From owner-freebsd-isp@FreeBSD.ORG Mon Jul 31 07:30:41 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A86B416A4DD for ; Mon, 31 Jul 2006 07:30:41 +0000 (UTC) (envelope-from wwwrun@koz.a03i1.de) Received: from dd2626.kasserver.com (dd2626.kasserver.com [81.209.184.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2F9343D45 for ; Mon, 31 Jul 2006 07:30:40 +0000 (GMT) (envelope-from wwwrun@koz.a03i1.de) Received: by dd2626.kasserver.com (Postfix, from userid 30) id C1564119775; Mon, 31 Jul 2006 09:29:03 +0200 (CEST) To: isp@freebsd.org From: Halifax Online Banking Content-Transfer-Encoding: 8bit Message-Id: <20060731072903.C1564119775@dd2626.kasserver.com> Date: Mon, 31 Jul 2006 09:29:03 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Accounts Security Alert X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security@updates.halifax.co.uk List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 07:30:41 -0000 [home_banner_left_020502.gif] Dear Customer, Our Technical Service department has recently updated our online banking software, and due to this upgrade we kindly ask you to follow the link given below to confirm your online account details. Failure to confirm the online banking details will suspend you from accessing your account online. [1]https://www.halifax-online.co.uk/_mem_bin/formslogin.asp We use the latest security measures to ensure that your online banking experience is safe and secure. The administration asks you to accept our apologies for the inconvience caused and expresses gratitude for cooperation. Regards, Halifax Online Technical Support -- Please do not reply to this email address as it is not monitored and we will be unable to respond. For assistance, log in to your Halifax Online Bank account and choose the "Help" link on any page. ^© Halifax plc, Registered in England No. 2367076. Registered Office: Trinity Road, Halifax, West Yorkshire HX1 2RG. Authorised and regulated by the Financial Services Authority. Represents only the Halifax Financial Services Marketing Group for the purposes of advising on and selling life assurance References 1. http://naran.ru/last/FormsLogin.aspsource=halifax.co.uk/Index.PHP From owner-freebsd-isp@FreeBSD.ORG Mon Jul 31 13:18:03 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB9FE16A4DA for ; Mon, 31 Jul 2006 13:18:03 +0000 (UTC) (envelope-from jhs@flat.berklix.net) Received: from thin.berklix.org (thin.berklix.org [194.246.123.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1D0843D72 for ; Mon, 31 Jul 2006 13:17:58 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (p549A56AC.dip.t-dialin.net [84.154.86.172]) (authenticated bits=128) by thin.berklix.org (8.12.11/8.12.11) with ESMTP id k6VDHuTp056942 for ; Mon, 31 Jul 2006 15:17:56 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.12.11/8.12.11) with ESMTP id k6VDHt2o001630 for ; Mon, 31 Jul 2006 15:17:55 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost.jhs.private [127.0.0.1]) by fire.jhs.private (8.13.1/8.13.1) with ESMTP id k6VDHt8d007539 for ; Mon, 31 Jul 2006 15:17:55 +0200 (CEST) (envelope-from jhs@fire.jhs.private) Message-Id: <200607311317.k6VDHt8d007539@fire.jhs.private> In-Reply-To: Message from Halifax Online Banking of "Mon, 31 Jul 2006 09:29:03 +0200." <20060731072903.C1564119775@dd2626.kasserver.com> Date: Mon, 31 Jul 2006 15:17:55 +0200 From: "Julian H. Stacey" Cc: isp@freebsd.org Subject: Re: Accounts Security Alert X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 13:18:03 -0000 -------- Halifax Online Banking wrote: > > [home_banner_left_020502.gif] > Dear Customer, I've reported this fraud to the real Halifax, discussion is on hardware@ -- Julian Stacey. Consultant Unix Net & Sys. Eng., Munich. http://berklix.com Mail in Ascii, HTML=spam. Ihr Rauch = mein allergischer Kopfschmerz. From owner-freebsd-isp@FreeBSD.ORG Mon Jul 31 15:23:13 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 308BA16A4DE for ; Mon, 31 Jul 2006 15:23:13 +0000 (UTC) (envelope-from eh@netuse.de) Received: from mail0.netuse.de (mailout0.netuse.de [195.244.244.