Re: ISC Bind 9.11 and dyndb-ldap

2016-10-17 Thread Pallissard, Matt
On 10/17/2016 05:50 PM, Mark Andrews wrote: > In message , > "Pallissard, Matthew" writes: >> On 10/16/2016 09:34 PM, Mark Andrews wrote: >>> In message , "Pallissard, >>> Matt" writes:

Re: ISC Bind 9.11 and dyndb-ldap

2016-10-17 Thread Mark Andrews
In message , "Pallissard, Matthew" writes: > On 10/16/2016 09:34 PM, Mark Andrews wrote: > > In message , "Pallissard, > > Matt" writes: > >> > >> Has anyone successfully used LDAP as a

Re: ISC Bind 9.11 and dyndb-ldap

2016-10-17 Thread Pallissard, Matthew
On 10/16/2016 09:34 PM, Mark Andrews wrote: > In message , "Pallissard, > Matt" writes: >> >> Has anyone successfully used LDAP as a dynamic back-end for bind 9.11? >> >> Unless I'm reading the release notes/new features pages incorrectly the >>

Re: BIND 9.11.0 RPZ performance issue

2016-10-17 Thread G.W. Haywood
Hi there, On Mon, 17 Oct 2016, Daniel Stirnimann wrote: I have upgraded some of our BIND resolvers from BIND 9.9.9-P3 to BIND 9.11.0 and I notice timeouts for 3 - 5 seconds about every 1 to 5 hour. Something to do with dlv.isc.org? -- 73, Ged.

Re: defines ip to acl

2016-10-17 Thread Pol Hallen
And don't forget the copious comments in named.conf, so that your successor can easily see, at a glance, what start/end addresses those clusters of ACL elements represent. sure! :-) thanks Pol ___ Please visit

RE: defines ip to acl

2016-10-17 Thread Darcy Kevin (FCA)
And don't forget the copious comments in named.conf, so that your successor can easily see, at a glance, what start/end addresses those clusters of ACL elements represent. - Kevin -Original

Re: defines ip to acl

2016-10-17 Thread Pol Hallen
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I think you want: acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; } acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26; 192.168.1.192/29; } thanks guys :-)

RE: defines ip to acl

2016-10-17 Thread Darcy Kevin (FCA)
Well, things are messy, because you haven't carved up your subnet on bit-boundaries. BIND ACLs are either individual IPs, CIDR blocks, negations, or some combination of these. It can be done: 192.168.1.1 through 192.168.1.99 = !192.168.1.0; 192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30;

Re: defines ip to acl

2016-10-17 Thread McDonald, Daniel (Dan)
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I think you want: acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; } acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26; 192.168.1.192/29; } On 2016-10-17, 13:41, "bind-users on

defines ip to acl

2016-10-17 Thread Pol Hallen
Hello all :-) I need to setup 2 kind of acl on same network, ie: ip from 192.168.1.1 to 192.168.1.99 belongs to acl1 and ip from 192.168.1.100 to 192.168.1.199 to acl2 acl net1 { 192.168.1.1-99/24 }; acl net1 { 192.168.1.99-199/24 }; what's the correct way? I didn't find nothing :-/ thanks

Re: R: Reloading match-clients

2016-10-17 Thread Cathy Almond
On 14/10/2016 13:13, Matus UHLAR - fantomas wrote: > On 14.10.16 13:51, Job wrote: >> There is now way to update dinamically the match_clients without >> reconfig/reloading? What are you using the different views for, that the clients allowed to access them are changing so often? There may be a

BIND 9.11.0 RPZ performance issue

2016-10-17 Thread Daniel Stirnimann
Hi, I have upgraded some of our BIND resolvers from BIND 9.9.9-P3 to BIND 9.11.0 and I notice timeouts for 3 - 5 seconds about every 1 to 5 hour. I have managed to trace this back to our RPZ configuration. I have 14 RPZ zones configured. Some of them are quite large (e.g. Spamhaus). The only