fferent. Please do not
> feel obligated to reply outside your normal working hours.
>
> On 28. 10. 2023, at 17:50, Paul Stead wrote:
>
>
> As a previous ISP admin I too have come across similar situations and
> frustrations.
>
> I can only say that Google and Cloudfl
works everywhere else, you must be
broken"
Paul
On Sat, Oct 28, 2023, 3:56 PM Rick Frey wrote:
> As Mark mentions, the NS records gtm.bankeasy.com need to be corrected
> and failure is not due to lack of iterating through all auth nameservers
> (all of the auth nameservers have the b
Op 06-10-2023 om 10:39 schreef Mark Andrews:
You need to figure out what is updating the zone. This isn’t named.
Thanks for your answer.
It makes me find the reason. See my other message.
With regards,
Paul
--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/
--
Visit
Op 06-10-2023 om 10:28 schreef Paul van der Vlis via bind-users:
Hello,
I try to give a dynamic IP to a name, using nsupdate. This works fine,
but after some hours the IP is gone from the master (which I update).
Something like this:
Host home.customer.nl not found: 3(NXDOMAIN)
The IP
about the removal in the logs. But I saw a "freeze"
and a "thaw" in the logs for the domain.
Any idea why the IP removes after some time?
With regards,
Paul van der Vlis
--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/
--
Visit https://lis
On Sat, 16 Sep 2023 10:22:26 +0100 (BST)
"G.W. Haywood via bind-users" wrote:
> Hi there,
> ...
>I'd be surprised if the OP couldn't manage with 2^20 IPs in a segment -
> but then I guess he does work in the .gov domain.
^^^
The OP's contact
On Sat, 10 Jun 2023 19:24:03 +0200
Ondřej Surý wrote:
> You are over-complicating things. If unconfigured, named binds the outgoing
> UDP to 0.0.0.0 (::0), which means the chosen IP address is picked by the
> kernel. You need to configure priorities on your interfaces in the kernel -
> ip
of the list.
Anand has done a better job at describing this function in other software
than my attempts
Paul
On Sat, 11 Mar 2023, 17:16 Grant Taylor via bind-users, <
bind-users@lists.isc.org> wrote:
> Hi Paul,
>
> Thank you for explaining.
>
> On 3/10/23 12:21 AM, Paul Ste
On Thu, 9 Mar 2023, 23:53 Grant Taylor via bind-users, <
bind-users@lists.isc.org> wrote:
> On 3/9/23 2:25 PM, Paul Stead wrote:
> > Chiming in to say +1 to Kalus' logic and sight of benefit here.
>
> Please forgive my ignorance in asking:
>
> Why doesn't the order
On Thu, 9 Mar 2023, 20:27 Klaus Darilion via bind-users, <
bind-users@lists.isc.org> wrote:
> > -Ursprüngliche Nachricht-
> > Von: bind-users Im Auftrag von Mark
> > Andrews
> > Gesendet: Donnerstag, 9. März 2023 21:04
> >
> > Named just uses the notify to trigger an early refresh
grant> I'd be interested in learning what other things /require/ or are
grant> at least predicated on having PTR records for IPs.
Been a few years since I last delved but was appalled at some of the
pointless uses of rev-ptrs. NYT used to require it to let you connect to
their website, as one
On Wed, 3 Aug 2022 15:10:39 -0400
Timothe Litt wrote:
> Hmm. Your resolv.conf says that it's written by NetworkManager.
>
> What I suggested should have stopped it from updating resolv.conf.
>
> See
>
On Wed, 3 Aug 2022 13:47:41 +0200
Victor Johansson via bind-users wrote:
> Hey,
>
> I just want to add that there is a better way to do this in iptables
> with hashlimit. The normal rate limit in iptables is too crude.
>
> Below is an example from the rate-limit-chain, to which you simply
There has been lots of discussion recently about DNSSEC issues, including
whether it's desirable to sign internal zones. Independent of this most recent
issue, a couple of weeks ago I did an informal survey, using DNSVIZ, of various
TLDs. I found the following rather surprising results:
Agreed, but without the upstream provider actually fixing the issue I
couldn't find a way to provide resolution of this domain to my customers -
are there better ways to resolve this from our side?
