Database Reloading Technical
Ahmad, Hash S
hash.ahmad at bae.co.uk
Thu Feb 17 09:55:21 UTC 2000
Hi.
I have been looking at the source code for BIND v8.22p5 on NT with the aim of understanding its inner workings. In particular I'd like to know whether any pending queries are dumped/lost when a manual database 'reload' is performed. I presume that a 'restart' will cause a clearing of the message buffers. Can anyone shed some light on this as it is an important point in our use of BIND.
best regards
____________________________________________¬
hash.engineer.
-----¬--------------¬---------¬¬-----------¬---------------
e-mail: hash.ahmad at bae.co.uk
tel: +44 (0)1202 404962
fax: +44 (0)1202 404591
_____________________________________________
-----Original Message-----
From: BIND Users Mailing List [SMTP:bind-users at isc.org]
Sent: Thursday, February 17, 2000 7:52 AM
To: bind-users digest users
Subject: bind-users Digest V2 #46
*** WARNING ***
This mail has originated outside your organization,
either from an external partner or the Global Internet.
Keep this in mind if you answer this message.
bind-users Digest Wed, 16 Feb 2000 Volume: 02 Issue: 046
In This Issue:
impact if W2K on DNs
Re: Bind version number
Re: DSL/NT/NS Hosting
Re: rsa.com dns faked
round robin, prioritize DNS results
Re: Compiling bind errors continue
Re: impact if W2K on DNs
Re: Lame Servers
Re: short ttl and servermmirroring
Re: The NOTIFY mechanism (was Re: short ttl and servermmirro
Re: Resolve all domains to one name?
Re: DNS server cannot poll its own BIND service
What is the best way to configure DNS for a local network?
DNS Load tester
Re: DNS server cannot poll its own BIND service
Windows 2000 question ...
Re: Windows 2000 question ...
Re: Help on Master/Slave NS
Re: What is the best way to configure DNS for a local networ
Re: round robin, prioritize DNS results
BIND Versions
Multiple domains assigned to a single IP
RE: BIND Versions
Re: BIND Versions
Re: short ttl and servermmirroring
Re: Multiple domains assigned to a single IP
Re: make depend error??
RE: Windows 2000 question ...
DNS troubleshooting and log rotation
Re: DNS troubleshooting and log rotation
Re: round robin, prioritize DNS results
Administrivia:
You are receiving this message because you are subscribed to the
BIND Users Mailing List and have the DIGEST flag set on. If you wish to
receive individual posts again, send bind-users-request at isc.org a message
with 'unset digest' as the subject.
If you wish to post to the mailing list, send your e-mail to:
bind-users at isc.org
If you wish to unsubscribe, send an e-mail to bind-users-request at isc.org
with a subject line of 'unsubscribe'.
If you are responding to the list, PLEASE do not include the entire
digest, and also change the 'Subject:' line for the benefit of the other
list members.
Thanks!
If you ever need to contact the list admin, the address is:
bind-users-owner at isc.org
----------------------------------------------------------------------
Date: Wed, 16 Feb 2000 09:40:41 +0000 (GMT)
From: David Mitchell <davem at fdgroup.co.uk>
Subject: impact if W2K on DNs
Does anyone have any pointers to a decent technical overview of
what W2K Active Directory does with DNS and LDAP?
Basically, I run the DNS for our company and dont get involved with
Windows much, but need to find out what impact (if any) W2K is likely
to have on the administration of my name servers (and my LDAP server for that
matter).
Thanks,
* Dave Mitchell, Operations Manager,
* Fretwell-Downing Facilities Ltd, UK. Dave.Mitchell at fdgroup.com
* Tel: +44 114 281 6113. The usual disclaimers....
*
* Standards (n). Battle insignia or tribal totems
------------------------------
Date: Wed, 16 Feb 2000 11:44:47 +0100
From: Tilman Schmidt <Tilman.Schmidt at sema.de>
Subject: Re: Bind version number
At 22:02 15.02.00 GMT, dgreco at atlantic.net wrote:
>We recently got hacked. They knew they could get us because they used
>dig to find version numbers of bind over a wide range of IP addresses.
I saw a lot of scans for port 53 and queries for "version.bind" here
recently, too. Thought it was something like that.
>Is there anyway to get DNS to report its version number as <UNKNOWN> or
>some bogus number?
Mine doesn't answer queries for "version.bind" from strangers at all,
as a side effect of restricting queries from outside my own network
to zones I am serving myself, following CIAC Bulletin J-063 / AUSCERT
Alert AL-1999.004 on DoS attacks using DNS servers as traffic amplifiers.
But hiding your BIND version is security by obscurity, which as we all
know doesn't work. What you should do is run a current version of BIND
where the known security holes have been plugged, and keep up to date on
networking security developments. Then you can post your BIND version
on your homepage and still be safe.
