search for: axfr

Hello all, I'd like to have redundant DNS in our setup. But it seems that Samba 4 does not yet support AXFR with its internal DNS server. Alright, that's fine, so I figured I'd configure the system such that at the very least, a caching nameserver was sitting in front of it. However, that doesn't work; the caching nameserver (BIND 9) returns SERVFAIL, apparently because Samba 4 isn'...

...3.0.2 15 Mar 2022 I tested XFR with a big "test." zone, with server-count=1. Zone test. is unsigned. The server had plenty of other zones plus the test. zone. Ever zones has a dedicated NSD process. The server has 40GB RAM. Without .test the server has ~20GB RAM consumption. Testing: 1. AXFR of test. zone with 5RR -> Memory consumption stable at 20GB 2. AXFR-style IXFR of test. zone with 50mio RRs (only NS records) -> memory consumption increased by ~14GB RAM to 34GB RAM 15:05:46 nsd-trial[635021]: xfrd: zone test committed "received update to serial 1690380825 at 2023-07-2...

...rastructure and maybe they even rate limit the queries per source IP address if too many come from one particular source. I am talking about servers that are not being monitored. I say this because if you monitor your servers and if you understand the DNS technology you can see that someone has AXFR-ed your zone or queried whatever.domain.com recursively using your name server and put an end to it. What are your thoughts on this matters? Cheers and Goodwill, Valentin Bud -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/...

...the files /path/to/*.pem are used by a child process with limited privileges of the username 'nsd' It would be better, if nsd read all tls-auth client-[cert|key] data before dropping privileges. Then the files could be still limited to be readable by the root user. next question: now, the axfr request from secondary to primary is a mTLS connection. But what about notify messages from primary to secondary? the zone-statement 'notify' does not mention a tls-auth-name Are these notifies still plain, unencrypted, unauthenticated UDP packets? next note: I used an IPv6 network for my...

...9;home.htt/IN/internal' from 192.168.192.2#53: Transfer completed: 1 > messages, 23 records, 1000 bytes, 0.020 secs (50000 bytes/sec) > > And over on homebase: > > Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 > (home.htt): transfer of 'home.htt/IN': AXFR started > Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 > (home.htt): transfer of 'home.htt/IN': AXFR ended > > But no file /var/named/slaves/bak.home.htt > > And yet on my DNS server, I can resolve homebase.home.htt: > > # dig homebase.home.htt &g...

Hi, I have a query regarding running a manual update of nsd via: # nsdc update My NSD server is accepting notifications from two servers. From my nsd.conf: # master 1 allow-notify: X.X.X.X NOKEY request-xfr: AXFR X.X.X.X NOKEY # master 2 allow-notify: Y.Y.Y.Y NOKEY request-xfr: AXFR Y.Y.Y.Y NOKEY Are both servers sequentially queried each time the update is run? Or is it a random one of the two servers that answers and the second one ignored? Many thanks, David

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an RR"/"deleting rrset" bind rules for dynamic DNS. # - added "connection reset" rule for bind. # - added "journal file does not exist" rule for bind. #...

On 07/09/15 21:26, Robert Moskowitz wrote: > Is there some option on the slave to set the frequency of the AXFR? > Say every hour? > > On 09/07/2015 03:45 PM, Lars Hanke wrote: >> Hi Robert, >> >> yes it does work. But the DLZ bind will not notify any slaves, when >> the repository changes. This can be painful, especially for longer >> TTL values. >> >> R...

...g updates on domains. when i update the main NS the secondary and tertiary doesn't update automatically. i need to delete the <domain>.zone file in the secondary and tertiary to get update from the main NS. I don't where's the problem i don't get any errors i just dont get the AXFR when the don't delete the file from the backup NS. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070811/d0eba938/attachment-0001.html>

I have bind running on two servers. Both servers are running bind-9.2.4-7. When I update a zone file on the primary and reload bind, the secondary receives a notify, but does not initiate an AXFR. The only way I can get the secondary to update is to delete the zone file on the secondary and restart named. Any ideas what might be wrong? Mike

I have a domain, let's call it "example.com". I am able to do zone transfers on the local host as follows: dig example.com AXFR @localhost This command outputs all of the contents of the zone as expected. I am unable to do zone transfers on my subdomain though: dig subdomain.example.com AXFR @localhost ; <<>> DiG 9.2.1 <<>> subdomain.example.com AXFR @localhost ;; global options: printcmd ; Tran...

