Daniel Ryslink daniel.rysl...@dialtelecom.cz wrote:
As for the SERIAL in SOA, it's just a good practice, it gives you the
information about when the zone was published, and creates less problems
when you transfer hosting of the domain to another nameserver. Basically
yes, it's just a number,
Actually, I think the DNSaaS term has come into vogue as part of OpenStack,
where the (sub-)project goes by the name Designate. See
https://wiki.openstack.org/wiki/Designate
I don't know why the original poster would ask about it here, since Designate
seems to be more of a management layer
I run bind 9.10.2-P3.
I have three classes of forwarders that I'd like to use:
(1) my own, hosted forwarder. fast private, but not redundant infrastructure
(2) private/encrypted hosted forwarders. slow, private, and redundant
infrastructure.
(3) reliable ISP public forwarders. fast,
Hi
On Mon, Aug 24, 2015, at 11:10 AM, Darcy Kevin (FCA) wrote:
Forwarders are selected based on an RTT(round-trip-time)-based algorithm
There's an invalid presumption there -- that 'fastest' == 'most desired /
highest priority'. Regardless of any specific case, the requested feature
Am 24.08.2015 um 20:19 schrieb n...@eml.cc:
On Mon, Aug 24, 2015, at 11:10 AM, Darcy Kevin (FCA) wrote:
Forwarders are selected based on an RTT(round-trip-time)-based algorithm
There's an invalid presumption there -- that 'fastest' == 'most desired /
highest priority'. Regardless of
Forwarders are selected based on an RTT(round-trip-time)-based algorithm, so
none of this configuration complexity should be necessary from a
performance/availability standpoint. The algorithm will choose faster
forwarders over slower ones, and penalization/eventual-redemption of
So, if your link is saturated to the point that you can't hold up a VPN
connection reliably, you fall back to an less-secure method of resolution?
Non-deterministic security, what a concept!
Has it occurred to you, that you're giving the bad guys -- the ones that want
to pry on your query data
On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
So, if your link is saturated to the point that you can't hold up a VPN
connection reliably, you fall back to an less-secure method of resolution?
No.
Non-deterministic security, what a concept!
Didn't take long for you to resort
On 8/24/15 3:09 PM, n...@eml.cc wrote:
On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
So, if your link is saturated to the point that you can't hold up a VPN
connection reliably, you fall back to an less-secure method of resolution?
No.
Actually, yes. That's pretty much
Am 24.08.2015 um 21:09 schrieb n...@eml.cc:
On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
So, if your link is saturated to the point that you can't hold up a VPN
connection reliably, you fall back to an less-secure method of resolution?
No.
YES but you maybe don't realize
Somehow all that ^ puffery translates into NOT wanting to allow the user to
prioritize the use of forwarders the way they want?
Um, ok ...
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
I know it's DNS as a service.
But what's the standard? how to implement it?
Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
Am 24.08.2015 um 12:29 schrieb Ken Peng:
I know it's DNS as a service.
But what's the standard? how to implement it?
it's just a buzzword for DNS hosting
signature.asc
Description: OpenPGP digital signature
___
Please visit
The reasons why not to use nslookup are summarized here:
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html
I have seen ISC developers discourage from using it in tihis mailing
list too.
As for the SERIAL in SOA, it's just a good practice, it gives you the
When I query the server for version I get back version: 9.9.7S5
The ics.org website lists the most current version as 9.9.7-P2
How do I interpret these numbers to ensure I have implemented the most current
version?
Raymond D. Harris, Jr, CISA
Sr. Auditor - ATT Audit Services
Hi all,
after upgrading from Debian Wheezy to Jessie, bind9 receives rndc
reconfig commands every 30 minutes. I've never seen this before. Some
of my own scripts run rndc restart/reload after fiddling with network
interfaces, but none of these is the source of the observed 30 minutes
interval.
I believe you could implement what you're looking for with a
reasonably-sophisticated software/hardware load-balancer technology and/or some
number of virtual machines, no BIND code changes required.
Personally, I don't like forwarding much at all -- I only use it where it's
absolutely
Am 24.08.2015 um 21:41 schrieb HARRIS, RAYMOND D:
When I query the server for version I get back “version: 9.9.7S5”
The ics.org website lists the most current version as “9.9.7-P2”
How do I interpret these numbers to ensure I have implemented the most
current version?
besides that a
On 2015-08-24 12:45, Reindl Harald wrote:
Am 24.08.2015 um 21:41 schrieb HARRIS, RAYMOND D:
When I query the server for version I get back “version: 9.9.7S5”
The ics.org website lists the most current version as “9.9.7-P2”
How do I interpret these numbers to ensure I have implemented the
If you're going to obscure your version _anyway_, might as well put a short
math problem in the text; keep them occupied, slow down the attack. Hey, it's
worth a try... :-)
- Kevin
-Original Message-
From:
On 8/24/15 3:21 PM, n...@eml.cc wrote:
Somehow all that ^ puffery translates into NOT wanting to allow the
user to prioritize the use of forwarders the way they want?
You are trying to use forwarders in a way that they are not intended,
and is not a good idea. That is the translation of all of
Does the rndc protocol have a timeout? If so, what is it set to? I don't see
anything about a configurable timeout interval in the man pages for rndc or
rndc.conf.
What I'd probably do is turn off rndc in named.conf, set up a dummy server to
listen on port 953, which just accepts the
The first thing I would do is make sure only the users you want to
be able to use the rndc key can read it. I would then generate a
new rndc key and configure both rndc and named to use it.
If that doesn't work generate a new rndc.conf file with a different
name that refers to a new rndc key.
On Mon, Aug 24, 2015 at 07:41:27PM +, HARRIS, RAYMOND D wrote:
When I query the server for version I get back version: 9.9.7S5
The ics.org website lists the most current version as 9.9.7-P2
Some of ISC's support customers run a limited-release subscription
version of BIND 9.9; it contains
Additional,
BIND is open source so you are free to modify it to see if doing
so helps you.
The forwarders are sorted in lib/dns/resolver.c.
The grammer is defined in lib/isccfg/namedconf.c
The forward table is constructed using the routines in lib/dns/forward.c
which are called from
On 2015-08-24 03:57, Daniel Ryslink wrote:
As for the SERIAL in SOA, it's just a good practice, it gives you the
information about when the zone was published, and creates less
problems when you transfer hosting of the domain to another
nameserver. Basically yes, it's just a number, but there
26 matches
Mail list logo
