On Wed, May 22, 2019 at 12:41:05PM +0100, Jim Reid wrote:
> ISC said DLV would go away once the root got signed. It's long outlived
> its usefulness (DLV that is, not ISC). The root first got signed ~10
> years ago. That's more than enough time to make other arrangements and
> have an orderly withd
On Wed, May 22, 2019 at 11:39:04PM +0200, Ict Security wrote:
> Dear Klaus,
>
> >>btw - how high is the "extremely load"?
> Without old DLZ module, Bind 9.12 scales to thousands and thousands of
> queries.
> If i include old DLZ module, with postgres, over about 1000 Qps Bind
> start to slow down
Dear Klaus,
>>btw - how high is the "extremely load"?
Without old DLZ module, Bind 9.12 scales to thousands and thousands of queries.
If i include old DLZ module, with postgres, over about 1000 Qps Bind
start to slow down visibly,
Do you think the old DLZ-Postgreqsl module might the bottleneck?
A
Am 21.05.2019 um 22:31 schrieb Ict Security:
Under heavy load, Bind becomes extremely load above a certain number of
Qps but, if i query an alias IP address (where normally queries don't
arrive), Bind answers immediately.
btw - how high is the "extremely load"?
Klaus
_
Am 20.05.2019 um 20:16 schrieb Ict Security:
How could i increase the number of socket on a single IP address,
since Bind is working perfectly on the secondary address,
when the first one is stucked?
If the incoming traffic is bursty it may happen that the receive queue
of the socket is full a
Matthijs Mekking wrote:
>
> The BIND 9 development team has been discussing whether we should remove
> the DLV code from the BIND 9 source.
DLV as it currently works is not useful and it's a lot of complexity to
carry around. However, with some tweaks it might be made useful. On the
gripping hand
@lbutlr wrote:
>
> If I remove "update-policy local; " the nsupdate works, but it seems
> like it should have worked with the update-policy since I was in fact
> local to the bind server.
The "local" keyword enables server-side support for `nsupdate -l`, which
makes dynamic updates really easy to
TBH, I haven't worked specifically with "static-stub", but with the classic
"stub", one would put a "null forwarders" statement in the zone definition
to inhibit forwarding.
I.e.
forwarders { };
- Kevin
On Wed, May 22, 2019 at 8:16 AM Ben Lavender
Hi,
When I setup static-stub zones with the global forwarders options
configured, BIND by design forwards the requests before using the stubs.
What is the best way around this so the stubs and cache are consulted first?
This is required for split-brain DNS.
Thanks
Regards
Ben Lavender
___
> On 21 May 2019, at 16:00, Hugo Salgado-Hernández wrote:
>
> One important thing is that the "islands of security" concept
> may be necessary in different places (companies? communities?)
> and the DLV technique is not limited to the root. For the same
> reason I consider that Bind's support i
Dear Mark,
excellent reply, thank you.
I found the problem: for legacy compatibility reason, i still need to
use the old Bind-DLZ Driver, with Postgresql.
I have remove the Driver, used for SQL-filtering reasons, Bind work
like a charm.
I can remove DLZ for "emergencies periods", but i still need
11 matches
Mail list logo