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E4DF43D45 for ; Mon, 31 Jul 2006 15:23:12 +0000 (GMT) (envelope-from eh@netuse.de) Received: from netuse.de (boss [192.168.254.12]) by mail0.netuse.de (8.12.11/8.12.10) with ESMTP id k6VFN9ri007490 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Mon, 31 Jul 2006 17:23:09 +0200 (CEST) Received: from [192.168.254.84] (hasenfuss.intern.netuse.de [192.168.254.84]) by netuse.de (8.12.10/8.12.10) with ESMTP id k6VFN6l9026908 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Mon, 31 Jul 2006 17:23:08 +0200 (MEST) Message-ID: <44CE2043.1040308@netuse.de> Date: Mon, 31 Jul 2006 17:22:43 +0200 From: Edda Hochstrate User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 7.1.1.0; VDF 6.35.1.26 X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 7.1.1.0; VDF 6.35.1.26 X-Greylist: Sender IP whitelisted,not delayed by milter-greylist-2.0 (mail0.netuse.de [195.244.244.5]); Mon, 31 Jul 2006 17:23:10 +0200 (CEST) Subject: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 15:23:13 -0000 Hi, I've a problem with rndc on a bind9 slave server. In my opinion afer an "rndc reload" a slave should query the master for the soa records of all zones stated in named.conf. This is what the slave does when started without any zone files on disk. If the slave has already loaded the zones from the master "rndc reload" has no effect as I can see in tcpdump output, same with "rndc reconfig". "rndc reload 123.org" works as expected. The slave queries the master for the soa record of 123.org and updates the zone if his own serial is older. Is there a way to force a complete reload of a bind9 slave server. Thanks very much, Edda From owner-freebsd-isp@FreeBSD.ORG Mon Jul 31 19:22:36 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA1F816A4DE for ; Mon, 31 Jul 2006 19:22:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 68B0C43D72 for ; Mon, 31 Jul 2006 19:22:34 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 30569 invoked by uid 399); 31 Jul 2006 19:22:33 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 31 Jul 2006 19:22:33 -0000 Message-ID: <44CE5875.9050509@FreeBSD.org> Date: Mon, 31 Jul 2006 12:22:29 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: Edda Hochstrate References: <44CE2043.1040308@netuse.de> In-Reply-To: <44CE2043.1040308@netuse.de> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 19:22:36 -0000 Edda Hochstrate wrote: > Hi, > > I've a problem with rndc on a bind9 slave server. > > In my opinion afer an "rndc reload" a slave > should query the master for the soa records of all > zones stated in named.conf. Well, unfortunately for you the BIND developers do not agree with you. I could argue that there are good reasons not to do what you're suggesting, but I suspect that is not a useful discussion. > This is what the slave does when started without any zone files on disk. If that's the behavior you want, and you don't have a lot of zones to deal with, you could always restart the server instead of using rndc reload. > Is there a way to force a complete reload of a > bind9 slave server. Other than restarting as I suggested above, you could either recursively use rndc reload , or rndc refresh . Now that I've answered your question, I'd like to suggest that you perhaps reconsider this goal? If your master and slave name servers are properly configured, you shouldn't have to do this at all. The master should be sending out notifys for domains when they are updated, which your slaves can then act on in near real time. What conditions are you seeing that lead you to believe that refreshing all your zones at once is necessary? hth, Doug -- This .signature sanitized for your protection From owner-freebsd-isp@FreeBSD.ORG Tue Aug 1 11:29:31 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 434CD16A4DE; Tue, 1 Aug 2006 11:29:31 +0000 (UTC) (envelope-from eh@netuse.de) Received: from mail0.netuse.de (mailout0.netuse.de [195.244.244.