--
Tilman Schmidt E-Mail: Tilman.Schmidt at sema.de (office)
Sema Group Koeln, Germany tilman at schmidt.bn.uunet.de (private)
------------------------------
Date: Wed, 16 Feb 2000 12:19:09 +0200
From: Thor Kottelin <thor at anta.net>
Subject: Re: DSL/NT/NS Hosting
BIND Users Mailing List wrote:
> From: "Jason Roozee" <jason at centrixtech.com>
> I have a NT machine connected through ADSL. I want to host a few web sites
> off this NT machine, how can I setup a NS to point my domians to the
> machine etc.? I really don't know where to start...
Obtain, install and configure name server software (e.g. BIND). You'll
want to run the primary yourself; the secondaries should be on other
networks. Then register your domains, and point them to your DNS servers.
<http://www.dns.net/dnsrd/docs/basic.txt> explains this in detail.
Thor
--
If you send me mail, please use PGP.
My public key is available on key servers.
For web hosting, see <URL:http://www.virtualis.com/vr/tkotteli/>.
------------------------------
Date: Wed, 16 Feb 2000 12:10:04 +0200
From: Thor Kottelin <thor at anta.net>
Subject: Re: rsa.com dns faked
BIND Users Mailing List wrote:
> From: Ian Carr-de Avelon <avelon at emit.pl>
> We recently had a problem that a client's clients kept getting pages
> from their previous provider. It turned out that Polish Telecom, who
> provide all the "dial-up for local call charges" here, were a secondary
> for the old provider. It looks to me like I could have any domain
> (as far as 90+% of Polish dial-up users are concerned) for the 12¤
> a year charge for a secondary. www.microsoft.com anyone? My guess is
> that many other big providers would do the same. There
> is no law against it. I think EG. in the UK if that site appeared to be
> microsoft's site, they could claim "passing off", but if it were say
> an open and nonlibelous campaign against microsoft, they would have
> no redress.
IMO this issue clearly shows that domain registrants cannot "own" "their"
domains. Technically, Poland - or Europe - could set up a naming scheme of
their own, with their own "com." zone. At present, most Internet users do
use the same root zones, but that might change.
As an example of the same kind of anarchism on a smaller scale, sometimes
LAN admins curb access to non-desirable sites (e.g. porn web sites) by
making their DNS servers authoritative for that site's domain and pointing
the web site host name to an internal IP address running a web server
carrying alternate content. I haven't heard of a case where the domain's
"real" owner after such redirection would have been able to successfully
sue claiming "they stole my domain"...
This is getting off-topic for a BIND support list; please feel free to
quote me in comp.protocols.tcp-ip.domains, where I propose we take this
discussion, instead.
Thor
--
If you send me mail, please use PGP.
My public key is available on key servers.
For web hosting, see <URL:http://www.virtualis.com/vr/tkotteli/>.
------------------------------
From: "Nikos Voutsinas" <nvoutsin at noc.uoa.gr>
Subject: round robin, prioritize DNS results
Date: Wed, 16 Feb 2000 11:08:11 +0200
Hello,
I have nine servers spread all over my country. Those servers are LDAP
servers, mail servers,.....
To ensure high availability I have to use something like round robin in DNS
(most of the clients, e.g. LDAP clients can be configured to search only one
LDAP server)
The problem with DNS round robins is that they make no attempt to prioritize
DNS results (e.g. based on network location)
Is there anyway so I can make DNS return first hosts on the local network,
before trying hosts that are farther away.
Nikos Voutsinas
------------------------------
Subject: Re: DNS and Apache NameVirtualHost - can't get it right!
From: janl at linpro.no
Date: Wed, 16 Feb 2000 13:07:20 +0100
Joakim Schramm <joakim at humanet.se> tastet:
> I'm trying to bring some of my now IP based virtual hosts in Apache int=
o
> Name hosted, all under 1 IP - but I can't figure out who the DNS
> records/-zone files should be set up.
> =
> Tried to move an A rec for each into the zone file that now have the IP=
> that should be used, but just get log mess like:
> Feb 13 12:47:19 ns named[10776]: domain1.nu.zone:21: data
> "www.domain2.nu" outside zone "domain1.nu" (ignored)
Yes, that is a wrong way.
> Also tried in each zonefile to change the IP to the one I want to use
> and the same in the zonefile with the PTR entried. No errors when
> restart Named but browesing to the domain just bring to the main http
> docs map. I'm pretty sure this is a DNS misconfig rather then an Apache=
> config so thats why I post here.
This is the right way. I'm pretty sure you misconfigured your apache
slightly.
- You need a NameVirtualHost line in httpd.conf. It must name a
hostname which the machine answers to. If the hostname is
mail.linpro.no then a network interface on your machine should
have the address 195.0.166.2
- Then you do something like this, also in httpd.conf:
<VirtualHost mail.linpro.no>
ServerAdmin webmaster at foo.bar
DocumentRoot /home/kunder/foo.bar/www
ServerName www.foo.bar
ErrorLog logs/foo.bar-error_log
TransferLog logs/foo.bar-access_log
</VirtualHost>
Please note that the VirtualHost line names the same host as
NameVirtualHost and that the ServerName gives the real name of
the ip-less virtual server.