There seems to be a document about this issue -
https://kb.isc.org/docs/aa-01387
Paul
On Fri, 13
software seem to fall back gracefully
and resolve these problems
Paul
On Fri, 13 May 2022 at 13:51, Paul Stead wrote:
> I have noticed this, too,
>
> The problem seems to be related to edns - disabling edns for the upstream
> servers looks to resolve the issue, this can be seen with la
along the lines of -
server 157.83.102.245 {
edns no;
};
for each of the problematic upstreams. I contacted Barclays a few months
ago about this, but never got a solid response.
Paul
On Fri, 13 May 2022 at 13:12, Ondřej Surý wrote:
> Hi Rainer,
>
> I believe this is unrelated to an
via chron. It
restarted early this morning and of course it failed to come up with no errors
in the log, making it difficult to troubleshoot ☹.
Paul
-Original Message-
From: bind-users On Behalf Of Reindl Harald
Sent: Tuesday, March 15, 2022 10:01 AM
To: bind-users@lists.isc.org
PKG
itself. Just wondering why that mistake down bind down and how I can get
more meaningful logs on the logs even those a prepackaged bind version.
TIA
Paul
From: bind-users On Behalf Of Paul Amaral
via bind-users
Sent: Tuesday, March 15, 2022 9:08 AM
To: 'bind-users@lists.isc.org
Hi, I realize this is related to Centos, but all the sudden chroot bind
failed to start up with any meaningful errors.
Anyone know what might be the issue here? I have no clues on that the issue
is.
Paul
Job for named-chroot.service failed because the control process exited with
error code
On Thu, 17 Feb 2022 15:26:35 +0100
Ondřej Surý wrote:
...
> This is part of the problem - debugging on Windows is extremely painful and
> requires expertise with extremely high learning curve.
>
> --
> Ondřej Surý — ISC (He/Him)
I wonder if difficult debugging is deliberate -- it would
Hi Mark, and others,
Op 25-10-2021 om 23:58 schreef Mark Andrews:
On 26 Oct 2021, at 08:02, Paul van der Vlis wrote:
Hello,
I've made some progress..
Op 24-10-2021 om 21:39 schreef Paul van der Vlis:
(...)
I've tried to specify the "key-directory" in the bind configuration,
Hello,
I've made some progress..
Op 24-10-2021 om 21:39 schreef Paul van der Vlis:
(...)
I've tried to specify the "key-directory" in the bind configuration, but
when I do that I get an error during "rndc reload", so I cannot specify
a key-directory. This is Bind 9.
11.
What do I wrong?
Does somebody know a good howto to get this working? I use now this:
https://certbot-dns-rfc2136.readthedocs.io/en/stable/
but in my opinion it's not complete enough.
With regards,
Paul
--
Paul van der Vlis Linux systeembeheer Groni
On Tue, 6 Jul 2021 12:44:15 +
"MURTARI, JOHN" wrote:
> Folks, let me add my desire for a quick download dig supporting DoH. It
> could really help with some testing, some ready stuff for Ubuntu 18/20,
> Redhat/CentOS, could make a lot of people happy. Maybe the libs included
> and we
It ought to be possible to write a front-end to listen on the standard control
channel and only forward (properly-keyed) 'status' requests to the "real" port
that BIND listens to.
>From looking at the RNDC exchange via Wireshark however, you'd have to adapt
>some of BIND's code that does the
The site mxtoolbox.com has a suite of tools to check your DNS, email and Web
servers from the outside. They're easy to use and might turn up something.
On Fri, 11 Jun 2021 09:10:32 -0700
techli...@phpcoderusa.com wrote:
> Hi,
>
> The two domains I am working with on my SOHO home server are 1)
On Fri, 4 Jun 2021 13:58:40 -0700
Gregory Sloop wrote:
> This feels a lot like responding to trolls, but I'll instead assume that
> you're asking (or making a point) in good faith.
>
> So, we'll stipulate that - you're actually interested in truth and knowledge.
