> ! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206,
> ! marking all IPv6 addrs as bogus, but it does not make a difference in
> ! behaviour.
>
> Update: Actually there is a difference if this recommended
> configuration is present or not - only the NXDOMAIN outcome is the
>
Hi again,
Never mind. It wasn't the difference between versions.
It was that the 9.10.3 server was forwarding all queries
to my ISP's DNS servers which are not functioning well.
They can't even resolve ietf.org at the moment.
When forwarding to 8.8.8.8 instead, it behaves the same
as the 9.11.5
Hi,
Firstly, I'd like to thank everyone involved with making bind.
I'm used to using old versions (9.10.3 on an old ubuntu host)
and (9.11.5 on debian-10 stable). And just as I'm about to start
using DNSSEC for my domains, debian-11 stable is about to come
out in a few days with bind-9.16.15
On Thu, Aug 05, 2021 at 11:53:35PM +0200, Peter wrote:
! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206,
! marking all IPv6 addrs as bogus, but it does not make a difference in
! behaviour.
Update: Actually there is a difference if this recommended
configuration is present
Hi all,
first off: I do not have IPv6 physical connectivity yet, but I would
like to run a nameserver nevertheless.
Sadly, it seems that without IPv6 connectivity, half of the queries
fail, in a random fashion.
There is no clue in the logfile about any reason for this behaviour,
only so
On 05/08/2021 17:57, Siva Kakarla wrote:
> Thanks, Daniel, that is also a great idea. I am trying to see if I can
> get the standard fuzzers like AFL to work for my use case, but if I
> can't then I will try the idea you suggested.
This also rather cool:
You can use dnspython to generate wire format.
Generally, I think that writing more specific fuzzers on top of APIs that
consumes user input would be more useful than just fuzzing `named`.
F.e. it should be possible to write a fuzzer that takes multiple DNS messages
as input (starting with
Roberto,
I've been using nsupdate for that.
I restricted my dynamic address pool, at the bottom end for infrastructure and
at the top end for static IP's and then I use nsupdate to add the entries.
There are other methods, which I learned mostly from this list and can attach a
copy of my site
Thanks, Daniel, that is also a great idea. I am trying to see if I can get
the standard fuzzers like AFL to work for my use case, but if I can't then
I will try the idea you suggested.
On Thu, Aug 5, 2021 at 8:39 PM Ed Daniel wrote:
> On 05/08/2021 13:37, Siva Kakarla wrote:
> > Hello Everyone,
Thanks, Ondrej, for the reply.
Fuzzing responses is the second part, I would say. For now, I am only
fuzzing the authoritative server, so fuzzing named with queries would be a
good starting point. I will check the GitHub repository you pointed out.
The instructions for running AFL work great,
On Thu, Aug 5, 2021 at 12:19 PM Roberto Carna wrote:
> I have several hosts with static IP's / hostnames and I want to
> register them to our private BIND DNS, and they should be updated if
> the IP or hostname changes.
>
> Is there any way to do what I need ? Any Linux/Windows client to
>
Windows clients do this with the right settings; often those settings are the
defaults. For Linux, there’s got to be a script out there that ties into the
networking code, but I’ve never needed to look for a solution.
The biggest challenges I’ve seen in doing this right are:
* cryptography:
Dear all, I know DDNS works with a DHCP server and dynamic IP's. When
IP changes, the hostname in DNS is updated.
But I have this scenario:
I have several hosts with static IP's / hostnames and I want to
register them to our private BIND DNS, and they should be updated if
the IP or hostname
If you want to get your hands dirty, I would recommend looking at
https://github.com/dobin/ffw, but for useful fuzzing, this would also need a
more complicated client fuzzing support because you don’t only want to fuzz the
queries, but also responses given by “fake” authoritative servers and
--
Ondřej Surý (He/Him)
ond...@isc.org
> On 5. 8. 2021, at 14:37, Siva Kakarla wrote:
>
> Hello Everyone,
>
> I am trying to understand and set up a fuzzer for the Bind DNS
> implementation. My current goal is to fuzz the authoritative server with
> queries.
>
> I have looked around and
On 05/08/2021 13:37, Siva Kakarla wrote:
> Hello Everyone,
>
> I am trying to understand and set up a fuzzer for the Bind DNS
> implementation. My current goal is to fuzz the authoritative server with
> queries.
>
> I have looked around and came across different fuzzing engines, but I
> have
Hello Everyone,
I am trying to understand and set up a fuzzer for the Bind DNS
implementation. My current goal is to fuzz the authoritative server with
queries.
I have looked around and came across different fuzzing engines, but I have
some trouble and some questions getting it to work. If
17 matches
Mail list logo
