gmane.network.djbdns

General amusement (nothing to do with TBP DHP nameservice or dead Wikileaks.org)

Richard J. Sexton — 2010-12-03T07:41:09

--
Richard J. Sexton  rich4< at >rd.vrx.net  +1 (206) 333-1798 skype: rsx11s
http://rs79.vrx.net http://mbz.org http://killi.net http://aquaria.net

Very long delays, is it just djbdns?

Sabahattin Gucukoglu — 2010-11-13T07:19:39

Try this command from a nice, clean dnscache:
host -v 2001:470:1f09:103e::2354

It took me three tries on my fastest, most well-connected machine to get the NXDOMAIN response.  I haven't got to the bottom of it yet, but if anybody has a clue, please do share!

Cheers,
Sabahattin

Wildcards not supported in & records?

David Hubbard — 2010-11-02T17:12:52

Was trying to delegate the first of several /24's worth
of in-addr.arpa records to a customer's name servers,
some of which are present on said /24 and some not, so
I did the following (first three octets and the domain
name changed obviously):

&*.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&*.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600

Did not get successful ptr lookups after putting that in
place, just get an SOA response from our dns showing our
dns.  I changed the records to test just one IP:

&50.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&50.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600

Now it's happy.  Querying for 50.3.2.1.in-addr.arpa on
my tinydns gives back four NS authority records of the
customer's DNS servers.  If I do a straight root lookup
of that ptr I get proper traversal to customer's dns and
a correct response.

So, I can of course write a little script to generate
the thousand or so lines of records I'll need, but was
hoping I could get away with four like you can with A
records?

Thanks,

David

IPv6 readiness and tinydns.

Russell Sutherland — 2010-11-02T15:34:06

I am attempting to prepare our infrastructure here to be IPv6 ready.
Part of that is DNS. For several years we have used the fefe.de patch to
serve up AAAA records for several sub-domains. In the documentation it
states explicitly that:

    .... tinydns-edit won't accept IPv6 addresses for NS or MX records yet

So my short question is, can one use a patched version of tinydns to fulling
support an IPv6 environment?

<snip>
On 2008-01-12 Russ Nelson wrote:

   "When Google has an AAAA record, we can talk about adding IPv6 support."

I think we are ready to start talking:

   http://www.google.com/intl/en/ipv6/faq.html
</snip>

curvedns.net/org : For your interest, or not as the case may be

Chris Pugh — 2010-10-25T09:09:37

Greets,

   http://curvedns.net

   http://curvedns.org

I've taken the trouble to rescue the above two domains before the
search engine guys
take them;  the main idea being to use them as a focal point for
referencing anything
specifically related to DNSCurve.

By putting people with similar goals in touch with one another,  and
having specific
reference points for all efforts, may go some way to
offsetting/reversing the current
imbalance between DNSCurve and DNSEC.  Has to be worth a try, especially since
I am aware of several few people working on, intending to work on, or
in the process
of working on DNSCurve related material.  I along with a few others,
also have some
DNSCurve enabled servers/caches/forwarders imnplemented  working.

Accordingly, I am open to further suggestion and input from any
interested parties as
to appropriate usage of the above two domains.  What would you wish to
see there?
An editable wiki maybe, for example mediawiki, ikiwiki, or similar?
Domains split into
subdomains per project?  Any and all suggestions welcome.

Feel free to mail me off-list.

Regards,




Chris.

Introducing CurveDNS a DNSCurve forwarding name server

Harm van Tilborg — 2010-10-23T18:14:13

Hello people,

/Not really the appropriate list but I think not much people will
object, since it is quite related to djbdns./

We are happy to announce the first forwarding DNSCurve solution: CurveDNS.

With CurveDNS you are able to transform any authoritative name server in
a DNSCurve capable one. This is done by acting as a kind of proxy, i.e.
listening to DNS or DNSCurve queries and forwarding the non-protected
variants towards the real (existing) name server. The responses are then
send back to the client either protected (if the query was in DNSCurve)
or not.

