Re: RHEL, Centos, Fedora rpm 9.10.2-P4

2015-09-04 Thread Mark Andrews
In message <55e82687.3090...@imperial.ac.uk>, Phil Mayers writes: > On 02/09/15 21:57, Carl Byington wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > http://www.five-ten-sg.com/mapper/bind contains links to the source > > Sigh. FYI, Chrome popped this error up for me: > >

Re: Installing bind is not very clear for me

2015-09-04 Thread Leandro
I think that regarding security issues, is better to prevent as much as possible. Here we have two different opinions: People that agree to use firewall and people against (or arguing that is not necessary): I would like to hear both and then decide. If we share our points maybe can get a

Re: Installing bind is not very clear for me

2015-09-04 Thread /dev/rob0
On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote: > Am 03.09.2015 um 22:59 schrieb Robert Moskowitz: > >On 09/03/2015 04:35 PM, Leandro wrote: > >>Ok ... > >>I got BIND 9.10.2-P3 working. > >>I compiled with > >> > >>./configure --with-openssl --enable-threads --with-libxml2 >

Re: Installing bind is not very clear for me

2015-09-04 Thread Mike Hoskins (michoski)
On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf of /dev/rob0" wrote: >On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote: >> Am 03.09.2015 um 22:59 schrieb Robert Moskowitz: >> >On 09/03/2015 04:35 PM,

Re: Installing bind is not very clear for me

2015-09-04 Thread sthaug
> One Firewall should be enough. > So, what you consider this firewall should do ? > In my opinion: > Block requests coming from a blacklist (Who will generate this list ?) > Block denial of service requests. It needs to measure the requests rate > to detects when is under attack. > Block port

Re: Installing bind is not very clear for me

2015-09-04 Thread Leandro
Reindl , I agree with you. One Firewall should be enough. So, what you consider this firewall should do ? In my opinion: Block requests coming from a blacklist (Who will generate this list ?) Block denial of service requests. It needs to measure the requests rate to detects when is under attack.

Re: Installing bind is not very clear for me

2015-09-04 Thread Reindl Harald
Am 04.09.2015 um 20:41 schrieb Leandro: I think that regarding security issues, is better to prevent as much as possible. Here we have two different opinions: People that agree to use firewall and people against (or arguing that is not necessary): I would like to hear both and then decide. If

Re: Installing bind is not very clear for me

2015-09-04 Thread John Miller
On Fri, Sep 4, 2015 at 3:29 PM, wrote: >> One Firewall should be enough. >> So, what you consider this firewall should do ? >> In my opinion: >> Block requests coming from a blacklist (Who will generate this list ?) >> Block denial of service requests. It needs to measure the

Re: Installing bind is not very clear for me

2015-09-04 Thread /dev/rob0
On Fri, Sep 04, 2015 at 05:27:18PM +, Mike Hoskins (michoski) wrote: > On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf > of /dev/rob0" r...@gmx.co.uk> wrote: > > >On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald

Re: Installing bind is not very clear for me

2015-09-04 Thread Mark Andrews
There are stupid firewalls that drop DNS queries with the last reserved bit set. This should be ignored by the nameserver. There are stupid firewalls that drop DNS queries with DO=1. This breaks DNSSEC. Most of these are gone now but some still exist. They took years to effectively remove

Re: Installing bind is not very clear for me

2015-09-04 Thread Noel Butler
On 05/09/2015 04:49, Reindl Harald wrote: mostly people who are throwing as much as possible appliances and firewalls in front of their machines doing that because missing knowledge and falling for some salesman's BS, the moment they sniff you have no idea, they rub their hands together

Re: Installing bind is not very clear for me

2015-09-04 Thread Mike Hoskins (michoski)
On 9/4/15, 9:29 PM, "bind-users-boun...@lists.isc.org on behalf of Noel Butler" wrote: >On 05/09/2015 04:49, Reindl Harald wrote: > >> mostly people who are throwing as much as possible appliances and >> firewalls in front of

Re: Installing bind is not very clear for me

2015-09-04 Thread Noel Butler
On 05/09/2015 05:00, Leandro wrote: > Reindl , I agree with you. > One Firewall should be enough. > So, what you consider this firewall should do ? > In my opinion: > Block requests coming from a blacklist (Who will generate this list ?) > Block denial of service requests. It needs to

Re: Installing bind is not very clear for me

2015-09-04 Thread Noel Butler
On 05/09/2015 11:41, Mike Hoskins (michoski) wrote: Actually, PIX had issues... I can attest to that, having administered several Cisco-based networks including PIX years before I was "a Cisco The biggest issues we really saw with PIX protected networks was in early 2000's, it used to

Re: Installing bind is not very clear for me

2015-09-04 Thread Mark Andrews
In message <65a8901490745bf21a8ec6c58b161...@ausics.net>, Noel Butler writes: > > and use modern version of bind and RRL. Definitely use a modern version of BIND. I don't know how often we get bug reports against stuffed we fixed years ago even from our support customers. If you are on a