I would use
allow-query { 127.0.0.1; };
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi,
I have a problem with the load on my Bind. Normally it's fine, but from time to
time there are clients which causes through a misconfiguration or a failed
local service (not intentionally) a very high amount of queries. After finding
and informing the responsible person this problem is
于 2012-1-16 18:19, Tom Schmitt 写道:
My question:
Is there any possibility in Bind to give a quoata to a client? e.g. that from a
given IP no more than houndred queries per second are allowed and the rest is
to be blackholed.
That way only the client causing the load would have a problem but
2012/1/16 Tom Schmitt tomschm...@gmx.de
Hi,
I have a problem with the load on my Bind. Normally it's fine, but from
time to time there are clients which causes through a misconfiguration or a
failed local service (not intentionally) a very high amount of queries.
After finding and informing
On 16.01.12 14:50, Jeff Peng wrote:
If I just want to disable any client to query for a zone, but keep
that zone in the config file (maybe later I will enable it to be
accessable), can I just set:
allow-query { none; };
in the zone section?
afaik you can. According to docs, you can use
On 01/15/2012 08:11 PM, Evan Hunt wrote:
Looking at some query log output from BIND 9.9.0rc1, e.g.
15-Jan-2012 18:24:45.358 client 131.111.11.47#58644 (www.playground.test):
^
query: www.playground.test IN A +E
Original-Nachricht
Datum: Mon, 16 Jan 2012 11:49:46 +0100
Von: Roel Wagenaar r...@wagenaar.nu
Betreff: Re: Defense against a client?
In this case iptables is your friend.
One of my solutions is partly based on this:
On Jan 16 2012, Phil Mayers wrote:
On 01/15/2012 08:11 PM, Evan Hunt wrote:
Looking at some query log output from BIND 9.9.0rc1, e.g.
15-Jan-2012 18:24:45.358 client 131.111.11.47#58644 (www.playground.test):
^
query:
On 16/01/12 14:13, Chris Thompson wrote:
I'm confused. The name being queried is already in the line. Why is it
now in there twice?
Obviously I'm not understanding something...
I think Evan is saying that the change applies to all messages in which
the client info appears, not just the query
Hi list,
I'm working on Capsicum security framework [1] for the FreeBSD Project.
While implementing sandbox mode for some applications like tcpdump, we
have noticed that sandboxed applications are no longer able to resolve DNS
names. This happens because each DNS resolving is done by making a
IP in parenthesis: It is the destination IP to which the client has sent
his query.
For example: Useful if you are switching IPs around in your DHCP and you
want to make sure all clients have updated their configurations.
b.
On 16 January 2012 15:19, Phil Mayers p.may...@imperial.ac.uk wrote:
* Chuck Anderson:
Unfortunately, these sorts of per-IP limiting are going to become more
and more inappropriate with the likes of Carrier Grade NATs, since
there will be many subscribers sharing a single public IP address.
You may end up causing performance problems for legitimate traffic.
On 16/01/12 15:19, Bostjan Skufca wrote:
IP in parenthesis: It is the destination IP to which the client has sent
his query.
No, not that item. That's not new, and is obvious known.
The *first* item in parenthesis, right after client#port.
___
I suspect that the NAT/PAT thing is at its peak (across the Internet) right now.
I expect to see it beginning to dissipate in the coming years with the adoption
of IPv6.
Jerry
On 01/16/12 09:13 AM, Chuck Anderson wrote:
Unfortunately, these sorts of per-IP limiting are going to become more
On Mon, Jan 16, 2012 at 03:41:15PM +, Florian Weimer wrote:
* Chuck Anderson:
Unfortunately, these sorts of per-IP limiting are going to become more
and more inappropriate with the likes of Carrier Grade NATs, since
there will be many subscribers sharing a single public IP address.
15-Jan-2012 18:24:45.358 client 131.111.11.47#58644 (www.playground.test):
^
query: www.playground.test IN A +E (131.111.9.112)
the indicated parenthesized item is new, but seems always to be the same
as the later query
On Jan 16, 2012, at 1:50 AM, Jeff Peng wrote:
Hi,
If I just want to disable any client to query for a zone, but keep that zone
in the config file (maybe later I will enable it to be accessable), can I
just set:
Just out of interest, why wouldn't you just comment out the zone stanza?
On Jan 13, 2012, at 2:30 PM, Barry Margolin wrote:
In article mailman.826.1326465946.68562.bind-us...@lists.isc.org,
Simon si...@bk.it.cx wrote:
Hi,
sure it is.
Here a more detailed version:
http://www.zytrax.com/books/dns/ch9/rr.html
RR usually results in roughly equal load
In article mailman.884.1326738053.68562.bind-us...@lists.isc.org,
Warren Kumari war...@kumari.net wrote:
On Jan 13, 2012, at 2:30 PM, Barry Margolin wrote:
In article mailman.826.1326465946.68562.bind-us...@lists.isc.org,
Simon si...@bk.it.cx wrote:
Hi,
sure it is.
Here a
On 16/01/12 20:52, Barry Margolin wrote:
In article mailman.884.1326738053.68562.bind-us...@lists.isc.org,
Warren Kumari war...@kumari.net wrote:
On Jan 13, 2012, at 2:30 PM, Barry Margolin wrote:
In article mailman.826.1326465946.68562.bind-us...@lists.isc.org,
Simon si...@bk.it.cx
On Mon, Jan 16, 2012 at 2:52 PM, Barry Margolin bar...@alum.mit.edu wrote:
One (icky) solution is to hand out more addresses for one server than the
otherŠ
www.example.com IN A 192.168.1.1
www.example.com IN A 192.168.1.2
www.example.com IN A 192.168.1.3
www.example.com IN A
do you propose he specify the ratios with BIND?
One (icky) solution is to hand out more addresses for one server than
the otherŠ
www.example.com IN A 192.168.1.1
www.example.com IN A 192.168.1.2
www.example.com IN A 192.168.1.3
www.example.com IN A 192.168.2.1
Bind
On Jan 16, 2012, at 2:58 PM, Todd Snyder wrote:
do you propose he specify the ratios with BIND?
One (icky) solution is to hand out more addresses for one server than
the otherŠ
www.example.com IN A 192.168.1.1
www.example.com IN A 192.168.1.2
www.example.com IN A 192.168.1.3
In message barmar-8f6f85.14511816012...@news.eternal-september.org, Barry Mar
golin writes:
In article mailman.880.1326731999.68562.bind-us...@lists.isc.org,
Chuck Anderson c...@wpi.edu wrote:
On Mon, Jan 16, 2012 at 03:41:15PM +, Florian Weimer wrote:
* Chuck Anderson:
于 2012-1-17 1:58, Warren Kumari 写道:
Just out of interest, why wouldn't you just comment out the zone stanza?
Would cut down on memory usage, load time, etc…
I'm sure you have a use case, just a wondering…
Well, my dns manage system (dnsbed.com) requires a zone pause feature.
When user click
25 matches
Mail list logo