At 21:10 16-10-2012, pangj wrote:
IMO, a resolver will have the ability to get the public key of a ZSK
for validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
See http://www.nlnetlabs.nl/publications/dnssec_howto/
Regards,
I have read the document of redbarn RRL for BIND and this NSD RRL:
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
I have a question that, since the DDoS to DNS are coming from spoofed
IPs. But RRL is working based on source IP. So how can it stop the real
life attack?
Thanks.
On 10/17/2012 09:17 AM, pangj wrote:
I have read the document of redbarn RRL for BIND and this NSD RRL:
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
I have a question that, since the DDoS to DNS are coming from spoofed
IPs. But RRL is working based on source IP. So how can it stop
In article mailman.424.1350461867.11945.bind-us...@lists.isc.org,
pangj pa...@riseup.net wrote:
I have read the document of redbarn RRL for BIND and this NSD RRL:
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
I have a question that, since the DDoS to DNS are coming from spoofed
Anybody have had any luck to get the latest BIND 9.9.2 to compiled on
Solaris 11 SPARC to support 64-bit binaries?
I have tried with both GCC version 4.5.2 and Solaris Studio 12.3.
Everything configure, link and compile fine, but when I try to run named
or dig I get core dumps. Not sure if
I'm not sure if this is of interest to anyone, but I wrote a FreeBSD
accept filter for DNS a few years ago. An accept filter is a socket
option that you can use to tell the kernel to wait before the
accept() syscall returns. In this case, the accept filter delays
the return of accept until there
In article mailman.424.1350461867.11945.bind-us...@lists.isc.org,
pangj pa...@riseup.net wrote:
I have read the document of redbarn RRL for BIND and this NSD RRL:
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
I have a question that, since the DDoS to DNS are coming from spoofed
You're thinking that the rate limit is intended to protect YOUR server.
It's actually to prevent your server from being used as a reflector to
attack some OTHER server. The spoofed addresses all point to that
server.
Sorry I just can't understand that why my server is being used to attack
From time to time I notice a large number of queries like these to one of my
external dns servers:
14:14:40.01407 121.10.105.66 - 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.01529 121.10.105.66 - 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.03688 121.10.105.66 - 143.231.1.67 DNS C
Hi--
On Oct 17, 2012, at 11:17 AM, Manson, John wrote:
From time to time I notice a large number of queries like these to one of my
external dns servers:
14:14:40.01407 121.10.105.66 - 143.231.1.67 DNS C gop.gov. Internet * ?
[ ... ]
14:14:40.98668 121.10.105.66 - 143.231.1.67 DNS C
From time to time I notice a large number of queries like these to one
of my external dns servers:
14:14:40.01407 121.10.105.66 - 143.231.1.67 DNS C gop.gov. Internet *
?
snip
Does this rise to the level of a DDoS attack?
No NS record for this IP.
I blackhole IPs that behave like
On 10/17/2012 07:39 PM, Dennis Clarke wrote:
I have the exact same problem with an ip inside State of Colorado
General Government Computer subnet :
http://whois.arin.net/rest/org/SCGGC
That's not exactly a fly-by-night organisation; have you contacted them?
Some server there has been
I used to get the same problem but that was everytime from three or four
different source IP and they are all querying ripe.net IN ANY for around 10
queries per second.
I am pretty sure the sources were hacked because one of my another DNS server
also become the source to attack and from the
On 10/18/2012 12:12 AM, Tony Xue wrote:
I am pretty sure the sources were hacked because one of my another
What makes you think the source IPs were real?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
Because my server also used to be hacked and send this kind of junk queries and
my server was null-routed by the datacenter. The high bandwidth was happened
exactly on my server.
-Original Message-
From: Phil Mayers p.may...@imperial.ac.uk
Sender:
On Oct 16, 2012, at 7:48 PM, pangj pa...@riseup.net wrote:
$ dig +dnssec udp53.org soa
; DiG 9.6.1-P2 +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL:
16 matches
Mail list logo