Re: Question on ISC BIND DNS Server

an. > > > >Can I upgrade BIND DNS Server manually? Will it cause problems with > >Virtualmin / Webmin? > > > I think this is question for webmin/virtualmin, but from what I know about > webmin it tends to edit local configuration, so I guess it will edit primary >

Re: Question on ISC BIND DNS Server

On 22.11.23 23:44, Turritopsis Dohrnii Teo En Ming wrote: I have Virtualmin / Webmin web hosting server control panel. I have 2 Virtual Private Servers in Germany and 1 Virtual Private Server in Japan. Can I upgrade BIND DNS Server manually? Will it cause problems with Virtualmin / Webmin? I

Question on ISC BIND DNS Server

Subject: Question on ISC BIND DNS Server Good day from Singapore, I have Virtualmin / Webmin web hosting server control panel. I have 2 Virtual Private Servers in Germany and 1 Virtual Private Server in Japan. Can I upgrade BIND DNS Server manually? Will it cause problems with Virtualmin

BIND DNS Server named.conf and chroot error after upgrading Virtualmin

Subject: BIND DNS Server named.conf and chroot error after upgrading Virtualmin Good day from Singapore, I have upgraded Virtualmin web hosting control panel Master Server to the following versions on the evening of 1st Nov 2022 Tuesday. Webmin version: 2.001 Virtualmin version: 7.3 Usermin

Re: BIND9 TSIG from Windows Server 2016 DNS Server Zone

On Fri, May 27, 2022 at 3:29 PM Mirsad Goran Todorovac < mirsad.todoro...@alu.unizg.hr> wrote: > Hi Crist, > > 1. Actually, I am running dynamic updates with BIND9 and ISC DHCP server > for about a half a year and I am frankly very happy with the way it works. > This is at the Academy. So, I am

Re: BIND9 TSIG from Windows Server 2016 DNS Server Zone

Hi Crist, 1. Actually, I am running dynamic updates with BIND9 and ISC DHCP server for about a half a year and I am frankly very happy with the way it works. This is at the Academy. So, I am familiar with the dynamic (DDNS) updates. Though there had been some tricky stuff with sub-/24 reverse

Re: BIND9 TSIG from Windows Server 2016 DNS Server Zone

As far as I know, GSS-TSIG is only used for DNS updates, not zone transfers. https://bind9.readthedocs.io/en/v9_16_5/advanced.html#dynamic-update Sorry, don't know what capabilities AD has for securing zone transfers beyond IP ACLs, which of course is not much security at all. I've never had

BIND9 TSIG from Windows Server 2016 DNS Server Zone

Dear all, I have a zone local.grf.hr administered by AD, DHCP and DDNS ran by Windows Server 2016 (not by my architectural choice). However, since Windows Server 2016 had round-robin strategy of inquiring the forwarders, it performed worse than BIND9 on old Debian server. So, I had the

BIND9 TSIG from Windows Server 2016 DNS Server Zone

Dear all, I have a zone local.grf.hr administered by AD, DHCP and DDNS ran by Windows Server 2016 (not by my architectural choice). However, since Windows Server 2016 had round-robin strategy of inquiring the forwarders, it performed worse than BIND9 on old Debian server. So, I had the

BIND9 TSIG from Windows Server 2016 DNS Server Zone

Dear all, I have a zone local.grf.hr administered by AD, DHCP and DDNS ran by Windows Server 2016 (not by my architectural choice). However, since Windows Server 2016 had round-robin strategy of inquiring the forwarders, it performed worse than BIND9 on old Debian server. So, I had the

Re: Failing DNS Server Diagnostic Help Requested

On 13.01.22 14:29, Tim Daneliuk via bind-users wrote: Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE Bind 9.16.24_1 Master out in a cloud server Slave on a physical server with a static IP on Comcast Business Problem: After years of

Failing DNS Server Diagnostic Help Requested

Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE Bind 9.16.24_1 Master out in a cloud server Slave on a physical server with a static IP on Comcast Business Problem: After years of stable behavior, Slave intermittently not resolving

Re: Freezing a Zone vs. Stopping the DNS Server

nd? Would that allow me to make zone changes followed by an *rndc > reload* command? > > Also, is it safe to simply reboot the server after OS updates, or is > it necessary to manually stop the DNS server first? > > Does it matter where in the dynamically updated zone files I insert