In short, CurveDNS supports:
* Forwarding of regular (non-protected) DNS packets;
* Unboxing of DNSCurve queries and forwarding the regular DNS packets
* Boxing of regular DNS responses to DNSCurve responses;
* Both DNSCurve's streamlined- and TXT-format;
* Caching of shared secrets;
* Both UDP and TCP;
* Both IPv4 and IPv6.

This entire project is based on a master thesis named 'Shaping DNS
Security with Curves — A Comparative Security Analysis of DNSSEC and
DNSCurve', you can find this thesis at the CurveDNS website too.

Interested? More information, documentation, et cetera can be found at
the CurveDNS website:
http://curvedns.on2it.net/

Introducing CurveDNS a DNSCurve forwarding name server

Harm van Tilborg — 2010-10-23T18:14:13

Hello people,

/Not really the appropriate list but I think not much people will
object, since it is quite related to djbdns./

We are happy to announce the first forwarding DNSCurve solution: CurveDNS.

With CurveDNS you are able to transform any authoritative name server in
a DNSCurve capable one. This is done by acting as a kind of proxy, i.e.
listening to DNS or DNSCurve queries and forwarding the non-protected
variants towards the real (existing) name server. The responses are then
send back to the client either protected (if the query was in DNSCurve)
or not.

In short, CurveDNS supports:
* Forwarding of regular (non-protected) DNS packets;
* Unboxing of DNSCurve queries and forwarding the regular DNS packets
* Boxing of regular DNS responses to DNSCurve responses;
* Both DNSCurve's streamlined- and TXT-format;
* Caching of shared secrets;
* Both UDP and TCP;
* Both IPv4 and IPv6.

This entire project is based on a master thesis named 'Shaping DNS
Security with Curves — A Comparative Security Analysis of DNSSEC and
DNSCurve', you can find this thesis at the CurveDNS website too.

Interested? More information, documentation, et cetera can be found at
the CurveDNS website:
http://curvedns.on2it.net/

djbdns/dnscache epoll patch, qmerge and dnscurve included

Sami Farin — 2010-10-12T18:42:42

OK, my ISP decided to block ports 1-1023 without prior warning..
http://safari.iki.fi:8765/patches/djbdns/djbdns-1.05-epoll-20101011192500Z-mergequeries-dnscurve.diff
http://safari.iki.fi:8765/patches/djbdns/djbdns-1.05-epoll-20101011192500Z-mergequeries-dnscurve.diff.sig
That's why I have this kind of funny port numbers.

In this version, the qmerge feature is O(1) instead of O(MAXUDP), though.
qmerge is not enabled for dnscurve queries—I haven't thought yet would
it be easy to support.
A different approach was needed for qmerge support with epoll,
because for epoll_wait the fd's were not returned for merged queries.
If someone wants the O(1) version for non-epoll dnscache, it
should be easy to port.

BTW. what's currently the best option for dnscurve server?
Are there other than git://github.com/agl/dnscurve.git ?
Would there be need for dnscurve support for tinydns?
Or specifying (hard-coding) keys in dnscache root/servers files?
Or any other extra features in dnscache?

Beating an Old Horse, but....

Brian — 2010-10-04T18:46:22

Hello,

Does anyone know of any existing branches / work being done for DNSCache
to support DNSSEC validation?

-brian

EDNS0 for djbdns?

John Levine — 2010-09-26T05:08:46

Has anyone modified tinydns or dnscache to support EDNS0?  I know all
the reasons it is in principle a bad idea, but these days every other
DNS package supports it, and DNS packet sizes are getting bigger.  A
few months ago I modified one of my special purpose DNS servers (the
one that runs abuse.net) to handle it, and I have to say I've seen no
operational problems at all.

I doubt that it would be a huge amount of code, but I'd just as soon
not write it if somebody else has already done so.

R's,
John

ipv6 walldns

richard lucassen — 2010-09-25T10:33:09

Has anyone patched walldns to function with ipv6?

The only patches for ipv6 I can find are these from Felix von Leitner.
But these patches only provide AAAA and PTR records. Are there any
other ipv6 patches for djbdns?