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 890BB43D46; Tue, 1 Aug 2006 11:29:29 +0000 (GMT) (envelope-from eh@netuse.de) Received: from netuse.de (boss [192.168.254.12]) by mail0.netuse.de (8.12.11/8.12.10) with ESMTP id k71BTQjM025904 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Tue, 1 Aug 2006 13:29:27 +0200 (CEST) Received: from [192.168.254.84] (hasenfuss.intern.netuse.de [192.168.254.84]) by netuse.de (8.12.10/8.12.10) with ESMTP id k71BTPl9025748 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Tue, 1 Aug 2006 13:29:25 +0200 (MEST) Message-ID: <44CF3B00.2090106@netuse.de> Date: Tue, 01 Aug 2006 13:29:04 +0200 From: Edda Hochstrate User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Barton References: <44CE2043.1040308@netuse.de> <44CE5875.9050509@FreeBSD.org> In-Reply-To: <44CE5875.9050509@FreeBSD.org> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 7.1.1.0; VDF 6.35.1.31 X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 7.1.1.0; VDF 6.35.1.31 X-Greylist: Sender IP whitelisted,not delayed by milter-greylist-2.0 (mail0.netuse.de [195.244.244.5]); Tue, 01 Aug 2006 13:29:27 +0200 (CEST) Cc: freebsd-isp@freebsd.org Subject: Re: [SPAM] (4.4/3.0) Re: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2006 11:29:31 -0000 Doug Barton wrote: > Edda Hochstrate wrote: >> >>In my opinion afer an "rndc reload" a slave >>should query the master for the soa records of all >>zones stated in named.conf. > > > Well, unfortunately for you the BIND developers do not agree with you. I > could argue that there are good reasons not to do what you're suggesting, > but I suspect that is not a useful discussion. Thank you, that clears the situation. I was very surprised about this behaviour. > > Now that I've answered your question, I'd like to suggest that you perhaps > reconsider this goal? If your master and slave name servers are properly > configured, you shouldn't have to do this at all. The master should be > sending out notifys for domains when they are updated, which your slaves can > then act on in near real time. What conditions are you seeing that lead you > to believe that refreshing all your zones at once is necessary? We have a lot of customers with master servers for their own domains, not every server is bind 9 or even bind. The notify mechanism doesn't work well on all these servers. With bind 8 we simply send a kill -HUP to our slave and it starts reloading all updated zones. With bind 9 we observe that our slaves get some updates only after the refresh time is expired. Thank you again, Edda From owner-freebsd-isp@FreeBSD.ORG Tue Aug 1 12:44:15 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 070F816A4E7; Tue, 1 Aug 2006 12:44:15 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6985B43D6D; Tue, 1 Aug 2006 12:44:08 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 9B55324C31; Tue, 1 Aug 2006 08:44:07 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 43E5A675C3; Tue, 1 Aug 2006 08:44:05 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G7tbP-000Mqg-NF; Tue, 01 Aug 2006 13:44:03 +0100 Date: Tue, 1 Aug 2006 13:44:03 +0100 From: Brian Candler To: Edda Hochstrate Message-ID: <20060801124403.GA87804@uk.tiscali.com> References: <44CE2043.1040308@netuse.de> <44CE5875.9050509@FreeBSD.org> <44CF3B00.2090106@netuse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44CF3B00.2090106@netuse.de> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org, Doug Barton Subject: Re: [SPAM] (4.4/3.0) Re: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2006 12:44:15 -0000 On Tue, Aug 01, 2006 at 01:29:04PM +0200, Edda Hochstrate wrote: > We have a lot of customers with master servers for their own domains, not > every server is bind 9 or even bind. The notify mechanism doesn't work > well on all these servers. With bind 8 we simply send a kill -HUP > to our slave and it starts reloading all updated zones. With bind 9 > we observe that our slaves get some updates only after the refresh time > is expired. When were you proposing to do this 'kill -HUP' ? If you are going to do a 'kill -HUP' every 5 minutes, say, then you are generating a lot of work for your own server and every customer's master server. If you have a particular customer who has made a change and explicitly asks you to refresh their zone, then you can 'rndc reload ' as said before. However, note that your slave server will poll each of the masters at the refresh interval in their SOA record anyway. So if a particular customer wants you to poll their zone more frequently, then they can just reduce the refresh time in their SOA record, and your server will honour their request. That gives you the best of all worlds - frequent polling for those customers who want or need it, and occasional polling for everyone else. At least that's my understanding... Regards, Brian. From owner-freebsd-isp@FreeBSD.ORG Tue Aug 1 13:06:58 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D571616A4E0; Tue, 1 Aug 2006 13:06:58 +0000 (UTC) (envelope-from eh@netuse.de) Received: from mail0.netuse.de (mailout0.netuse.de [195.244.244.