In message ,
Stephane Bortzmeyer wrote:
>Doing this sort of survey on the wild (and wide) Internet leads
>rapidly into a deep rabbit hole :-)
>
>If you go that way, one may also add to the requirments: "test the
>name servers returned, to see if they actually reply (and with bit
>AA)".
Yes.
In message <20210909103322.ga27...@fantomas.sk>,
Matus UHLAR - fantomas wrote:
>On 09.09.21 03:20, Ronald F. Guilmette wrote:
>>I don't want and don't need SOA records. I want and need only the relevant
>>NS records.
>
>server in some cases send the SOA.
Yes. I a
In message ,
Stephane Bortzmeyer wrote:
>On Tue, Sep 07, 2021 at 10:48:57AM -0400,
> Matthew Pounsett wrote
> a message of 32 lines which said:
>
>> Yeah, you can pretty reliably get the answer in one or two steps by
>> requesting the NS set for the FQDN. You'll either get your answer, or
>>
In message
Matthew Pounsett wrote:
>On Tue, 7 Sept 2021 at 03:45, Stephane Bortzmeyer wrote:
>
>> The only solution is chasing the delegations from the root (which is
>> what dig +trace is doing). Caching speeds it, this is why it is
>> better to go through your resolver than using dig +trace.
In message ,
Stephane Bortzmeyer wrote:
>> I know that I can get this information by using "dig +trace", but that seems
>> to be rather slow to me (wall clock time), and I want to be doing
>> this a lot.
>
>The only solution is chasing the delegations from the root (which is
>what dig +trace is
Greetings all,
Please forgive me if this question is a bit off-topic for this list.
I can be sure if it is or isn't until I get the answer.
My question is rather a simple one. Given some FQDN `D' and given
some DNS record type 'T' (e.g. either A or or perhaps even PTR) does
there exist
In message ,
Anand Buddhdev wrote:
>On 21/06/2019 22:01, Ronald F. Guilmette wrote:
>> I'll switch to using the 9.14.3 or 9.15.0 dig command as soon as possible.
>> Until then I have a nice temprary workaround, which is to just append
>> @a.root-servers.net to my dig +tr
In message ,
Anand Buddhdev wrote:
>On 21/06/2019 04:55, Ronald F. Guilmette wrote:
>
>> What is it about unbound/local-unbound that makes it not plug and play well
>> with dig +trace? What is it that Google's public name servers are doing
>> that a local run
In message <4e8f2e2c-7571-44dd-b012-57543debd...@ncartron.org>,
Nico Cartron wrote:
>Are you sure it's not your setup?
>I have plenty of dig running on FreeBSD (with bind-utils 9.14) and also
>Debian and they work just fine.
You know what? I think we may both be right.
Checking now, I think I
In message <9ba154cc-2272-46ec-a793-47ff31dca...@arin.net>, you wrote:
>Hi Ronald,
>You usually need to reinstall packages and ports after you do a major
>version upgrade to FreeBSD.
I guess that I did not make myself clear. Everything on this system is
freshly installed, from scratch.
I have
I just recently "upgraded" my old FreeBSD system to the latest, 12.0
release. Now, something that used to work doesn't seem to work anymore,
specifically "dig +trace" seems to no longer function at all.
Example:
% dig +trace -x
In message <20180321055215.jm3ybhkz4vqgs...@mycre.ws>,
Robert Edmonds wrote:
>{... long explanation of why things are as they are, snipped...}
Thanks for all this Robert. I guess it all makes sense. I just
loath complexity. But sometimes it is unavoidable.
>If you are
In message ,
Tony Finch wrote:
>BIND9 was a new codebase with very different internal library APIs, and an
>ambition to completely revamp the libc -> resolver interface - this is
>what the lwresd stuff was about. But no
In message <20180320205558.23ld7b2orcfky...@mycre.ws>,
Robert Edmonds wrote:
>Rick Dicaire wrote:
>> For libbind9, https://packages.ubuntu.com/trusty/libbind9-90
>
>You would also need the ".so" symlink in order to link with -lbind9,
>which is in this package:
In message <20180320205115.wanrlpfisxx6g...@mycre.ws>,
Robert Edmonds wrote:
>It should be in the SYNOPSIS section :-)
>
>http://manpages.ubuntu.com/manpages/trusty/en/man3/resolver.3.html
>...
>Link with -lresolv.
Doh! yea. You're right. It's right there.
