into it's managed keys zone files and you can see them in the *.mkeys files.
What is the difference between managed-keys and trusted-keys?
And should I be importing anchors.xml as managed-keys instead of
trusted-keys?
Thanks,
Lyle Giese
LCR Computer Services, Inc
Alan Clegg wrote:
On 7/17/2010 9:49 AM, Lyle Giese wrote:
What is the difference between managed-keys and trusted-keys?
Managed keys automatically watch for RFC-5011 roll over and update
when new keys are made available. Trusted keys are manually managed and
will cause you
. Over time, bind figures out which
of those servers answers fastest and will tend to ask the fast ones the
most questions.
Lyle Giese
LCR Computer Services, Inc.
Zhang Meng wrote:
Thanks for your information.
But what does unknown servers mean? Where does the list come from?
On Tue, Jul 20
. I don't believe that BIND
pays any attention to /etc/hosts.allow
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Kevin Darcy wrote:
On 8/3/2010 3:03 PM, Denis BUCHER wrote:
Dear Lyle,
Le 03.08.2010 18:17, Lyle Giese a écrit :
I would like to know if I can block hosts doing that at the level of
/etc/hosts.allow or should I do it at the level of Bind itself ?
Use IPTables or add rules to your firewall. I
, not to exceed x numbers of days. That way we don't add
a domain and mistype the expiration date or forget we created an
exception for it.
Lyle Giese
LCR Computer Services, Inc.
I did, and I disagree that it misses the point.
I wanted a *short term* workaround for that zone, while the site fixed
Lyle Giese wrote:
I am not running named as named, but as root(no -u on command line).
But in testng I did change the permissions on this directory to 777
with no change in behaviour and changed it back to 755.
Lyle Giese
LCR Computer Services, Inc.
dhottin...@harrisonburg.k12.va.us wrote
David Forrest wrote:
On Thu, 9 Sep 2010, Lyle Giese wrote:
I am trying to install bind 9.7.1-P2 from source on a SLES 10 SP3
server.
When I run named from the command line, it runs, but fails to open
and write any of the zone files it downloaded.
named -c /etc/named.conf (yes I am
David Forrest wrote:
On Thu, 9 Sep 2010, Lyle Giese wrote:
David Forrest wrote:
On Thu, 9 Sep 2010, Lyle Giese wrote:
I am trying to install bind 9.7.1-P2 from source on a SLES 10 SP3
server.
When I run named from the command line, it runs, but fails to open
and write any of the zone
.
I am not using the -u option nor am I running in a CHROOT environment.
ps shows root owning the named process.
Also, there are specific issues when running the Security Enhanced
Linux. This may be your situation, or not. We can't tell.
I have never on purpose enabled SELinuxGRIN!
Lyle Giese
of good info at http://ipv6.he.net and at
http://www.sixxs.net for getting a working IPv6 tunnel into their
network and how to implement IPv6.
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https
Chris Buxton wrote:
On Sep 9, 2010, at 5:02 PM, Lyle Giese wrote:
wllarso wrote:
I'm not any sort of Linux expert but this started my mind thinking.
Take a look at the BIND FAQ, it comes with the sources. There are some
Linux specific comments about file and directory permissions
, but we can not tell as you are not posting the real IP
addresses. Even though the ip addresses involved are registered for web
and dns services that should be availible to the world anyway.
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing
asking about ns1 or
ns2.sharingcenter.de. Those queries appear to be returning a wild card
entry of 80.92.66.130 for ns1 and ns2.sharingcenter.de. There is no name
server answering at 80.92.66.130 and thus Eurodns reports that name
server is not answering.
Lyle Giese
LCR Computer Services, Inc
Alans wrote:
Hello,
Is it possible for bind dns to check the queries, if the returned answer
is existed in a file that contains blacklisted IPs then block it?
One more thing, from where we can get/buy updated lists of categorized
IPs/websites,
like Gaming, Porn, Social...?
