comp.protocols.dns.bind
  Home FAQ Contact Sign in
comp.protocols.dns.bind only
 
Advanced search
August 2008
motuwethfrsasuw
    123 31
45678910 32
11121314151617 33
18192021222324 34
25262728293031 35
2008
 Jan   Feb   Mar   Apr 
 May   Jun   Jul   Aug 
 Sep   Oct   Nov   Dec 
2008 2007 2006  
total
comp.protocols.dns.bind Profile…
RELATED GROUPS

POPULAR GROUPS

more...
 Up
  Re: DNS query with no domain         


Author: Prabhat Rana
Date: Aug 19, 2008 08:25

Thanks to Matt and Mark for suggestions and notes. I completely understand the idea of having perform resolution for a absolute hostname is a broken design. However we have been asked to make this happen. Apparently shortening the URL size that handset queries is a part of effort on shortening the packet size from the handset. And by reducing the packet size to less than 140 or less byte characters the packet will not be segmented and makes the data calls significantly faster.
And mms in the only one that handsets
Prabhat.

--- On Tue, 8/19/08, Matus UHLAR - fantomas wrote:
From: Matus UHLAR - fantomas
Subject: Re: DNS query with no domain
To: bind-users@isc.org
Date: Tuesday, August 19, 2008, 7:26 AM

On 18.08.08 12:22, Prabhat Rana wrote:
> Thanks for the quick response. The querying client is this case is not a
> server it is infact a handheld device. And we can not put any search order
> in this device. We can only tell it to which DNS server to query and what
> URL which is http://mms

what kind of handheld device? Can't it be configured to append domain name?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
no comments
  Re: Bind-9.5.0-P2 testing         


Author: Andrey G. Sergeev (AKA Andris)
Date: Aug 19, 2008 05:43

Hello Latif,

Tue, 19 Aug 2008 08:00:59 -0400 Binmakhashen, Latif wrote:
> Here is how I found out:

[...]
> # dig version.bind chaos txt @hpadm1
>
> ; <<>> DiG 9.5.0-P2 <<>> version.bind chaos txt @hpadm1
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1655
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;version.bind. CH TXT
>
> ;; ANSWER SECTION:
> version.bind. 0 CH TXT "9.2.0"
Show full article (1.25Kb)
no comments
  Re: DNS query with no domain         


Author: Matus UHLAR - fantomas
Date: Aug 19, 2008 05:26

On 18.08.08 12:22, Prabhat Rana wrote:
> Thanks for the quick response. The querying client is this case is not a
> server it is infact a handheld device. And we can not put any search order
> in this device. We can only tell it to which DNS server to query and what
> URL which is http://mms

what kind of handheld device? Can't it be configured to append domain name?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
no comments
  RE: Bind-9.5.0-P2 testing         


Author: Binmakhashen, Latif
Date: Aug 19, 2008 05:00

Once again, good answers from you and from Mark Andrews!!!

The bind version 9.2.0 is coming from the primary internal DNS server of
which I didn't upgrade yet.
I'm running the correct binaries internally and externally. I'll work on
the query-source statement with the network admin. I'm pretty sure at
this point that the query-source is causing the POOR results for the
source port randomness but I'll check with the network admin the
firewall/NAT is not decreasing the randomness either.

Here is how I found out:

Secondary Internal DNS:

# dig version.bind chaos txt @hpadm2

; <<>> DiG 9.5.0-P2 <<>> version.bind chaos txt @hpadm2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1500
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind. CH TXT
Show full article (10.42Kb)
no comments
  CPU utilization         


Author: Ejaz
Date: Aug 19, 2008 03:06

Hi,
I have installed BIND 9.3.4-P1on RedhatEnterprise Linux 5, as we are an ISP we have near 1000 domains are hosted in our dns, also all our customers are using our DNS to browse,

My problem is most of the times my CPU utilisation remain 80%%,90%% and 100%%. So any help will be will be great for me,

I have following entries in my /var/log/syslog, and

Aug 19 12:47:04 ns1 named[3400]: client 172.21.0.49#49944: query (cache) 'feniphone.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: unexpected RCODE (REFUSED) resolving 'blitzbeat.com/A/IN': 66.196.84...
Show full article (2.51Kb)
no comments
  Re: DNS query with no domain         


