On 2022-04-20 23:07, Richard T.A. Neal wrote:
Hi Hal,
In addition to this you might also want to look into Response Rate
Limiting. This may help to reduce the load on your DNS servers from
bad actors without having to play a cat & mouse game of spotting and
blocking them.
Response Rate
That's not in my version of bind-9.16.23.
Thanks anyway!
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services
The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
Hi Hal,
In addition to this you might also want to look into Response Rate Limiting.
This may help to reduce the load on your DNS servers from bad actors without
having to play a cat & mouse game of spotting and blocking them.
Response Rate Limiting is explained in detail in the BIND ARM here
***
You can turn on answer logging:
rndc answerlog
Apologies- I believe the above is likely specific to EIP DNS builds.
J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid
From: bind-users on behalf of King, Harold
Clyde (Hal) via bind-users
Date: Wednesday, April 20, 2022 at 3:29 PM
To: bind-users
Subject: How can I tell if a quiry is answered or denied
I'm trying to find bad actors stretching out my load on my main DNS server I
can't tell from the query log
I'm trying to find bad actors stretching out my load on my main DNS server I
can't tell from the query log if a host is denied an answer, or given an
answer. Also, can I get the answer in my logs? I got one great answer today,
maybe I'm pushing my luck, but I do feel lucky.
--
Hal King -
Thank you that did the trick!
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services
The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:7843e9a7-77dc-4edb-92f4-95ba78de367b]
this is what I use with 9.18.1
named-compilezone -f raw -F text -o -
0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa
0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa.signed
On 04/20/2022 8:42 am, King, Harold Clyde (Hal) via bind-users wrote:
I need to read the reverse zone in txt and I'm not sure how
I need to read the reverse zone in txt and I'm not sure how to decode the file
with named-compilezone. Does anyone know the part I'm missing?
named-compilezone -f raw -F text -o
/etc/named/secondary/9.249.192.in-addr.arpa.db 9.249.192
/etc/named/secondary/9.249.192.in-addr.arpa.db
--
Hal
Dan Mahoney writes:
We've seen a number of messages reported to us as having an isc.org "from"
address, and as having our dkim signatures, but the signatures failing to
verify, perhaps because a forwarder may have added a subject tag or
rewritten some other header. Of course, SPF also fails
Dan Mahoney writes:
> We've seen a number of messages reported to us as having an isc.org "from"
> address, and as having our dkim signatures, but the signatures failing to
> verify, perhaps because a forwarder may have added a subject tag or
> rewritten some other header. Of course, SPF
> bind 9.16.13
This. You are running outdated unsupported version of BIND 9. You need to
upgrade to latest 9.16 version at least.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
>
We have CentOS Linux 7 , 128GB ram and bind 9.16.13.
Could you please share what information exactly you are looking for? to
resolve the issue.
On Wed, Apr 20, 2022 at 11:36 AM Ondřej Surý wrote:
> We can’t really help you if you withhold information. You need to learn to
> provide complete
We can’t really help you if you withhold information. You need to learn to
provide complete information if you want other people to help you instead of
letting them guess what does you environment look like.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be
Seeing only these two line in log:
Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288
127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR
started (serial 1605611713)
Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches
resource limit [space usage
15 matches
Mail list logo