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DE0B43D45; Tue, 1 Aug 2006 13:06:57 +0000 (GMT) (envelope-from eh@netuse.de) Received: from netuse.de (boss [192.168.254.12]) by mail0.netuse.de (8.12.11/8.12.10) with ESMTP id k71D6tdB027539 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Tue, 1 Aug 2006 15:06:55 +0200 (CEST) Received: from [192.168.254.84] (hasenfuss.intern.netuse.de [192.168.254.84]) by netuse.de (8.12.10/8.12.10) with ESMTP id k71D6sl9000743 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Tue, 1 Aug 2006 15:06:54 +0200 (MEST) Message-ID: <44CF51D6.7060406@netuse.de> Date: Tue, 01 Aug 2006 15:06:30 +0200 From: Edda Hochstrate User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Candler References: <44CE2043.1040308@netuse.de> <44CE5875.9050509@FreeBSD.org> <44CF3B00.2090106@netuse.de> <20060801124403.GA87804@uk.tiscali.com> In-Reply-To: <20060801124403.GA87804@uk.tiscali.com> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 7.1.1.0; VDF 6.35.1.32 X-AntiVirus: checked by AntiVir Milter 1.0.6; AVE 7.1.1.0; VDF 6.35.1.32 X-Greylist: Sender IP whitelisted,not delayed by milter-greylist-2.0 (mail0.netuse.de [195.244.244.5]); Tue, 01 Aug 2006 15:06:55 +0200 (CEST) Cc: freebsd-isp@freebsd.org, Doug Barton Subject: Re: Re: Re: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2006 13:06:58 -0000 Brian Candler wrote: > If you are going to do a 'kill -HUP' every 5 minutes, say, then you are > generating a lot of work for your own server and every customer's master > server. Once an hour. Then it takes 10 min. apx. for 3000 zones. > > If you have a particular customer who has made a change and explicitly asks > you to refresh their zone, then you can 'rndc reload ' as said before. Yes. But not, if your customer himself has 900 zones and wants your slaves to be as up-to-date as his primary. But maybe we will script it with 'rndc reload ', right. > > However, note that your slave server will poll each of the masters at the > refresh interval in their SOA record anyway. So if a particular customer > wants you to poll their zone more frequently, then they can just reduce the > refresh time in their SOA record, and your server will honour their request. > That gives you the best of all worlds - frequent polling for those customers > who want or need it, and occasional polling for everyone else. In our opinion as an ISP the refresh time is for the world of resolvers. Authoritative nameservers (especially slaves serving hidden primaries) should be as close as possible to the primary. Best regards, Edda From owner-freebsd-isp@FreeBSD.ORG Tue Aug 1 13:35:13 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2625016A4DD; Tue, 1 Aug 2006 13:35:13 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id A53F043D49; Tue, 1 Aug 2006 13:35:12 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 013997B2E4; Tue, 1 Aug 2006 09:35:34 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 78D1251; Tue, 1 Aug 2006 09:35:30 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G7uOp-000Mt5-3J; Tue, 01 Aug 2006 14:35:07 +0100 Date: Tue, 1 Aug 2006 14:35:07 +0100 From: Brian Candler To: Edda Hochstrate Message-ID: <20060801133506.GA87916@uk.tiscali.com> References: <44CE2043.1040308@netuse.de> <44CE5875.9050509@FreeBSD.org> <44CF3B00.2090106@netuse.de> <20060801124403.GA87804@uk.tiscali.com> <44CF51D6.7060406@netuse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44CF51D6.7060406@netuse.de> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org, Doug Barton Subject: Re: Re: Re: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2006 13:35:13 -0000 On Tue, Aug 01, 2006 at 03:06:30PM +0200, Edda Hochstrate wrote: > >However, note that your slave server will poll each of the masters at the > >refresh interval in their SOA record