Nicolai
------------------------------
Subject: Re: DNS server cannot poll its own BIND service
From: janl at linpro.no
Date: Wed, 16 Feb 2000 13:14:27 +0100
Dewey Hylton <dhylton at my-deja.com> tastet:
> ----
> hosts: files dns
> ----
> If I remove 'files' from that line, resolution fails. I am aware that
> placing 'nameserver 127.0.0.1' in the resolv.conf file will make this
> work, but this shouldn't be necessary. According to the resolver man
> page, regarding /etc/resolv.conf:
> ----
> On a normally configured system, this file should not be necessary.
> The only name server to be queried will be on the local machine, the
> domain name is determined from the host name, and the domain search
> path is con=ADstructed from the domain name.
> ----
This is a interesting passage, and I don't understand what it is trying
to say. I've always "known" that you need a /etc/resolv.conf to get
DNS resolving to work.
Make a /etc/resolv.conf file as you say and leave it at that.
> So what am I missing here? There's got to be SOMETHING missing. Or
> perhaps the resolver in linux is simply broken. I know this to work
> properly on AIX, HPUX, and Solaris.
You don't have a /etc/resolv.conf file on those machines? Do you use
YP/NIS/NIS+? In that case it is doing the resolving for you.
Nicolai
------------------------------
From: Mark.Andrews at nominum.com
Subject: Re: Compiling bind errors continue
Date: Wed, 16 Feb 2000 23:42:34 +1100
> I installed the SUNWhea package to get past the previous error. Now I
> am getting the following error. Any hints on how to fix it?
> Thanks.
Find the first error and fix it. libbind failed to build
completely the link error is the result of that.
Mark
>
>
> gcc -g -O2 -o nslookup main.o getinfo.o debug.o send.o skip.o list.o
> subr.o commands.o \
> ../../lib/libbind.a -ll -lnsl -lsocket
> Undefined first referenced
> symbol in file
> __res_nsend ../../lib/libbind.a(hesiod.o)
> __res_ninit main.o
> __loc_ntoa ../../lib/libbind.a(ns_print.o)
> __dn_expand getinfo.o
> __sym_ston subr.o
> __p_secstodate ../../lib/libbind.a(ns_print.o)
> __p_class_syms subr.o
> _res list.o
> _res_opcodes debug.o
> __p_type_syms subr.o
> __res_hnok ../../lib/libbind.a(dns_ho.o)
> __putshort send.o
> __p_rcode debug.o
> __dn_skipname getinfo.o
> __res_dnok ../../lib/libbind.a(dns_ho.o)
> __dn_count_labels ../../lib/libbind.a(ns_print.o)
> __p_time debug.o
> __res_hostalias getinfo.o
> __p_type main.o
> __p_class main.o
> __res_nmkquery getinfo.o
> __res_nquery ../../lib/libbind.a(dns_ho.o)
> herror main.o
> __res_nsearch ../../lib/libbind.a(dns_ho.o)
> __res_nclose ../../lib/libbind.a(irs_data.o)
> __sym_ntop subr.o
> __sym_ntos subr.o
> ld: fatal: Symbol referencing errors. No output written to nslookup
> make[2]: *** [nslookup] Error 1
> make[2]: Leaving directory `/export/home/bind/src/bin/nslookup'
> make[1]: *** [nslookup] Error 2
> make[1]: Leaving directory `/export/home/bind/src/bin'
> make: *** [all] Error 2
>
>
>
> --
> replies to rvelez at scient.com
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
>
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
------------------------------
From: dharris at kcp.com
Date: Wed, 16 Feb 2000 07:54:59 -0600
Subject: Re: impact if W2K on DNs
The W2K people here pointed me to a mildly technical article in the
February 2000 issue of "Windows 2000 Magazine" at www.win2000mag.com
Delmer
David Mitchell <davem at fdgroup.co.uk> on 02/16/2000 03:40:41 AM
Please respond to David Mitchell <davem at fdgroup.co.uk>
To: bind-users at isc.org
cc:
Subject: impact if W2K on DNs
Does anyone have any pointers to a decent technical overview of
what W2K Active Directory does with DNS and LDAP?
Basically, I run the DNS for our company and dont get involved with
Windows much, but need to find out what impact (if any) W2K is likely
to have on the administration of my name servers (and my LDAP server for
that
matter).
Thanks,
* Dave Mitchell, Operations Manager,
* Fretwell-Downing Facilities Ltd, UK. Dave.Mitchell at fdgroup.com
* Tel: +44 114 281 6113. The usual disclaimers....
*
* Standards (n). Battle insignia or tribal totems
------------------------------
From: Barry Margolin <barmar at bbnplanet.com>
Subject: Re: Lame Servers
Date: Wed, 16 Feb 2000 15:40:51 GMT
In article <02fa01bf7808¤9573f7e0¤203c0a0a at evil>,
Ricardo D. Albano <ralbano at arnet.com.ar> wrote:
>I have a box running bind8, looking in my /var/log/messages I found a lot of
>entrys with "Lame Server....." what this means ??? My dns is responding to
>dialup users querys.
More information about the bind-users
mailing list