On Thu, 2009-01-22 at 10:25 +1100, Mark Andrews wrote:
One way to test is to have a test box that sends spoofed traffic
to a machine you control.
Thanks, Mark.
That tells me pretty well what I needed to know, but
hoped not to hear: I have to build my own bot-net. 8-)
On Wed, 2009-01-21 at 19:14 -0600, Jeremy C. Reed wrote:
Maybe we should just remove the immediately part.
Any suggestions would be appreciated.
If you're going to make a change, adding a little more
information wouldn't hurt, would it? Perhaps:
s/immediately/cleanly
Hello all,
first question :
for have log i add this in my named.conf
logging {
category resolver { debug; };
category client { debug; };
category queries { debug; };
channel debug {
file /var/log/named/named.log versions 2 size 50m;
On Jan 22 2009, Stephane Bortzmeyer wrote:
[...]
As mentioned by Anton Korotin, the root name servers send answers 512.
Well not unless the EDNS flag and buffer size are set in the query,
of course.
This prompted me to look at what data is omitted from the additional
section of the
Matus UHLAR - fantomas wrote:
This is _NOT_ a problem of BIND. This is a problem of its admin who can't
read the docs and set up max-cache-size, which does exactly what is needed
in this case.
On 21.01.09 17:38, Dmitry Rybin wrote:
Hmm... And why bind allocate all system memory, if
On Wed, Jan 21, 2009 at 12:10:05PM +0300, Dmitry Rybin wrote:
view view0{
max-cache-size 16M;
match-clients {
XXX.XXX.XXX.XXX;
};
include net-views/view0.conf;
};
[... skip 48 views ...]
view view50{
max-cache-size 8M;
match-clients {
XXX.XXX.XXX.XXX;
};
Actually thinking about your problem i just got an idea for a quick and
dirty solution that might just be it for you:
Keep running the views on your fontend nameserver but forward all
recursive queries to another recursive server via the forward only;
statement. IIRC that should cause BIND not to
I have setup and configured TSIG on our Bind 9. DNS servers. How can you
verify/test that it is working correctly?
Thanks in advance for any assistance provided.
Mark
___
bind-users mailing list
bind-users@lists.isc.org
Mark A. Moore wrote:
I have setup and configured TSIG on our Bind 9. DNS servers. How can you
verify/test that it is working correctly?
Check your logging:
xfer.log:20-Jan-2009 20:06:24.677 xfer-out: info: client
149.20.XX.XX#60073: transfer of '154.XX.XX.in-addr.arpa/IN': AXFR-style
IXFR
Shouldn't using dig fail from the slave?
For example:
[...@stuey ~]$ dig -t AXFR domain.tld @ns1.someserver
; DiG 9.5.1-P1 -t AXFR domain.tld @ns1.someserver
;; global options: printcmd
; Transfer failed.
On Thu, January 22, 2009 08:58, Mark A. Moore wrote:
I have setup and configured
Vincent Rivellino wrote:
Shouldn't using dig fail from the slave?
For example:
[...@stuey ~]$ dig -t AXFR domain.tld @ns1.someserver
; DiG 9.5.1-P1 -t AXFR domain.tld @ns1.someserver
;; global options: printcmd
; Transfer failed.
It all depends on what you do with the TSIG. I
In article gl61mf$9h...@sf1.isc.org,
Mark Andrews mark_andr...@isc.org wrote:
In message fb979b33-df83-4460-a3e4-040cd165e...@newgeo.com, Scott Haneda
writ
es:
Is BCP 38 really as solid and plug and play as it sounds? In a
shared, or colo'd environment, can that ISP really deploy
Thank you for this notification. It indicates that today would be a
great day for for miscreants to make hacking attempts at your account.
You don't put a sign up in the front yard of your home that you're away
on vacation do you?
;-)
-david
rd...@monroehosp.org wrote:
I will be out of the
Hello, I want to do some spring cleaning on my dns. WHOIS seems to
throttle me back with too many checks, how can I use dig to check for
registration of a domains?
If I do `dig NS example.com` and grep out my NS, does that suffice for
making sure my primary and secondary are listed?
On 22-Jan-2009, at 16:00 , LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN
wrote:
Hello,
Thank you for answering my quesiton yesterday.
I have a new question about allow-query-cache and its effect on a
dns server' response resolution time.
allow-query-cache specifies which hosts are allowed
oops..arent any
On Thu, Jan 22, 2009 at 4:24 PM, CB bdy...@gmail.com wrote:
I believe there are any restrictions if you run a WHOIS from your dig
prompt.
[ch...@ks1dc ~]$ whois newgeo.com
[Querying whois.internic.net]
[Redirected to whois.wildwestdomains.com]
[Querying
Thank you
Maybe I didn't word my question correctly.
allow-query-cache definitions states allow-query-cache specifies which hosts
are allowed to get answers from the cache. Which cache is it refering to?
Could the cache also contain records which a master server is authoritative
for? With
My goal is for my authoritiative server to use its memory cache to reply to the
queries its authoritiative for. However, it should not satisfy all other
queries - NO to recursion ;) . Overall, I'm wondering what affect setting
allow-query-cache to none has on the performance of authoritative
On 22 Jan 2009 17:09:28 -0500, LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN
lmatusovs...@bloomberg.net wrote:
My goal is for my authoritiative server to use its memory cache to reply to
the queries its authoritiative for. However, it should not satisfy all other
queries - NO to recursion ;) .
On Jan 22 2009, LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN wrote:
My goal is for my authoritiative server to use its memory cache to
reply to the queries its authoritiative for. However, it should not
satisfy all other queries - NO to recursion ;) . Overall, I'm wondering
what affect setting
Niall O'Reilly wrote:
On Wed, 2009-01-21 at 19:14 -0600, Jeremy C. Reed wrote:
Maybe we should just remove the immediately part.
Any suggestions would be appreciated.
If you're going to make a change, adding a little more
information wouldn't hurt, would it?
The output of
21 matches
Mail list logo