>
> So, it's easily compiled
If you can have BIND log directly to a file, couldn't you use a FIFO
(prwxrwxrwx) or Unix domain socket (srwxrwxrwx) and avoid the disk I/O by
sending the log data directly to the forwarder? (E.g., Pulse Audio listens on a
socket for audio data from an application, and sends it in real-time to
Actually, it's in keeping with the *original* definition of hacking!
On Sun, 9 May 2021 23:55:13 -0600
@lbutlr wrote:
> On 06 May 2021, at 09:57, Dennis Clarke via bind-users
> wrote:
> > I do NOT trust a build result where I had to go hacking into all the
> > Makefiles just to get it to
A couple of years ago, I tried using nsupdate to modify a dynamic (DHCP) IP
address for my very simple domain. It worked, except that it totally messed up
the organization of the zone file. Since the file only has 44 active lines
(which are organized logically), I maintain it by hand. After
, but they all were on Apr 13 (and near your times).
==
On Tue, 13 Apr 2021 15:23:20 +0100 (WET-DST)
Peter Coghlan wrote:
> Hi Paul,
>
> Many thanks for your reply. Yours is exactly the sort of reply I was hoping
>
Interesting observation. I just did lookups on 4 recent (< 24 hrs ago)
'sl/ANY/IN' queries logged by our BIND and got:
2 Comcast cable IPs (hsd1.tx.comcast.net and hsd1.ma.comcast.net)
1 OVH Hosting IP (Montreal)
1 Afranet IP (Tehran!)
The whois info for the OVH IP contains the line:
We also get *lots* of suspicious queries of the same kind, from various
privileged and unprivileged ports, which I'm pretty sure are DDoS attempts. For
example:
12-Apr-2021 23:44:17.767 security: info: client 107.213.131.17#80 (sl): query
(cache) 'sl/ANY/IN' denied
12-Apr-2021 23:44:19.477
Well said!
On Mon, 29 Mar 2021 16:11:54 +0100
Tony Finch wrote:
> alcol alcol wrote:
>
> > seriously? is like linux/unix FAQ
>
> Please, if you can't be helpful, don't reply at all. We all have to learn
> somehow, and the best way to show your knowledge is to share it generously.
>
>
Bruce, indeed the named is in
/Applications/Server.app/Contents/ServerRoot/usr/sbin/named.
> On Mar 26, 2021, at 12:20 PM, Bruce Johnson
> wrote:
>
>
>
>> On Mar 26, 2021, at 9:17 AM, Paul Cizmas wrote:
>>
>> Ondrej:
>>
>> Thank you - I in
’ and it is
/Applications/Server.app/Contents/ServerRoot/usr/sbin/named
When I ran rndc status I got
~$ rndc status
rndc: error: open: /Library/Server/named/rndc.key: permission denied
rndc: could not load rndc configuration
Thank you,
Paul
> On Mar 26, 2021, at 1:44 PM, Tony Finch wrote:
>
o, why is it still 9.9.7-P3?
Thank you,
Paul
> On Mar 26, 2021, at 9:25 AM, Ondřej Surý wrote:
>
> $ brew info bind
> bind: stable 9.16.13 (bottled), HEAD
> Implementation of the DNS protocols
> https://www.isc.org/bind/
> Not installed
> From: https://github.com/Homebrew/h
Ondrej:
I did not think of doing it. Let me try. Thank you for your suggestion!
Paul
> On Mar 26, 2021, at 2:04 AM, Ondřej Surý wrote:
>
> Paul,
>
> why don’t you just install BIND 9 from Homebrew?
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My wor
-proctitle.lo] Error 1
> On Mar 25, 2021, at 10:58 PM, Larry Stone wrote:
>
> I’ve been building BIND on MacOS for years (currently on Catalina but has
> worked on almost the entire Mac OS X series.
>
>>
>> On Mar 25, 2021, at 7:50 PM, Paul Cizmas wrote:
>&
Eddy, I fully agree with you. I wish I could do it. Unfortunately I failed to
install libuv from scratch and I took a shortcut by using homebrew (and now I
am paying for it, as I should).
Paul
> On Mar 25, 2021, at 11:05 PM, Eddy Hahn wrote:
>
> I do not use either of them because
I did use homebrew. It installed libuv 1.41.0 without any complaints. Is
there something I could do to manually point BIND to libuv?
