Re: BIND 9.4.3-P2 assertion failure

> Date: Fri, 1 Apr 2011 08:56:14 +0200 > From: Matus UHLAR - fantomas > Sender: bind-users-bounces+oberman=es@lists.isc.org > > On 29.03.11 10:32, Oleksii Krykun wrote: > > I used BIND 9.4.3-P2 on FreeBSD 7.2-RELEASE (which is built-in) about two > > years without problems. > > > > Since las

Re: [RI-DISCUSS] Is it possible to block or modify DNS' resolution of a malware address?

Came up with this as a simple straight-forward quick answer http://www.malwaredomains.com/bhdns.html My thanks to everyone who responded so quickly! Our phishing email looked like this You have exceeded the storage capacity of your designated mail box and is thus required to revalidate immediat

RE: Is it possible to block resolution of a malware address?

We typically override malware-ish domains's by creating a zone on our caching servers for them and create a wildcard similar to: * IN A 127.0.0.1 That way, when clients try to resolve xyz.com, our caching/resolvers return 127.0.0.1, not the real IP address. Josh -Original M

Re: Is it possible to block resolution of a malware address?

> That is, if we know that a symbolic address is malign, is there some way > to > refuse to resolve it or change its resolution when an internal users asks > for > its resolution? Two different ways of doing this: - configure your BIND to believe it's authoritative for the address(es) in question

Is it possible to block resolution of a malware address?

That is, if we know that a symbolic address is malign, is there some way to refuse to resolve it or change its resolution when an internal users asks for its resolution? All my Google searching turns up DNSBLs and blocking incoming mail from BLed addresses, but this is another matter... Than

Re: Zone File IP address/Hostname

I think it's something with one of the zone files, here is what I get nslookup rac-scan Server: xxx.xxx.xxx.xxx Address:xxx.xxx.xxx.xxx#53 Name: rac-scan.rac.local Address: xxx.xxx.xxx.xxx Name: rac-scan.rac.local Address: xxx.xxx.xxx.xxx Name: rac-scan.rac.local Address

Re: RRSIG Expired

On Fri, Apr 01, 2011 at 05:24:57PM +0800, Paul Ooi Cong Jen wrote a message of 266 lines which said: > This file came with default bind installation There is a zone file of in-addr.arpa with BIND? I strongly doubt it. Anyway, check your named.conf: you must not declare in-addr.arpa in a zone

RRSIG Expired

Hi All, First of all apologize using existing email created new question On 29-Mar-2011, at 3:49 PM, Stephane Bortzmeyer wrote: > [Stealing email threads is a bad idea: > ] > > On Tue, Mar 29, 2011 at 03:25:29PM +0800, > Paul Ooi Co

Re: children whose zones do not reflect the delegation from the parent

On 30.03.11 09:13, Lightner, Jeff wrote: > I'm wondering if the issue isn't because you've not told your ISP what > your name servers are. You have to do that for reverse delegations to > get to your servers. (This is in addition to telling your Registrar.) the ISP should provide 33.50.in-addr

Re: TTLs and Timeout Question

> On Tue, 29 Mar 2011 10:52:49 -0700, Kevin Oberman wrote > > The relevant field in the SOA is the "expire' field. If the server > > has either transferred the zone from the master server or confirmed (via > > serial #) that the current data is still current. If the data is > > expired, the slave

Re: dns RR method is not equal balanced?

On 29.03.11 17:36, Kay wrote: > I use bind 8.4.7-REL on RHEL 4.4 OS and have thousands of domains. > > In my case ; > some domain has 12 IPs but traffic of the server is not equal. > The traffic of 11 IPs is same and just 1 IP is higher than others. some time ago I noticed that some resolvers tend

Re: BIND 9.4.3-P2 assertion failure

On 29.03.11 10:32, Oleksii Krykun wrote: > I used BIND 9.4.3-P2 on FreeBSD 7.2-RELEASE (which is built-in) about two > years without problems. > > Since last Friday sometimes I see error messages like following: > > Mar 28 16:44:06 gate2 named[60455]: > /usr/src/lib/bind/isc/../../../contrib/bin