On 7/26/2010 9:50 AM, Merton Campbell Crockett wrote:
>
> On Jul 25, 2010, at 3:34 PM, Kevin Oberman wrote:
>>
>> And, as tests start to include DNSSEC (and EDNS0) tests, the vendors will
>> likely adjust defaults. Tests for DNSSEC are already appearing on
>> federal systems (not a trivial part of
On Jul 26, 2010, at 12:36 AM, Warren Kumari wrote:
>
> On Jul 26, 2010, at 12:34 AM, Kevin Oberman wrote:
>
>>> From: Warren Kumari
>>> Date: Sun, 25 Jul 2010 11:22:46 +0200
>>> Sender: bind-users-bounces+oberman=es@lists.isc.org
>>>
>>>
>>> On Jul 25, 2010, at 4:33 AM, Danny Mayer wrote
On Jul 25, 2010, at 3:34 PM, Kevin Oberman wrote:
>> From: Warren Kumari
>> Date: Sun, 25 Jul 2010 11:22:46 +0200
>> Sender: bind-users-bounces+oberman=es@lists.isc.org
>>
>>
>> On Jul 25, 2010, at 4:33 AM, Danny Mayer wrote:
>>
>>> On 7/24/2010 5:10 AM, Warren Kumari wrote:
On
On Jul 26, 2010, at 12:34 AM, Kevin Oberman wrote:
>> From: Warren Kumari
>> Date: Sun, 25 Jul 2010 11:22:46 +0200
>> Sender: bind-users-bounces+oberman=es@lists.isc.org
>>
>>
>> On Jul 25, 2010, at 4:33 AM, Danny Mayer wrote:
>>
>>> On 7/24/2010 5:10 AM, Warren Kumari wrote:
O
Michael,
Do you have a standard template that you use for your Cisco firewall
devices?
Or are you just disabling the fixup protocol's?
Jerry
On 07/24/10 15:16, Michael Sinatra wrote:
That's true, but it doesn't quite explain why the "DNS Inspection
Policy," turned on by default on the PI
> From: Warren Kumari
> Date: Sun, 25 Jul 2010 11:22:46 +0200
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
>
> On Jul 25, 2010, at 4:33 AM, Danny Mayer wrote:
>
> > On 7/24/2010 5:10 AM, Warren Kumari wrote:
> >>
> >> On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
> >>
> >>> O
On Jul 25, 2010, at 4:33 AM, Danny Mayer wrote:
> On 7/24/2010 5:10 AM, Warren Kumari wrote:
>>
>> On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
>>
>>> On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
Thanks for the confirmation that the problem was related to DNSSEC.
I
On 7/24/2010 5:10 AM, Warren Kumari wrote:
>
> On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
>
>> On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
>>> Thanks for the confirmation that the problem was related to DNSSEC.
>>>
>>> I didn't see your message until I got home from work; however,
On Sat, 24 Jul 2010, Warren Kumari wrote:
On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
Thanks for the confirmation that the problem was related to DNSSEC.
I didn't see your message until I got home from work; however, I did
find the
On Sat, 24 Jul 2010, Warren Kumari wrote:
> On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
> >
> > Why would any inspection policy not allow fragmented UDP packets?
> > There's nothing wrong with that.
>
> Because it's "hard" The issue is that then you need to buffer
> fragments until you get
On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
> On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
>> Thanks for the confirmation that the problem was related to DNSSEC.
>>
>> I didn't see your message until I got home from work; however, I did
>> find the root of the problem late this aft
On 07/23/10 05:37, Danny Mayer wrote:
On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
Thanks for the confirmation that the problem was related to DNSSEC.
I didn't see your message until I got home from work; however, I did
find the root of the problem late this afternoon. At each of our
On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
> Thanks for the confirmation that the problem was related to DNSSEC.
>
> I didn't see your message until I got home from work; however, I did
> find the root of the problem late this afternoon. At each of our
> Internet egress and ingress po
Thanks for the confirmation that the problem was related to DNSSEC.
I didn't see your message until I got home from work; however, I did find the
root of the problem late this afternoon. At each of our Internet egress and
ingress points, we have Cisco ASA devices sitting in front of a pair of
Does anyone know if there have been problems with the USADOTGOV.NET root name
servers today?
We've had people complaining about resolving RADAR.WEATHER.GOV and several
systems in the NOAA.GOV domain. If you query for the NS resource records, you
only receive the ANSWER section. The ADDITIONAL
15 matches
Mail list logo