Re: Freezing a Zone vs. Stopping the DNS Server

Le 29/09/2021 à 13:41, Frank Kyosho Fallon a écrit : > Hi, > > Occasionally I need to add hosts manually to forward/reverse lookup > zones in BIND 9.16. We also have ISC DHCP. Both are on a Mac Mini > using MacPorts to install. > > Since dynamic updates are continually in progress, I understand

Freezing a Zone vs. Stopping the DNS Server

, or is it necessary to manually stop the DNS server first? Does it matter where in the dynamically updated zone files I insert the new host A record and PTR record? With /etc/hosts I can add hosts on different subnets. To do that in DNS, do I first need to add a reverse zone for the additional subnet

Re: Bind9 version 9.17.12 not starting without different DNS server

Dominik, please create issue in our GitLab (https://gitlab.isc.org/) and include full logs (preferably run named with `-d 99` to get most diagnostic output). Thanks, -- Ondřej Surý (He/Him) ond...@isc.org > On 17. 5. 2021, at 9:13, Dominik wrote: > > Hello, > > yesterday I tried version

Bind9 version 9.17.12 not starting without different DNS server

Hello, yesterday I tried version 9.17.12 because of the new TLS features. My resolv.conf only contains the local resolver 127.0.0.1 and ::1. The problem is that the new Bind9 doesn't start without having an alternative resolver in resolv.conf. It looks like something in the Bind9 startup

Re: Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled

s can be observed when dual-stack enabled > and send both IPV4 and IPV6 DNS server addresses to clients through DHCP or > similar. > > > According to RCF 4472, > > "Note that even though IPv6 DNS resolver discovery is a recommended >procedure, it is not r

Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled

Hi, This is not an issue but just to get ideas from experienced bind resources. Please ignore this question, if it is out of the scope of this mailing thread. Significant number of DNS requests can be observed when dual-stack enabled and send both IPV4 and IPV6 DNS server addresses to clients

Re: Checking if my DNS server are active

Am 12.02.21 um 15:21 schrieb The Doctor via bind-users: Hello, On of my machines in Running Centos 7 / CPanel. It says my primary and secondary DNS are not active intern or public nameservers? query-source address 192.168.81.1 port 53; don't do that! listen-on

Checking if my DNS server are active

queries_log; }; // // This logging category will only emit messages at debug levels of 1 or // higher - it can be useful to troubleshoot problems where queries are // resulting in a SERVFAIL response. // category query-errors {query-errors_log; }; }; And then some zone files. Is the above correct

Re: [External] Re: How can I launch a private Internet DNS server?

me too, i would understand that on the spamassassin list but not here and > what i *really* don't understand is jumping into the thread with "I just > wanted to comment that there is no requirement to run a secondary DNS > server" > > even if it would not be a requirement (b

Re: [External] Re: How can I launch a private Internet DNS server?

anted to comment that there is no requirement to run a secondary DNS server" even if it would not be a requirement (but it is) it's common sense not to contradict best practices everyone running critical services is following there are enough beginners which don't follow best practic

Re: [External] Re: How can I launch a private Internet DNS server?

On 07-Nov-20 14:06, Tom J. Marcoen wrote: > Having at least two name servers is not a requirement by the RFC > standards but which TLD allows for only one NS server to be given when > hou register a domain? > > On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail > wrote: > >

Re: How can I launch a private Internet DNS server?

*redundant* cluster and the whole backends and automation is homegrown *From:* bind-users on behalf of Kevin A. McGrail I just wanted to comment that there is no "requirement" to run a secondary DNS server.  It's cert

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 20:04 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: On 2020-11-05 07:36, Bob Harold wrote: You appear to have confused 'secondary' authoritative servers with a second 'resolver'. Authoritative servers - listed in the NS records - are used

Re: [External] Re: How can I launch a private Internet DNS server?

Am 07.11.20 um 15:36 schrieb Kevin A. McGrail: On 11/7/2020 9:04 AM, Reindl Harald wrote: first: there *is* a requirement of a secondary nameserver https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the

Re: [External] Re: How can I launch a private Internet DNS server?

Having at least two name servers is not a requirement by the RFC standards but which TLD allows for only one NS server to be given when hou register a domain? On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote: > On 11/7/2020 10:15 AM, Reindl Harald wrote: > > >

Re: [External] Re: How can I launch a private Internet DNS server?