Thank you,
Paul
> On Mar 25, 2021, at 10:12 PM, Mark Andrews wrote:
>
> libuv discovery requires pkg-config to be found. macports/homebrew
read_np.h... no
checking for libuv... checking for libuv >= 1.0.0... no
configure: error: libuv not found
I have libuv installed, however. It is version 1.41.0.
I would appreciate any suggestions on how to fix this.
Thank you,
Paul
___
Please
Is there another command I should issue to stop BIND?
Thank you,
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Con
Our DMARC Policy has been "p=quarantine" since 30 Jun 2019, so I guess it won't
affect us. (It was "p=none" before that -- we only started using DKIM in Apr
2017.)
On Tue, 16 Feb 2021 20:54:30 + (UTC)
Dan Mahoney wrote:
> Greetings bind-users netizens.
>
> Dan Mahoney, ISC SysAdmin
the interface to be reactivated (if
it's a privileged port issue).
Just brainstorming.
Paul
On Fri, 12 Feb 2021 18:33:21 -0500
bindus...@prograde.net wrote:
> Greetings,
>
> I’ve been fighting a two-fold problem with named (bind 9.16.11) running on
> macOS.
>
> 1: If an ethern
I don't think tcpdump was installed by default with various versions of Debian
that I set up in the last few years for networking. I didn't bother to install
it, as it's output is different enough (old fashioned?) from the sharks to be
annoying. It *was* installed with OpenSuSE 15.2 though.
I rather prefer tshark to tcpdump: it's essentially the command line version of
wireshark, and thus has wireshark's protocol "dissecting" abilities.
On Wed, 10 Feb 2021 22:20:08 +
"John W. Blue via bind-users" wrote:
> Three words: tcpdump and wireshark
>
> It is like peanut and jelly
Do you know about mxtoolbox.com? It (and other similar sites) does a good job
of diagnosing DNS-related problems. I use it now and then to check out my own
sites, as it gives a "second opinion".
In particular its "DNS Lookup' function reported the following for
"internet-dns1.state.ma.us"
It sounds to me like dnssec-verify is sending the output in question to STDERR
instead of STDOUT.
On Sat, 06 Feb 2021 19:02:28 +
Matthew Richardson wrote:
> I have been using Perl to do a reasonable amount of scripting, running bind
> utilities and processing the results into variables.
of "Received:" headers. This would indicate that the duplication was caused by
an intermediate MTA. (The one I previously indicated was mx.pao1.isc.org, which
is the one and only MX for lists.isc.org.)
-Paul K.
On Tue, 24 Nov 2020 22:46:06 -0500
Jim Popovitch via bind-users wrote:
t 21:56 -0500, Paul Kosinski via bind-users wrote:
> > I've been getting two identical copies of recent posts to this list...
>
> Me too, but it's because of people hitting reply-all thinking that they
> are replying to the list and the poster. People really need to verify
> who
I've been getting two identical copies of recent posts to this list
(such as this item). This only started happening in the past 24 hours
or so. Is anyone else seeing this?
Upon examination of the headers of the two copies, it looks like ISC's
list-servers are doing the duplication.
(The first
With regard to using chroot, hasn't named/BIND long had the "-u" (user)
and "-t" (directory) options to accomplish the same thing more easily?
On Fri, 16 Oct 2020 12:47:35 -0500
Chuck Aurora wrote:
> /me catching up on earlier parts of this thread,
>
> On 2020-10-15 11:42, alcol alcol wrote:
The article is from 2016, probably before DNSSEC become so widespread.
But I would guess that their current overall approach is not a radical
departure from what was outlined in the article.
On Tue, 23 Jun 2020 13:41:18 +0200
Alessandro Vesely wrote:
> On 2020-06-05 9:29 p.m., Paul Kosin
A very interesting article on how China uses DNS (among other things)
to "control" Internet usage.
https://blog.thousandeyes.com/deconstructing-great-firewall-china/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
rharolde> Thanks for the link. Lots of pieces to get working there. Not
rharolde> nearly as simple as TSIG. But good if you are already using
rharolde> Kerberos.