anyway. So if a particular customer > >wants you to poll their zone more frequently, then they can just reduce the > >refresh time in their SOA record, and your server will honour their > >request. > >That gives you the best of all worlds - frequent polling for those > >customers > >who want or need it, and occasional polling for everyone else. > > In our opinion as an ISP the refresh time is for the world of resolvers. I don't think that's what it's for. As I understand it, there are three main participants in the DNS: - resolver (client) - cache - authoritative server The resolver isn't interested in SOA records at all. The cache is only interested in SOA records for negative caching (i.e. what TTL to use to remember the non-existence of a resource record) SOAs are primarily for exchange of information between the master and slave servers. The serial number indicates the version of the data, and the refresh interval says how often the slaves should poll the master to check if the serial number has changed. But don't take my word for it, this is what RFC 1034 has to say: "The periodic polling of the secondary servers is controlled by parameters in the SOA RR for the zone, which set the minimum acceptable polling intervals. The parameters are called REFRESH, RETRY, and EXPIRE. Whenever a new zone is loaded in a secondary, the secondary waits REFRESH seconds before checking with the primary for a new serial. If this check cannot be completed, new checks are started every RETRY seconds. The check is a simple query to the primary for the SOA RR of the zone. If the serial field in the secondary's zone copy is equal to the serial returned by the primary, then no changes have occurred, and the REFRESH interval wait is restarted." Since your slave is running BIND 9, which is a reasonably correct implementation of DNS, then you should find that if the master zone sets a refresh time of 3600 in their SOA, then your server will poll it every hour, without any other tricks being required. Regards, Brian. P.S. Also worth reading is RIPE 203: http://www.ripe.net/ripe/docs/dns-soa.html From owner-freebsd-isp@FreeBSD.ORG Wed Aug 2 18:21:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C74F916A4E0 for ; Wed, 2 Aug 2006 18:21:37 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 3AA5C43D46 for ; Wed, 2 Aug 2006 18:21:36 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 19254 invoked by uid 399); 2 Aug 2006 18:21:36 -0000 Received: from localhost (HELO ?192.168.0.9?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 2 Aug 2006 18:21:36 -0000 Message-ID: <44D0ED2A.4070204@FreeBSD.org> Date: Wed, 02 Aug 2006 11:21:30 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Edda Hochstrate References: <44CE2043.1040308@netuse.de> <44CE5875.9050509@FreeBSD.org> <44CF3B00.2090106@netuse.de> <20060801124403.GA87804@uk.tiscali.com> <44CF51D6.7060406@netuse.de> In-Reply-To: <44CF51D6.7060406@netuse.de> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, Brian Candler Subject: Re: Bind9: rndc reload doesn't work for slave servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Aug 2006 18:21:37 -0000 Edda Hochstrate wrote: > In our opinion as an ISP the refresh time is for the world of resolvers. > Authoritative nameservers (especially slaves serving hidden primaries) > should be as close as possible to the primary. I'm not sure what you mean by this, but Brian was right. The refresh number in the SOA tells slave servers how often to poll the master(s) for updates, servers that query the authoritative servers (resolvers) don't care about that number. Your best bet would be to ask your customer to drop the refresh period to something like 15 minutes, which should be more than adequate. hth, Doug -- This .signature sanitized for your protection From owner-freebsd-isp@FreeBSD.ORG Thu Aug 3 16:33:21 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D23816A4E1 for ; Thu, 3 Aug 2006 16:33:21 +0000 (UTC) (envelope-from mike@coloradosurf.com) Received: from cluster1.bresnan.net (cluster1.bresnan.net [69.145.248.