In message <20180320193041.d2bwvgkgyvqem...@mycre.ws>,
Robert Edmonds wrote:
>> I am porting some code of mine from FreeBSD to this Ubuntu system
>> and I'm getting the following unresolved symbols at link time:
>>
>> __res_query
>> __res_mkquery
>> __res_send
>>
Apologies in advance to all. I am probably just making some
bonehead mistake or small typo, but...
Can someone please instruct me as to the proper way to link to
libbind9 on Ubuntu 14.02 LTS?
I am porting some code of mine from FreeBSD to this Ubuntu system
and I'm getting the following
Regarding the _res structure and the resolver library res_send()
function...
I have been unable to find any clear statement on the exact semantics
of the .retrans and .retry fields of the _res structure, specifically
with respect to the res_send() function.
The man page for resolver(5) seems to
In message <56796.1464377...@server1.tristatelogic.com>, I wrote:
>Over the past week or more, I have occasionally tried to drop
>in and read the forum discussions on this one particular site:
>
> www.amlinuxmedia.com
>
>Strangely, my own local name server seems to be able to resolve
>that name
Over the past week or more, I have occasionally tried to drop
in and read the forum discussions on this one particular site:
www.amlinuxmedia.com
Strangely, my own local name server seems to be able to resolve
that name only intermittently. First it resolved OK, then it doesn't
for awhile,
In message alpine.lsu.2.00.1409291026090.18...@hermes-1.csi.cam.ac.uk,
Tony Finch d...@dotat.at wrote:
Ronald F. Guilmette r...@tristatelogic.com wrote:
To be more specific and concrete about it, here is a small
example Perl program I wrote:
ftp://ftp.tristatelogic.com/pub/punybug.pl
My apologies if this question might also be considered a bit
off-topic for this list.
Is the maximum possible size of a DNS packet (just the payload part...
not including IP and UDP headers) 64k bytes?
I have some old code which assumes that, perhaps incorrectly.
My apologies for my earlier, arguably off-topic questions.
Now I have a real honest-to-goodness BIND question.
I have the following simple zone file installed as test0.tristatelogic.com:
===
$TTL 3600
@ IN SOA
Is it possible to use dig to AXFR the root zone? I mean without having
any special foreknowledge of which specific root zone servers will and
will not accept the AXFR request? If so, how would I do that, exactly?
I tried this:
dig . axfr
but I just got back a Transfer failed error
In message 54287c3f.60...@ripe.net,
Anand Buddhdev ana...@ripe.net wrote:
... Unlike other query types, an AXFR is not recursively
looked up by a resolver.
Ah! Ok. That certainly explains the failure then. Thank you for
enlightening me!
P.S. Strangely, this rather different query _does_
In message 54288592.6030...@staticsafe.ca,
staticsafe m...@staticsafe.ca wrote:
I suggest using:
xfr.lax.dns.icann.org
xfr.cjr.dns.icann.org
As mentioned on http://www.dns.icann.org/services/axfr/.
Oh! Excellent! This is *exactly* what I needed! Thanks ever so
much.
Regards,
rfg
In message 54289195.2070...@ripe.net,
Anand Buddhdev ana...@ripe.net wrote:
If you wanted your script to be robust, then you would program it with
the names of all 13 root name servers, and have it try the zone
transfers from a random server each time, and trying another one in case
of failure.
I hope this post won't be considered too far off topic.
I've already sent this same question off to the guy who is the
current maintainer of the Net::IDN::Punycode Perl module, but
while I'm still impatiently awaiting his response I'm thinking
that maybe folks here could enlighten me.
In a
For a special project, I need to be able to create resource
records within a BIND zone file where some of the domain
labels in some of the FQDNs on the left-hand-side will need
to be either (a) literal asterisks or else (b) literal
exclamation marks.
What's the most proper way to do this? Can I
In message 20140927122322.ga4...@totoro.home.mukund.org,
Mukund Sivaraman m...@isc.org wrote:
On Sat, Sep 27, 2014 at 04:31:07AM -0700, Ronald F. Guilmette wrote:
For a special project, I need to be able to create resource
records within a BIND zone file where some of the domain
labels
In message 20130614050625.850cf35e5...@drugs.dv.isc.org,
Mark Andrews ma...@isc.org wrote:
In message 15120.1371179...@server1.tristatelogic.com, Ronald F. Guilmette
writes:
* Large numbers of ISPs claim they implement BCP 38.
I claimed that I was Charlie Chaplin once. Unfortunately
In message 51baa714.9020...@dougbarton.us,
Doug Barton do...@dougbarton.us wrote:
It's obvious you're frustrated (understandable), and enthusiastic
(commendable), but you might want to consider dialing down your
rhetoric a bit.