R.

dnscache problems

richard lucassen — 2010-09-22T07:55:10

hello list,

I get more and more problems using dnscache. I've already started a
thread a few months ago about this issue, and until now I entered the
missing queries to an instance of tinydns, but it seems that this
problem is growing:

dnsqr mx newcastle.edu.au
15 newcastle.edu.au:
timed out

dnsqr mx deloitte.com.au
15 deloitte.com.au:
timed out

While other nameservers give me an answer:

host -t mx deloitte.com.au ns2.kpn.net
Using domain server:
Name: ns2.kpn.net
Address: 194.151.228.58#53
Aliases: 

deloitte.com.au mail is handled by 200 deloitte.com.au.s7a2.psmtp.com.
deloitte.com.au mail is handled by 300 deloitte.com.au.s7b1.psmtp.com.
deloitte.com.au mail is handled by 400 deloitte.com.au.s7b2.psmtp.com.
deloitte.com.au mail is handled by 100 deloitte.com.au.s7a1.psmtp.com.

I know it's apparently not a dnscache fault, but the problem is rather
annoying. Customers are complaining and they do not accept that they
have to use gmail or other ways to contact these domains. I think I'm
not the only one with this problem. How do others resolve this issue?
(other options than installing PowerDNS or BIND)

R.

Failure of secondaries

Hal Burgiss — 2010-09-11T19:44:16

Hello,

I am trying understand a predicament I found myself in today. As background,
my environment is that I work for a small web hosting company. We handle the
authoritative DNS for most of our clients, using djbdns/tinydns. So we have
ns1, ns2, and ns3 type setup. data.cdb is shared among the 3 when the
Makefile is executed so that everything stays in sync. This is a
non-clustered set up, with one ip address per server.

This has seemed to work flawlessly for years now. Last night though someone
inadvertantly disconnected the wrong server, and unplugged the ns1 system.
The eventual impact of that one mistake was that the dns for the hosted
domains all went down totally. The ns2 and n3 systems were never queried.
Direct querying during testing showed they were responding normally (eg dig
blah.com < at >ns2).  Yet, for all practical purposes they might as well been
unplugged too since they were totally quiet. I had been under the false
assumption that should ns1 go down, that the others would automatically come
into play. What am I missing?

Secondly, when I realized what happened and that the two secondary systems
were totally useless, I moved the ip address from the ns1 to ns3, and
changed the tinydns configs, restarted the service, verified that tinydns
was listening on the correct ip and port, and direct test queries worked
fine. I am doing all this remotely, and did not have the ability to
reconnect the original system. I was assuming the ip move would be a
reasonable hotfix. But this did not work. Some 2 hours later the original
system was reconnected, and within mintues all started working normally
again. Help me understand this so I can avoid this kind of headache in the
future!

Thank you.

dnscache memory requirements for large number of server files

Lloyd Standish — 2010-09-07T06:38:56

Please help me estimate memory requirements to run dnscache with about 769,000 files in the "servers" directory (/etc/service/dncache/root/servers).

Each file has 9 bytes.  The filenames are the domain names to forward to an "override" nameserver (tinydns running on 127.0.0.2).  Each file contains the same content: the IP 127.0.0.2.  (Actually, the files are mostly hardlinks.  Otherwise I would run out of inodes.)

This is part of a project to set up porn-blocking using a list of 769,000 porn domain names.  dnscache should forward dns queries for the porn domains to tinydns, running on 127.0.0.2 on the same machine.  tinydns should return a bogus IP (to a page saying access to the pornography has been blocked).  Of course, I got this working on a few test domains before attempting to load the 769,000 servers entries.

I already loaded the 769,000 (minimal) zones into the tinydns data file, and ran "make."  tinydns seems to be fine (with zero queries).

However, dnscache cannot load the 769.000 servers files with only 256 megs of physical memory.  I have raised the CACHESIZE and DATALIMIT up to 20M and 100M, respectively.

