Hi Everybody,
My Linux is OpenSuSE 11.4 with Kernel 2.6.37.6-0.5 which is used for
DNS server. I have installed bind-9.7.3P3-0.2.1
Our external auditor used NeXpose for scanning my system. It showed
Insufficient DNS Source Port Randomization Vulnerability. Therefore
I have followed BIND 9
On 28.07.11 15:33, Pete Fong wrote:
My Linux is OpenSuSE 11.4 with Kernel 2.6.37.6-0.5 which is used for
DNS server. I have installed bind-9.7.3P3-0.2.1
Our external auditor used NeXpose for scanning my system. It showed
Insufficient DNS Source Port Randomization Vulnerability.
The
On Thu, Jul 28, 2011 at 03:33:11PM +0800,
Pete Fong petefong2...@gmail.com wrote
a message of 27 lines which said:
I have adjusted named.conf configuration file as below :
query-source address * port * ;
query-source-v6 address * port *;
BIND randomizes properly by default. I would
dig kia.czj
; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 kia.czj
;; global options: printcmd
;; connection timed out; no servers could be reached
my ip is 192.168.18.128
my named.conf
options {
listen-on port 53 { 192.168.18.128; 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
Hi, Matus UHLAR
No, The scanner PC and DNS server is connected by crossover cable in
my environment. Therefore I have not any idea.
Thanks a lot,
Pete Fong
2011/7/28 Matus UHLAR - fantomas uh...@fantomas.sk:
On 28.07.11 15:33, Pete Fong wrote:
My Linux is OpenSuSE 11.4 with Kernel
If I understand correctly, the connection between the scanner PC and
your DNS server is not really the issue here.
What can cause problems is a firewall between your DNS server and the
Internet.
Danilo
On 07/28/2011 10:08 AM, Pete Fong wrote:
Hi, Matus UHLAR
No, The scanner PC and
On 7/28/11 3:16 AM, uifid...@gmail.com uifid...@gmail.com wrote:
my czj.zone
$TTL 86400
czj. IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
On 7/28/2011 4:16 AM, uifid...@gmail.com wrote:
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include /etc/named.rfc1912.zones;
};
view czj {
match-clients { 192.168.18.128; localhost; };
There are tools which do this, such as F5's GTM or Cisco's GSS;
essentially, you have multiple servers in a pool/answer group, and
during normal operations, they are handed out in either RR or WRR. If
one server fails his health-check, he is taken out of the mix. I
believe under the covers, it is
I'm trying to config a bind server which could answering queries (at
least from 127.0.0.1 and 192.168.18.128) like dig kia.czj but I
failed to. perhaps my ignorance about match-clients and
match-destinations statements failed my attempt, or more likely, SOA
and NS of localhost. seems wrong. It
I am wondering what might be a good workaround for this
legacy setup...
Will do my best to explain..
IP Space
- 1 Class B Global Unique (used Externally and Internally)
- 1 Class B RFC1918
DNS Setup
External DNS (Linux - Bind 9.8.x)
- example-ext.com DNS domain
- authoritative for PTR
Am 28.07.2011 01:18, schrieb Bob:
These two views are identical in any way I can see, so the fault may
be in an included configuration file that is not included in your
message.
Look for allow-query, allow-recursion or allow-cache statements in
your other config files.
Did this. The only
Hello,
I'm new to IPv6 configuring in BIND. I need help. The forward zone is simple
enough with record, but the reversed zone is a bit confusing to me.
For example, I want to add a hostname of
www.example.comhttp://www.example.com to 2001:1930:c00::2. This IPv6 address
is /48.
How can I
On Thu, 28 Jul 2011, Khuu, Linh Contractor wrote:
I'm new to IPv6 configuring in BIND. I need help. The forward zone is
simple enough with record, but the reversed zone is a bit confusing to
me.
For example, I want to add a hostname of www.example.com to
2001:1930:c00::2. This IPv6
Thanks Jay and Leonard for the pointers of IPv6 format.
Linh Khuu
-Original Message-
From: Jay Ford [mailto:jay-f...@uiowa.edu]
Sent: Thursday, July 28, 2011 2:22 PM
To: Khuu, Linh Contractor
Cc: 'bind-users@lists.isc.org'
Subject: Re: Format of the IPv6 reversed zone
On Thu, 28 Jul
On Thu, 2011-07-28 at 14:07 -0400, Khuu, Linh Contractor wrote:
Hello,
I’m new to IPv6 configuring in BIND. I need help. The forward zone is
simple enough with record, but the reversed zone is a bit
confusing to me.
For example, I want to add a hostname of www.example.com to
There is a little perl ipv6 calc that I use ipv6calc so I don't mis-typo it.
ipv6calc --addr_to_ip6arpa 2001:1930:c00::2
No input type specified, try autodetection...found type: ipv6addr
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.0.3.9.1.1.0.0.2.ip6.arpa.
The web page is dead, but the ftp
On 7/28/11 12:16 AM, uifid...@gmail.com wrote:
my /etc/resolve.conf
Note: ^^^
named-checkzone named-checkconf passed, I suppose the configure works
but only get no servers could be reached.What's wrong with my config?
Your resolv.conf is in the wrong place. Let's see what happens
Also has a wrong name: Should be resolv.conf NOT resolve.conf.
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
Michael McNally
Sent: Thursday, July 28, 2011 3:47 PM
To:
On 7/28/2011 3:35 PM, eugene tsuno wrote:
There is a little perl ipv6 calc that I use ipv6calc so I don't mis-typo it.
ipv6calc --addr_to_ip6arpa 2001:1930:c00::2
No input type specified, try autodetection...found type: ipv6addr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am I missing something, or are the hu NS records incomplete?
dig d.hu +trace
;; AUTHORITY SECTION:
hu. 86400 IN NS e.hu.
hu. 86400 IN NS ns-se.nic.hu.
hu. 86400 IN
On Thu, Jul 28, 2011 at 01:18:29PM -0700,
Carl Byington c...@byington.org wrote
a message of 35 lines which said:
dig: couldn't get address for 'b.hu': not found
Strange. It works for me.
b.hu. 86292 IN A 193.239.149.3
On 7/28/2011 12:26 PM, CT wrote:
I am wondering what might be a good workaround for this
legacy setup...
Will do my best to explain..
IP Space
- 1 Class B Global Unique (used Externally and Internally)
- 1 Class B RFC1918
DNS Setup
External DNS (Linux - Bind 9.8.x)
- example-ext.com
Sorry, it's a typo in the maillist, but not in my file system. My
resolv.conf is in the right place.
2011/7/29 Michael McNally mcna...@isc.org:
On 7/28/11 12:16 AM, uifid...@gmail.com wrote:
my /etc/resolve.conf
Note: ^^^
named-checkzone named-checkconf passed, I suppose the
On 7/28/2011 4:58 PM, Kevin Darcy wrote:
On 7/28/2011 12:26 PM, CT wrote:
I am wondering what might be a good workaround for this
legacy setup...
Will do my best to explain..
IP Space
- 1 Class B Global Unique (used Externally and Internally)
- 1 Class B RFC1918
DNS Setup
External DNS
25 matches
Mail list logo