[PLUG] Re: BIND slow to restart- sometimes
keith morse
kgmorse at mpcu.com
Tue Oct 19 00:06:02 UTC 2004
Steven Raymond wrote:
> keith morse said:
>
>>To help take a look at the debug level option for named. You can apply
>>this in /etc/sysconfig/named
>
>
> Will do.
>
>
>>You should only have to define $ORIGIN just once per zone file. Actually
>>IIRC the newer version of bind does not even require that it be defined.
>> None of the 14 zones files of my have it.
>
>
> K, will try trimming that out.
>
>
>>One last thing is the $GENERATE, is this really needed? Why generate
>>resource records for hosts that probably don't exist?
>
>
> Here is where my ignorance will show. The need for the $GENERATE is due
And so will mine. If your ego can stand it, a public display of
ignorance/stupidity (hard to tell which one it is sometimes) can be a
great learning experience. Then one hopes that a DNS
guru/master/sensei will step in and show the error of your ways.
Imparting knowledge/enlightenment/wisdom to your pathetic life. Oops,
sorry. Been watching too much anime.
> to the fact that am doing a reverse zone for only a /28; BIND presumes you
> are delegated the entire /24 otherwise? In this case the zone file only
> covers this guy's actual IP subnet x.x.x.144 through .159, or 16 addresses
> resulting in CIDR /28.
>
> The $GENERATE tells this machine to refer back to the, uh, parent(?) name
> servers which really hold (or have delegations) for the rest of the
> reverse zone for the /24. Without doing so this server would think it had
> been delegated the whole /24 which it has not.
>
> Make any sense whatsoever?
I can only say that, sadly it does. I have been party to only one CIDR
reverse DNS party. It was mine, a /27, Qwest is the holder of the IP's
according to ICAAN. Painful, research intensive, probably spent 80
hours trying to find examples that worked. Fortunately I asked a guru
who helped me. Also pestered the bejeezus out of the Qwest NOC DNS
support staff. Mine did not require any $GENERATE wizardry, but that
may be only due to the requirements of the actual authoritative Name
Servers for the ip block that my subnet is a part of. Doubtless other
authoritative Name Servers admins will have differing requirements. If
you're willing go to www.dnsstuff.com and do a mx record lookup on my
domain. Then using www.dnsstuff.com do a "Reverse DNS" lookup on the ip
address of the "A" record for my mail server and note the search path
that develops from the query. You'll notice that when it gets to
Qwest's Name server it uses a CNAME record to refer to my Name server.
DNS tools I've learned to love:
dig, obviously
www.dnstools.com, too bad there is no command line equivalent.
vi, well actually, vim.
http://groups.google.com/advanced_group_search?hl=en , focusing
of course on the comp.os.protocol.bind.* hierarchy
any variant of obfuscated bind/named reference beit in man,
info, infodoc form. Pure and true learning by suffering
exists in this path.
Pardon my rambling. This past year, I've been too deep in the rot that
the virus generating, Redmond Washington, mind polluting effluent that
some have the audacity to call software. (I know the last sentence is
grammatical crap but I where is a member of the Profession Organization
of English Majors to be found at this late hour.)
More information about the PLUG
mailing list