[PLUG] Re: BIND slow to restart- sometimes

keith morse kgmorse at mpcu.com
Tue Oct 19 00:06:02 UTC 2004


Steven Raymond wrote:
> keith morse said:
> 
>>To help take a look at the debug level option for named.  You can apply
>>this in /etc/sysconfig/named
> 
> 
> Will do.
> 
> 
>>You should only have to define $ORIGIN just once per zone file. Actually
>>IIRC the newer version of bind does not even require that it be defined.
>>  None of the 14 zones files of my have it.
> 
> 
> K, will try trimming that out.
> 
> 
>>One last thing is the $GENERATE,  is this really needed?  Why generate
>>resource records for hosts that probably don't exist?
> 
> 
> Here is where my ignorance will show.  The need for the $GENERATE is due

And so will mine.  If your ego can stand it, a public display of 
ignorance/stupidity (hard to tell which one it is sometimes) can be a 
great learning experience.  Then one hopes that a  DNS 
guru/master/sensei will step in and show the error of your ways. 
Imparting knowledge/enlightenment/wisdom to your pathetic life.  Oops, 
sorry.  Been watching too much anime.



> to the fact that am doing a reverse zone for only a /28; BIND presumes you
> are delegated the entire /24 otherwise?  In this case the zone file only
> covers this guy's actual IP subnet x.x.x.144 through .159, or 16 addresses
> resulting in CIDR /28.
> 
> The $GENERATE tells this machine to refer back to the, uh, parent(?) name
> servers which really hold (or have delegations) for the rest of the
> reverse zone for the /24.  Without doing so this server would think it had
> been delegated the whole /24 which it has not.
> 
> Make any sense whatsoever?

I can only say that, sadly it does.  I have been party to only one CIDR 
reverse DNS party.  It was mine, a /27, Qwest is the holder of the IP's 
according to ICAAN.  Painful, research intensive, probably spent 80 
hours trying to find examples that worked.  Fortunately I asked a guru 
who helped me.  Also pestered the bejeezus out of the Qwest NOC DNS 
support staff.  Mine did not require any $GENERATE wizardry, but that 
may be only due to the requirements of the actual authoritative Name 
Servers for the ip block that my subnet is a part of.  Doubtless other 
authoritative Name Servers admins will have differing requirements.  If 
you're willing go to www.dnsstuff.com and do a mx record lookup on my 
domain.  Then using www.dnsstuff.com do a "Reverse DNS" lookup on the ip 
address of the "A" record for my mail server and note the search path 
that develops from the query.  You'll notice that when it gets to 
Qwest's Name server it uses  a CNAME record to refer to my Name server.

DNS tools I've learned to love:

	dig,  obviously
	www.dnstools.com,  too bad there is no command line equivalent.
	vi,  well actually, vim.
	http://groups.google.com/advanced_group_search?hl=en ,  focusing
		of course on the comp.os.protocol.bind.* hierarchy
	any variant of obfuscated bind/named reference beit in man,
		info, infodoc form.  Pure and true learning by suffering
		exists in this path.


Pardon my rambling.  This past year, I've been too deep in the rot that 
the virus generating, Redmond Washington, mind polluting effluent that 
some have the audacity to call software.  (I know the last sentence is 
grammatical crap but I where is a member of the Profession Organization 
of English Majors to be found at this late hour.)




More information about the PLUG mailing list