How much memory should be necessary to do this (assuming it is possible)?  This is running on a VPS and I could increase the available memory.
--
Lloyd

dnsrbl.c

Nikola Vladov — 2010-08-19T09:55:29

I wrote next for me.  I use ir to test if IP(s) is in RBL list.
Maybe it is useful for some people

Enjoy, Nikola


-------------------------------------------------------
/* dnsrbl.c
   save me under dnstxt.c in djbdns-1.05 and recompile.
   then: mv dnstxt dnsrbl
   or
   diet -Os gcc -Wall -W -DUSE_LIBOWFAT -s -o dnsrbl dnsrbl.c -lowfat

   author: Nikola Vladov
   http://riemann.fmi.uni-sofia.bg/programs/
   See some examples at the end of this file!
*/

#define MAX_RBL_CONNECTIONS10
#define RBLSERVERS \
"sbl.spamhaus.org\n" \
"xbl.spamhaus.org\n" \
"zen.spamhaus.org\n" \
"dnsbl.njabl.org\n" \
"bl.spamcop.net\n" \
"cbl.abuseat.org\n" \
"spam.dnsbl.sorbs.net"

#include "dns.h"
#include "fmt.h"
#include "scan.h"
#include "byte.h"
#include "openreadclose.h"
#include "buffer.h"
#include <alloca.h>

extern int close(int);
extern void _exit(int);

#ifndef USE_LIBOWFAT
#include "strerr.h"
#include "env.h"
char buf_1sp[128];
buffer buf_rbl = BUFFER_INIT(buffer_unixwrite,1,buf_1sp,sizeof(buf_1sp));
#define buffer_rbl_1 &buf_rbl

#else
#include "errmsg.h"
#define strerr_die3x(n,a,b,c)die(n,a,b,c)
#define strerr_die2x(n,a,b)die(n,a,b)
#define strerr_die1x(n,a)die(n,a)
#define strerr_die2sys(n,a,b)diesys(n,a)
#define strerr_die4sys(n,a,b,c,d)diesys(n,a,b,c)
#define strerr_warn6(a,b,c,d,e,f,E)carpsys(a,b,c,d,e);
#define env_get getenv
#define buffer_rbl_1 buffer_1small
#endif

#define B_p(s,l)buffer_put(buffer_rbl_1, s, l)
#define B_ps(st)buffer_puts(buffer_rbl_1, st)
#define B_fbuffer_flush(buffer_rbl_1)

#define FATAL "dnsrbl: fatal: "
#define WARNING "dnsrbl: warning: "
#define MSG_HELP \
  "usage: dnsrbl [options] ip.ad.dr.ess a[-b].c[-d].e[-f].g[-h] ...\n"\
  "options: [-lv] [-fRBLfile] [-cNumber]\n"\
  "environ: DNSCACHEIP, DNSRBLSERVERS"

#define Xfor(x,from) for (x=ip_buf[from]; x<=ip_buf[from+4]; x++)
#define set_t(i) struct line *t = xxx + i
#define set_ip(z, t, srv) { char *z = t->ip;\
    z[0]=A; z[1]=B; z[2]=C; z[3]=D; }\
    t->rbl = *srv

struct line {
  char *rbl;/* if (rbl) -> active */
  iopause_fd *io;
  struct dns_transmit d;
  char ip[4];
} *xxx;

static iopause_fd *io;
static stralloc fqdn, sa, out;
static char txt_ip[20];

static int exit_status, flagdebug, resolv_conf, io_flush;
static unsigned int numactive, left;
unsigned int maxactive = MAX_RBL_CONNECTIONS;

unsigned int splitmem(char **v, char *s, char c) /*EXTRACT_INCL*/ {
  if (v) {
    char **w=v;
    *w++=s;
    for (;;) {
      while (*s && *s!=c) s++;
      if (*s==0) break;
      *s=0;
      *w++ = ++s;
    }
    *w=0;
    return (w-v);
  } else {
    unsigned int n=1;
    for (; *s; s++) if (*s==c) n++;
    return n;
  }
}

unsigned int scan_rbl(char *s, unsigned int b[8]) {
  unsigned int k, n;
  unsigned long u;
  char *x = s;
  for (n=0;; n++) {
    k = scan_ulong(x, &u); x += k; u %= 256; b[0] = u; if (k==0) return 0;
    if (*x == '-') { k = scan_ulong(++x, &u); x += k; if (k==0) u = 255; }
    b[4] = u % 256;
    if (b[0] > b[4]) return 0;
    ++b;