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEFEB43D5F for ; Thu, 3 Aug 2006 16:33:20 +0000 (GMT) (envelope-from mike@coloradosurf.com) Received: from [72.174.194.94] (HELO pigskin.com) by fe-2.cluster1.bresnan.net (CommuniGate Pro SMTP 5.0.9) with ESMTPS id 387473557 for freebsd-isp@freebsd.org; Thu, 03 Aug 2006 10:33:20 -0600 Received: from coloradosurf.com (localhost.coloradosurf.com [127.0.0.1]) by pigskin.com (8.13.6/8.13.6) with ESMTP id k73GX8lX050832 for ; Thu, 3 Aug 2006 10:33:09 -0600 (MDT) (envelope-from mike@coloradosurf.com) Received: (from mike@localhost) by coloradosurf.com (8.13.6/8.13.6/Submit) id k73GX7BP050831 for freebsd-isp@freebsd.org; Thu, 3 Aug 2006 10:33:07 -0600 (MDT) (envelope-from mike) Date: Thu, 3 Aug 2006 10:33:07 -0600 From: mike To: freebsd-isp@freebsd.org Message-ID: <20060803163306.GA50785@coloradosurf.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Spam-Score: -1.442 () ALL_TRUSTED,SPF_HELO_PASS,SPF_PASS X-Scanned-By: MIMEDefang 2.56 on 172.16.2.1 Subject: network sniffer/monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Aug 2006 16:33:21 -0000 I need to put a couple network sniffers on our network. The purpose is to track and log usage. I would hope to discover everything from "who is viewing what website" to typical network trends about usage. I would expect having a span port on a switch forwarding all traffic to a nic on the box listening promiscuously. Something that put it into nice web-viewable tables/stats would be ideal, but before I go trying to re-invent the wheel... It just seems like something that would be "out there". I was wondering if there is something out there (preferably open-source, but not necessarily a requirement) that some folks use and are reasonably happy with? thx, mike From owner-freebsd-isp@FreeBSD.ORG Fri Aug 4 14:12:50 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACE4616A57F for ; Fri, 4 Aug 2006 14:12:49 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52EB443D68 for ; Fri, 4 Aug 2006 14:12:44 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id C62B37A00A; Fri, 4 Aug 2006 10:13:04 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 7B39121BC; Fri, 4 Aug 2006 10:13:03 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G90Pn-000CR5-KO; Fri, 04 Aug 2006 15:12:39 +0100 Date: Fri, 4 Aug 2006 15:12:39 +0100 From: Brian Candler To: mike Message-ID: <20060804141239.GB47759@uk.tiscali.com> References: <20060803163306.GA50785@coloradosurf.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060803163306.GA50785@coloradosurf.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: network sniffer/monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Aug 2006 14:12:50 -0000 On Thu, Aug 03, 2006 at 10:33:07AM -0600, mike wrote: > I need to put a couple network sniffers on our network. The > purpose is to track and log usage. I would hope to discover > everything from "who is viewing what website" to typical > network trends about usage. I would expect having a span > port on a switch forwarding all traffic to a nic on the box > listening promiscuously. Something that put it into nice > web-viewable tables/stats would be ideal, but before I go > trying to re-invent the wheel... > > It just seems like something that would be "out there". > > I was wondering if there is something out there (preferably > open-source, but not necessarily a requirement) that some > folks use and are reasonably happy with? Well, at worst you can capture all the traffic using tcpdump -w to write to a pcap file, and browse it at your leisure with tcpdump -r. That approach needs a big and/or fast hard drive. However if you use selective port mirroring, this is a technique I've used for debugging specific problems. If you want to record your entire network activity, compressing this data can be achieved using netflow (Cisco's mechanism for identifying flows) or sflow (simple statistical sampling, e.g. keep 1 in 128 packets), depending on what your switch or router supports. If you want to have a pretty graphical analysis of this, you can look at ntop, which can tcpdump for itself, or input netflow or sflow data. I'm told it's a bit flakey though. Another option is argus, but I've not tried that. I don't know if it takes netflow/sflow, but I understand it can read traffic directly from the network and summarise it for itself. Both ntop and argus are in ports. HTH, Brian.