Hi Normal,
Norman Fournier nor...@normanfournier.com writes:
ns2:~ norman$ apachectl -t
Syntax OK
ns2:~ norman$ apachectl restart
launchctl: CFURLWriteDataAndPropertiesToResource
(/System/Library/LaunchDaemons/org.apache.httpd.plist) failed: -10
ns2:~ norman$ apachectl start
launchctl:
Ronald F. Guilmette r...@tristatelogic.com wrote:
P.P.S. Yes, yes, I _am_ aware... as someone will surely point out...
that part (1) above contains the seed of potential abuse. A malicious
prankster could, in theory send spoofed packets of type (1) above to
lots and lots of DNS servers
In message 20130614050625.850cf35e5...@drugs.dv.isc.org,
Mark Andrews ma...@isc.org wrote:
In message 15120.1371179...@server1.tristatelogic.com, Ronald F. Guilmette
writes:
* Large numbers of ISPs claim they implement BCP 38.
I claimed that I was Charlie Chaplin once. Unfortunately,
OK. I just want to be clear here, and make sure that I have properly
understood what you have said. Would it be correct, then, to say that
at the present moment you are not actually able to produce, cite, or
describe, with any particularity or specificity, even one individual
specific incident
On 6/11/2013 7:12 PM, Gary Wallis wrote:
What really happens in the real world when 1 out of three
authoritative NSs are down for 30 minutes due to a datacenter outage?
For example, we have 3 NSs:
ns1.someisp.net 12.23.34.45
ns2.someisp.net 23.34.45.56
ns3.someisp.net 34.45.56.67
All in
We are running Bind 9.9.2 and would like to invoke the rate-limit option but
named says 'unknown option'.
Do we need to upgrade bind to get this option?
Using this syntax:
rate-limit { responses-per-second 5; window 5; };
Thanks
John Manson
US House of Representatives
You need to patch your 9.9.2 source code and recompile. Take a look at:
http://www.redbarn.org/dns/ratelimits
cheers,
~Carlos
On 6/14/13 11:27 AM, Manson, John wrote:
We are running Bind 9.9.2 and would like to invoke the rate-limit option
but named says ‘unknown option’.
Do we need to
On 14/06/13 15:27, Manson, John wrote:
We are running Bind 9.9.2 and would like to invoke the rate-limit option
but named says ‘unknown option’.
Do we need to upgrade bind to get this option?
You need to apply the patches here:
http://ss.vix.su/~vjs/rrlrpz.html
It's not built into bind
On Fri, Jun 14, 2013 at 02:27:50PM +,
Manson, John john.man...@mail.house.gov wrote
a message of 138 lines which said:
We are running Bind 9.9.2 and would like to invoke the rate-limit
option but named says 'unknown option'.
RRL (Response Rate Limiting) is an unofficial patch. You'll
In message 18216.1371209...@server1.tristatelogic.com, Ronald F. Guilmette
writes:
In message 20130614050625.850cf35e5...@drugs.dv.isc.org,
Mark Andrews ma...@isc.org wrote:
In message 15120.1371179...@server1.tristatelogic.com, Ronald F.
Guilmette
writes:
* Large numbers of ISPs
On Jun 14, 2013, at 6:28 AM, Ronald F. Guilmette r...@tristatelogic.com
wrote:
In message 201306140321.r5e3l7py017...@calcite.rhyolite.com,
Vernon Schryver v...@rhyolite.com wrote:
From: Ronald F. Guilmette r...@tristatelogic.com
} That is an interesting contention. Is there any
On Jun 14, 2013, at 10:37 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote:
On Fri, Jun 14, 2013 at 02:27:50PM +,
Manson, John john.man...@mail.house.gov wrote
a message of 138 lines which said:
We are running Bind 9.9.2 and would like to invoke the rate-limit
option but named says
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
It's not built into bind (yet).
Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
compile-time option (--enable-rrl).