Hello, I have dns zone domain.com configured on nsd server. If a try #dig axfr @localhost domain.com then i receive correct answer, but if i try #dig a @localhost domain.com then i received nothing but should be 127.0.0.1 How can i troubleshoot this problem? output: [root at ns1 ~]# dig axfr @localhost domain.com ; <<>> DiG 9.8.3-P1-RedHat-9.8.3-2.P1.fc15 &...

I am looking at: https://wiki.samba.org/index.php/DNS_administration I am using bind 9.9 on all my DNS servers. To set up secondarying my Samba DNS zones to my other Bind servers. I come across the following: https://bugzilla.samba.org/show_bug.cgi?id=9634 Is it possible to transfer the DLZ zones now as dates on this bug are 2 years old?

Hello World, I am trying to build NSD4 on Debian Squeeze and I get the following errors when running `make`. ``` $ pwd /home/wiz/src/nsd/tags/NSD_4_0_0_imp_5 $ make [... output omitted ...] gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o configparse acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o tsig-opens 4_pton.o b64_ntop.o -lcrypto configparser.o: In function `c_parse': /home/wiz/src/nsd/tags/NSD_4_0_0_imp_5/configparser.c:609: undefined reference /home/wiz/src/nsd/tags/NSD_4_0_...

Is there some option on the slave to set the frequency of the AXFR? Say every hour? On 09/07/2015 03:45 PM, Lars Hanke wrote: > Hi Robert, > > yes it does work. But the DLZ bind will not notify any slaves, when > the repository changes. This can be painful, especially for longer TTL > values. > > Regards, > - lars. > > Am 07.09.2...

...child process with > limited privileges of the username 'nsd' > It would be better, if nsd read all tls-auth client-[cert|key] data > before dropping privileges. > Then the files could be still limited to be readable by the root > user. > > next question: > now, the axfr request from secondary to primary is a mTLS connection. > But what about notify messages > from primary to secondary? the zone-statement 'notify' does not > mention a tls-auth-name > Are these notifies still plain, unencrypted, unauthenticated UDP > packets? > > next n...

On 09/07/2015 04:56 PM, Rowland Penny wrote: > On 07/09/15 21:26, Robert Moskowitz wrote: >> Is there some option on the slave to set the frequency of the AXFR? >> Say every hour? >> >> On 09/07/2015 03:45 PM, Lars Hanke wrote: >>> Hi Robert, >>> >>> yes it does work. But the DLZ bind will not notify any slaves, when >>> the repository changes. This can be painful, especially for longer >>>...

...ar 17 17:36:48 mythtv-0 named[9895]: zone localhost/IN: loaded serial 2 Mar 17 17:36:48 mythtv-0 named[9895]: managed-keys-zone ./IN: loaded serial 3 Mar 17 17:36:48 mythtv-0 named[9895]: running Mar 17 17:37:29 mythtv-0 named[9895]: client 127.0.0.1#53662: transfer of 'dmz.meanspc.com/IN': AXFR started Mar 17 17:37:29 mythtv-0 named[9895]: client 127.0.0.1#53662: transfer of 'dmz.meanspc.com/IN': AXFR ended Mar 17 17:38:37 mythtv-0 named[9895]: client 127.0.0.1#59300: transfer of 'dmz.meanspc.com/IN': AXFR started Mar 17 17:38:37 mythtv-0 named[9895]: client 127.0.0.1#5930...

...a256.plain" algorithm: hmac-sha256 secret: "xxx" key: name: "tsig.upu.sha256.signed" algorithm: hmac-sha256 secret: "xxx" pattern: name: "from-master" zonefile: "%s" request-xfr: AXFR 192.168.7.4 tsig.upu.sha256.plain allow-notify: 192.168.7.4 tsig.upu.sha256.plain pattern: name: "from-signer" zonefile: "%s" request-xfr: AXFR 192.168.7.4 tsig.upu.sha256.signed allow-notify: 192.168.7.4 tsig.upu.sha256.signed zone:...

No idea!?? EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Urspr?ngliche Nachricht----- Von: Daniel M?ller [mailto:mueller at tropenklinik.de] Gesendet: Mittwoch, 15. April 2015 14:40 An: 'samba-bounces at