Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no:
I think what is "OK" is up to each administrator.
Obviously the zone administrators have decided that they want people to
use the 2s TTL.
That being said, it is up to each individual recursive server operator
if they want to honor what the
> I think what is "OK" is up to each administrator.
>
> Obviously the zone administrators have decided that they want people to
> use the 2s TTL.
>
> That being said, it is up to each individual recursive server operator
> if they want to honor what the zone administrators have published, or
On Thu, Feb 8, 2018 at 4:34 PM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
>
>> Also, just for argument's sake, one user wants to extend TTLs to 5s.
>> Another wants 60s TTLs. What is OK and what is going too far?
>>
>
> I
On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
Also, just for argument's sake, one user wants to extend TTLs to
5s. Another wants 60s TTLs. What is OK and what is going too far?
I think what is "OK" is up to each administrator.
Obviously the zone administrators have decided that they want
Am 08.02.2018 um 17:07 schrieb Tony Finch:
Reindl Harald wrote:
yes, you are free to decide that named don't need to support the users wish of
such a feature. but the result is that the user stops to use named at all on a
inbound-mailserver and is done
Or you could
Am 08.02.2018 um 17:10 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote:
I doubt the zone owner is forcing you to use their zone. You can nix
fetches to it. If you want the zone data, then follow what the zone
owner requires.
does not matter
It
On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote:
> > I doubt the zone owner is forcing you to use their zone. You can nix
> > fetches to it. If you want the zone data, then follow what the zone
> > owner requires.
>
> does not matter
It matters to us.
Mukund
Reindl Harald wrote:
yes, you are free to decide that named don't need to support the users wish of
such a feature. but the result is that the user stops to use named at all on a
inbound-mailserver and is done
On 08.02.18 16:07, Tony Finch wrote:
Or you could use
Barry Margolin wrote:
> There are some servers that will avoid expiring records if the auth
> servers stop responding, as a fail-safe mechanism.
For instance, BIND 9.12 - https://www.isc.org/blogs/bind-9-12-almost-ready/
Tony.
--
f.anthony.n.finch
Am 08.02.2018 um 17:03 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
frankly, even *if* i pay for the service i would call it a good citizen
to produce less load and the "minimum-ttl" also reduces
Reindl Harald wrote:
>
> yes, you are free to decide that named don't need to support the users wish of
> such a feature. but the result is that the user stops to use named at all on a
> inbound-mailserver and is done
Or you could use patched versions from FreeBSD or
Am 08.02.2018 um 16:51 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
If the RRset wants a TTL of N seconds, then that is the authoritative
instruction from the owner of the zone about how the data
In article ,
Reindl Harald wrote:
> frankly, even *if* i pay for the service i would call it a good citizen
> to produce less load and the "minimum-ttl" also reduces load from other
> RBL's without any restriction
On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote:
>
>
> Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
> > On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> > > Hello Harald,
> > > Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > > > you miss the topic
> > >
Am 08.02.2018 um 16:39 schrieb Reindl Harald:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> Hello Harald,
> Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > you miss the topic
> >
> > many DNSBL's have a very short TTL and at the same time a limit of
> > queries froma single IP until you need to pay for the service
Am 08.02.2018 um 16:16 schrieb John Levine:
In article you write:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries from a single IP until you need to pay for the service
This doesn't sound
In article you write:
>you miss the topic
>
>many DNSBL's have a very short TTL and at the same time a limit of
>queries froma single IP until you need to pay for the service
This doesn't sound like a technical problem.
Is there some reason
Matus UHLAR - fantomas wrote:
>
> and in case of private/internal domain even logical - it's not useful to
> push DS records to parent, and even possible with 2 versions of the same
> zone.
You can have a secure delegation in the parent if you sign both versions
of the zone
Am 08.02.2018 um 12:30 schrieb Michelle Konzack:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP until you need to pay for the service
so if you have a inbound MX
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
> you miss the topic
>
> many DNSBL's have a very short TTL and at the same time a limit of
> queries froma single IP until you need to pay for the service
>
> so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet
>
Am 08.02.2018 um 11:10 schrieb Michelle Konzack:
Am 2018-02-08 hackte LuKreme in die Tasten:
Is it possible to tell bind to ignore very short TTLs and enforce
a...say... 5 second minimum TTL?
VERY SHORT TTL?
5 sec minimum?
What Du you mean with ignoring?
It is you YOU have to configure
Thankyou for clarification...
Am DATE hackte AUTHOR in die Tasten: Karol Augustin
> On 2018-02-08 10:10, Michelle Konzack wrote:
>> Hi,
>>
>> Am 2018-02-08 hackte LuKreme in die Tasten:
>>> Is it possible to tell bind to ignore very short TTLs and enforce
>>> a...say... 5 second minimum TTL?
>>
On 2018-02-08 10:10, Michelle Konzack wrote:
> Hi,
>
> Am 2018-02-08 hackte LuKreme in die Tasten:
>> Is it possible to tell bind to ignore very short TTLs and enforce
>> a...say... 5 second minimum TTL?
>
> VERY SHORT TTL?
>
> 5 sec minimum?
>
> What Du you mean with ignoring?
> It is you YOU
Hi,
Am 2018-02-08 hackte LuKreme in die Tasten:
> Is it possible to tell bind to ignore very short TTLs and enforce
> a...say... 5 second minimum TTL?
VERY SHORT TTL?
5 sec minimum?
What Du you mean with ignoring?
It is you YOU have to configure Bind9 correctly to longer TTLs.
If the NS Entry
Am 08.02.2018 um 09:52 schrieb LuKreme:
Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5
second minimum TTL?
no, such a feature was refused because it violates RFC's (questionable
justification for a local decision not enbaled by default) and hence on
a
On 08.02.18 19:12, Mark Andrews wrote:
You break a chain of trust by proving there is a insecure delegation.
that should be expected :-)
and in case of private/internal domain even logical - it's not useful to
push DS records to parent, and even possible with 2 versions of the same
zone.
Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5
second minimum TTL?
--
This is my signature. There are many like it, but this one is mine.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
You break a chain of trust by proving there is a insecure delegation.
NXDOMAIN is not a delegation.
The point on OPTOUT is to allow the parent zone to add and remove
insecure delegations without resigning.
Mark
> On 7 Feb 2018, at 11:26 pm, Tony Finch wrote:
>
> Pruned debug
30 matches
Mail list logo