On 20.01.09 17:52, Frank Bulk wrote:
That's being discussed on NANOG, here's one thread:
http://markmail.org/message/ydiqnztzmz5qmusf
See here for more details in blocking them:
http://www.cymru.com/Documents/secure-bind-template.html
specifically:
blackhole {
// Deny
On Jan 21, 2009, at 1:48 AM, Sten Carlsen wrote:
Are you really sure this is ALL the fault of opendns?
Mostly, and in my tests, I believe so. However, it was also why I was
asking here, before I go too far out on a limb.
Seems to me that the addition of www. and other such like stuff is
On 20.01.09 12:49, Dmitry Rybin wrote:
How to disable cache in bind-9.6? ttl=0 - bad idea.
Matus UHLAR - fantomas wrote:
if you know that setting TTL to 0 is a bad idea, why do yuo think that
disabling a cache in BIND is not a bad idea?
Dmitry Rybin wrote:
Because under high load
I have compiled BIND many times on Solaris/OpenSolaris and several
different *BSD's, and this has always been a pretty simple procedure.
I currently need to compile (a current) BIND on AIX 5.2 and it appears
to me that there is a little more work involved to get a successful
compile on this
Hi all,
I would like to ask when libbind for 9.6 series will be available?
There is change 2447 which says libbind has been split out as a
separate product but AFAIK such product is not anywhere.
Regards, Adam
--
Adam Tkac, Red Hat, Inc.
___
Matus UHLAR - fantomas wrote:
This is _NOT_ a problem of BIND. This is a problem of its admin who can't
read the docs and set up max-cache-size, which does exactly what is needed
in this case.
Hmm... And why bind allocate all system memory, if max-cache-size 16M?
And views... 50 views.
I have one instance of named that is listening on multiple IP's. I am
looking to see how many queries are destined to one of those IP's that named
is listening on. I do have query logging enabled, but I don't see it
revealing the destination interface. Is there a way make it log this as
well?
Good day,
I am stuggling to get my head around the 512 byte limit with regards to
DNS queries/responses. I am sure there is much in the RTFM category,
and I will continue to RTFM, but I wanted to ask a couple of specific
questions.
1) If a reply is over 512 bytes, which can't in theory be done
On 21-Jan-2009, at 03:23 , Scott Haneda wrote:
On Jan 20, 2009, at 6:42 PM, Matthew Pounsett wrote:
Registries that implement host records (so, at least the gTLDs)
could accept the word of the registrant of the zone that contains a
name server (or the word of their registrar on their
Hello,
Could you pls point me to the documentation explaning the major differences
between BIND 9.4 and 9.5 releases? I looked at
https://www.isc.org/downloadables/11 and didn't find that information.
Thank you
___
bind-users mailing list
On Wed, 21 Jan 2009, LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN wrote:
Could you pls point me to the documentation explaning the major
differences between BIND 9.4 and 9.5 releases? I looked at
https://www.isc.org/downloadables/11 and didn't find that information.
Hi,
Please see
On Wed, 2009-01-21 at 11:47 -0500, Todd Snyder wrote:
I was under the (likely mistaken) impression that over 512 wasn't
allowed, but there it is ...
I could very well be completely messed up regarding the rules, so
please
forgive my ignorance. If you know my answer is in TFM, please batter
On 1/21/09, Todd Snyder tsny...@rim.com wrote:
Good day,
Hello,
I am stuggling to get my head around the 512 byte limit with regards to
DNS queries/responses. I am sure there is much in the RTFM category,
and I will continue to RTFM, but I wanted to ask a couple of specific
questions.
1) If a reply is over 512 bytes, which can't in theory be done via UDP,
should the queried server reply telling my resolver to ask again using
TCP? Assuming, as one normally should, that there are firewalls, the
queried server can't simply reply TCP, as it would get blocked.
I am not sure
I would like to ask when libbind for 9.6 series will be available?
There is change 2447 which says libbind has been split out as a
separate product but AFAIK such product is not anywhere.
The beta's being tested internally at ISC. Assuming it's trouble-free
I'd expect it to be public in a
On Wed, 2009-01-21 at 12:44 +1100, Mark Andrews wrote:
You should talk to your ISP to chase the traffic back to
its source and get BCP 38 implemented there. BCP 38 is ~10
years old now. There is no excuse for not filtering spoofed
traffic.
Absolutely.
Stephane Bortzmeyer writes:
[...]
IMHO, you need to go back to the drawing board and, before writing
named.conf and zone files, deciding on a general architecture.
Who will be the master for 30.172.in-addr.arpa?
Who will be authoritative for 30.172.in-addr.arpa?
Who will be the master for
In message 49773369.4080...@corbina.net, Dmitry Rybin writes:
Matus UHLAR - fantomas wrote:
This is _NOT_ a problem of BIND. This is a problem of its admin who can't
read the docs and set up max-cache-size, which does exactly what is needed
in this case.
Hmm... And why bind
In message 2971f259-4897-48f8-b418-2f7599075...@gronkulator.com, Rich Goodson
writes:
The behavior of 'rndc halt -p' appears to be different from the =20
documentation.
According to the BIND 9.4 ARM rndc section:
halt [-p] Stop the server immediately. Recent changes made through =20
In message 1232561124.6369.187.ca...@d410-heron, Niall O'Reilly writes:
On Wed, 2009-01-21 at 12:44 +1100, Mark Andrews wrote:
You should talk to your ISP to chase the traffic back to
its source and get BCP 38 implemented there. BCP 38 is ~10
years old now. There
Rich Goodson wrote:
If -p is specified named's process id is returned. This allows an
external process to determine when named had completed halting.
Whether named is still answering queries or just cleaning up its
allocated memory, the PID is returned BEFORE named is gone, as named is
I am looking to set up DHCP in an environment that does not support
Dynamic DNS. There are many servers that will not be using DHCP in this
environment. Ideally, I would like to do collision detection both by
ping (which I know can be done) and reverse DNS lookup.
I know that ping collision
In message 1a345677-0c03-45a7-a1e1-af364fe87...@gronkulator.com, Rich Goodson
writes:
Basically, I'm trying to use a shell script to replace the missing
'restart' argument to rndc, so I was looking for some sort of return
value that tells me, hey, your old named process is now gone,
etirado@orange-ftgroup.com wrote:
Hello,
Is this possible to disable recursion for all incoming queries except
for those listed in zone statement with a forwarder.
I know that no forwarding is allowed if we disable recursion.
Something like this ( but this doesn't work I know ):
On Wed, 21 Jan 2009, Rich Goodson wrote:
And I'm expected to know this, how? (incidentally, I added a 'wait'
statement to my script after I discovered this behavior). This behavior
does not appear to be what the documentation describes, is all I'm
trying to say.
Just to clarify the
In article gl8hdv$228...@sf1.isc.org,
Jeremy C. Reed jeremy_r...@isc.org wrote:
On Wed, 21 Jan 2009, Rich Goodson wrote:
And I'm expected to know this, how? (incidentally, I added a 'wait'
statement to my script after I discovered this behavior). This behavior
does not appear to be
I think that the word immediately needs to stay, as that's what
differentiates halt from stop.
The documentation in its current form seems to imply that named
returns a signal to rndc as it's exiting.
Perhaps even a simple change such as:
If -p is specified named’s process id is returned
Jeremy C. Reed wrote:
On Wed, 21 Jan 2009, Rich Goodson wrote:
And I'm expected to know this, how?
Rich, you read into the text what you wanted it to say (as you
indicated in another message) but failed to try to understand what was
actually there. The behavior you're saying you thought the
28 matches
Mail list logo