domain.comX, domain.comXX

Andy Shellam (Mailing Lists) andy.shellam-lists at mailnetwork.co.uk
Tue Aug 21 18:21:53 UTC 2007


Hi Ryan,

It looks like what someone previously suggested, that the 
"domainX|XX|XXX" files are duplicated zone files that either someone's 
used, perhaps for testing purposes, or to secure a previous zone while 
some change was being made, or maybe by some automated process?  I must 
admit off the top of my head, I can't think of any automated process 
that would do this.

If you take, for example, the zone "citigroup.net" - your 
"citigroup.netXX" file is the current live file (as specified by 
named.conf).

There is something to be gathered looking at the dates - these new files 
starting appearing somewhere between the 17th and 21st August, according 
to your file list (as the old ones were last modified on the 17th.)  
They all look the same size, though, so it's unlikely anything's changed 
within the files themselves, although I'd use a comparison tool (such as 
diff or WinMerge just to be sure.)

My first port of call would be to look at what was running on the server 
on the 17th August, and also what's special about the zones that have 
got an "X|XX|XXX" brother, compared to those that haven't.

Andy.

Ryan McCain wrote:
> Sorry for the late response.
>
> I will respond to everyones questions in this email to save congestion in the list.
>
> -We are using BIND 9.3.2-17.4 on SLES 10 (kernel 2.6.16.21-0.8-bigsmp)
>
> - I am the only one who is touching DNS on secondary server in question.  There are Windows admins who could be adding DNS records on the primary server. I can't imagine them creating duplicate zones though.
>
> - Here is a directory listing of the zones on the secondary server.  Notice the X and XX zone files..
> -rw-r--r-- 1 named named   319 2007-08-21 12:56 0.in-addr.arpa
> -rw-r--r-- 1 named named  1535 2007-08-17 11:40 114.10.in-addr.arpa
> -rw-r--r-- 1 named named  1535 2007-08-21 12:46 114.10.in-addr.arpaX
> -rw-r--r-- 1 named named  2049 2007-08-21 12:48 115.10.in-addr.arpa
> -rw-r--r-- 1 named named   941 2007-08-21 12:55 116.10.in-addr.arpa
> -rw-r--r-- 1 named named   323 2007-08-21 12:55 117.10.in-addr.arpa
> -rw-r--r-- 1 named named  1263 2007-08-21 12:53 118.10.in-addr.arpa
> -rw-r--r-- 1 named named  3655 2007-08-21 12:57 119.10.in-addr.arpa
> -rw-r--r-- 1 named named 17566 2007-08-21 12:45 120.10.in-addr.arpa
> -rw-r--r-- 1 named named  1581 2007-08-21 12:50 121.10.in-addr.arpa
> -rw-r--r-- 1 named named  2275 2007-08-21 12:49 122.10.in-addr.arpa
> -rw-r--r-- 1 named named   827 2007-08-21 12:57 123.10.in-addr.arpa
> -rw-r--r-- 1 named named  3589 2007-08-21 12:48 124.10.in-addr.arpa
> -rw-r--r-- 1 named named  1388 2007-08-21 12:54 125.10.in-addr.arpa
> -rw-r--r-- 1 named named  2749 2007-08-21 12:56 126.10.in-addr.arpa
> -rw-r--r-- 1 named named   369 2007-08-21 12:57 127.in-addr.arpa
> -rw-r--r-- 1 named named   431 2007-08-17 11:16 citigroup.net
> -rw-r--r-- 1 named named   431 2007-08-17 11:18 citigroup.netX
> -rw-r--r-- 1 named named   431 2007-08-21 12:47 citigroup.netXX
> -rw-r--r-- 1 named named 42065 2007-08-21 12:22 dss.state.la.us
> -rw-r--r-- 1 named named  3568 2007-08-21 12:22 dss.state.la.us.jnl
> -rw-r--r-- 1 named named   411 2007-08-17 11:18 ebtadmin.jpmorganchase.com
> -rw-r--r-- 1 named named   411 2007-08-21 12:55 ebtadmin.jpmorganchase.comX
> -rw-r--r-- 1 named named   418 2007-08-21 12:54 familiesla.com
> -rw-r--r-- 1 named named   808 2007-08-21 12:54 familiesla.com.jnl
> -rw-r--r-- 1 named named   425 2007-08-17 11:23 fostercare.la.gov
> -rw-r--r-- 1 named named   425 2007-08-17 11:37 fostercare.la.govX
> -rw-r--r-- 1 named named   425 2007-08-17 11:40 fostercare.la.govXX
> -rw-r--r-- 1 named named   425 2007-08-21 12:56 fostercare.la.govXXX
> -rw-r--r-- 1 named named   439 2007-08-17 11:28 fostercare.louisiana.gov
> -rw-r--r-- 1 named named   439 2007-08-17 11:40 fostercare.louisiana.govX
> -rw-r--r-- 1 named named   439 2007-08-21 12:53 fostercare.louisiana.govXX
>
> - Finally, below is my named.conf file....
>
> # Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
> # All rights reserved.
> #
> # Author: Frank Bodammer, Lars Mueller <lmuelle at suse.de>
> #
> # /etc/named.conf
> #
> # This is a sample configuration file for the name server BIND 9.  It works as