On 11/7/2020 10:15 AM, Reindl Harald wrote: > > https://tools.ietf.org/html/rfc1537 > Common DNS Data File Configuration Errors > > 6. Missing secondary servers > > > It is required that there be a least 2 nameservers > > for a domain. > > - > > that above is common

Re: [External] Re: How can I launch a private Internet DNS server?

On 11/7/2020 9:04 AM, Reindl Harald wrote: > first: there *is* a requirement of a secondary nameserver > https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the technicals tests we perform for delegation changes in

Re: How can I launch a private Internet DNS server?

, 2020 2:03 PM To: bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server? > Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS s

Re: How can I launch a private Internet DNS server?

> Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS server.  It's certainly best practice and should be considered.  However, the goal of having two DNS ser

Re: How can I launch a private Internet DNS server?

7:16 +0200 Jason Long via bind-users wrote: >>>> >>>> Excuse me, I just have one server for DNS and that tutorial is >>>> about secondary >>>> DNS server too. >>> >>> Just skip the chapter about the secondary.  You're better off b

Re: How can I launch a private Internet DNS server?

and that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. Best Ale Is it not a requirement

Re: How can I launch a private Internet DNS server?

> > secondary > > DNS server too. > > Just skip the chapter about the secondary. You're better off buying secondary > DNS services externally. A good secondary offloads your server noticeably, > and > keeps the domain alive in case of temporary failures. > > Best >

Re: How can I launch a private Internet DNS server?

On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: > On 2020-11-05 07:36, Bob Harold wrote: > > You appear to have confused 'secondary' authoritative servers with > > a > > second 'resolver'. > > Authoritative servers - listed in the NS records - are used by > > other > > DNS servers, not by

Re: How can I launch a private Internet DNS server?

On 2020-11-05 07:36, Bob Harold wrote: On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 12:59 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is

Re: How can I launch a private Internet DNS server?

On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: > On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > > A good secondary offloads your server > > noticeably, and > > keeps the domain alive in case of temporary failures. > > AFAIK, authoritative slave servers are only used when

Re: How can I launch a private Internet DNS server?

On Thu 05/Nov/2020 12:59:37 +0100 Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master

Re: How can I launch a private Internet DNS server?

On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > A good secondary offloads your server > noticeably, and > keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down. Lookups take significantly

Re: How can I launch a private Internet DNS server?

On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good secondary

Re: How can I launch a private Internet DNS server?

On Thu 15/Oct/2020 20:59:32 +0200 Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: 2) If you want to run your own DNS nameservers, you will need to buy a book, read the (BIND) Administrator's Reference Manual,

Re: How can I launch a private Internet DNS server?

Am 16.10.20 um 11:34 schrieb Michael De Roover: Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel

Re: How can I launch a private Internet DNS server?

0-15 11:42, alcol alcol wrote: > > A DNS server can exist if you follow NIC instractions. > > Mainly have you a leased line ever on? primary DNS can't be down or > > NIC could down your domain. > > Then you have to install and configure it. Better a fedora core , and &g

Re: How can I launch a private Internet DNS server?

/me catching up on earlier parts of this thread, On 2020-10-15 11:42, alcol alcol wrote: A DNS server can exist if you follow NIC instractions. Mainly have you a leased line ever on? primary DNS can't be down or NIC could down your domain. Then you have to install and configure it. Better

Re: How can I launch a private Internet DNS server?

On 2020-10-16 06:05, Sami Ait Ali Oulahcen via bind-users wrote: I've been looking for a way to implement this on nft or through firewalld, but couldn't find anything comprehensive. So if it does get updated, please let us know :) It won't be by me, for more than one reason (I am no longer at

Re: How can I launch a private Internet DNS server?

On 2020-10-16 04:34, Michael De Roover wrote: Interesting article, thanks for sharing this! I'm slightly confused YW! about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel

Re: How can I launch a private Internet DNS server?

I've been looking for a way to implement this on nft or through firewalld, but couldn't find anything comprehensive. So if it does get updated, please let us know :) On 10/16/20 10:34 AM, Michael De Roover wrote: Interesting article, thanks for sharing this! I'm slightly confused about some

Re: How can I launch a private Internet DNS server?

Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel make a heuristic based on what's in the iptables rule

Re: [External] Re: How can I launch a private Internet DNS server?

On 2020-10-15 14:38, sth...@nethelp.no wrote: I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this

Re: [External] Re: How can I launch a private Internet DNS server?

