On Thursday, December 31, 2015 08:26:49 PM Paul Vixie wrote:
> farsight fastrpz is not open source software, or is it free, and i'm fairly
> sure that the moderators won't want a long discussion of its features or
> terms here. send me e-mail if you're interested in participating in field
>
greetings. i've heard that several unbound users have asked about rpz support
of late. farsight security is in the late stages of development of "fastrpz", a
commercial software package that handles the rpz publish/subscribe functions
and offers a fast shared-memory semi-portable api to the
wrapsrv, which is linked from the page below, is an open source tool
capable of extracting (and utilizing) SRV records.
https://www.farsightsecurity.com/Blog/20160328-stsauver-magic-of-srv/
vixie
Tony Finch wrote:
> Paul Vixie via Unbound-users <unbound-users@unbound.net> wrote:
>
>> if anyone tries dnstap and encounters any trouble, please reach out to
>> me. it is farsight's goal to push this bsd-licensed open source
>> technology into the community
if anyone tries dnstap and encounters any trouble, please reach out to
me. it is farsight's goal to push this bsd-licensed open source
technology into the community and to make it easier for all operators to
see in real time what their name servers are doing.
David Conrad wrote:
> On Apr 27, 2017, 4:28 PM -0700, Paul Vixie via Unbound-users
> <unbound-users@unbound.net>, wrote:
>
>> so in effect, TCP is not required, and will never be required. the
>> installed base and its long tail matter more than the wording of 1035.
Paul Vixie wrote:
>> ...
>
> i'll go further: i think that's a good clarification of and alteration
> to the standards. i just don't think it's wise to expect a tcp-only
> initiator, or a tcp-only responder, to function reliably. (ever.) so the
> standard is nominal, and should guide other
Havard Eidnes via Unbound-users wrote:
>> Unfortunately, DNS servers aren't required to support TCP.
>
> IMHO, that is an all too commonly held misconception. Publishing name
> servers need to support TCP as well. I'm pretty sure section 4.2 of
> RFC 1035 mandates it. It doesn't use the
as before, we have code that implements rpz for unbound. however, it is
not open-source licensed. any unbound recursive server that operates a
passive dns sensor and thus sends its cache miss traffic to SIE, is
automatically licensed to be linked against and run alongside "fastrpz"
which is
Rainer Duffner wrote:
Am 09.04.2018 um 21:15 schrieb Paul Vixie >:
the source addresses are forged. the victims are not unclean in any
way. this is why rrl exists.
...
Most people using our resolvers use our CPE, our lines, our servers….
And the
Rainer Duffner via Unbound-users wrote:
Am 09.04.2018 um 20:04 schrieb Mahdi Adnan via Unbound-users
>:
Im running 20 Unbound servers and around 20% of response are NXDOMAIN,
for queries coming from my clients.
Block those
11 matches
Mail list logo