MS active directory is kerberos under the hood. You don't need to run a
classic mit/hesiod KDC to get GSS-TSIG to work. But it is
ernet connection"
>
> > Even if your ISP allows it, chances are that other mail servers will reject
> > it
>
> that's a completl different story
>
> > On 5/2/20 3:30 PM, Paul Kosinski via bind-users wrote:
> >> How many ISPs allow traffi
How many ISPs allow traffic on port 25? My impression is that even many
(non-enterprise) business customers can't use port 25.
On Sat, 2 May 2020 09:28:54 +0200
Reindl Harald wrote:
> Am 02.05.20 um 09:00 schrieb Michael De Roover:
> > That's actually my biggest concern with DoH, ISP blocking.
I was pleased that I was able to get our two (successive) ISPs to set
up reverse DNS for our small number of IP addresses, and each twice to
change them when they moved us to moved us to new IP ranges (due to the
IPv4 crunch). It never even occurred to me that it might be possible to
have them
134.0.217.53#27016 (WWw.imENT.cOm):
query: WWw.imENT.cOm IN A -E (216.55.100.245)
Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.69#23417 (WWw.IMeNt.cOM):
query: WWw.IMeNt.cOM IN A -E (216.55.100.245)
Thanks,
Paul Kosinski
___
Please visit https
"... long ago adapted to using full numbers, including area codes, for
pretty much *all* phone dialing ..."
Except that that proved to be so onerous that people often use "speed
dialing" for commonly dialed numbers. (Not to mention the fact that
people usually address their friends and coworkers
he PTR lookup result of such a
group's external IP address, although unique, is usually not suitable.
Most can change without notice due to DHCP, and they also tend to be
something unworkable, like "c-66-31-152-1.hsd1.ma.comcast.net.".
On Mon, 30 Sep 2019 09:35:57 -0600
Paul Ebersman wrote:
pemensik> I am aware search is a no-no in DNS community. However, is
pemensik> there any public documentation to this change? Is there RFC
pemensik> recommending not to use search or how it should be used,
pemensik> related to today's top level domains?
pemensik> While I agree it is dangerous,
Testing how lists.isc.org handles DMARC "Quarantine" (and "Reject")
policy. The enterpr...@mozilla.org mailing list forwards such email in a
way that some recipients choke on it (i.e., can't validate it).
___
Please visit
A *bank* not using DNSSEC?? Glad I don't have any money there.
On Sun, 16 Jun 2019 14:00:36 +0100 (BST)
"G.W. Haywood via bind-users" wrote:
> Hi there,
>
> On Sun, 16 Jun 2019, Mark Andrews wrote:
>
> > The servers for this zone are broken, they do not respond to
> > queries with DNS
from the GLTD to comcast’s DNS I even got, dig:
couldn't get address for 'dns101.comcast.net': no more at one point. Although
now it seems to be back to normal, not sure what to make of it.
Thanks for your reply Bob.
Paul
a
;; Query time: 26 msec
b
;; Query time: 172 msec
t.net': no more" so I doubt
it's a dig version issue.
Paul
;; Received 239 bytes from 192.5.6.30#53(192.5.6.30) in 32 ms
net.172800 IN NS k.gtld-servers.net.
net.172800 IN NS b.gtld-servers.net.
net.172800
DNS server tried
doing a new query it timeout on GTLD server to Comcast?
When I query directly to their DNS servers there is no latency, so I suspect
this is a link issue at Comcast affecting DNS?
TIA paul
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> @1
?
On Mon, 4 Mar 2019 19:30:36 +0100
Matus UHLAR - fantomas wrote:
> >On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
> >> provides our users with general caching DNS service for
> >> all other domains.
> >
> >[...]
> >
> >> Its "named.conf"
Op 05-03-19 om 16:32 schreef Matus UHLAR - fantomas:
>>> On 05.03.19 14:41, Paul van der Vlis wrote:
>>>> This was a long time ago. In the meantime I have rebooted the server.