> # a caching only name server without modification.
> #
> # A sample configuration for setting up your own domain can be found in
> # /usr/share/doc/packages/bind/sample-config.
> #
> # A description of all available options can be found in
> # /usr/share/doc/packages/bind/misc/options.
>
> options {
>
>         # The directory statement defines the name server's working directory
>
>         directory "/var/lib/named";
>
>         # Write dump and statistics file to the log subdirectory.  The
>         # pathenames are relative to the chroot jail.
>
>         dump-file "/var/log/named_dump.db";
>         statistics-file "/var/log/named.stats";
>
>         # The forwarders record contains a list of servers to which queries
>         # should be forwarded.  Enable this line and modify the IP address to
>         # your provider's name server.  Up to three servers may be listed..
>
>         #forwarders { 192.0.2.1; 192.0.2.2; };
>
>         # Enable the next entry to prefer usage of the name server declared in
>         # the forwarders section.
>
>         #forward first;
>
>         # The listen-on record contains a list of local network interfaces to
>         # listen on.  Optionally the port can be specified.  Default is to
>         # listen on all interfaces found on your system.  The default port is
>         # 53.
>
>         #listen-on port 53 { 127.0.0.1; };
>
>         # The listen-on-v6 record enables or disables listening on IPv6
>         # interfaces.  Allowed values are 'any' and 'none' or a list of
>         # addresses.
>
>         listen-on-v6 { any; };
>
>         # The next three statements may be needed if a firewall stands between
>         # the local server and the internet.
>
>         #query-source address * port 53;
>         #transfer-source * port 53;
>         #notify-source * port 53;
>
>         # The allow-query record contains a list of networks or IP addresses
>         # to accept and deny queries from. The default is to allow queries
>         # from all hosts.
>
>         #allow-query { 127.0.0.1; };
>
>         # If notify is set to yes (default), notify messages are sent to other
>         # name servers when the the zone data is changed.  Instead of setting
>         # a global 'notify' statement in the 'options' section, a separate
>         # 'notify' can be added to each zone definition.
>
>         notify no;
>         include "/etc/named.d/forwarders.conf";
> };
>
> # To configure named's logging remove the leading '#' characters of the
> # following examples.
> #logging {
> #       # Log queries to a file limited to a size of 100 MB.
> #       channel query_logging {
> #               file "/var/log/named_querylog"
> #                       versions 3 size 100M;
> #               print-time yes;                 // timestamp log entries
> #       };
> #       category queries {
> #               query_logging;
> #       };
> #
> #       # Or log this kind alternatively to syslog.
> #       channel syslog_queries {
> #               syslog user;
> #               severity info;
> #       };
> #       category queries { syslog_queries; };
> #
> #       # Log general name server errors to syslog.
> #       channel syslog_errors {
> #               syslog user;
> #               severity error;
> #       };
> #       category default { syslog_errors;  };
> #
> #       # Don't log lame server messages.
> #       category lame-servers { null; };
> #};
>
> # The following zone definitions don't need any modification.  The first one
> # is the definition of the root name servers.  The second one defines
> # localhost while the third defines the reverse lookup for localhost.
>
> zone "." in {
>         type hint;
>         file "root.hint";
> };
>
> zone "localhost" in {
>         type master;
>         file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "127.0.0.zone";
> };
>
> # Include the meta include file generated by createNamedConfInclude.  This
> # includes all files as configured in NAMED_CONF_INCLUDE_FILES from
> # /etc/sysconfig/named
>
> include "/etc/named.conf.include";
>
> ###Forward Records
> zone "familiesla.com" in {
>         masters { 172.20.11.237; };
>         file "slave/familiesla.com";
>         type slave;
> };
> logging {
>         category default { log_syslog; };
>         channel log_syslog { syslog; };
