Some IPs were continuely attacked my DNS systems.
Saw from the log, lots of requests from those IPs to query for the
non-exist records in the cache.
Is there a way to prevent this instead of just blocking IP with
iptables? I'm running the latest BIND 9.7. thanks.
Regards.
--
Jeff Pang
2011/5/25 Niall O'Reilly niall.orei...@ucd.ie:
Which of your DNS systems: resolvers or authoritative?
Where is the source of the attack: within your (or your
customers') networks, or out on the Internet?
Thanks. My nameservers are authoritative server only.
--
Jeff
Hello,
which port is used by BIND for nsupdate?
Is tcp port 53 or 953 on localhost?
Thanks.
--
Jeff Pang
www.DNSbed.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
2011/5/6 Matus UHLAR - fantomas uh...@fantomas.sk:
BIND will search for def.com only for recursive queries, not for iterative,
and only when the client has recursion allowed on it.
you are totally mis-unstanding me.
--
Jeff Pang
www.DNSbed.com
, another is in Fremont, CA.
Each nameserver has four views.
The zone transfer between them is run with TSIG keys, all goes well.
--
Jeff Pang
www.DNSbed.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind
the source.
I have been using Debian 6, the default apt-source for this release is
also BIND 9.7
But I can get the newer BIND 9.8 compiled from the source.
--
Jeff Pang
www.DNSbed.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
-s slave DNS ip or name
-z zone name
-h show this help page
EOF
exit 0;
}
--
Jeff Pang
www.DNSbed.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
When I run the authority named on a linux/unix like system, but don't
put the reachable public nameservers on /etc/resolv.conf.
What will happen to the authority named? Will it work right?
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
2011/5/2 Jeff Pang jeffrp...@gmail.com:
2011/5/2 Torinthiel torinth...@data.pl:
Authority named never sends queries on it's own, only responds to
submitted queries.
Doesn't it execute iterative query from the root server?
For example, given the nameserver is authority for abc.com
when there is not correct entries in /etc/resolv.conf
if named will find the ns1 and ns2.dnsbed.com correctly from the root
hint.
Now I got it, thank you.
--
Jeff Pang
www.DNSbed.com
___
bind-users mailing list
bind-users@lists.isc.org
https
2011/5/3 Jeff Pang jeffrp...@gmail.com:
2011/5/3 Chris Thompson c...@cam.ac.uk:
It will need to know the addresses of ns1.def.com ns2.def.com to
send them NOTIFY packets when the zone is updated (unless that has
been suppressed). But it gets those by (if necessary) recursive
lookups based
Though this is offtopic, but I'm surprised that msdn.net (microsoft
developer networks) has been using google's apps for email hosting.
It is not commercial for MS, isn't it?
msdn.net
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
msdn.netMX preference = 30, mail
Peter Laws pl...@ou.edu:
On 05/07/10 09:22, Jeff Pang wrote:
Though this is offtopic, but I'm surprised that msdn.net (microsoft
developer networks) has been using google's apps for email hosting.
It is not commercial for MS, isn't it?
msdn.net MX preference = 30, mail exchanger = aspmx4
2010/5/4 Mark Andrews ma...@isc.org:
In message y2sf7e964441005031927m7774769ev280156817d8b4...@mail.gmail.com,
Je
ff Pang writes:
Does this mean our ISP's filrewall block EDNS query/response?
Thanks Mark.
Firstly I was very afraid DNSSEC deployment for root DNS will affect
our DNS
Hello,
Following the discussions in the list, I made a test on one of our
servers, which is in an ISP's datacenter.
The result is below:
$ dig +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
218.204.255.72 DNS reply size
On Thu, Apr 22, 2010 at 10:15 PM, Todd Snyder tsny...@rim.com wrote:
I am working to document/diagram a very complex BIND deployment (multiple
views, forwards, delegations, servers and environments)
If you can share the document after finishing it we will appreciate
that. Thanks.
--
Jeff
Original Message
Subject: Re: request timeout
From: JINMEI Tatuya / 神明達哉 jinmei_tat...@isc.org
Date: Wed, April 29, 2009 5:26 pm
To: Jeff Pang hostmas...@duxieweb.com
Cc: bind-users@lists.isc.org
At Tue, 28 Apr 2009 00:42:29 -0700,
Jeff Pang hostmas...@duxieweb.com
Original Message
Subject: Re: about resolving on a child zone
From: Chris Buxton cbux...@menandmice.com
Date: Mon, April 13, 2009 10:31 am
To: Tech W. tech...@yahoo.com.cn
Cc: bind-users@lists.isc.org
In this case, the answer is that your main zone (example.com) will
Original Message
Subject: Re: slave for views
From: Barry Margolin bar...@alum.mit.edu
Date: Sat, April 11, 2009 2:08 pm
To: comp-protocols-dns-b...@isc.org
In article grq70j$24c...@sf1.isc.org,
Jeff Pang hostmas...@duxieweb.com wrote:
what's the correct way
I have a bind server with common installtion (not with DLZ etc).
CPU for this server box is 2.0G (one core), memory is 1G DDR2, OS is
Linux, named version is 9.6.0-P1.
How many requests per second can bind handle under this hardware
environment?
(or please tell me how to calculate request
Original Message
Subject: Re: C/C++ version Load balancer DNS
From: Chris Buxton cbux...@menandmice.com
Date: Fri, April 03, 2009 4:11 pm
To: Bind Users Mailing List bind-users@lists.isc.org
Either way, if it were me, I would start my search at the F5 website.
Original Message
Subject: How to Create a MX record for a subdomain.
From: tzqian gelenbert...@gmail.com
Date: Wed, April 01, 2009 2:10 am
To: bind-users@lists.isc.org
I would like to add a MX record for subdomain.
Such as :
smtpMX
22 matches
Mail list logo