Thanks,
Alans
, but you do need to reply to
the list and I sometimes forget as this list server does not put the
list in as the from address and my reader does not pick that up.
Lyle Giese
LCR Computer Services, Inc.
João Alberto Kuchnier wrote:
Sorry about that. The domain is dataprom.com.
ns1.dataprom.com
, scroll down and under More Domain
Options, click on Manage Name Servers. This is where you manage the
glue records for your name servers.
Lyle Giese
LCR Computer Services, Inc.
João Alberto Kuchnier wrote:
Lyle,
Domain registrar like Network Solutions? My domain account is set to ns1
and ns2
me to fix this issues?
João K.
Google is your friend! Please use it. You have mistakes of some sort in
your named.conf and/or your zone files.
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https
.
Lyle Giese
LCR Computer Services, Inc.
Oct 22 16:32:42 linux2 named[20883]: client 69.167.186.59#45185: view external:
query (cache) 'ofw4blrqy4.cache.lab.dnsexperiment.net/A/IN' denied
Oct 22 16:32:43 linux2 named[20883]: client 69.167.186.59#35522: view external:
query (cache
in an index.html that redirects accidential
visitors to my commerical business homepage.
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Konzack
Despite how I feel about Yahoo's SLURP engine, it still honors
robots.txt. Script kiddies don't.
Lyle Giese
LCR Computer Services, Inc.
P.S. My last post on this. This is not DNS related.
___
bind-users mailing list
bind-users
Or nsupdate
Lyle Giese
LCR Computer Services, Inc.
philippe.simo...@swisscom.com wrote:
Hi
if i good understand your question maybe the answer is :
rndc freeze / thaw
Philippe
-Original Message-
From: bind-users-bounces+philippe.simonet=swisscom@lists.isc.org
outside your internal network will know about the
microsoft domain.
The book has examples plus syntax and examples that will cover the rest
of your questions.
Lyle Giese
LCR Computer Services, Inc.
Riccardo Castellani wrote:
Hopefully the microsoft domain is a name that is not availible
arlut.utexas.edu
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
in the firewalls between the two sites. BTW, zone transfers are
done using TCP because of their size. Small queries try to use UDP first.
This is starting to sound more like the master is not allowing your site
to get a zone transfer. That is an ACL issue for the master site.
Lyle Giese
LCR Computer
that this area at AOL has to offer or
you will miss some important points, like that 12 hrs is considered the
min TTL for A and PTR records for mail servers. Less than 12 hrs TTL on
these records are considered by default indicators of dynamic IP addresses.
Lyle Giese
LCR Computer Services, Inc
in the
host OS. You have not specified the prefix length(compares to /24 for
IPv4 cidr notation) in your network configuration for your IPv6 addresses.
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https
server on this machine.
Do you have UDP and TCP ports 53 open to this server? You need both open.
Lyle Giese
LCR Computer Services, Inc.
On 06/03/11 02:04, kshitij mali wrote:
Hello ALL
Please help me toubleshoot this bind ISSUE
I am facing intermetent problem with some domains
On 06/10/11 07:53, David Sparro wrote:
On 6/10/2011 5:04 AM, kshitij mali wrote:
HI All,
I am repeated facing SERVFAIL error with respond to dig command .
but when i dig to known domian like yahoo,gmail.orkut etc then no
problem .
i think there is some perfomance issue with mycaching dns server
the
+trace option.
Lyle Giese
LCR Computer Services, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
be in China.
(ns2.fengnet.com and ns1.zjinfo.gov.cn).
If you are in fact doing this query from China, all bets are off for a
successful query.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
.
Are you getting zone transfers from there?
I question the need or a desire to have a copy of that zone on your dns
server, let alone if you are getting a full zone from the F root.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https
an additional layer of
confusion.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
proper glue records are maintained for any/all
name servers used with a domain registered with them.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
were partial to info over man. Try:
info tar
There is alot more information in the info pages than man pages for tar.
Plus the original poster needs to learn how to use the command line a
lot better.
