Re: Compromised BIND?
On Tue, May 31, 2011 at 05:59:08PM -0400, Warren Kumari war...@kumari.net wrote a message of 52 lines which said: Does anyone else find the bind-users list to be very slow? Same problem for me. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Racing -Multi ISP load balancing with failover using DNS.
On 31/05/11 09:28, Matus UHLAR - fantomas wrote: This problem could be avoided by providing the same data, but differently sorted, correct? On 31.05.11 12:27, Phil Mayers wrote: Not really. Client side sorting may take place (e.g. to comply with RFC 3484 policies in calls to getaddrinfo) and destroy any server-side sorting. by this problem I mean the DNSSEC. Providing all the data just differently sorted would cause them to be DNSSEC compliant, wouldn't it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[OT] Re: Compromised BIND?
Zitat von Stephane Bortzmeyer bortzme...@nic.fr: On Tue, May 31, 2011 at 05:59:08PM -0400, Warren Kumari war...@kumari.net wrote a message of 52 lines which said: Does anyone else find the bind-users list to be very slow? Same problem for me. No wonder the list is slow if everyone send a confirmation that it is slow ;-) I suspect that ISC is working on it and after all it is only a imbalance in the store-and-forward principle of e-mail. Regards Andreas ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Slow list [was: Re: Compromised BIND?]
Does anyone else find the bind-users list to be very slow? Yes, very. [Pressing 's'end at 09:54 CET] -JP ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Racing -Multi ISP load balancing with failover using DNS.
On 5/31/2011 7:39 AM, Mark Andrews wrote: It is still a bad idea. Fixing the clients so they work well with multi-homed servers not only works today with mostly IPv4 servers but also works well with dual stack server and IPv6 only servers. You don't have to have artifially low TTLs on the DNS responses. You get sub-second failover on new connections. Easy there fellow We run with a 15m TTL and we get no complaints from customers. Sure I am sure someone somewhere does get an error but they are not enough for people to email us and call us... Prior to DNS racing we use to get that a lot of calls.. we had to do the fail over and balacing by telling them type in mail2.mailme.hk.com We do get more traffic on one ISP than the other as it has better peering, lower latency pipes, even though the circuit to them is slower on our side... Though I can tell when they are having problems as traffic volumes move to the other circuit automatically. If you really want to perform races then connect() races will reflect actual client topology not resolver topology. Yes the flaw has been pointed out, if the DNS resolvers are not on the same ISP/AS number the user will not be sent to the optimal path DNS Race doesn't work in a dual stack environment as it is dependent on the record type and transport matching. As for Chrome. It was a example of a application which does work well with multi-homed servers. Either someone sits down and re-write the archaic code in the resolver library client in kernels and builds most of the intelligence in bind OR all applications have to be re-written... Or you can use DNS Racing.. My idea is good as I can do the changes on my side for the people that are not running duals stacks etc, they will expierence the same problems as I need to polish up on bind and find out about the RR sorting. so that CHrome etc works better. Thank you all for your feed back and criticism Maren. Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Racing -Multi ISP load balancing with failover using DNS.
On 01/06/11 08:11, Matus UHLAR - fantomas wrote: On 31/05/11 09:28, Matus UHLAR - fantomas wrote: This problem could be avoided by providing the same data, but differently sorted, correct? On 31.05.11 12:27, Phil Mayers wrote: Not really. Client side sorting may take place (e.g. to comply with RFC 3484 policies in calls to getaddrinfo) and destroy any server-side sorting. by this problem I mean the DNSSEC. Providing all the data just differently sorted would cause them to be DNSSEC compliant, wouldn't it? Yes, but the client would then re-sort the data, so it wouldn't achieve the original purpose. Sorting the data server side gives you essentially no control over which record the client will pick if they are calling getaddrinfo, as is likely. As Mark has already pointed out, the approach is not intrinsically DNSSEC-hostile. It's perfectly legitimate to serve different data with different, valid, signatures. This is what happens with signature regen and key rollover. In this case, it would just be a permanent case of rollover - one KSK, one ZSK per dns server and different copies of the zone. I withhold judgement on whether it's a good approach in general. I suspect it's just GSLB-lite personally. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slow list [was: Re: Compromised BIND?]
On Wed, Jun 01, 2011 at 09:54:04AM +0200, Jan-Piet Mens wrote: Does anyone else find the bind-users list to be very slow? Yes, very. [Pressing 's'end at 09:54 CET] I think it's moderated. Sending at 11:16 UTC. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users