>>>>
>>>> What I see, is that the resolving does not work from othe
Op 05-03-19 om 15:21 schreef Matus UHLAR - fantomas:
>>> On 05/03/2019 01:01, Paul van der Vlis wrote:
>>>> Not sure. It was a domain used for testing purposes.
>>>>
>>>> Before it was in /etc/bind/named.conf.local, but I removed it from
>>
Op 05-03-19 om 11:51 schreef Anand Buddhdev:
> On 05/03/2019 01:01, Paul van der Vlis wrote:
>
>> Not sure. It was a domain used for testing purposes.
>>
>> Before it was in /etc/bind/named.conf.local, but I removed it from there.
>
> Did you run "rn
s zone added via "rndc addzone" originally?
Not sure. It was a domain used for testing purposes.
Before it was in /etc/bind/named.conf.local, but I removed it from there.
With regards,
Paul van der Vlis
> Regards,
>
>
> Jie
>
> * Paul van der Vlis wrote:
>
/cache/bind# rgrep extensus.nl /var/cache/bind
Binary file /var/cache/bind/_default.nzd matches
I've also tried to add and remove it again, but I don't get it away.
Somebody an idea?
With regards,
Paul van der Vlis
--
Paul van der Vlis Linux systeembeheer Groningen
https
We have a BIND server on our LAN which is authoritative for our ".local"
domain and also provides our users with general caching DNS service for
all other domains.
Its "named.conf" file doesn't list any "forwarders" any more, and
"forward-only" is gone, but it still has a leftover "recursion yes"
I haven't analyzed the details and pitfalls, but could a Web proxy
mechanism of some sort be of help? In particular, rather than having
your users directly access "teamviewer.org" (or whatever), have them to
access "teamviewer.local", which is resolved by your internal DNS to a
specialized proxy
I recently updated a couple servers that were running OpenBSD 6.3 with
bind 9.11.3 to OpenBSD 6.4 and bind 9.11.4pl2. Since then, I'm been
getting a large number of "error sending response: would block" log
messages:
Nov 15 11:03:58 lisa named[79587]: client @0x6f2f02bc440
10.128.30.77#65198
Maybe port scanners will find open ports pretty quickly, but I've found
that using non-standard ports is helpful in reducing traffic, at least.
For example, SSH on port 22 gets lots of SYNs but moving it elsewhere,
and making 22 totally unresponsive discourages most such attempts. This
increases
Code refactoring is nothing compared to what Mozilla did to Firefox!
It's hard to believe they didn't change the name, given that they
totally changed the add-on interface and thereby removed so many of the
features that made Firefox our browser of choice.
On Thu, 20 Sep 2018 09:48:08 +0100
Hi Tony,
Thanks for your answer!
Op 23-08-18 om 18:40 schreef Tony Finch:
> Paul van der Vlis wrote:
>>
>> Is it possible to sign the ZSK key permanently with the KSK key?
>> In this way I could keep the KSK key offline.
>
> The only(*) revocation mechanisms in DNS
Hello,
Is it possible to sign the ZSK key permanently with the KSK key?
If yes: how to do that?
In this way I could keep the KSK key offline.
With regards,
Paul van der Vlis
--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl
t, 18 Aug 2018 20:12:01 +0200
Reindl Harald wrote:
>
>
> Am 18.08.2018 um 20:02 schrieb Paul Kosinski:
> > When I started using Linux almost 20 years ago, I think there was
> > only nslookup, and no dig. So by habit, I tend to use it unless the
> > extra power of dig ou
When I started using Linux almost 20 years ago, I think there was only
nslookup, and no dig. So by habit, I tend to use it unless the extra
power of dig outweighs its extra complexity. I don't remember what I
used on Windows back when I was regularly using both.
On Sat, 18 Aug 2018 11:42:20
We have a couple of small domains whose DNS is served by BIND on our dedicated
machines. Almost 3 years ago we had set up DMARC records, and were getting
reports from various MXs every day until a couple of days ago (Aug 13). Then
they suddenly stopped!
Nothing in the BIND config or zone files
We do something somewhat similar with our LAN. We have a new cable
connection and an old DSL connection. The cable is 60x faster, but has
a dynamic IP and blocks various ports (esp. 25), so we keep the DSL so
we can send email directly etc.