Lyle Giese
LCR Computer Services, Inc.
___
Please
On 06/20/11 12:31, Metropolitan College Eric Kom wrote:
Maybe I'm still mix up somethings because after change the settings,
the *grep named /etc/log/syslog* still showing errors:
Jun 20 19:21:58 ns1 named[3178]: managed-keys-zone ./IN/internal:
loading from master file
://lists.isc.org/mailman/listinfo/bind-users
Try removing the wild card entry in the metropolitanbuntu.co.za and see
if that clears this error.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
rbldnsd. I have written perl scripts to
periodicly pull a copy of the database and parse that into text files
compatible with rbldnsd and move them into place. rbldnsd automagically
reloads the updated zone files.
Lyle Giese
LCR Computer Services, Inc
On 06/24/11 09:21, Brian J. Murrell wrote:
On 11-06-24 09:57 AM, Lyle Giese wrote:
It's expected behavior in a way.
Given your explanation, indeed. :-)
You are probably making this change in
the internal view and the internal named process knows about the change
and reloads the zone
for troubleshooting this issue.
It would appear that you setup the dyndns client on your debian box to
update feldland.dyndns.org. But how and where do you update the other
two? www.feldland.dyndns.org and test.feldland.dyndns.org
Or did you forget to create those at dyndns.org?
Lyle Giese
LCR
, the results will be unpredicatable and random.
Sometimes it will work and sometimes it won't work. It's important that
the glue records be correct.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind
On 07/01/11 08:50, Markus Feldmann wrote:
Am 01.07.2011 14:51, schrieb Lyle Giese:
Markus,
To be sure, you know that nslookup and dig do NOT use the search
parameter in /etc/resolv.conf. So when you do an nslookup or dig query,
you have to use the fully qualified domain name(FQDN).
PING uses
On 07/01/11 14:13, Markus Feldmann wrote:
Am 01.07.2011 18:35, schrieb Lyle Giese:
You are right in that you only need one host at dyndns.org to update
your ip address, but you want to have two different websites. The proper
way to do that is with CNAME entries pointing to the host you
On 07/02/11 04:48, Markus Feldmann wrote:
Am 01.07.2011 22:43, schrieb Lyle Giese:
I don't know dyndns.com services that well. I don't know what they
support or do not support directly.
I added two Hosts at dyndns.org test-feldland.dyndns.org and
feldland.dyndns.org both would have the same IP
On 07/02/11 04:37, Markus Feldmann wrote:
Am 01.07.2011 22:43, schrieb Lyle Giese:
On 07/01/11 14:13, Markus Feldmann wrote:
Am 01.07.2011 18:35, schrieb Lyle Giese:
You are right in that you only need one host at dyndns.org to update
your ip address, but you want to have two different
.com and ns2.dnsv5.com, you get four A records returned each.
However at least from here and it appears from where you are doing the
querys, these name servers are not responding. So Dig is just trying
all A records returned.
Lyle Giese
LCR Computer Services, Inc
zone files. You need to plan and it
helps to read the FAQs at ISC about this.
http://www.isc.org/faq/item/191
http://www.isc.org/faq/item/182
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
On 07/08/11 19:45, Joseph L. Casale wrote:
You can have views and separate zone files. You need to plan and it
helps to read the FAQs at ISC about this.
http://www.isc.org/faq/item/191
Didn't even think about it that way, ok.
http://www.isc.org/faq/item/182
How does one actually do away
of www.qq.com) returns nothing for this zone's NS query?
Misconfiguration of ns-tel1.qq.com or it's not allowed to give you that
answer. Hard to tell from here.
The view from here does not show ns-tel1.qq.com to be authorative for
www.qq.com.
Lyle Giese
LCR Computer Services, Inc
in named.conf.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 07/23/11 09:33, Vbvbrj wrote:
On 23.07.2011 17:24, Lyle Giese wrote:
On 07/23/11 03:22, Vbvbrj wrote:
Hello.
