Hello,
Much attention has been given to DNSSEC - how it brings security - the
chain-of-trust - the root zone signed - activities of tld's to get
signed - ...
but we - I belong to an organisation in charge of a tld - should also pay
attention to the validating, client, side of DNSSEC.
What
Hello *,
does someone know, how to get easily all CNAME records for a Host?
For example I have:
vserver09.tamay-dogan.net. 604800 IN A88.168.69.36
www.can4linux.org. 86400 IN CNAMEvserver09.tamay-dogan.net.
www.fexray4linux.org.86400 IN CNAME
On 09.11.10 14:01, Michelle Konzack wrote:
does someone know, how to get easily all CNAME records for a Host?
For example I have:
vserver09.tamay-dogan.net. 604800 IN A88.168.69.36
www.can4linux.org. 86400 IN CNAMEvserver09.tamay-dogan.net.
www.fexray4linux.org.
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
I am not sure whether dnswalk over whole internet can do that, but on your
I will try it...
server you can either run recursive grep over named data directory, or dump
the named dsatabase and grep it...
This is not good idea to use statefull firewall on heavy loaded DNS
server. firewall becomes low place in the system.
As workaround you can use dns_flood_detector + simple script to insert
and remove IP's from firewall blocking table or chain.
27.10.2010 23:26, Sebastian Tymków пишет:
In
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
I am not sure whether dnswalk over whole internet can do that,
dnswalk is already starting wierd behaviour:
[ command 'dnswalk vserver09.tamay-dogan.net.' ]
Checking
In message 006001cb7ffe$7a6f5b10$6f4e11...@eurid.eu, Marc Lampo writes:
Hello,
Much attention has been given to DNSSEC - how it brings security - the
chain-of-trust - the root zone signed - activities of tld's to get
signed - ...
but we - I belong to an organisation in charge of a tld
Am Tue, 9 Nov 2010 15:14:04 +0100
schrieb Michelle Konzack linux4miche...@tamay-dogan.net:
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
I am not sure whether dnswalk over whole internet can do that, but
on your
I will try it...
server you
On Sunday 07 November 2010 20:02, Michelle Konzack wrote:
I have (since several years) collected some domain names which do not
exist (since years) and registered it in the last 4 month for the
internal use of my Internet Service.
If these domains are for internal use only, why
On 09/11/2010 14:14, Michelle Konzack wrote:
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
I am not sure whether dnswalk over whole internet can do that, but on your
I will try it...
server you can either run recursive grep over named data directory,
Hey guys,
I have a zone that I update remotely via nsupdate. When I update the
zone and query it internal (view) I get the correct answer but when I do
a query from outside I still get the old A record.
So the same nameserver gives different answers.
dig my.zone.tld A +short @ns.zone.tld.
I
Hi
If you have control over all zones, you could also pre-store the results of
your search in DNS :)
For all CNAME records, make e.g. a TXT record with the reverse result :
(TXT is maybe not the better record type...which ones (for specialists))
For each :
a-name IN A 1.2.3.4
an-alias IN CNAME
On 11/09/2010 10:11 PM, Christian Ruppert wrote:
Hey guys,
I have a zone that I update remotely via nsupdate. When I update the
zone and query it internal (view) I get the correct answer but when I do
a query from outside I still get the old A record.
So the same nameserver gives different
On 11/ 9/10 01:25 PM, Christian Ruppert wrote:
On 11/09/2010 10:11 PM, Christian Ruppert wrote:
Hey guys,
I have a zone that I update remotely via nsupdate. When I update the
zone and query it internal (view) I get the correct answer but when I do
a query from outside I still get the old A
PTR RRs benefit from label compression, whereas TXT records do not.
Therefore I prefer PTR records for any such metadata references within
DNS. There's no chance they'll be mistaken for, or conflict with reverse
DNS records if they're not in the in-addr.arpa branch of the namespace.
Date: Tue, 09 Nov 2010 13:34:41 -0800
From: Eric Ham eric...@usc.edu
Sender: bind-users-bounces+oberman=es@lists.isc.org
On 11/ 9/10 01:25 PM, Christian Ruppert wrote:
On 11/09/2010 10:11 PM, Christian Ruppert wrote:
Hey guys,
I have a zone that I update remotely via nsupdate.
Hello Torsten,
Am 2010-11-09 15:46:05, hacktest Du folgendes herunter:
Maybe it's easier to get a dump with rndc dumpdb -zones and then run
the grep on the dump file.
Ehm, but AFAIK the dumpfiles are the same as the orginal zone files in
/etc/bind or do I something missing?
Thanks,
Hello Robert Spangler,
Am 2010-11-09 10:34:52, hacktest Du folgendes herunter:
If these domains are for internal use only, why did you list the DNS servers
for them? You are aware that you can register a domain without listing a DNS
Server?
Because my own customers (exclusively) must
Hello philippe.simo...@swisscom.com,
Am 2010-11-09 22:16:08, hacktest Du folgendes herunter:
For all CNAME records, make e.g. a TXT record with the reverse result :
(TXT is maybe not the better record type...which ones (for specialists))
For each :
a-name IN A 1.2.3.4
an-alias IN CNAME
In message 20101110005445.go5...@michelle1, Michelle Konzack writes:
Hello philippe.simo...@swisscom.com,
Am 2010-11-09 22:16:08, hacktest Du folgendes herunter:
For all CNAME records, make e.g. a TXT record with the reverse result :
(TXT is maybe not the better record type...which ones
On Wed, Nov 10, 2010 at 01:47:44AM +0100,
Michelle Konzack linux4miche...@tamay-dogan.net wrote
a message of 115 lines which said:
Even my simple squirrelmal login page from webmail.tamay-dogan.net
is spidered daily with more then 800 hits and I have already counted
more then 80 different
Michelle Konzack wrote:
Hello Robert Spangler,
Am 2010-11-09 10:34:52, hacktest Du folgendes herunter:
If these domains are for internal use only, why did you list the DNS servers
for them? You are aware that you can register a domain without listing a
DNS
Server?
Because my
rndc status
version: 9.6.2-P1
zone abc.xyz.com
{
type slave;
file 596251.db;
masters { 10.10.10.1; };
allow-notify { 10.10.10.2; };
};
==
When a NOTIFY is received from 10.10.10.2, does BIND query
abc.xyz.com's SOA against 10.10.10.1 or 10.10.10.2? Is there a
difference in behavior
Casey Deccio casey at deccio.net writes:
Reproducing these errors and analyzing the debug-level log messages
would be helpful since everything looks consistent from a DNSSEC
perspective, as far as I can see.
Well, I have attempted this. I reproduced my existing bind configuration and
added
On Tue, Nov 9, 2010 at 8:10 PM, Brian J. Murrell br...@interlinx.bc.ca wrote:
The only written to that file when one of those broken chain lookups happen
is:
dnssec: validating @0x2295e9b0: 41.70.55.206.sa-trusted.bondedsender.org TXT:
starting
dnssec: validating @0x2295e9b0:
Am Wed, 10 Nov 2010 01:49:08 +0100
schrieb Michelle Konzack linux4miche...@tamay-dogan.net:
Hello Torsten,
Am 2010-11-09 15:46:05, hacktest Du folgendes herunter:
Maybe it's easier to get a dump with rndc dumpdb -zones and then run
the grep on the dump file.
Ehm, but AFAIK the
26 matches
Mail list logo
