On 05/02/13 15:16, funky monkey wrote:
But to get back to what I'm often asked for, more as a tactical
solution, is there any way of being able to subvert specific DNS names
with alternate responses, whilst leaving the rest of the resolution to
be obtained in the normal way - I know that
Look for my answer below.
On Tue, Feb 5, 2013 at 5:16 PM, funky monkey wongsky.mon...@gmail.comwrote:
One of my responsibilities has been general DNS (across platform)
expertise in the organisation I currently work for. Over a fair amount of
time, one thing that's repeatedly cropped up, has
sorry, left the subject blank on my previous reply
From: Phil Mayers p.may...@imperial.ac.uk
To: bind-users@lists.isc.org,
Date: 05/02/2013 15:26
Subject: Re: Selective resolution in a corporate environment
On 05/02/13 15:16, funky monkey wrote:
But to get back to what I'm often asked
On 05/02/13 15:36, funky monkey wrote:
Could you sandwich that in a forwarding chain - say have a bind
9.compliant version in between your normal forwarders to internet, and
does it just look fo rthe entries you've specified as either alternate
data or does not exist, but otherwise, carries on
From: Phil Mayers p.may...@imperial.ac.uk
To: bind-users@lists.isc.org,
Date: 05/02/2013 15:44
Subject: Re: Selective resolution in a corporate environment
On 05/02/13 15:36, funky monkey wrote:
Could you sandwich that in a forwarding chain - say have a bind
9.compliant version
Subject: Re: Selective resolution in a corporate environment
From: wongsky.mon...@gmail.com
To: bind-users@lists.isc.org
From: Phil Mayers p.may...@imperial.ac.uk To: bind-users@lists.isc.org,
Date: 05/02/2013 15:44 Subject: Re: Selective resolution in a corporate
environment
On 05/02/13 15:36
From: Shawn Bakhtiar shashan...@hotmail.com
(about RPZ)
IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving compa=
nies the ability to selective lie about DNS without the end user knowing it=
. Unfortunately (and I have the heights and greatest respect for Paul) but =
IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving compa=
nies the ability to selective lie about DNS without the end user knowing it=
Unless DNSSEC is in use, in which case the end user can figure it out,
so RPZ doesn't bother lying.
(I've wished before that there were
From: Evan Hunt e...@isc.org
IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving compa=
nies the ability to selective lie about DNS without the end user knowing it=
Unless DNSSEC is in use, in which case the end user can figure it out,
so RPZ doesn't bother lying.
9 matches
Mail list logo