I have a server at home, that runs Bind 9 dns and routes internal
traffic to internet. Its working fine. When I'm out of home, I
disconnect my home switch. In bind log appears
On 07/23/11 11:13, Vbvbrj wrote:
On 23.07.2011 19:00, Lyle Giese wrote:
On 07/23/11 09:33, Vbvbrj wrote:
On 23.07.2011 17:24, Lyle Giese wrote:
On 07/23/11 03:22, Vbvbrj wrote:
Hello.
I have a server at home, that runs Bind 9 dns and routes internal
traffic to internet. Its working fine
,
--Sathyan
Simple ask both nameservers for the domain sin.gpi-g.com and you get
different answers. They have serious DNS problems.
Lyle Giese
LCR Computer Services, Inc.
dig @192.5.6.30 sin.gpi-g.com
; DiG 9.7.3 @192.5.6.30 sin.gpi-g.com
; (1 server found)
;; global options: +cmd
;; Got
On 8/31/2011 8:40 AM, Florian CROUZAT wrote:
Florian CROUZAT wrote on 2011-08-25:
Hi list,
On a few domains (we'll consider only one domain for this example) I
encounter sometimes (seemingly randoms) ServFails while resolving domain
names. A client (192.168.147.2) asks my caching server
I doing something wrong?
Thanks,
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
options: +cmd
;; connection timed out; no servers could be reached
Very informative. But if I disable DNSSEC, resolution using a
static-stub zone does work.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo
/listinfo/bind-users
Just a quick question, have you registered your name servers with your
domain registrar?
nic.it may be looking for the necessary glue records.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman
situation.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
. The slaves actually ask for the SOA record from each Master
when refreshing.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
example.com
aINA203.39.45.20
bINA203.39.45.21
/\
*Tarak*
*
Where are your A records for your name servers, ns1.example.com,
ns2,example.com and ns4.example.com?
And please answer the question above, what does the named's log say when
starting up?
Lyle Giese
On 11/10/11 12:24, trm asn wrote:
On Thu, Nov 10, 2011 at 8:28 PM, Lyle Giese l...@lcrcomputer.net
mailto:l...@lcrcomputer.net wrote:
On 11/09/11 15:59, trm asn wrote:
On Wed, Nov 9, 2011 at 3:15 PM, Matus UHLAR - fantomas
uh...@fantomas.sk mailto:uh...@fantomas.sk
for a
specific use case and ISC is not into generating special builds for
special or specific use cases unless you contract with them to build and
maintain your special build of BIND.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https
out the query.
Lyle Giese
LCR Computer Services, Inc.
On 01/12/12 08:11, babu dheen wrote:
Hi,
I can see only below line in the logs which is no more useful.
Actully i would like to find out where exactly DNS query is blocked
during query process
/*client 127.0.0.1#46547: view
thinking(and I could be quite wrong here) is that my server will
cache a good verified answer and DNSSEC does not seem to help here.
Please let me know where I am wrong here if I am.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https
On linux boxes, adding
options rotate
to the /etc/resolv.conf helps.
Lyle Giese
LCR Computer Services, Inc.
On 03/07/12 06:54, Bostjan Skufca wrote:
Problem is, most of client resolvers (not resolving nameservers, but
resolvers on workstations etc) query first specified nameserver first
seconds
of preceeding logs missing when the query started?
Lyle Giese
LCR Computer Services, Inc.
On 03/12/12 15:05, Mr X wrote:
Hey there
I'm having a bizarre issue with 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 -
recursive queries stop functioning after bind has been running for a
few hours. It's
file on the local machine that
contains...
Or in your proxy server redirect www.google.com to nosslsearch.google.com
DNS server software is not very supportive of doing this for good reasons.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit
to the point, dig gives up trying.
But the use of dig +trace shows much more diagnostic information which
points us to the real issue you have.
Lyle Giese
LCR Computer Services, Inc.
On 05/02/12 16:36, Paul Marais wrote:
Thanks Lyle,
You're right - I started using the host command because
section of the named options.
