Hi J.
I'm not sure what the cause of the URLs is, but I can confirm I'm seeing
the same URLs in my own logs. The queries originate from multiple
devices on my internal network - all Apple devices I think.
My advice: I wouldn't waste too much effort trying to solve this one, as
it is almost
Hi Nick.
Your current set-up sounds like a fairly common configuration. And
depending on your requirements there are a number of options that you
might consider.
But let's start with requirements: I've made some assumptions - please
advise if I've got any of this wrong?:
* You have two
Hello,
On a Bind 9.18.19 server configured as a recursive resolver, I sometimes
see URL's being noted in the log files.
One such example is:
02-Nov-2023 23:32:19.435 lame-servers: info: success resolving
'https://app-measurement.com/sdk-exp/A' after disabling qname
minimization due to
Hello,
I have a basic recursive resolver configuration with Bind 9.18.19 that
acts as the resolver for some VPN roadwarrior clients (a mix of Apple
iOS and macOS clients).
Periodically I will see the following in my logs:
02-Nov-2023 15:06:27.658 resolver: info: loop detected resolving
Am 03.11.2023 um 20:12:59 Uhr schrieb Nick Howitt via bind-users:
> I have those lines, but if I remove them, then presumably I cannot
> have internal overrides anywhere, like a hosts file would or like
> dnsmasq would?
BIND doesn't care about /etc/hosts.
If you make it authoritative for a zone,
On 03/11/2023 20:07, Marco M. wrote:
Am 03.11.2023 um 19:54:32 Uhr schrieb Nick Howitt:
How do you mean remove the zone information?
In your /etc/bind are configuration files.
Look for named.conf* and find those that include zones:
zone "f.8.1.1.0.7.1.0.1.0.a.2.ip6.arpa" {
type master;
Am 03.11.2023 um 19:54:32 Uhr schrieb Nick Howitt:
> How do you mean remove the zone information?
In your /etc/bind are configuration files.
Look for named.conf* and find those that include zones:
zone "f.8.1.1.0.7.1.0.1.0.a.2.ip6.arpa" {
type master;
file
On 03/11/2023 19:30, Marco M. wrote:
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
Can the bind-internal not be made to caching only and not
authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from the
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
> Can the bind-internal not be made to caching only and not
> authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from the authoritative server (your
Am 03.11.2023 um 19:15:45 Uhr schrieb Nick Howitt via bind-users:
> You are preaching to the converted, but we have a huge mix of SLES
> 11, Ubuntu 16, 18, 20 and 22 machines + Windows Server 2016. Getting
> them all current is a long term project and it has to go through all
> sorts of customer
Unfortunately they are not separate subdomains. They are all part of the
same domain. Can the bind-internal not be made to caching only and not
authoritative? If so, how?
On 03/11/2023 19:01, Andrew Pavlin wrote:
Have you considered making your internal DNS servers unpublished
secondaries for
On 03/11/2023 18:06, Marco M. wrote:
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external
Have you considered making your internal DNS servers unpublished secondaries
for the external domain data? Just because the external primary DNS server is
configured to allow an internal server to do domain transfers does not mean
that internal server's identity has to be published in external
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
> On 03/11/2023 17:54, Marco M. wrote:
> > Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
> >
> >> My problem is the use of external IP's duplicated between the
> >> internal and external masters for some
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.
Implement IPv6 and get rid of the old IPv4
On Fri, 3 Nov 2023, Amaury Van Pevenaeyge wrote:
* Would you have some articles and researches or others about DNS
protocol, DNS protocol security or good research practices for DNS
amplification attacks?
The "go to" book on my bookshelf for IP generally is Comer's
_Internetworking
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
> My problem is the use of external IP's duplicated between the
> internal and external masters for some IPs/FQDNs which I want to get
> rid of.
Implement IPv6 and get rid of the old IPv4 technology for internal
communication.
It
On 03/11/2023 17:17, Marco M. wrote:
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
As this site is externally accessible as well, we also have to put an
identical entry in bind-external so we end up having many identical
entries in bind-internal and bind-external.
It seems
> On 3. 11. 2023, at 18:04, Fred Morris wrote:
>
> Your interpretation of what is occurring may be interfering with your
> understanding of it.
This ^^^.
You should start with understanding the wider picture by studying how DNS works.
I would recommend starting here:
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
> As this site is externally accessible as well, we also have to put an
> identical entry in bind-external so we end up having many identical
> entries in bind-internal and bind-external.
It seems they people who set that up
Am 03.11.2023 um 15:20:50 Uhr schrieb Amaury Van Pevenaeyge:
> Hello everyone,
>
> I'm currently a final year Master's student at the Free University of
> Brussels. As part of my Master's thesis, I have to implement a DNS
> amplification scenario within a Cyber Range. However, before
> achieving
Hello. Your interpretation of what is occurring may be interfering with
your understanding of it.
On Fri, 3 Nov 2023, Amaury Van Pevenaeyge wrote:
[...] As part of my Master's thesis, I have to implement a DNS
amplification scenario within a Cyber Range. However, before achieving
this final
Hmm, I'll admit to only skim reading it but is seems quite complicated
for what I was hoping for. It would be trivial if I could change the
bind-internal machine to using dnsmasq (ugh!). Then the bind-internal
machine would serve up anything it explicitly knew about to the internal
clients,
Hi,
I am fairly new to bind but I am thinking my company's use of it is
sub-optimal. We have two bind masters (and a few slaves), one for
internal use so all our internal servers point to it or its slaves as
their DNS resolvers. I will call the internal one bind-internal and the
external one
Mosharaf Hossain wrote:
> Hello Folks
> I have come across a challenge with our BIND nameserver, specifically
> related to a "*DNS NXDOMAIN flood*" problem. Despite upgrading the BIND
> version from 9.10 to 9.18, the issue persists.
>
> The attack originates from an external network, and it
Hello everyone,
I'm currently a final year Master's student at the Free University of Brussels.
As part of my Master's thesis, I have to implement a DNS amplification scenario
within a Cyber Range. However, before achieving this final goal, I first need
to make amplification rate measurements
Your solution works thank you! I didn't know that the default behavior of the
dig command with an ANY query is to respond with TCP.
Message d'origine De : Marco Date : 3/11/23
12:23 (GMT+01:00) À : avanpevenaeyge ,
bind-users@lists.isc.org Objet : Re: Adaptation response ton
Marco wrote:
> Try
> dig example.org +notcp to force a UDP lookup.
I find that I need to also use +ignore to prevent Dig from using TCP.
(That option has a very bad name.)
Björn Persson
pgpdJ4lEIrrnl.pgp
Description: OpenPGP digital signatur
--
Visit
Am 03.11.2023 schrieb avanpevenaeyge :
> Ok but what about the response to ANY queries on ubuntu 22.04? I
> tried to do some ANY queries from my client but the server always
> responds with TCP. Is it a security measure to prevent DNS
> amplification attack?
Please tell us how you do the lookup.
Am 03.11.2023 schrieb avanpevenaeyge :
> However, I know that BIND is designed to respond to ANY requests via
> TCP for security reasons. So my question is: how can I make my BIND9
> server respond to ANY queries via UDP and not TCP for the purposes of
> my thesis? Thank you in advance for your
Hello, I'm a student in the Master in Cybersecurity organized by the Free
University of Brussels. As part of my Master's thesis, I have to implement a
DNS amplification scenario within a Cyber Range. Before doing so, I need to
measure the amplification rate for each DNS request. However, I know
31 matches
Mail list logo
