stupid question: i spent all of five minutes looking around isc.org -- but
i did click all the top-level bind-related links, and couldn't find a
pointer to rt to search for this ticket. does it require a support
contract, is it internal-only, or am i just looking in the wrong place?
i wanted to
Den 12. juli 2012 kl. 01:49 skrev Ben benjo11...@gmail.com:
If someone share his experience with it, What are the maximum QPS handled by
bind? that is good to understand more.
Well, it depends.
If you test with a freshly restarted BIND (nothing cached yet), and ask for
only external data,
In article mailman.1319.1342048311.63724.bind-us...@lists.isc.org,
Mark Andrews ma...@isc.org wrote:
In message barmar-fdfdc6.18551211072...@news.eternal-september.org, Barry
Margolin writes:
In article mailman.1317.1342033147.63724.bind-us...@lists.isc.org,
Michael Hoskins (michoski)
On 12/07/12 08:20, Michael Hoskins (michoski) wrote:
stupid question: i spent all of five minutes looking around isc.org -- but
i did click all the top-level bind-related links, and couldn't find a
pointer to rt to search for this ticket. does it require a support
contract, is it
How to check from 10 queries, which are on cache and which are not ?
Still, my question is open..
Dear ISC team, can you please suggest what happend with my caching DNS
load test.? I mean, want to find root cause of it.
Den 12. juli 2012 kl. 01:49 skrev Ben benjo11...@gmail.com:
If
Hi Ben,
At 16:49 11-07-2012, Ben wrote:
I am doing load testing on our local caching dns.But while doing it
, i added google dns and some other dns ips as forwarder to test QPS.
It seems to me that it is not a good idea to do load testing on some
third-party server.
I am confusing that
On 12 Jul 2012, at 03:21, blrmaani wrote:
I searched earlier posts but noticed that people are recommending it to just
increase it to suppress the errors in log.
Any pointers on this?
If it's set too low for your normal operating circumstances, you do
need to increase it.
On Jul 12, 2012, at 2:27 AM, Dns Administrator wrote:
Hi bind-users,
please excuse my ignorance being a novice to dns, but is there some way of
disabling or choking Any type requests?
Sure-- a firewall or even taking a pair of wire-cutters to the ethernet cable
will accomplish that. :-)
On 12/07/12 14:38, Chuck Swiger wrote:
On Jul 12, 2012, at 2:27 AM, Dns Administrator wrote:
Hi bind-users,
please excuse my ignorance being a novice to dns, but is there some way of disabling
or choking Any type requests?
This has been discussed on the list recently - see the archives.
Your answer was clearly meant to be tongue in cheek but I'm not sure you
understood.
The OP wasn't asking how to stop all (any) lookups - it was how to stop dig -t
any which isn't the same thing at all. Presumably they still want to allow
dig -t mx, dig www... etc...
Personally I don't know
On 12/07/12 15:16, Lightner, Jeff wrote:
Personally I don't know why dig -t any would be a problem. It's
not exactly the same as doing an axfr transfer of the zone - it still
only gets limited information.
They're the current query type du jour for DDoS amplification attacks,
which I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Ben,
On 7/12/12 10:32 AM, Ben wrote:
Still, my question is open..
I'm not from ISC, but I have an idea what causes this (but I'm not an
authoritative source). You can look up the BIND source code.
Every caching DNS Server (BIND or other
Personally I don't know why dig -t any would be a problem. It's
not exactly the same as doing an axfr transfer of the zone - it still
only gets limited information.
They're the current query type du jour for DDoS amplification attacks,
which I assume the OP is experiencing.
The
On 12/07/12 16:48, sth...@nethelp.no wrote:
Personally I don't know why dig -t any would be a problem. It's
not exactly the same as doing an axfr transfer of the zone - it still
only gets limited information.
They're the current query type du jour for DDoS amplification attacks,
which I
On Jul 12, 2012, at 7:16 AM, Lightner, Jeff wrote:
Your answer was clearly meant to be tongue in cheek but I'm not sure you
understood.
Please allow me to reassure you that I understood the intent of the question.
:-)
The point was that if one isn't clear about what one should allow and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For each major RHEL release, Redhat starts with some version of ISC
bind, and then backports patches into it from more recent versions. This
leads to an RPM containing about 50 patches. The advantage of this
approach is that customers with existing
16 matches
Mail list logo
