same behavior of resolving most internet but some are > not resolving, > also when performing nslookup it doesn't give me timedout as if i was > denied querying it gives me server failed!! > > i would appreciate any help with this regard Most probably because there is as misconfiguration with the delegation of the zone which hold the names you are looking up. Without specifics it's hard to do more than speculate. > Elzey, Blaine A (Blaine) wrote: > > Sometimes named takes more time to shutdown than the time between stop and > start commands in your named script. Try adding a sleep 1 or sleep 3 between > the stop and start. > > > > Blaine Elzey > > LWS VitalQIP > > Lucent Technologies > > BElzey@Lucent.com <mailto:BElzey@Lucent.com> > > (610) 722-7976 > > > > -----Original Message----- > > From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On Behal > f Of Shaheen > > Sent: Wednesday, September 06, 2006 4:59 AM > > To: comp-protocols-dns-bind@i...

Re: Initial Lookup Slowness BIND 9.2.4 #2
Upgrade: 1773. [bug] Fast retry on host / net unreachable. [RT #13153] In message <20522.170.149.100.10.1230669064.squirrel@from525.com>, "David Porsc he'" writes: > All, > > I have installed a caching only instance of BIND (9.2.4) on a CentOS > machine on my internal network. I have noticed that initial DNS requests > against the server take a rather large amount of time (usually around 7 > seconds). I have done some basic troubleshooting and I am coming up at a > loss. I think my ISP might be doing something "funny&q...

Re: Bind 9.2.3 ignores listen on option #2
> In article <ctja7s$1coa$1@sf1.isc.org>, <jcyr@dillobits.com> wrote: > > > named.conf contains: > > > > options { > > directory "/etc/named"; > > listen-on { > > 192.168.0.0/16; > > A CIDR prefix is not valid in a listen-on statement. You have to enter > the specific IP address of an interface. Actually it is. listen-on and listen-on-v6 take acls and apply them to the interface lists. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHON...

Re: Problems with BIND 9.2.2 on OS X #2
> > Hi Dave, > There is a thread on comp.protocols.dns.bind that is now discussing > this issue...which is causing OS X Server admins big headaches. > > http://groups.google.com/groups? > hl=en&lr=&threadm=clsl2t%242evk%241%40sf1.isc.org&prev=/ > groups%3Fhl%3Den%26lr%3D%26group%3Dcomp.protocols.dns.bind > > I am sure my router is not blocking large UDP packets. > > Andrew comp.protocols.dns.bind *is* bind-users@isc.org There is a bi-directional gateway between the two. -- Mark Andrews, ISC 1 Seymour St., Dundas Vall...

Web resources about - Re: Trouble with key option (bind 9.2.4) #2 - comp.protocols.dns.bind

The Troubles - Wikipedia, the free encyclopedia
The key issues at stake were the constitutional status of Northern Ireland and the relationship between its two main communities. Unionists and ...

Ultimate Bubble Trouble Shooter Game - Play Free Fun Kids Puzzle Games on the App Store on iTunes
Get Ultimate Bubble Trouble Shooter Game - Play Free Fun Kids Puzzle Games on the App Store. See screenshots and ratings, and read customer reviews. ...

Double Trouble - Flickr - Photo Sharing!
Explore Dawn Huczek's photos on Flickr. Dawn Huczek has uploaded 935 photos to Flickr.

Romney's False New Ad's A Sure Sign He Knows He's In Trouble In Ohio - YouTube
Romney's False New Ad's A Sure Sign He Knows He's In Trouble In Ohio - YouTube

Lockout laws 'asking for trouble' without transport and security
An academic who researched Queensland's first lockout measures warns laws set to pass on Thursday are &quot;asking for trouble&quot; without ...

Lockout laws 'asking for trouble' without transport and security
New laws "asking for trouble" without transport and security: expert.

Julian Assange accuses government of 'abandoning' Australians in trouble overseas
... only help he's ever received. London: WikiLeaks founder Julian Assange has accused the federal government of "abandoning" Australians in trouble ...

Julian Assange accuses government of 'abandoning' Australians in trouble overseas
The WikiLeaks founder says a pen he was given in prison was the only help he's ever received.

We're hearing about troubles at Nest, the smart home company Google bought for $3.2 billion
Every Thursday afternoon, Google holds a "TGIF" meeting that invites employees to ask questions of cofounders Sergey Brin and Larry Page (or, ...

Elections Time Machine: It's 1982, and Bill Clinton's comeback bid is in trouble
Hop in our time machine and join Daily Kos Elections as we revisit key elections from yesteryear and imagine what we might have written about ...

Resources last updated: 2/22/2016 2:31:35 PM