Simply stateless. Something along the lines of this (iptables): # SSH may be internal only or moved to a different port iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT # Enable DNS on both TCP and UDP iptables -A INPUT -m tcp -p tcp --dport 53 -j ACCEPT iptables -A INPUT -m udp -p udp

Re: [External] Re: How can I launch a private Internet DNS server?

> I would run a firewall even for BIND alone on a box in case the box > gets compromised through BIND. Allowing remote access and DNS, then > dropping everything else as the general firewall policy should be > pretty straightforward. But with the IP on this particular BIND box > being public, it's

Re: [External] Re: How can I launch a private Internet DNS server?

I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this particular BIND box being public, it's really

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 2:50 PM, Jason Long via bind-users wrote: > Yes. > In the panel of domain name registrar I can enter something like > "NS1.example.net" and an IP address. > I want to host the host t DNS server myself. Oh yes, you will also need a domain name register t

Re: [External] Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 02:03:52PM -0400, Kevin A. McGrail wrote a message of 8 lines which said: > Firewalls are cheap and the level of effort to run a bastion host are > significant. Firewalls are useful when you want to protect unamanaged printers and Windows boxes (or Web servers with a

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: > 2) If you want to run your own DNS nameservers, you will need to buy a >book, read the (BIND) Administrator's Reference Manual, and/or some >RFCs Very bad advice. RFCs are not for the

Re: How can I launch a private Internet DNS server?

, October 15, 2020 6:57 PM To: i...@nixmagic.com ; Michael De Roover ; bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server?   Yes, I have two static IP addresses. One is for DNS server and one is for my website. Excuse me, I just have one server for DNS

Re: How can I launch a private Internet DNS server?

connection to the internet with a public IP on their interface then? In that case you can omit any port forwarding. The secondary DNS server is for redundancy. You can omit any instructions regarding it when following the tutorial if you intend to only make one. The server type would indeed be authoritative

Re: How can I launch a private Internet DNS server?

Yes. In the panel of domain name registrar I can enter something like "NS1.example.net" and an IP address. I want to host the host t DNS server myself. On Thursday, October 15, 2020, 08:36:35 PM GMT+3:30, Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 04:36:58PM +0

Re: How can I launch a private Internet DNS server?

registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch a CentOS DNS server that my Web site using it and users can visit my website from the Internet. [...] 1) The simple answer is that you don't need to run your own DNS server

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 1:00 PM, Stephane Bortzmeyer wrote: > He said that the DNS server has a public IP address so port forwarding > is probably not necessary. Firewalls are cheap and the level of effort to run a bastion host are significant. I'd recommend port forwarding as a necessar

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 12:57 PM, Jason Long via bind-users wrote: > Yes, I have two static IP addresses. One is for DNS server and one is > for my website. > Excuse me, I just have one server for DNS and that tutorial is about > secondary DNS server too. Can you show me another tutorial with

Re: How can I launch a private Internet DNS server?

. From: bind-users on behalf of Jason Long via bind-users Sent: Thursday, October 15, 2020 6:57 PM To: i...@nixmagic.com ; Michael De Roover ; bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server? Yes, I have two static IP addresses. One is for DNS

Re: How can I launch a private Internet DNS server?

they can be used for DNS amplification attacks (the authoriative ones can too but it's less of an issue with those). On Thu, 2020-10-15 at 16:57 +, Jason Long wrote: > Yes, I have two static IP addresses. One is for DNS server and one is > for my website. > Excuse me, I just have o

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 04:57:16PM +, Jason Long via bind-users wrote a message of 173 lines which said: > I have two static IP addresses. One is for DNS server and one is for > my website. Note that you can put the two servers on the same machine, using the same IP address,

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 04:36:58PM +, Jason Long via bind-users wrote a message of 1594 lines which said: > in the panel of it, I can enter my DNS server IP addresses. I assume you refer to the panel of your domain name registrar. If so, it would be useful to know which is the label n

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 06:45:01PM +0200, Michael De Roover wrote a message of 65 lines which said: > Your router can port forward traffic to port 53/udp to your local IP > that your DNS server is on. He said that the DNS server has a public IP address so port forwarding is pr

Re: How can I launch a private Internet DNS server?

Yes, I have two static IP addresses. One is for DNS server and one is for my website.Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Can you show me another tutorial with one server and same goal?The Internet DNS server for my goal

Re: How can I launch a private Internet DNS server?

update the records as your IP changes. This means that you'll have to use someone else's DNS servers to host your records. You can run BIND locally and make it an authoritative name server. Your router can port forward traffic to port 53/udp to your local IP that your DNS server

Re: How can I launch a private Internet DNS server?

