In article you write:
>For the record, the issue is not RBLs or legitimate domains, it is =
>spammer scum that set super-low DNS because they are shotgunning spam =
>from a a vast botnet and they want to have maximal impact, so you get a =
>different IP for every spam they send. It is a way of try
On 02/09/2018 05:26 PM, @lbutlr wrote:
But to answer your question, off-hand, I'd say that any TTL under 60s
is suspicious and any TTL under 10s is almost certainly intentionally
abusive.
I thought there was a lower recommended boundary, particularly to detect
and avoid things like fast flux.
On 2018-02-08 (08:51 MST), Mukund Sivaraman wrote:
>
> Also, just for argument's sake, one user wants to extend TTLs to
> 5s. Another wants 60s TTLs. What is OK and what is going too far?
For the record, the issue is not RBLs or legitimate domains, it is spammer scum
that set super-low DNS bec
On 2018-02-08 (03:10 MST), Michelle Konzack
wrote:
>
> Hi,
>
> Am 2018-02-08 hackte LuKreme in die Tasten:
>> Is it possible to tell bind to ignore very short TTLs and enforce
>> a...say... 5 second minimum TTL?
>
> VERY SHORT TTL?
YEs.
> 5 sec minimum?
Yes.
> What Du you mean with ignorin
On 02/09/2018 09:37 AM, Barry Margolin wrote:
As long as you understand the implications of what you're doing?
I don't think my level of understanding has any impact of my ability to
override what the zone publisher sets the desired TTL (or any value) to be.
I have the right to run my networ
In article you write:
>As long as you understand the implications of what you're doing?
>
>The zone owner may be using short TTLs to implement load balancing
>and/or quick failover. If you extend the TTLs, your users may experience
>poor performance when they try to go to these sites using out-o
Am 09.02.2018 um 17:45 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
As long as you understand the implications of what you're doing?
The zone owner may be using short TTLs to implement load balancing
and/or quick failover. If you extend the TTLs, your users may experience
poor
Am 09.02.2018 um 17:45 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
As long as you understand the implications of what you're doing?
The zone owner may be using short TTLs to implement load balancing
and/or quick failover. If you extend the TTLs, your users may experience
poo
In article ,
Reindl Harald wrote:
> > As long as you understand the implications of what you're doing?
> >
> > The zone owner may be using short TTLs to implement load balancing
> > and/or quick failover. If you extend the TTLs, your users may experience
> > poor performance when they try to go
Am 09.02.2018 um 17:37 schrieb Barry Margolin:
In article ,
Grant Taylor wrote:
On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
Also, just for argument's sake, one user wants to extend TTLs to
5s. Another wants 60s TTLs. What is OK and what is going too far?
I think what is "OK" is up t
In article ,
Grant Taylor wrote:
> On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
> > Also, just for argument's sake, one user wants to extend TTLs to
> > 5s. Another wants 60s TTLs. What is OK and what is going too far?
>
> I think what is "OK" is up to each administrator.
>
> Obviously the
PGNet Dev wrote:
> ping, anyone?
You know as much about these errors as I do ...
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Fisher, German Bight: Mainly southerly 5 to 7. Moderate or rough. Occasional
rain. Good, occasionally poor.
__
ping, anyone?
On 2/1/18 10:22 AM, PGNet Dev wrote:
I recently updated to
named -v
BIND 9.12.0
compiled locally with
...
--enable-rpz-nsip
--enable-rpz-nsdname
--enable-querytrace
...
Now, in logs I'm seeing many of these errors
Am 09.02.2018 um 13:15 schrieb Tony Finch:
Reindl Harald wrote:
CISCO router with "DNS-ALG"
Oh god, never turn on PIX/ASA protocol fuxup features
well, i did not know that the ISP ships that crap with the feature
enabled and even if i did not imagine that it takes a zone-transfer on
the
Leave off the "protocol fixup feature", its cleaner
:-P
On Fri, Feb 9, 2018 at 7:15 AM, Tony Finch wrote:
> Reindl Harald wrote:
>>
>> CISCO router with "DNS-ALG"
>
> Oh god, never turn on PIX/ASA protocol fuxup features.
>
> Tony.
> --
> f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h
Reindl Harald wrote:
>
> CISCO router with "DNS-ALG"
Oh god, never turn on PIX/ASA protocol fuxup features.
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Malin: West 5 or 6, backing south 7 to severe gale 9 for a time. Very rough or
high. Rain or wintry showers. Good, o
Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no:
Yesterday I measured, on our busiest resolvers, the amount of replies
with TTL=0 the resolvers received (from the authoritative servers).
Turns out we receive around 2.3 percent replies with TTL=0. This is
a percentage I can live with, and I see n
17 matches
Mail list logo