Re: ho to filter hundeds of domains ?
Normal web filtering software that auto updates is a better approach. Using Bind with a manual list of domains to try to achieve this is like trying to kill an ant hill 1 ant at a time -- Sent from my Android phone with K-9 Mail. fddi f...@gmx.it wrote: On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: On Thu, Aug 30, 2012 at 03:16:32PM +0200, fddi f...@gmx.it wrote a message of 15 lines which said: Actually many telephone companies in the world are doing this, They're wrong politically (censorship) and they're wrong technically (see O'Reilly's answer). Copying telephone companies is not a good idea for the Internet :-) I know but usually people does not work for the internet they work for a company and have to do what companies asks if you care to have a job... no problems anyway, I agree with your view. Rick _ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ho to filter hundeds of domains ?
On 8/30/2012 8:46 AM, wbr...@e1b.org wrote: Russell Jones wrote on 08/30/2012 09:39:17 AM: Normal web filtering software that auto updates is a better approach. Using Bind with a manual list of domains to try to achieve this is like trying to kill an ant hill 1 ant at a time There are several sources of RPZ data such as Spamhaus and SURBL. Both are respected sources of spam filtering data. (Disclosure: My employer subscribes to both for spam filtering, I have no financial stake) Oh I know, I use spamhaus myself for spam filtering - catches a ridiculous amount of spam. It is my understanding though the OP wants to filter domains for NSFW web browsing, not spam - specifically gambling sites. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Typical Bind slave failure scenario - What happens and when?
Bind 9.7 on CentOS 6.2 Hi all, I am attempting to recreate a failure scenario of a slave server that cannot contact its master for a zone. I am having a difficult time following the log entries of what is occurring due to Bind not seemingly following the SOA definitions for the zone. I have the following set on this test zone: example.com IN SOA dns1.example.com. root.dns1.example.com. ( 2012071914 ; serial 60 ; refresh (1 minute) 30 ; retry (30 seconds) 120; expire (2 minutes) 86400 ; minimum (1 day) ) I am running into the following issues: * The refresh time seems to be ignored. Even though it is set at 60 seconds, it seemed to poll the master server somewhere between 3 and 5 minutes. I had to define max and min refresh time in /etc/named.conf to get it to respect this time. Is there some internal limit to how low of a setting Bind will allow in some of the SOA definitions? I was unable to find a minimum limit for this when Googling :-) * I am seeing the following messages when it fails to contact the master (as expected). Only problem is after it sends this message I am not seeing an attempt to contact the master every 30 seconds as I am interpreting the retry limit to mean: o zone example.com/IN: refresh: retry limit for master 10.32.69.1#53 exceeded (source 0.0.0.0#0) Am I misunderstanding what Bind will log and attempt to do with the retry limit? Is there any documentation outlining what will actually occur, and when, with a slave server when it cannot contact a zone's master for updates? Thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users