Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.500 BETA (closed)
Reload this Page [7.460][BUG][CONFIRMED] DNS Cache not flushed when adding or removing a forwarder
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Page 1 of 2 1 2
 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-27-2009, 08:02 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 637
Default [7.460]BUG: DNS Cache not flushed when adding or removing a forwarder
When you make configuration changes to dns, the bind configuration is reloaded and bind is not restarted. It is fine when adding or removing allowed networks etc but bind should be restarted/cache flushed specially when an old forwarder is deleted for security reasons.
  #2 (permalink)  
Old 06-28-2009, 06:40 AM
Wizard
  
Join Date: Jul 2008
Posts: 1,558
Default
Quote:
Originally Posted by Billybob View Post
When you make configuration changes to dns, the bind configuration is reloaded and bind is not restarted. It is fine when adding or removing allowed networks etc but bind should be restarted/cache flushed specially when an old forwarder is deleted for security reasons.
hello Sir,

And after delete and adding new DNS forwarder try to traceroute with traceroute see the what kind of output u r getting and old name remain same but changed ip (new name doesn't show it )

Thanks
  #3 (permalink)  
Old 06-28-2009, 07:51 AM
 
Join Date: Jun 2009
Posts: 0
Default
Code:
Astaro Beta Report
--------------------------------
Version: 7.460
Type: BUG
State: CONFIRMED
Reporter: Billybob
Contributor: 
MantisID: 10783
--------------------------------
Last edited by flichtenheld; 07-02-2009 at 12:25 PM.
  #4 (permalink)  
Old 06-28-2009, 05:34 PM
Wizard
  
Join Date: Jul 2008
Posts: 1,558
Default
Quote:
Originally Posted by Astaro Beta Bot View Post
Code:
Astaro Beta Report
--------------------------------
Version: 7.460
Type: BUG
State: OPEN
Reporter: Billybob
Contributor: 
MantisID: 
--------------------------------
Sir, can u pls try with this

/var/mdw/scripts/named restart

i think it fixed my problem
Thanks
  #5 (permalink)  
Old 06-28-2009, 07:51 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,391
Default
That's what Billybob was describing. I guess that your CLI instruction is what happens when one presses the [Flush resolver cache now] on the 'Global' tab of DNS.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
  #6 (permalink)  
Old 06-28-2009, 08:55 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 637
Default
You got it bob, bind by default flushes dns cache when restarted unlike windows dns. So the big button in astaro that says flush cache is just restarting bind in reality
  #7 (permalink)  
Old 06-29-2009, 04:09 AM
Wizard
  
Join Date: Jul 2008
Posts: 1,558
Default
Quote:
Originally Posted by Billybob View Post
You got it bob, bind by default flushes dns cache when restarted unlike windows dns. So the big button in astaro that says flush cache is just restarting bind in reality

when u run from webadmin>>flush

automatic empty zone: B.E.F.IP6.ARPA
2009:06:29-08:36:09 ace75 named[5482]: default max-cache-size (33554432) applies: view _bind
2009:06:29-08:36:09 ace75 named[5482]: none:0: open: //etc/rndc.key: file not found

i test/run this command some time back but that time i didn't get error

After u delete then name from dns forwarder that old entry with old name remain same with tools>>traceroute and when u traceroute u will get very wage output of traceroute ,new dns forwarder ip doesnt come in to traceroute field it remain old which u confiure while inital config

Dns>>forwarder>>when u delete old name and add new name still it says added by installation wizard in facet i add that after 8 days or so after delete the orignal one

Thanks
Last edited by utm_kid; 06-29-2009 at 06:46 AM.
  #8 (permalink)  
Old 06-29-2009, 01:12 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,391
Default
Yes, that seems consistent.
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
  #9 (permalink)  
Old 06-29-2009, 01:35 PM
Wizard
  
Join Date: Jul 2008
Posts: 1,558
Default
Quote:
Originally Posted by BAlfson View Post
Yes, that seems consistent.
Hello Sir,


2009:06:29-17:46:11 ace75 named[7430]: automatic empty zone: 8.E.F.IP6.ARPA
2009:06:29-17:46:11 ace75 named[7430]: automatic empty zone: 9.E.F.IP6.ARPA
2009:06:29-17:46:11 ace75 named[7430]: automatic empty zone: A.E.F.IP6.ARPA
2009:06:29-17:46:11 ace75 named[7430]: automatic empty zone: B.E.F.IP6.ARPA
2009:06:29-17:46:11 ace75 named[7430]: default max-cache-size (33554432) applies: view _bind
2009:06:29-17:46:11 ace75 named[7430]: none:0: open: //etc/rndc.key: file not found
2009:06:29-17:46:11 ace75 named[7430]: couldn't add command channel 127.0.0.1#953: file not found
2009:06:29-17:46:11 ace75 named[7430]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1246275400
2009:06:29-17:46:11 ace75 named[7430]: zone localhost/IN: loaded serial 1246275400
2009:06:29-17:46:11 ace75 named[7430]: running

how do i check current dns flash status like in windows we run ipconfig/displaydns

# which rndc
/usr/sbin/rndc
ace75:/var/mdw/scripts # /usr/sbin/rndc status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
ace75:/var/mdw/scripts # /usr/sbin/rndc /?
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
ace75:/var/mdw/scripts # /usr/sbin/rndc --help
/usr/sbin/rndc: illegal option -- -
Usage: rndc [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command

command is one of the following:

reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
refresh zone [class [view]]
Schedule immediate maintenance for a zone.
retransfer zone [class [view]]
Retransfer a single zone without checking serial number.
freeze zone [class [view]]
Suspend updates to a dynamic zone.
thaw zone [class [view]]
Enable updates to a frozen dynamic zone and reload it.
reconfig Reload configuration file and new zones only.
stats Write server statistics to the statistics file.
querylog Toggle query logging.
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
stop Save pending updates to master files and stop the server.
stop -p Save pending updates to master files and stop the server
reporting process id.
halt Stop the server without saving pending updates.
halt -p Stop the server without saving pending updates reporting
process id.
trace Increment debugging level by one.
trace level Change the debugging level.
notrace Set debugging level to 0.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
flushname name [view]
Flush the given name from the server's cache(s)
status Display status of the server.
recursing Dump the queries that are currently recursing (named.recursing)
*restart Restart the server.

* == not yet implemented
Version: 9.3.2
ace75:/var/mdw/scripts # /usr/sbin/rndc flush
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
ace75:/var/mdw/scripts #


Thanks
  #10 (permalink)  
Old 06-29-2009, 04:22 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 637
Default
You are getting too technical here. Ipconfig /displaydns displays the cache on a windows machine not running a dns server. Those are cached queries by the OS not the same as a dns server cache.

You are on the right track trying to run rndc dumpdb but middleware handles all proxies on astaro so rndc is not implemented.

As bob has pointed out before, our job as beta testers is to find errors with webadmin. If you can dig deeper a little just to clarify the error, thats great but digging too far is counter productive.

We have identified the error and the cause, now lets see if astaro folks agree with us and fix it in the next release
Last edited by Billybob; 06-29-2009 at 06:27 PM.
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 06:02 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.