Re: BIND listen backlog too small
On 16/10/2014 23:52, Shawn Zhou wrote: Thanks Mark. That's what I was looking for! On Thursday, October 16, 2014 3:36 PM, Mark Andrews ma...@isc.org wrote: 2fd63cf5 (Mark Andrews 2003-04-10 02:16:11 + 279) tcp-listen-queue integer; More info here too: https://kb.isc.org/article/AA-00726/30/Tuning-your-BIND-configuration-effectively-for-zone-transfers-particularly-with-many-frequently-updated-zones.html (And apologies - this wouldn't have turned up in searches before, but it should do in future). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Inline-signing feature request: Directly set the signed zone's serial number
On Oct 8 2014, Tony Finch wrote: Terry Burton t...@terryburton.co.uk wrote: This is especially useful in bootstrapping scenarios where the zone data is held under strict revision control or generated by some provisioning system that owns the serial number. Our provisioning system used to think it owned zone serial numbers, but when we started signing we moved the version tag into an HINFO record. In case anyone wonders why HINFO?, this was because 1. No-one wants to use HINFO at a zone apex for any other reason. 2. As a very ancient type, even early Windows DNS Server implementations didn't object to it when slaving the zones. 3. One can put arbitrary text strings in it. ... but also for the much less reputable 4. As a low numbered type, it got sorted immediately after the apex SOA and NS records in a zone file normalised by named-checkzone -D. Well, it served me right when we later had to put an A record (sorts before HINFO) at the apex of cam.ac.uk and I had to modify our normalised-zone-file- comparsion program to allow for that! -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Inline-signing feature request: Directly set the signed zone's serial number
FYI, If you had to do this all over again, and your tools are flexible enough to handle arbitrary RRTYPEs, you might consider using a private RRTYPE (in the 65280-65534 range). See http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 and/or http://tools.ietf.org/html/rfc6895. Repurposing HINFO for something other than expressing host-related info, is just downright confusing/surprising. Principle of Least Astonishment. - Kevin -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Chris Thompson Sent: Friday, October 17, 2014 12:23 PM To: Bind Users Mailing List Cc: Tony Finch Subject: Re: Inline-signing feature request: Directly set the signed zone's serial number On Oct 8 2014, Tony Finch wrote: Terry Burton t...@terryburton.co.uk wrote: This is especially useful in bootstrapping scenarios where the zone data is held under strict revision control or generated by some provisioning system that owns the serial number. Our provisioning system used to think it owned zone serial numbers, but when we started signing we moved the version tag into an HINFO record. In case anyone wonders why HINFO?, this was because 1. No-one wants to use HINFO at a zone apex for any other reason. 2. As a very ancient type, even early Windows DNS Server implementations didn't object to it when slaving the zones. 3. One can put arbitrary text strings in it. ... but also for the much less reputable 4. As a low numbered type, it got sorted immediately after the apex SOA and NS records in a zone file normalised by named-checkzone -D. Well, it served me right when we later had to put an A record (sorts before HINFO) at the apex of cam.ac.uk and I had to modify our normalised-zone-file- comparsion program to allow for that! -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND listen backlog too small
Thanks Cathy. The link you provided is very useful. On Friday, October 17, 2014 12:36 AM, Cathy Almond cat...@isc.org wrote: On 16/10/2014 23:52, Shawn Zhou wrote: Thanks Mark. That's what I was looking for! On Thursday, October 16, 2014 3:36 PM, Mark Andrews ma...@isc.org wrote: 2fd63cf5 (Mark Andrews 2003-04-10 02:16:11 + 279) tcp-listen-queue integer; More info here too: https://kb.isc.org/article/AA-00726/30/Tuning-your-BIND-configuration-effectively-for-zone-transfers-particularly-with-many-frequently-updated-zones.html (And apologies - this wouldn't have turned up in searches before, but it should do in future). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Large RPZ with a lot of views.
Hi, I have a configuration with a lot of views and I want all of them to use the same RPZ zone with is 100K+ entries. It takes far too long to load all the views when I include the RPZ zone in each view as a master zone. I have tried: 1. setting up the zone at the top level, but you can't do that with views. 2. setting the zone up in one view, and then using in-view for the others, but it complains that the zone isn't a type slave or master. So, is there a sane way to get a policy zone associated with multiple views? -- --Matt ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
