Re: How can I launch a private Internet DNS server?

2020-10-21 Thread Reindl Harald 




Am 16.10.20 um 11:34 schrieb Michael De Roover:

Interesting article, thanks for sharing this! I'm slightly confused
about some things in it though. Does this mean that any traffic will be
put on the connection tracker and be treated as stateful unless we use
CT --notrack, or can the kernel make a heuristic based on what's in the
iptables rule (i.e. if it only covers a port or a network range, it
must be stateless)


conntrack is *always* part of the game unless you set "notrck" in the 
raw-table which is the only stateless one


raw -> mangle -> filter

at the point conntrack steps in the filter-table with your normal rules 
is not part of the game at all


https://stuffphilwrites.com/wp-content/uploads/2014/09/FW-IDS-iptables-Flowchart-v2019-04-30-1.png
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging on a Bind server

2020-10-21 Thread Borja Marcos 



> On 20 Oct 2020, at 18:02, Chuck Aurora  wrote:
> 
> On 2020-10-20 10:34, Borja Marcos wrote:
>>> On 20 Oct 2020, at 17:28, Rick Dicaire  wrote:
>>> On Tue, Oct 20, 2020 at 10:17 AM  wrote:
>>> Dear BIND-Users,
>>> Does someone has an idea, which log I have to activate.
> 
> While everything Borja says below, and what Kevin said in the other
> subthread, is absolutely true, in this case I am not sure these are
> the best answers. :)
> 
> I would suggest to the OP that you go to your software vendor and ask
> exactly why you should be concerned about queries going to that
> particular server.  Demand detailed information, which should be a
> reasonable thing, given what your company is paying them.

Of course :) Anyway, gaining the capability of tracing a DNS query so that you
know which clients started it can be extremely valuable.




Borja.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users