On May 2, 2012, at 3:48 PM, Lyle Giese wrote:
Using dig +trace, dig is trying to accomplish the recursion that
named would do for you. This tells us your local copy of named is
answering requests as that is where you received the list of root
servers from
seconds for msrv.cairosource.com.
This low TTL makes it look like you have a dynamic ip address. Most
RBL's require a minimium of 12 hrs and recommend 24 hour TTL on these
two records.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https
issue, I did not go back to the logs and look
at the first boot error messages and focused on the last restart of
named set of messages.
Lyle Giese
LCR Computer Services, Inc.
Related error messages:
Jun 9 22:29:21 ns1a named[6252]: zone 78.0.10.in-addr.arpa/IN/chase:
refresh: failure trying
format.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
. It's only at ftp.internic.net.
This page has a pointer to root hints file(via FTP) that does not work
either. The http version shows the above mistake. It's not available
at rs.internic.net.
http://www.iana.org/domains/root/files
Lyle Giese
LCR Computer Services, Inc
actually have another machine that has bind 9.4.2 and it works as
desired without all this options. both machines a meant to be
authoritative for domain.com...
anything else i can try?
thanks...
-- Arni
- Original Message -
From: kalin ka...@el.net
To: Lyle Giese l
for a caching-only name server, which is what
you are asking for.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
that a recursive name server does.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
On 01/11/13 03:05, Daniele wrote:
Port 53 is open, I can also telnet it from another box in the same
network.
Now I think the problem can be on the packets size, because I'm trying
every solution but nothing works.
2013/1/9 Lyle Giese l...@lcrcomputer.net mailto:l...@lcrcomputer.net
.
Lyle Giese
LCR Computer Services, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 02/18/13 19:02, Tony Finch wrote:
Lyle Giese l...@lcrcomputer.net wrote:
Recently I moved this domain(lcrcomputer.net) to a registrar that suports
DNSSEC and inserted the DS record for this domain.
Was it signed before this point? I am wondering if this is a DNS response
size problem
Your bind code is old and has the old info in it. D root changed it's
ip address. Bind has a built-in hints file, in case you don't setup one
and it probably has the old ip address for the D root.
http://blog.icann.org/2012/12/d-root/
Lyle Giese
LCR Computer Services, Inc.
On 08/20/13 15
IN A 192.228.79.201
a.root-servers.net. 360 IN A 198.41.0.4
a.root-servers.net. 360 IN 2001:503:ba3e::2:30
Regards,
Rohan
On Tue, 20 Aug 2013 15:59:41 -0500
Lyle Giese l...@lcrcomputer.net wrote:
Your bind code is old and has the old info in it. D root
Allow-update makes the zone a dynamic update zone. You have to stop
hand editing the zone file. Use nsupdate to make changes to the zone.
Lyle Giese
LCR Computer Services, Inc.
On 04/25/14 15:03, Jeronimo L. Cabral wrote:
Dear, I'm using Bind 9.8.4 with a master / slave scenario. Zone
How are you checking for updated info from the master?
I recommend
dig @ip address of master test.company.com.ar
Lyle Giese
LCR Computer Services, Inc.
On 04/25/14 15:29, Jeronimo L. Cabral wrote:
Thanks a lot, but using the allow-update statement, I use nsupdate in
order to add a new record
post the domain name so we can look from out here.
Is the name server on a public ip address and your firewall allowing udp
tcp port 53 access to talk to named?
Lyle
On 07/20/14 02:21, Blason R wrote:
Hi Guys,
Though it may not relevant with BIND but I need help with NS servers
which are
If I remember right, DIG does not know the root servers and asks the
local host to retrieve that information and a server at
172.27.254.11(which is RFC 1918 address space) gave you that answer.
Is your machine/shop setup with private root servers?
Lyle
On 2/3/2015 12:50 PM, Linux Addict
.