A DNS server can exist if you follow NIC instractions. Mainly have you a leased line ever on? primary DNS can't be down or NIC could down your domain. Then you have to install and configure it. Better a fedora core , and CHROOT, DNS is one of the services more targeted to enter inside a system

Re: [External] How can I launch a private Internet DNS server?

On 10/15/2020 12:36 PM, Jason Long via bind-users wrote: > I have a question about launching a DNS server with CentOS for hosting > a web server. Excuse me, if my question is so basic and funny. I need > expert advice about it. > I registered a domain name for my web site and

How can I launch a private Internet DNS server?

Hello,I have a question about launching a DNS server with CentOS for hosting a web server. Excuse me, if my question is so basic and funny. I need expert advice about it.I registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch

Re: [SOLVED] My Exchange server is now able to send email to httpd.apache.org domain after I added SPF TXT record to my DNS server

Teo En Ming wrote: Good morning from Singapore, Previously the mail server at httpd.apache.org domain rejected all of my emails. I have solved the problem by adding the following Sender Policy Framework (SPF) text (TXT) record to my DNS server: teo-en-ming.com.       IN     TXT         "v

Re: [SOLVED] My Exchange server is now able to send email to httpd.apache.org domain after I added SPF TXT record to my DNS server

Singapore, Previously the mail server at httpd.apache.org domain rejected all of my emails. I have solved the problem by adding the following Sender Policy Framework (SPF) text (TXT) record to my DNS server: teo-en-ming.com.       IN     TXT         "v=spf1 mx -all" Now my Excha

[SOLVED] My Exchange server is now able to send email to httpd.apache.org domain after I added SPF TXT record to my DNS server

Good morning from Singapore, Previously the mail server at httpd.apache.org domain rejected all of my emails. I have solved the problem by adding the following Sender Policy Framework (SPF) text (TXT) record to my DNS server: teo-en-ming.com.       IN     TXT         "v=spf1 mx -all&quo

Re: Promote slave DNS server

le.com zone in the parent zone, example.com. Then I would have different local versions of the soa.example.com zone on each DNS server. That way, the parent zone would say that the MNAME was soa.example.com, which each local server would resolve from it's local specific version of the zone to

Promote slave DNS server

If there is already an ISC document I didn't find it, please provide the URL. I just added a slave of a master for disaster recovery and now need to know how to promote it should the master be offline too long. What I have found so far is: 1. For the zone definitions in /etc/named.conf (or

Re: DNS Server sizing guide?

On 03/28/2018 08:31 PM, Blason R wrote: Right now I have around 27 zones added in DNS but that is with direct zones NO RPZ. And my config is 4 vCPU 8Gb RAM its running well and around 700 users :-) The only concern thing for me is I may need to re-write all my scripts to load those

Re: DNS Server sizing guide?

ne (? is that an > accurate description ?) that special action should be taken. > > I have messed with a project where I donwload newly registered domains > daily and build an RPZ zone. The intention is that I can make it appear as > if domains registered within the last 1 / 7 /

Re: DNS Server sizing guide?

?) that special action should be taken. I have messed with a project where I donwload newly registered domains daily and build an RPZ zone. The intention is that I can make it appear as if domains registered within the last 1 / 7 / 14 / 28 days do not exist on my personal DNS server

Re: DNS Server sizing guide?

Blason R wrote: > Interesting I didn't know that. Let me dig in..can I have few examples > please? Check out https://dnsrpz.info/ Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode Viking, North Utsire, South Utsire, Northeast Forties:

Re: DNS Server sizing guide?

Interesting I didn't know that. Let me dig in..can I have few examples please? On Wed, Mar 28, 2018, 9:36 AM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 03/27/2018 08:54 PM, Blason R wrote: > > Is there any DNS sizing guide available? I have created a sinkhole > > server

Re: DNS Server sizing guide?

On 03/27/2018 08:54 PM, Blason R wrote: Is there any DNS sizing guide available? I have created a sinkhole server which is catering around 25 - 30 zones loaded with 4 CPU and 8 GB RAM. I am daily adding around 1-5k of zones. I don't have an answer to your question. But I do wonder

Re: DNS Server sizing guide?

which is catering around 25 - 30 zones loaded with 4 CPU and 8 GB RAM. I am daily adding around 1-5k of zones. I need to know how do I calculate the resources consumed by BIND server? I mean if this DNS server is catering to 500 users and to amy be 5000 users how much RAM/CPU should

DNS Server sizing guide?