    if (n == 3) break;
    if (*x != '.') return 0;
    ++x;
  }
  return x-s;
}

unsigned int fmt_rbl(char *s, char *b, int reverse) {
  char *t=s;
  int n;
  for (n=0; n<4; n++) {
    unsigned char c = (reverse) ? b[3-n] : b[n];
    t += fmt_ulong(t, c);
    if (n == 3) break;
    *t++ = '.';
  }
  *t = 0;
  return t-s;
}

void got_err(struct line *t) {
  exit_status |= 2;
  fmt_rbl(txt_ip, t->ip, 0);
  strerr_warn6(WARNING,"unable to find TXT records for ",
       txt_ip, "-",t->rbl,": ",&strerr_sys);
}

void got_rbl(struct line *t) {
  fmt_rbl(txt_ip, t->ip, 0);
  B_ps(txt_ip);
  if (flagdebug) {
    B_ps("-");
    B_ps(t->rbl);
  }
  B_ps(":\t");
  B_p(out.s, out.len);
  B_ps("\n");
  B_f;
  exit_status |= 1;
}

void io_loop() {
  while ((io_flush && numactive) || numactive >= maxactive) {
    struct taia stamp, deadline;
    unsigned int kactive, i, k;

    taia_now(&stamp);
    taia_uint(&deadline,120);
    taia_add(&deadline,&deadline,&stamp);

    for (i=0, k=0; k<numactive; ++i) {
      set_t(i);
      if (t->rbl) {
t->io = io + k++;
dns_transmit_io(&t->d, t->io, &deadline);
      }
    }
    iopause(io,k,&deadline,&stamp);

    for (i=0, k=0, kactive=numactive; k < kactive; ++i) {
      set_t(i);
      if (t->rbl) {
int r = dns_transmit_get(&t->d, t->io, &stamp);
++k;
if (r == 0) continue;

if (r == -1) got_err(t);
else {
  if (dns_txt_packet(&out,t->d.packet,t->d.packetlen) ==-1) got_err(t);
  if (flagdebug > 1 || out.len) got_rbl(t);
}

--numactive;
t->rbl = 0;
if (i < left) left = i;
      }
    }
  }
}

void nomem() { strerr_die2x(111,FATAL,"out of memory"); }

int main(int argc,char **argv) {
  int flaglist=0;
  char *buf=0, *rbl=0, *Q=0;
  char **rblservers, **p, **q;
  char split_char = '\n', base[] = RBLSERVERS;
  unsigned int len, A,B,C,D, ip_buf[8];

  char servers[16 * sizeof(xxx->d.localip)];
  static char localip[sizeof(xxx->d.localip)];

  close(0); ++argv; (void)argc;

  while (*argv && **argv == '-') {
    char *opt, *z=argv[0]+1;
    for (; *z; z++) {
      switch (*z) {
      case 'l': flaglist++; break;
      case 'v': flagdebug++; break;
      case 'f':
      case 'c':
opt = z++;
if (*z == 0) {
  z = *++argv;
  if (z == 0)
    strerr_die3x(100, "Option -",opt," requires an argument");
}

if (*opt == 'f') rbl = z;
else {
  unsigned long u;
  scan_ulong(z,&u);
  if (u < 1) u = 1;
  if (u > 1000) u = 1000;
  maxactive = u;
}
goto next;
      default:
strerr_die1x(100, MSG_HELP);
      }
    }
  next:
    argv++;
  }

  if (rbl == 0) {
    buf = env_get("DNSRBLSERVERS");
    if (buf) split_char = ':';
  } else {
    if (1 != openreadclose(rbl, &sa, 128))
      strerr_die4sys(100,FATAL,"error reading ",rbl,": ");
    if (!stralloc_0(&sa)) nomem();
    buf = sa.s;
  }
  if (buf==0) buf = base;

  len = splitmem(0, buf, split_char);
  rblservers = alloca((len+2) * sizeof(char *));
  splitmem(rblservers, buf, split_char);

  for (q=rblservers, p=rblservers; *p; p++)
    if ((unsigned char)((**p | 32) - 'a') < 26) *q++ = *p;
  *q=0;

