};
};
My apologies for not double-checking earlier, but I think this should be
everything.
--
Met vriendelijke groet / Best regards,
Michael De Roover
signature.asc
Description: This is a digitally signed message part.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
ssue I've been facing with this so far,
is that AXFR
to secondary and tertiary name servers has some issues, and at least Windows 10
Home
will query those when the primary name server does not give a satisfactory
answer.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit htt
On Thu, 2022-12-22 at 05:19 +, Michael De Roover wrote:
> Hello,
>
> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I
>
Hello,
I have been running BIND 9 on my external and internal networks for a
few years now -- as such I have a basic understanding of the most
common RR types and activities such as zone transfers. However, I have
been seeing something that's been baffling me for quite a while now.
Somehow there
algorithm and usage (ZSK or KSK)
[1] https://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
Thanks again for your time to read this email, and for your insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lists.isc.org/mailma
r time to read this, and thanks in advance for
any insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact
For my servers I'm using iptables rules to achieve ratelimiting. They
look as follows:
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --
update --seconds 600 --hitcount 4 --name DEFAULT --mask 255.255.255.255
--rsource -j DROP
-A INPUT -p tcp -m tcp --dport 25 -m state --state
rg/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bin
otocol has no
> means to distinguish among different types of NS host. (Yes, there
> is
> the SOA MNAME, but that is not used by resolvers.) One NS is as good
> as any other NS.
These (SOA and behavior for resolvers) probably describe where I got
confused, thanks for the explanation
hing like that).
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/
ely right; I wrote this Linux-centric article about it:
>
> https://kb.isc.org/docs/aa-01183
>
> It has not been updated to cover nftables.
>
> Note also that this is a good reason NOT to use the NAT that
> other posters have encourage
ally UDP based, and every new query is going
> to create state. Read up on state table exhaustion.
>
> Steinar Haug, Nethelp consulting, sth...@nethelp.no
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to u
irewalls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix box
ne server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover
___
Please
e development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover
___
e signed by
putting a green square around it (useful for signed emails from e.g.
security mailing lists), and so on. Definitely recommended!
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from t
_Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
into it.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https
20 2:39 PM, Fred Morris wrote:
Perhaps slightly OT, but here's a company which has a whole business
model based on one nonobvious (?) reason to compile from source:
https://polyverse.com/
--
Fred Morris
--
Met vriendelijke groet / Best regards,
Michael
rce (be it
upstream or their downstream version) easy, either to compare or to
actually put it to use, all the better.
(My preferred term for for crashing and burning servers would probably
not be suitable for this list)
--
Met vriendelijke groet / Best regard
compilation servers can do exactly that, and a million times better?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the developm
extremely confusing.
On 7/20/20 9:05 PM, Ted Mittelstaedt wrote:
On 7/20/2020 11:23 AM, Michael De Roover wrote:
If that is true, I hereby lost all faith in humanity.. well whatever
faith I had left. This has been going on for like half a decade now.
Nobody ever went broke catering to the human
gs to be annoyed over ..
I am still ticked that FreeBSD dropped BIND from the distribution for something
called unwinding or whatever it is.
John
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/list
from amplification attack so is there
any method in bind to stop DNS Amplification attack.
I am thinking to stop or drop ANY type queries from our DNS Recursive
resolver , so please tell me how can we drop or stop ANY type queries
from bind.
--
Met vriendelijke groet / Best regards,
Michael De
not match at least one of your A records?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with pa
PTR and that the name maps back to the IP the dns system couldn't
care less
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds
if needed,
saves traffic either way I suppose.
Thanks a lot for the detailed reply, I really appreciate it :)
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
re likely my
search terms aren't right), so yeah... I wonder why the idea of
recursion became associated with a vulnerable server in the first place.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/m
ptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit h
bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Met vriend
ve too, and it's
nicely terse.
https://www.thesaurus.com/browse/master?s=t
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the developm
not the people I
want to support in my effort to end racism, which I /do/ support, and
quite heavily so.
On 6/15/20 8:00 PM, DeCaro, James John (Jim) CIV DISA FE (USA) wrote:
Or you can call the slave servers 'secondary' servers.
--
Met vriendelijke groet / Best rega
s,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more i
[*] for small issues like this. They (and other wealthy companies)
should be paying money only for original security research and not this
nonsense.
* $100 is a helluva money in some economies...
Ondrej
--
Ondřej Surý
ond...@isc.org
--
Met vriendelijke groet / Best regards,
Michael De Roover
my ISP allows 25 in- and outbound first,
that could work.
On 5/2/20 6:25 PM, Brett Delmage wrote:
On Sat, 2 May 2020, Michael De Roover wrote:
Even if your ISP allows it, chances are that other mail servers will
reject it
Nope, not always.
My residential-class static IP mail server has never
1:58 +0200
Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michael De Roover:
In my experience and from what I've heard, very few.
if that would be true how comes that most mail clients still default to
25 for submission and years after closing port 25 on our mailserver i
still struggle with
get
away with not running a mail server, don't run one. They suck so much.
But if you do, a home IP is not where you'll want to start regardless.
Get a VPS if anything.
On 5/2/20 3:51 PM, Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michael De Roover:
In my experience and from what I've heard
port 25.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
to be hardcoded in every web browser that supports
it. It doesn't scale up at all. At that point we might as well go back
to hosts files.
On 5/2/20 9:28 AM, Reindl Harald wrote:
Am 02.05.20 um 09:00 schrieb Michael De Roover:
That's actually my biggest concern with DoH, ISP blocking. It doesn't
seem
and rainbows in DoH-land, of course. Use of cookies
is “discouraged” but not prevented, most obviously.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
PM, Tony Finch wrote:
Michael De Roover wrote:
On that subject, how about DoT?
DoT is easier since you only need a raw TLS reverse proxy, and there are
lots of those, for example, nginx:
http://dotat.at/cgi/git/doh101.git/blob/HEAD:/roles/doh101/files/nginx.conf#l48
Note that if you enable DoT
implementation in named by the end of
this year.
In the meantime, there are DoH proxies that can run BIND as the back-end.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
42 matches
Mail list logo