From owner-freebsd-isp Mon Feb 12 19:37:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id CFC5137B491 for ; Mon, 12 Feb 2001 19:37:17 -0800 (PST) Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id WAA12798; Mon, 12 Feb 2001 22:37:17 -0500 Received: from localhost (mitch@localhost) by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id WAA13455; Mon, 12 Feb 2001 22:37:15 -0500 X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs Date: Mon, 12 Feb 2001 22:37:15 -0500 (EST) From: Mitch Collinsworth To: Corey Ralph Cc: freebsd-isp@freebsd.org Subject: Re: Bind problems In-Reply-To: <20010213140321.A99212@corey.datafast.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This does sound like the same problem Jim Housley just reported, assuming by "unpublished" he means "not yet delegated from the parent zone". And it's worrisome to me since there are several domains here intentionally configured the same way, and which have been running that way happily for a few years now. (Authoritative servers are all secondaries, transferring data from a primary that's not authoritative.) This has the scent of a new "default" security measure that is hopefully overridable with a config option. Time to dig into the bind docs and see what's changed. Or ask on bind-users. -Mitch On Tue, 13 Feb 2001, Corey Ralph wrote: > Most of them aren't yet on the secondary at all. > > I have put them into the named.conf and issued a named.reload. > > They are serving OK from the primary, but aunic require primary and the > secondary to be functioning to delegate a domain. > > Corey > > On Mon, Feb 12, 2001 at 09:50:37PM -0500, Mitch Collinsworth wrote: > > > > Well as you might guess I'm just grasping at straws here. And well, > > I'm running out of straws. How about this. Is the serial number in > > the zone file on the primary greater than the serial number on the > > secondary? > > > > -Mitch > > > > > > On Tue, 13 Feb 2001, Corey Ralph wrote: > > > > > It is running as root. > > > > > > Cheers, > > > Corey > > > > > > On Mon, Feb 12, 2001 at 09:21:50PM -0500, Mitch Collinsworth wrote: > > > > OK, how about checking what user named is running as, and then > > > > checking your zone files and their directory to make sure that > > > > user has read/write access. > > > > > > > > -Mitch > > > > > > > > > > > > On Tue, 13 Feb 2001, Corey Ralph wrote: > > > > > > > > > Mitch, > > > > > > > > > > I originally installed from the freebsd base system, and have done a > > > > > make world to update it before. This time I just applied the binary > > > > > update that was with the advisory. > > > > > > > > > > I think it is using the right .conf though, because it is serving > > > > > queries, just not updating the zones. > > > > > > > > > > Cheers, > > > > > Corey Ralph > > > > > > > > > > On Mon, Feb 12, 2001 at 08:21:36PM -0500, Mitch Collinsworth wrote: > > > > > > Did you install from the freebsd port or from the ISC source? > > > > > > Was your previous install from the same source? They (last time > > > > > > I looked, admittedly a few months back) look in different places > > > > > > for their configuration file. Maybe you're not reading the .conf > > > > > > (or .boot) file you think you are? > > > > > > > > > > > > -Mitch > > > > > > > > > > > > > > > > > > On Tue, 13 Feb 2001, Corey Ralph wrote: > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > I am having a problem with one of my nameservers since upgrading bind > > > > > > > after the advisory last week. > > > > > > > > > > > > > > It runs slave for all our zones. It has stopped updating its zone > > > > > > > files. Doing it manually using /usr/libexec/named-xfer works fine. I > > > > > > > tried setting the path to it in the options just incase it was looking > > > > > > > in the wrong place, that didn't help. There are no relevant messages in > > > > > > > the logs. > > > > > > > > > > > > > > Has anybody seen this before? > > > > > > > > > > > > > > Also, I am considering switching to djbdns to avoid this constant > > > > > > > upgrading. Any experiences with this? Would bind 9 be a better choice? > > > > > > > > > > > > > > Cheers, > > > > > > > Corey Ralph > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message