Author: Mark Andrews
Date: Aug 18, 2008 21:18

> On 18-Aug-2008, at 21:52 , Mark Andrews wrote:
>
>> Note: Single label absolute hostnames were declared a BAD
>> idea over 20 years ago. All such hostnames, at the time,
>> were renamed at the time to .ARPA.
>>
>> Single label absolute hostnames will NEVER work cleanly.
>> Trying to make them work cleanly is a exercise in futility.
>
> Agreed. I'm not suggesting this is a good idea, just the only way I
> can think of to accomplish what the OP requested. Is there a better
> option?

Sometimes the best option is just to say "NO".

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
no comments
  Re: DNS query with no domain         


Author: Matthew Pounsett
Date: Aug 18, 2008 20:26

On 18-Aug-2008, at 21:52 , Mark Andrews wrote:
> Note: Single label absolute hostnames were declared a BAD
> idea over 20 years ago. All such hostnames, at the time,
> were renamed at the time to .ARPA.
>
> Single label absolute hostnames will NEVER work cleanly.
> Trying to make them work cleanly is a exercise in futility.

Agreed. I'm not suggesting this is a good idea, just the only way I
can think of to accomplish what the OP requested. Is there a better
option?
no comments
  Re: Bind-9.5.0-P2 testing         


Author: Mark Andrews
Date: Aug 18, 2008 19:12

> Good points Kevin!!!
>
> 1) This is weird, the command line with the -v flag is showing the
> right version but the output from the command is referring to an earlier
> version which is not installed at all?
>
> Internal DNS seems to refer to an older version that doesn't exist in
> the system? I see something that maybe causing that so I'll investigate
> this some more and will keep you guys updated.
>
> # ./dig -v
> DiG 9.5.0-P2
>
> # ./dig version.bind chaos txt
>
> ; <<>> DiG 9.5.0-P2 <<>> version.bind chaos txt
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1704
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ...
Show full article (5.90Kb)
no comments
  Re: Bind-9.5.0-P2 testing         


Author: Mark Andrews
Date: Aug 18, 2008 19:06

> That's a very interesting question because I'm pretty much on the same
> boat.
> I just upgraded to bind-9.5.0-P2 and was looking for a good tool that
> will show me if this version really fixes the DNS cache poisoning issue.
>
> I found the following tool which I believe is pretty good but it
> probably does more check than just the DNS cache poisoning...
>
> Go here and under Testing and Reporting Tools, run the DNS Vulnerability
> Testing Tool => Test Now.
>
> http://www.infoblox.com/library/dns-security-center.cfm#2
>
> I'm getting POOR for the Source Port randomness and GREAT for the
> transaction ID randomness.
> Is that expected? Does the source port randomness has something to do
> with the way named.conf is setup?
>
> Also, another test from the command line is showing a POOR result? Refer
> to the following link for more info about the command line test: ...
Show full article (2.95Kb)
no comments
  Re: DNS query with no domain         


Author: Mark Andrews
Date: Aug 18, 2008 18:52

> On 18-Aug-2008, at 15:57 , Prabhat Rana wrote:
>
>> Matt,
>> Thanks for a quick response again. Yes the design for handheld
>> device to be able to connect just by querying http://mms does look
>> like broken. And yes http://mms is the only hostname that handheld
>> will be access in this way (without domain). So to better understand
>> the solution that you have provided,
>> At this time the authoritative servers have a zone db.ora.com in
>> which there is A record for mms to an IP.
>> So what you're suggeting is configure a mms. zone in the named.conf
>> and create a zone file called db.mms. and in that zone file have A
>> record for mms to mms.ora.com? Now it responds with same IP for both
>> mms.ora.com and mms?
>> And then put a forwarder for mms in recursive DNS that points to
>> authoritative servers?
>
>
> Yes, that sounds about right. In the file db.mms (for the mms. zone)
> you would insert an A record for the origin, not for a host called mms ...
Show full article (1.84Kb)
no comments
1 2 3 4 5 6 7 8 9