RE: DNS-Format-Eroor

Thanks all. No this IP 212.76.76.18 doesn’t belongs to us and even not in a trusted list of our DNS. After looking at my logs I noticed this IP asked for this domain mumbai-m.site to which our name server denied as shown in the below logs. Whereas our NCSA claiming that massive

Re: DNSSEC validation without current time

On 2017-12-18 06:44, Timothe Litt wrote: On 18-Dec-17 01:07, Dave Warren wrote: On 2017-12-15 06:23, Petr Menšík wrote: Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a): Hi there, On Fri, 15 Dec 2017, Petr Men??k wrote: ... current time is not available or can be inaccurate.

Re: Daisy chaining slaves

Mark Andrews wrote: > The expiry inflation can be removed if you use a servers that support > the EDNS EXPIRE option. Ooh, I forgot about that, thanks for the reminder! (It's reassuring too, because it means my secondaries should never serve expired RRSIGs despite my chained

Re: Max slaves limit?

On 12/18/2017 12:24 PM, Bob McDonald wrote: I've seen cases where folks have added all of the Domain Controller addresses for an AD forest to the NS list for a domain. I believe that DCs do this by themselves if they are using MS-DNS. (I think the netlogon service does a dynamic DNS update

Re: Daisy chaining slaves

The expiry inflation can be removed if you use a servers that support the EDNS EXPIRE option. -- Mark Andrews > On 18 Dec 2017, at 23:03, Tony Finch wrote: > > vijay bommareddy wrote: >> >> I generally do multiple slaves to a set of masters. But I'm just

Re: Max slaves limit?

Bob McDonald wrote: > I've seen cases where folks have added all of the Domain Controller > addresses for an AD forest to the NS list for a domain. This results in > huge TCP response packets for ALL requests to that domain. You can safely reduce the size of answers using

Re: Max slaves limit?

Barry has a good point. I've seen cases where folks have added all of the Domain Controller addresses for an AD forest to the NS list for a domain. This results in huge TCP response packets for ALL requests to that domain. Folks don't seem to get the concept of stealth slaves and the associated

Re: DNSSEC validation without current time

On 18/12/2017 14:44, Timothe Litt wrote: > > On 18-Dec-17 01:07, Dave Warren wrote: >> On 2017-12-15 06:23, Petr Menšík wrote: >>> >>> Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a): Hi there, On Fri, 15 Dec 2017, Petr Men??k wrote: > ... current time is not

Re: DNS-Format-Eroor

Hi Don't forget that any traffic may be spam, also the reject messages if they are directed towards the victim. I think this is how it works here: a large number of hosts send requests to your server for some domain. All these requests have a fake sender: IP 212.76.76.18, this means that all

Re: Max slaves limit?

In article , "Barry S. Finkel" wrote: > On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy > wrote: > > Hello folks, > > > > I'm trying to find more information on the practical limitations of adding

Re: Max slaves limit?

That is a valid consideration but being a slave doesn't always mean being in the NS records. On Dec 18, 2017 9:47 AM, "Barry S. Finkel" wrote: > On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy > wrote: > >> Hello folks, >> >> I'm trying to find more

Re: Max slaves limit?

On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy wrote: Hello folks, I'm trying to find more information on the practical limitations of adding more slaves. Can someone tell me, how many number of slaves does BIND technically support? Is there a maximum limit per

RE: DNS-Format-Eroor

Thank you for the detail explanation really appreciated . We have asked by our National cyber Security Center to investigate on this, as they have detected massive malicious requests from our DNS servers which are ( 212.119.64.2 and 212.119.64.3). Malicious domain is

Re: Re: DNSSEC validation without current time

On 18-Dec-17 01:07, Dave Warren wrote: > On 2017-12-15 06:23, Petr Menšík wrote: >> >> Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a): >>> Hi there, >>> >>> On Fri, 15 Dec 2017, Petr Men??k wrote: >>> ... current time is not available or can be inaccurate. >>> >>> ntpdate? >>>

Re: Daisy chaining slaves

vijay bommareddy wrote: > > I generally do multiple slaves to a set of masters. But I'm just wondering > if daisy chaining slaves i.e slave to a slave to a slave to a master, a > good practice in general? What are the pros and cons of it? In my setup there are a couple of

Re: Max slaves limit?

Barry Margolin wrote: > vijay bommareddy wrote: > > > > Can someone tell me, how many number of slaves does BIND technically > > support? Is there a maximum limit per master server? > > Why would there be any limit? The master doesn't need to keep track

Re: DNS-Format-Eroor

$ dig mumbai-m.site ns ; <<>> DiG 9.11.1-P3 <<>> mumbai-m.site ns ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;mumbai-m.site.            IN    NS ;; ANSWER SECTION: MUMBAI-M.site.        3380    IN    NS    win-1ikkrphg9jj. I seemed to have cached

Re: DNS-Format-Eroor

Am 18.12.2017 um 10:16 schrieb Mohammed Ejaz: Hello, I have several entries as below  in my  name server logs. Would any one please assist me to knowing the exact reason of this, Also this IP 46.105.221.247 not in my trusted list. no, but it's the auth-nameserver of that domain operatd

DNS-Format-Eroor

Hello, I have several entries as below in my name server logs. Would any one please assist me to knowing the exact reason of this, Also this IP 46.105.221.247 not in my trusted list. Dec 17 05:35:39 ns20 named[1530]: DNS format error from 46.105.221.247#53 resolv