Hello,
Are you letting your internal caching name server forward to an external
one ?
This is *dangerous* - cache poisoning attacks in this setup have
a higher chance of success than the scenario shown by Dan Kaminsky !
(the "window of opportunity" for success is *seconds*,
rather than "fract
In message
, rams writes:
> Hi,
> When I queried a domain with type DNSKEY, I am getting only ANSWER section
> and not returned Authority section. Is it expected?
Yes.
> It would be helpful if you give the RFC number for reference .
Adding NS records to a answer is optional they are only requi
> Ok. The retransfer code needs to look at the unsigned zone rather than the
> signed one which should fix the not found issue. The following should fix
> the issue. It compiles but otherwise has not been tested.
Thanks, I will try it and get back to you with the result.
> As to soa refresh
Index: bin/named/server.c
===
RCS file: /proj/cvs/prod/bind9/bin/named/server.c,v
retrieving revision 1.638.4.3
diff -u -r1.638.4.3 server.c
--- bin/named/server.c 7 Feb 2012 00:58:40 - 1.638.4.3
+++ bin/named/server.c 21
Ok. The retransfer code needs to look at the unsigned zone rather
than the signed one which should fix the not found issue. The
following should fix the issue. It compiles but otherwise has not
been tested.
As to soa refresh queries they are not immediate for slave zones
for which we have a ba
On Feb 21, 2012, at 9:51 AM, Marseglia, Michael wrote:
> Hello,
>
> I’m looking for advice on an issue. I have a publicly registered domain
> which we also use internally. I have bind configured as a caching DNS
> server. Bind is configured to use four other Windows DNS servers as
> forw
The domain, myDomain.org, is registered publicly on the Internet but we also
use it privately. The DNS records we publish to the Internet are entirely
different than our internal DNS and reside on separate servers. I am not
performing 'split horizon'. I don't allow the Internet to query my in
> I'm looking for advice on an issue. I have a publicly registered domain
> which we also use internally. I have bind configured as a caching DNS
> server. Bind is configured to use four other Windows DNS servers as
> forwarders for the domain. Bind should be using the root servers for
> an
Hello,
I'm looking for advice on an issue. I have a publicly registered domain
which we also use internally. I have bind configured as a caching DNS server.
Bind is configured to use four other Windows DNS servers as forwarders for the
domain. Bind should be using the root servers for any
The configuration below is for a bind 9.9.0rc3 server named nsb0s providing
inline signing service for a hidden master nsb0 and slaves nsb1 and nsb2. The
latter three are running bind10-devel-20120119. Nsb1 and nsb2 are also known as
ns1.jaspain.net and ns2.jaspain.net.
In an effort to test the
10 matches
Mail list logo