Obviously, we don't want to stream video or even do much
Most of your replies seem not to address the (immediately
preceding) paragraph they appear to be responding to.
On Mon, 25 Jun 2018 22:15:07 +0200
Reindl Harald wrote:
>
>
> Am 25.06.2018 um 22:01 schrieb Paul Kosinski:
> > Somebody who has irresponsibly (and apparently want
assisting in the attack,
and should be contacted and asked to help in the remediation. (Note
that *their* resources, as well as yours, are being wasted.)
On Mon, 25 Jun 2018 17:47:23 +0200
Reindl Harald wrote:
> Am 25.06.2018 um 17:37 schrieb Barry Margolin:
> > In article ,
> &
esn't come until after
the connection is established.)
On Mon, 25 Jun 2018 15:32:44 +0200
Reindl Harald wrote:
>
>
> Am 25.06.2018 um 05:39 schrieb Paul Kosinski:
> > Is it possible to get BIND not to respond at all, thereby causing
> > a timeout on the query? That woul
Is it possible to get BIND not to respond at all, thereby causing
a timeout on the query? That would perhaps reduce load more than
NXDOMAIN or deleting the sone(s) would.
On Mon, 25 Jun 2018 00:03:09 +0200
jo...@hasig.de wrote:
> yes, but it minimizes the use of resources because the only
?), and ensure we
can still meet the contracted SLAs. Basically it's a lot of work (+ cost) just
to "sort out" this Sophos mess.
I'd rather Sophos did their stuff over a separate TCP or UDP port rather than
hijacking DNS, but doubt they will listen to "little old me"
. :-(
From: Tony Finch <d...@dotat.at>
Sent: 17 May 2018 12:34
To: Paul Roberts
Cc: bind-users@lists.isc.org
Subject: Re: BIND srtt algorithm not working as expected
Paul Roberts <p...@callevanetworks.com> wrote:
> After doing some more packet captures, it l
. I wish the anti-virus vendors
would consider the impact they are having on corporate DNS environments and
re-think how they implement their reputation lookups, it must be the cause of
some pretty serious ouages. :-(
Cheers,
Paul
___
Please visit
this because the slow responses back from the UK are
impacting application performance for users in HK?
We need to keep the UK servers as part of the configuration for
failover/redundancy, removing them is not an option.
Thanks,
Paul
Paul Roberts
Calleva Networks Ltd.
Email: p...@callev
Setting the permissions of a *private* key to 0644 sounds like a bad
idea. Maybe you mean 0640?
On Fri, 2 Mar 2018 23:28:28 +
"Prof. Dr. Michael Schefczyk" wrote:
> Dear Mark,
>
> I did get the issue resolved while setting up a test environment.
>
> The issue is
s]
[-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file]
For more explanation, look at:
https://kb.isc.org/article/AA-01249/0/UDP-Listeners-choosing-the-right-value-for-U-when-starting-named.html
On Thu, 22 Feb 2018 01:50:22 +
"PENG, JUNAN" <jp2...@att.com> w
Could it be that you're network limited?
In any case, the values of the following parameters may be illuminating
(they may be obtained via "rndc status").
CPUs found
worker threads
UDP listeners per interface
For example, my very lightly loaded authoritative server reports:
version:
Speaking of units, University of Chicago Professor Nicholas Metropolis
(who had been one of the original Manhattan Project scientists at Los
Alamos) remarked that the standard lecture period of 50 minutes lasted
approximately 1 Micro-Century.
On Fri, 2 Feb 2018 17:00:10 -0500
Warren Kumari
Michelle (and others who may be interested),
I have found mxtoolbox.com to be helpful in diagnosing DNS and related
problems. It is able do all kinds of DNS lookups from *outside* your
domain so you can see what your normal Internet users see. It will do
basic stuff (manually initiated) for free,
strings of characters, but rather follow certain
linguistic statistics.)
On Thu, 9 Nov 2017 17:56:03 +0100
Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 09.11.2017 um 15:55 schrieb Paul Kosinski:
> > Exact matching needs a search algorithm too
>
> no
1 - 100 of 290 matches
Mail list logo