Great idea! I have only one small question... Would you be
In message 51b991f7.9070...@imperial.ac.uk,
Phil Mayers p.may...@imperial.ac.uk wrote:
On 06/13/2013 06:31 AM, Ronald F. Guilmette wrote:
2) Has anyone ever proposed adding to the DNS protocol something vaguely
reminicent of the old ICMP Source Quench? If so, what became of that
proposal
In message 51b9fb6a.1090...@tiggee.com,
David Miller dmil...@tiggee.com wrote:
This could lead to wrong headed statements like, Yes, we sent X GB of
traffic at your network.
Yes.
Last night I reconsidered at some length the scheme I put forward yesterday.
(Please note that I am very
In message 201306131753.r5dhrwon093...@calcite.rhyolite.com,
Vernon Schryver v...@rhyolite.com wrote:
I think that the use of RRL on some roots shows that keeping state
is not a problem if the state keeping is not utterly stupid.
(I'm not sure what, if anything, I should be reading into that
In message 51ba355b.10...@dougbarton.us,
Doug Barton do...@dougbarton.us wrote:
No. You can still get pretty good amplification with 512 byte responses.
That is an interesting contention. Is there any evidence of, or even any
reasonably reliable report of any DDoS actually being perpetrated
In message 20130614004155.72013.qm...@joyce.lan,
John Levine jo...@iecc.com wrote:
The real solution is BCP 38...
I agree completely John. I cannot do otherwise. But I have to ask the
obvious elephant-in-the-room question... How is that comming along so far?
Maybe we could find worse ways
In message 20130614020930.c1c1c35e2...@drugs.dv.isc.org,
Mark Andrews ma...@isc.org wrote:
Well the process has started. BCP 38. If you want hurry it along
complain to your local politician that they need to consider drafting
legislation that requires ISP's to implement BCP 38 in their
In message 20130614022305.72272.qm...@joyce.lan,
John Levine jo...@iecc.com wrote:
The real solution is BCP 38...
I agree completely John. I cannot do otherwise. But I have to ask the
obvious elephant-in-the-room question... How is that comming along so far?
Based on discussions I've had
In message 20130614023140.7735d35e2...@drugs.dv.isc.org,
Mark Andrews ma...@isc.org wrote:
* Router manufactures have code to support BCP 38 though it defaults to off.
Well then, THAT is going to be a great help in solving the problem, isn't it?
* Large numbers of ISPs claim they implement
In message 20130614032434.72450.qm...@joyce.lan,
John Levine jo...@iecc.com wrote:
So, may I infer that rather than being put off until the end of the
century, which seemed to be the previous implementation timeline,
pervasive implementation of BCP 38 may now be expected at around the
time that
I personally have been mad as hell about DNS amplification attacks,
ever since I first had the displeasure of finding myself on the business
end of one back in 2003. In recent days however I've been given reason
to be outraged about them all over again with the news that two organiza-
tions that
In message 39634800-7e01-4878-b1a1-cf384c8a6...@mac.com,
Chuck Swiger cswi...@mac.com wrote:
On Sep 14, 2011, at 5:09 PM, Ronald F. Guilmette wrote:
In message cf550bd6-ba85-4cb3-8b03-e4e1b0829...@mac.com, you wrote:
Sigh: your mail server is blacklisting email from mac.com.
Yes. Sorry
Last night, it appeared to me that nslookup was resolving the name
graphiteops.com to IP address 72.52.4.95.
Today however it is no longer doing that, reporting instead:
% 127.0.0.1
Address:127.0.0.1#53
Non-authoritative answer:
graphiteops.com canonical name = graphiteops.com.
In message 7d9b265c-36bf-40c1-9012-ac0a96fb8...@sackheads.org, you wrote:
On Sep 14, 2011, at 4:35 PM, Ronald F. Guilmette wrote:
Is there a rule that says how a resolver should behave in cases where
there is both an A record and also a CNAME record for the same FQDN?
Which one should take
, please le me know via the contact form on
my web site.)
Anyway, on-list replies are OK, I think. I mean it's not like any of
this is in any way off topic.
On Sep 14, 2011, at 2:27 PM, Ronald F. Guilmette wrote:
The second part however seems to go more to my question, which is What is
the resolver
When called, res_query must be passed the base address of a buffer
(`answer'), and the maximum length of that buffer (`anslen'). Upon
return, res_query returns the count of bytes bytes actually used in
the target buffer (i.e. the response packet size) or else -1 for errors.
Assuming that one
47 matches
Mail list logo