-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies.
On 12/15/21 4:51 AM, Danilo Godec via bind-users wrote:
Hello,
Hi,
I'm noticing some unusual activity where 48 external IPs generated over
2M queries that have all been denied (just today):
15-Dec-2021 00:01:42.023 security: info: client @0x7f96180b3fe0
194.48.217.14#59698 (.): view
Am 15.12.21 um 15:01 schrieb John Kristoff:
Would I be doing a bad thing by using fail2ban to block these IPs?
This might be dangerous. If someone spoofs a well formed UDP query
that does what the above does and you block it, what if the spoofed
source is something you don't want blocked?
On Wed, 15 Dec 2021 12:51:19 +0100
Danilo Godec via bind-users wrote:
[...]
> 15-Dec-2021 00:01:42.127 security: info: client @0x7f96180b3fe0
> 45.145.227.33#11092 (.): view outside: query (cache) './ANY/IN' denied
This can be common noise you'll see if any external source can get
queries to
Our December maintenance releases of BIND are available and can be
downloaded from the ISC software download page, https://www.isc.org/download
This month there were no significant changes to the 9.11 branch and as a
result there is no December release for it.
More significant changes were
Our December maintenance releases of BIND are available and can be
downloaded from the ISC software download page, https://www.isc.org/download
This month there were no significant changes to the 9.11 branch and as a
result there is no December release for it.
More significant changes were
Am 15.12.21 um 14:33 schrieb Andrew P.:
So why isn't there a way to tell BIND not to respond to queries for which it
clearly is not authoritative (such as these attack vectors)? Since no
legitimate resolver would be asking a non-authoritative server for information,
why should his (or my)
Not responding would make the client susceptible to spoofing,
and named have no way of deciding whether the other side
is legitimate or not. The out-of-configure-zone question could
come from misconfiguration somewhere and not be malicious
at all.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
>
So why isn't there a way to tell BIND not to respond to queries for which it
clearly is not authoritative (such as these attack vectors)? Since no
legitimate resolver would be asking a non-authoritative server for information,
why should his (or my) public BIND server respond to these even with
> Would I be doing a bad thing by using fail2ban to block these IPs?
That’s the question that only you can answer. The IP addresses are
not attacker’s but victim’s and you would be punishing those networks
by blocking access from them to your network.
Do you absolutely know that these IP
Hello,
I'm noticing some unusual activity where 48 external IPs generated over
2M queries that have all been denied (just today):
15-Dec-2021 00:01:42.023 security: info: client @0x7f96180b3fe0
194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied
15-Dec-2021 00:01:42.023
11 matches
Mail list logo
