In message <55e82687.3090...@imperial.ac.uk>, Phil Mayers writes:
> On 02/09/15 21:57, Carl Byington wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > http://www.five-ten-sg.com/mapper/bind contains links to the source
>
> Sigh. FYI, Chrome popped this error up for me:
>
>
I think that regarding security issues, is better to prevent as much as
possible.
Here we have two different opinions:
People that agree to use firewall and people against (or arguing that is
not necessary):
I would like to hear both and then decide. If we share our points maybe
can get a
On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote:
> Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
> >On 09/03/2015 04:35 PM, Leandro wrote:
> >>Ok ...
> >>I got BIND 9.10.2-P3 working.
> >>I compiled with
> >>
> >>./configure --with-openssl --enable-threads --with-libxml2
>
On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf of
/dev/rob0"
wrote:
>On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote:
>> Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
>> >On 09/03/2015 04:35 PM,
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure the requests rate
> to detects when is under attack.
> Block port
Reindl , I agree with you.
One Firewall should be enough.
So, what you consider this firewall should do ?
In my opinion:
Block requests coming from a blacklist (Who will generate this list ?)
Block denial of service requests. It needs to measure the requests rate
to detects when is under attack.
Am 04.09.2015 um 20:41 schrieb Leandro:
I think that regarding security issues, is better to prevent as much as
possible.
Here we have two different opinions:
People that agree to use firewall and people against (or arguing that is
not necessary):
I would like to hear both and then decide. If
On Fri, Sep 4, 2015 at 3:29 PM, wrote:
>> One Firewall should be enough.
>> So, what you consider this firewall should do ?
>> In my opinion:
>> Block requests coming from a blacklist (Who will generate this list ?)
>> Block denial of service requests. It needs to measure the
On Fri, Sep 04, 2015 at 05:27:18PM +, Mike Hoskins (michoski)
wrote:
> On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf
> of /dev/rob0" r...@gmx.co.uk> wrote:
>
> >On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald
There are stupid firewalls that drop DNS queries with the last
reserved bit set. This should be ignored by the nameserver.
There are stupid firewalls that drop DNS queries with DO=1.
This breaks DNSSEC. Most of these are gone now but some still
exist. They took years to effectively remove
On 05/09/2015 04:49, Reindl Harald wrote:
mostly people who are throwing as much as possible appliances and
firewalls in front of their machines doing that because missing
knowledge
and falling for some salesman's BS, the moment they sniff you have no
idea, they rub their hands together
On 9/4/15, 9:29 PM, "bind-users-boun...@lists.isc.org on behalf of Noel
Butler" wrote:
>On 05/09/2015 04:49, Reindl Harald wrote:
>
>> mostly people who are throwing as much as possible appliances and
>> firewalls in front of
On 05/09/2015 05:00, Leandro wrote:
> Reindl , I agree with you.
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to
On 05/09/2015 11:41, Mike Hoskins (michoski) wrote:
Actually, PIX had issues... I can attest to that, having administered
several Cisco-based networks including PIX years before I was "a Cisco
The biggest issues we really saw with PIX protected networks was in
early 2000's,
it used to
In message <65a8901490745bf21a8ec6c58b161...@ausics.net>, Noel Butler writes:
>
> and use modern version of bind and RRL.
Definitely use a modern version of BIND. I don't know how often
we get bug reports against stuffed we fixed years ago even from our
support customers. If you are on a
15 matches
Mail list logo