  if (flaglist) {
    for (p=rblservers; *p; B_ps("\n"), p++)
      B_ps(*p);
    B_f;
    _exit(0);
  }

  if (!stralloc_ready(&fqdn,40)) nomem();
  io = alloca(maxactive * sizeof(iopause_fd));

  len = maxactive * sizeof(struct line);
  xxx = alloca(len);
  byte_zero(xxx, len);

  while (*argv) {
    if (!scan_rbl(*argv, ip_buf)) {
      ++io_flush;
      io_loop();
      strerr_die3x(111,FATAL,"unable to parse IP address ",*argv);
    }

    Xfor(A,0) Xfor(B,1) Xfor(C,2) Xfor(D,3) for (p=rblservers; *p; p++) {
      for (;; left++) {
set_t(left);
if (t->rbl == 0) {
  set_ip(zzz, t, p);

  fqdn.len = fmt_rbl(fqdn.s, t->ip, 1);
  fqdn.s[fqdn.len++] = '.';
  if (!stralloc_cats(&fqdn, t->rbl)) nomem();

  if (resolv_conf==0) {
    resolv_conf = 1024;
    if (dns_resolvconfip(servers) == -1)
      strerr_die2sys(111,FATAL,"unable to read /etc/resolv.conf: ");
  } else resolv_conf--;

  if (dns_domain_fromdot(&Q, fqdn.s, fqdn.len) == 0 ||
      dns_transmit_start(&t->d,servers,1,Q,DNS_T_TXT,localip) == -1) {
    got_err(t);
    t->rbl = 0;
  } else {
    ++numactive;
    io_loop();
  }

  break;
}
      }
    }
    ++argv;
    if (*argv == 0) { ++io_flush; io_loop(); }
  }
  _exit(exit_status);
}


#if 0
dnsrbl -h
dnsrbl 127.0.0.2
dnsrbl -v 127.0.0.2-30
dnsrbl -vv -c30 127.0.0.2-30
dnsrbl -c100 208.66.77.60-80
DNSCACHEIP=8.8.8.8 dnsrbl -c1 208.66.70-80.60-70
dnsrbl 20-.20.40.50
dnsrbl -l
dnsrbl -fSome_RBL_File 127.0.0.2
DNSRBLSERVERS=zen.spamhaus.org dnsrbl -c100 127.0.0.0-255
DNSCACHEIP=8.8.8.8 DNSRBLSERVERS=zen.spamhaus.org dnsrbl -c20 127.0.0.0-255
DNSRBLSERVERS=sbl.spamhaus.org:xbl.spamhaus.org dnsrbl -c20 127.0.0.1-12

Format of RBL_File (option -f)
Text lines.  If the first letter of a line is different from [a-zA-Z]
this line is comment.  Test it with:
dnsrbl -l -fRBL_File

The manual page is missing currently...
Version: Sat Aug 19 07:40:02 UTC 2010
#endif

named zone files to tinydns data

George Georgalis — 2010-08-12T03:32:53

Hi All -

I'm looking for a script to convert a hellish set of bind zones to
a tinydns data file.

Anyone have an offering or suggestion?

George

hyatt.com spf record and dnscache

David Hubbard — 2010-07-28T16:44:20

So hyatt.com is serving a huge spf record:

"v=spf1 ip4:140.95.0.0/16 ip4:216.251.252.0/24 ip4:207.211.78.0/24
ip4:216.251.231.0/24 ip4:205.220.108.202 " "ip4:12.129.20.0/24
ip4:12.129.199.61 ip4:12.129.219.155 ip4:63.241.222.0/24
ip4:65.55.88.0/24 ip4:206.16.57.70 ip4:207.46.51.64/26
ip4:207.46.163.0/24 ip4:213.199.154.0/24 ip4:213.244.175.0/24
ip4:216.32.180.0/24 ip4:216.32.181.0/24 a mx ~all"

I'm troubleshooting an issue with a customer being
unable to receive email from hyatt.com; our servers
require either a SPF lookup & match or an SPF lookup
failure on an incoming mail domain to accept the
message, and in this case the dns query times out
with no response, causing the message to be deferred.