. 518400 IN NS H.ROOT-SERVERS.NET
http://H.ROOT-SERVERS.NET.
On Tue, Feb 3, 2015 at 2:02 PM, Lyle Giese l...@lcrcomputer.net
mailto:l...@lcrcomputer.net wrote:
If I remember right, DIG does not know the root servers and
asks the local host to retrieve
net facing
applications.
Lyle Giese
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
lookup for you.
Lyle Giese
LCR Computer Services, Inc.
On 9/22/2015 2:08 PM, Ron Wingfield wrote:
RE: BIND v9.10.2
I have recently converted from a "legacy" DSL service to AT's
U-verse . . .has been a painful experience. Heretofore, the following
from /var/named/named.conf
The reverse lookup for 118.189.211.120 does not match your HELO greeting
and does not match the A record for exchange.teo-en-ming.com. Get your
upstream ISP to fix that.
Lyle Giese
LCR Computer Services, Inc.
On 8/13/2018 8:28 PM, Turritopsis Dohrnii Teo En Ming wrote:
Good morning from
recursive only server(other than host1), I would expect the same
behavior as the +trace result.
so I think the answer is dependant on how your bind9 resolver is configured.
Lyle Giese
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
Be careful 'rejecting' these outright. These queries are UDP
traffic(not TCP) and the source address is easily forged. RRL is the
correct way to limit these.
Lyle Giese
LCR Computer Services, Inc.
On 11/30/20 4:12 AM, Marc Roos wrote:
Are newer version of bind still logging like
Why are you using forwarders? These cloudflare servers are not
authoritive for cat.com and don't seem to be open resolvers either.
Lyle Giese
LCR Computer Services, Inc.
On 12/4/20 12:48 PM, Wade Blackwell wrote:
Good morning from the West Coast,
It’s been a while since
Probably best to ask Paul Vixie for confirmation.
I had implemented RRL when it was still an addon and that was what was
documented back then.
On 12/1/20 10:15 AM, Karl Pielorz wrote:
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese
wrote:
You need to look at the reply named sends
not blindly just drop traffic.
Lyle Giese
LCR Computer Services, Inc.
On 12/1/20 4:58 AM, Karl Pielorz wrote:
Hi all,
So there's been quite a thread - that originally started as "Bind
stats - denied queries" - and morphed into a whole discussion on
spoofed UDP, logging, RRL et
ns1.keiththewebguy.com. ..." the ns1.keiththewebguy.com. should be the
FQDN? That is the box host name plus the domain correct?
Thanks!!
On 2021-06-15 07:35, Matus UHLAR - fantomas wrote:
On 15.06.21 09:14, Lyle Giese wrote:
I think I stumbled upon a problem with the zone records for
keiththe
.keiththewebguy.com not ns1. ).
Lyle Giese
LCR Computer Services, Inc.
On 6/15/21 9:04 AM, techli...@phpcoderusa.com wrote:
On 2021-06-15 01:38, Reindl Harald wrote:
Am 15.06.21 um 10:31 schrieb Reindl Harald:
Am 14.06.21 um 22:37 schrieb techli...@phpcoderusa.com:
keiththewebguy.com [1
server and responsible party records are not resolvable.
Maybe someone with more knowledge of DNS and the use of .local. domain
name can shed some light on this.
Lyle Giese
On 10/27/23 10:36, Michael Martinell via bind-users wrote:
Hello,
At this point I am hoping that somebody might have
Just my opinion.
Don't rate limit tcp. The RRL feature in Bind only rate limits UDP.
UDP is connection-less and the source address can be forged, generating
DDOS traffic to a 3rd party.
Proper DNS software will fall back to TCP. Because TCP is connection
based, much harder to forge
or is not there, a recursive only server will fail to
give you the answer you seek.
That is very dependent on your internal dns setup and the type of dns
server you are querying.
Lyle Giese
On 11/4/22 11:07, David Carvalho via bind-users wrote:
Thanks for the replies.
My reverse zone file
99 matches
Mail list logo