On 01. 08. 22 18:15, John W. Blue via bind-users wrote:
As some enterprise networks begin to engineer towards the concepts of
ZeroTrust, one item caught me unaware: PM’s asking for the DNSSEC
signing of an internal zone.
Granted, it has long been considered unwise by DNS pro’s with a
Hi Ondřej,
Sorry to bother you one more time regarding the same topic.
I have looked through your shared logs one more time. This is what you have
shared
YOUR LAB RESULTS ARE:
BIND 9.16.32 / BIND 9.18.6 / BIND 9.19.4
RSS:30454872 / RSS:29451056 / RSS:29066580
OUR LAB RESULTS ARE:
BIND 9.16.21
Le 04/08/2022 à 17:48, Dmitri Pavlov a écrit
Therefore, a very small request. Would it be possible on your side to run the same
experiment as with (BIND 9.16.32 / BIND 9.18.6 / BIND 9.19.4) one more time but
with BIND 9.16.21 (or any other version in 9.16.x <25 range )?
Why not the opposite
On 02/08/2022 22:04, Saleck wrote:
Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):
Recently I have been having problems with my server not responding to my
requests. I thought it was all sorts of issues, but I finally looked at
the logs and:
Aug 2 15:47:19 onlo
On Wed, 3 Aug 2022 15:10:39 -0400
Timothe Litt wrote:
> Hmm. Your resolv.conf says that it's written by NetworkManager.
>
> What I suggested should have stopped it from updating resolv.conf.
>
> See
>
What Emmanuel said…
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 4. 8. 2022, at 19:15, Emmanuel Fusté wrote:
>
> Le 04/08/2022 à 17:48, Dmitri Pavlov a écrit
>>
Just my opinion.
Don't rate limit tcp. The RRL feature in Bind only rate limits UDP.
UDP is connection-less and the source address can be forged, generating
DDOS traffic to a 3rd party.
Proper DNS software will fall back to TCP. Because TCP is connection
based, much harder to forge
7 matches
Mail list logo