(Our usual policy is not to add substantial new features in maintenance
releases like 9.9.4;
Or, I believe, you can pay for a BIND^w DNS-Co subscription and download
a version with the magic built in?
This is also true. DNSco subscribers get first bite at the apple with this
and several other features that will be in 9.10. (Primarily GeoIP support,
DSCP, and some enhancements to DLZ.)
On Fri, Jun 14, 2013 at 01:10:47PM -0300, Carlos M. Martinez wrote:
thanks for the heads up. Do you have a estimated time of release for
9.9.4 and 9.9.10 ?
Every time I make predictions about dates, events conspire to make
me wrong, but I'm *hoping* to have 9.9.4 out in early August.
--
Evan
tks !!
On 6/14/13 1:21 PM, Evan Hunt wrote:
On Fri, Jun 14, 2013 at 01:10:47PM -0300, Carlos M. Martinez wrote:
thanks for the heads up. Do you have a estimated time of release for
9.9.4 and 9.9.10 ?
Every time I make predictions about dates, events conspire to make
me wrong, but I'm
On Jun 14 2013, Evan Hunt wrote:
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
It's not built into bind (yet).
Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
compile-time option (--enable-rrl).
The latter is particularly good news in view of the ESV
Hello Norman,
Norman Fournier nor...@normanfournier.com writes:
I posted this to httpd.apache.org but have not had any response, so I
think it may be more related to BIND than DNS. Apologies for the
cross-post.
the information you give is not enough to debug the problem or even to
have a
On 06/14/2013 09:08 AM, Evan Hunt wrote:
(Our usual policy is not to add substantial new features in maintenance
releases like 9.9.4; making it a compile-time option that defaults to off
is our way of tiptoeing around the rule.)
Quite reasonable, and much appreciated. :)
In message 51baa714.9020...@dougbarton.us,
Doug Barton do...@dougbarton.us wrote:
It's obvious you're frustrated (understandable), and enthusiastic
(commendable), but you might want to consider dialing down your
rhetoric a bit.
Great idea! I have only one small question... Would you be
Ronald,
You started this thread a bit off topic, but now you've wandered pretty
far off into the rhetorical weeds. So I'm going to respond to you here
so that the archives have a little more utility, then I'm going to let
you have the last word.
On 06/14/2013 02:04 PM, Ronald F. Guilmette
From: Doug Barton do...@dougbarton.us
is that (like RRL) your proposal relies on people updating their
software.
RRL needs only authority and open recursive servers to be updated.
The vast majority of DNS installations are closed recursive and stubb
servers that do not need RRL. (A
On 06/14/2013 05:13 PM, Vernon Schryver wrote:
From: Doug Barton do...@dougbarton.us
is that (like RRL) your proposal relies on people updating their
software.
RRL needs only authority and open recursive servers to be updated.
The vast majority of DNS installations are closed
From: Doug Barton do...@dougbarton.us
RRL needs only authority and open recursive servers to be updated.
The vast majority of DNS installations are closed recursive and stubb
servers that do not need RRL. (A case could be made for RRL on a
minority of private recursive servers.)
In message 51bbb83a.7040...@dougbarton.us, Doug Barton writes:
Personally I've never understood why RRL wasn't already baked in. The
only way a legitimate client could send the same query over and over in
a short period of time (intentionally being vague on both terms) is that
it is
Thank you.
This is great news.
Jerry
On 06/14/13 11:08 AM, Evan Hunt wrote:
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
It's not built into bind (yet).
Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
compile-time option (--enable-rrl).
(Our usual
2013/6/14 Phil Mayers p.may...@imperial.ac.uk:
On 14/06/13 15:27, Manson, John wrote:
We are running Bind 9.9.2 and would like to invoke the rate-limit option
but named says ‘unknown option’.
Do we need to upgrade bind to get this option?
You need to apply the patches here:
27 matches
Mail list logo