The answer is BIND does accept TCP queries by default (it's required to be
RFC compliant), but a lot of times upstream firewalls/ACLs/etc block TCP,
munge UDP packet size, etc... Just firing up BIND with basic
configuration and checking netstat will show you TCP 53 listening. If
it's not working
Hello,
In BIND8, I can find statistics every hour in the log file (see here below)
It was the default for BIND8
But in BIND9 I do not find same statistics in the log file.
I know statistics-channels usage in named.conf or rndc stats with dump
statistics file I define with statistics-file
On Tue, Feb 24, 2015 at 11:24:16PM +0100, Job wrote:
Someone has been able to make RPZ work in view with in-view clause?
Unfortunately, no.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit
I am seeing that even with a zone included in an RPZ, the BIND server is
still going out to the Internet to resolve the name. I was hoping the RPZ
entry would stop processing short of that.
I have some.bad.domain.tld returning NODATA. The client is getting the
response I expect. The SOA is for
It should be awesome if that would be possible, I'm also looking to have
that feature available, but it seems that it is not possible.
Regards,
On Tue, Feb 24, 2015 at 4:19 PM, Evan Hunt e...@isc.org wrote:
On Tue, Feb 24, 2015 at 11:24:16PM +0100, Job wrote:
Someone has been able to make
Hello,
working with many views, we use the in-view directive in order to load once
the table in the first view (sometime can be large), and reuse it in other
views, by linking it with in-view zone.
We appreciated RPZ to protect with dns firewall users; an rpz file can be long
some hundreds of
On Tue, Feb 24, 2015 at 03:30:01PM -0800, Crist Clark wrote:
I am seeing that even with a zone included in an RPZ, the BIND server is
still going out to the Internet to resolve the name. I was hoping the RPZ
entry would stop processing short of that.
That's so named doesn't leak policy
Unfortunately, no.
Thank you for the reply Evant.
So, DLZ is still the better way if someone needs to share dns blacklists
between lots of zone, i think.
But, i noticed very useful the RPZ function that can block (or walled
gardening) the resolution for those sites that are located into bad
8 matches
Mail list logo
