Re: Timeout setting

2021-03-25 Thread Julien Salort
Le 25/03/2021 à 18:21, John W. Blue via bind-users a écrit : When I queried the authoritative server directly it worked: ;; QUESTION SECTION: ;111.250.179.17.in-addr.arpa. IN PTR ;; ANSWER SECTION: 111.250.179.17.in-addr.arpa. 86400 IN PTR rn2-msbadger07105.apple.com. ;; Query

Timeout setting

2021-03-25 Thread Julien Salort
Hello, I have a VPS running postfix and bind9. Bind is used as a recursive resolver, in particular to be able to query anti-spam database. Postfix is also configured to reject incoming connections from servers with no reverse dns. It works great overall, but sometimes legitimate messages

Re: Preventing a particular type of nameserver abuse

2021-04-13 Thread Julien Salort
Le 13/04/2021 à 07:12, Ondřej Surý a écrit : BIND 9.11 has minimal-any option that’s helpful to reduce the attack impact: https://www.isc.org/blogs/bind-release-911/ RRL should also help to limit the responses: https://kb.isc.org/docs/aa-01000

Re: Preventing a particular type of nameserver abuse

2021-04-13 Thread Julien Salort
Le 13/04/2021 à 00:55, Richard T.A. Neal a écrit : That's exactly what I do - I have some code that's watching for a frequent occurrence of these sorts of queries and then adds a firewall rule for a predetermined amount of time to simply drop the incoming packets at the firewall - this

Re: BIND 9.18.0 and Mac OS X 10.15.7 - cannot build

2022-02-22 Thread Julien Salort
Le 22/02/2022 à 02:29, Larry Stone a écrit : So, just for fun, I decided to see if I could build 9.18.0 on my current MacBookPro (where I already run 9.16.26). It’s on MacOS Catalina 10.15.7 (cannot go higher - new MacBookPro coming soon!). For information, bind 9.18.0 compiles fine under

Moving to a IPv4 only server

2023-08-18 Thread Julien Salort
Hello, I am sorry if this is a FAQ. I haven't been able to find the answer. I used to have bind9 running on a server with both IPv4 and IPv6. This server has failed unfortunately, and I am setting up replacement using the last backup of the failed server. The new server happens to have IPv4

Re: Moving to a IPv4 only server

2023-08-19 Thread Julien Salort
Le 18/08/2023 à 22:14, Ondřej Surý a écrit : You did the classic mistake - assuming what the problem is and then trying to find a solution for that problem. You should start with just describing what you see - and the logs you sent indicate that the named is unable to communicate on port 53.

DoH credentials

2024-03-25 Thread Julien Salort
Hello, I am trying bind9 DoH features (bind9 9.18.18). It works from Firefox, although it feels slower than with native resolver. However, it seems that this makes an open resolver, i.e. there is no authentication of any sort. I haven't found any reference to how to set up credentials in