hyatt.com's name servers are:

authority: hyatt.com 2385 NS nameserver1.concentric.net
authority: hyatt.com 2385 NS nameserver2.concentric.net
authority: hyatt.com 2385 NS nameserver3.concentric.net
authority: hyatt.com 2385 NS nameserver.concentric.net

But I cannot successfully query any of them using dnsq,
it just times out:

dnsq txt hyatt.com nameserver.concentric.net
16 hyatt.com:
timed out

However I can query a bind server with dnsq and get the
response back without issue:

16 hyatt.com:
507 bytes, 1+1+4+0 records, response, weird ra, noerror
query: 16 hyatt.com
answer: hyatt.com 10591 16
kv=spf1\040ip4:140.95.0.0/16\040ip4:216.251.252.0/24\040ip4:207.211.78.0
/24\040ip4:216.251.231.0/24\040ip4:205.220.108.202\040\362ip4:12.129.20.
0/24\040ip4:12.129.199.61\040ip4:12.129.219.155\040ip4:63.241.222.0/24\0
40ip4:65.55.88.0/24\040ip4:206.16.57.70\040ip4:207.46.51.64/26\040ip4:20
7.46.163.0/24\040ip4:213.199.154.0/24\040ip4:213.244.175.0/24\040ip4:216
.32.180.0/24\040ip4:216.32.181.0/24\040a\040mx\040~all


Is this an issue of the size of the record and djbdns or
something I'm overlooking?

Thanks,

David

Dyn's wacky new marketing

David Nicol — 2010-07-27T15:15:29

http://dyn.com/dns-is-sexy

Bonjour Printing and DNS-SD records

Hugo Monteiro — 2010-07-26T16:42:53

Hello list,

Some time ago I posted to the list with the subject "unescaped double 
quotes in TXT record".
Just to let know that i cooked up a small perl script the other day to 
create such tinydns records. I shamelessly borrowed code from Anders 
Brownworth's buildRecord.cgi script.

There's a strong probability that it contains bugs, but for the use i 
gave it, it worked.

I should only notice that sometimes specifying the Product attribute 
present in the PPD file doesn't work. However, following the Bonjour 
Printing specification, if you choose to use the generic MFG+MDL 
(manufacturer + model) records, it should work flawlessly.

Attached goes the script. Bug reports, suggestions, etc are welcomed.

Regards,

Hugo Monteiro.

testing record start/end times with tinydns-get?

Charles Cazabon — 2010-07-21T20:49:51

Hi, all,

I need to set up some moderately complex record-switching magic using the
ttl/timestamp fields of the data file to cause some records to change at a
particular time.  I've got the datafile changes written and tinydns-data
compiles them.

But how do I test my magic?  tinydns-data will happily query the cdb file, but
I don't see how to tell it what time to to use (so it gets the proper records
and I can test times other than "now") - is this possible?

Thanks,

Charles

/etc/dnsrewrite usage poll

Laurent Bercot — 2010-07-19T11:38:10

 Hello,

 djbdns implements an elaborate qualification mechanism, described at
<URL: http://cr.yp.to/djbdns/qualify.html >, using a djbdns-specific
file named /etc/dnsrewrite (or another file named in the DNSREWRITE
environment variable).

 Given the complexity of the stuff, and the wide usage of the "standard"
alternative (simply using 'domain' and 'search' lines in /etc/resolv.conf
to get an elementary qualification mechanism), my first reaction as a
programmer is "It's too complex for what it does".

 But I'm not using DNS heavily enough to need the /etc/dnsrewrite features,
and DJB rarely forfeits simplicity without a good reason.
 So, I would like to know, from users' viewpoints, how useful this really is.

 If you, as an administrator (or programmer) who uses djbdns, have use
for the /etc/dnsrewrite qualification mechanism, please post (or e-mail
me if you don't want it to be public for any reason):
 - what are you using /etc/dnsrewrite for ?
 - what does it allow you to accomplish that basic /etc/resolv.conf-based
qualification does not ?
 - is /etc/dnsrewrite the perfect tool for your needs, or would you design
it differently if you could ?

 Thank you,