> };
> zone "dss.state.la.us" in {
>         masters { 172.20.11.237; };
>         file "slave/dss.state.la.us";
>         type slave;
> };
> zone "citigroup.net" in {
>         masters { 172.20.11.237; };
>         file "slave/citigroup.netXX";
>         type slave;
> };
> zone "ebtadmin.jpmorganchase.com" in {
>         masters { 172.20.11.237; };
>         file "slave/ebtadmin.jpmorganchase.comX";
>         type slave;
> };
> zone "fostercare.la.gov" in {
>         masters { 172.20.11.237; };
>         file "slave/fostercare.la.govXXX";
>         type slave;
> };
> zone "fostercare.louisiana.gov" in {
>         masters { 172.20.11.237; };
>         file "slave/fostercare.louisiana.govXX";
>         type slave;
> };
>
>
> ###Reverse Records
>
> zone "114.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/114.10.in-addr.arpaX";
>         type slave;
> };
> zone "115.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/115.10.in-addr.arpa";
>         type slave;
> };
> zone "116.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/116.10.in-addr.arpa";
>         type slave;
> };
> zone "117.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/117.10.in-addr.arpa";
>         type slave;
> };
> zone "118.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/118.10.in-addr.arpa";
>         type slave;
> };
> zone "119.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/119.10.in-addr.arpa";
>         type slave;
> };
> zone "120.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/120.10.in-addr.arpa";
>         type slave;
> };
> zone "121.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/121.10.in-addr.arpa";
>         type slave;
> };
> zone "122.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/122.10.in-addr.arpa";
>         type slave;
> };
> zone "123.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/123.10.in-addr.arpa";
>         type slave;
> };
> zone "124.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/124.10.in-addr.arpa";
>         type slave;
> };
> zone "125.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/125.10.in-addr.arpa";
>         type slave;
> };
> zone "126.10.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/126.10.in-addr.arpa";
>         type slave;
> };
> zone "127.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/127.in-addr.arpa";
>         type slave;
> };
> zone "0.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/0.in-addr.arpa";
>         type slave;
> };
> zone "1.168.in-addr.arpa" in {
>         masters { 172.20.11.237; };
>         file "slave/1.168.in-addr.arpa";
>         type slave;
> };
>
>
>   
>>>> On Fri, Aug 17, 2007 at  6:30 PM, in message
>>>>         
> <DE3D6118-4D2E-49A4-9124-0614390C57FB at swcp.com>, Bill Larson <wllarso at swcp.com>
> wrote: 
>   
>> On Aug 17, 2007, at 5:02 PM, Kevin Darcy wrote:
>>
>>     
>>> Ryan McCain wrote:
>>>       
>>>> I noticed a few of the zones I pull down have the main zone file,  
>>>> domain.com, then a few others, domain.comX, domain.comXX, etc.   
>>>> Can someone explain what is going on here or forward me to the  
>>>> appropriate link to read about this.
>>>>
>>>> I googled for "bind comXX" and nothing came up.
>>>>         
>> I'd take a guess that someone created some additional zones, possibly  
>> for internal use or maybe testing.
>>
>> Ryan, why not post your named.conf file?  This isn't anything  
>> standard, so you are making us do some heavy duty crystal ball gazing  
>> while trying to help you out.
>>
>> Bill Larson
>>
>>     
>>> Hmmm... What version of BIND is this? My initial thought was that  
>>> these
>>> were temporary zone files of some sort, but BIND 9 uses the
>>> "tmp-XXXXXXXXXX" template for its temp files (see the #define TEMPLATE
>>> in lib/isc/unix/file.c), and I've verified this with truss on a  
>>> Solaris box:
>>>
>>> /2: open("tmp-QJkiFMUAqe", O_RDWR|O_CREAT|O_EXCL, 0666) = 9
>>>
>>> I suppose an older version of BIND (8 or 4) might have formed temp  
>>> names
>>> by just appending Xs to the the zone name, but I don't specifically
>>> remember that convention.
>>>
>>> Are you sure the "XX" filenames aren't defined anywhere in your  
>>> named.conf?
>>>
>>> - Kevin
>>>
>>>
>>>
>>>       
>
>
>
> !DSPAM:37,46cb2a7a107505884010870!
>
>
>
>   




More information about the bind-users mailing list