Hi, Is there any DNS sizing guide available? I have created a sinkhole server which is catering around 25 - 30 zones loaded with 4 CPU and 8 GB RAM. I am daily adding around 1-5k of zones. I need to know how do I calculate the resources consumed by BIND server? I mean if this DNS server

Re: edns responses not sent by DNS Server

In article , Harshith Mulky wrote: > Hello Mark, > > Yes the client is retrying the query over TCP. > > But initially I am getting no Answers > The ANSWER is as below > > ;; ->>HEADER<<- opcode: QUERY, status:

Re: edns responses not sent by DNS Server

Can this be controller in the Bind Server? Are there any options to control this behavior? -- View this message in context: http://bind-users-forum.2342410.n4.nabble.com/edns-responses-not-sent-by-DNS-Server-tp3884p3889.html Sent from the Bind-Users forum mailing list archive at Nabble.com

Re: edns responses not sent by DNS Server

ome responses which are truncated (or) no > Responses in this case? The protocol allows for either behaviour. Mark > -- > View this message in context: > http://bind-users-forum.2342410.n4.nabble.com/edns-responses-not-sent-by-DNS-Server-tp3884

Re: edns responses not sent by DNS Server

ses-not-sent-by-DNS-Server-tp3884p3886.html Sent from the Bind-Users forum mailing list archive at Nabble.com. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.i

Re: edns responses not sent by DNS Server

In message <1496129104656-3884.p...@n4.nabble.com>, Harshith Mulky writes: > Hello Experts, > > I have bind installed on OpenSuse 13.2 with version: bind-9.9.5P1 > > I am doing a Test with client application telling that edns is supported on > DNS Server with udp-paylo

edns responses not sent by DNS Server

Hello Experts, I have bind installed on OpenSuse 13.2 with version: bind-9.9.5P1 I am doing a Test with client application telling that edns is supported on DNS Server with udp-payload-size supported as 512 bytes I have the following configuration on my DNS Server server 127.0.0.1

RE: Query on the Overload control mechanism for DNS Server

-protocols-dns-b...@isc.org Subject: Query on the Overload control mechanism for DNS Server Hi, To protect the DNS server from overload, is there any feature already part of Bind software(Or can be achieved with any configuration changes) which can be enabled/disabled. I came across relevant

Re: Query on the Overload control mechanism for DNS Server

sts.isc.org> on behalf of ramkishor...@gmail.com <ramkishor...@gmail.com> Sent: Sunday, April 30, 2017 3:04 PM To: comp-protocols-dns-b...@isc.org Subject: Query on the Overload control mechanism for DNS Server Hi, To protect the DNS server from overload, is there any feature already pa

Re: Query on the Overload control mechanism for DNS Server

Hi Kishore, you can indeed do so with iptables for example. Have a look at the hashlimit or the limit module. They are both capable of limiting per protocol, per dest or source ip and can be configured to trigger only after reaching a burstlimit. You can enforce a udp packet rate which is

Re: Query on the Overload control mechanism for DNS Server

with dropped requests thus not waste > cpu time. > Also this approach allows for a dedicated firewall device (for example a > simple hardware also running linux+iptables or unix+bpf). > > Sebastian > > On 2017-04-30 15:04, ramkishor...@gmail.com wrote: > >> Hi,

Re: Query on the Overload control mechanism for DNS Server

allows for a dedicated firewall device (for example a simple hardware also running linux+iptables or unix+bpf). Sebastian On 2017-04-30 15:04, ramkishor...@gmail.com wrote: Hi, To protect the DNS server from overload, is there any feature already part of Bind software(Or can be achieved

Query on the Overload control mechanism for DNS Server

Hi, To protect the DNS server from overload, is there any feature already part of Bind software(Or can be achieved with any configuration changes) which can be enabled/disabled. I came across relevant feature called response rate limit(rrl) documentation, and it looks like it is mostly useful

Re: "chase DS servers" while setting up a Split-DNS-Server with

On 14.02.17 13:24 MURTARI, JOHN wrote: > Johannes, > Noted your message below. I might suggest you check out the 'views' > feature of BIND. You may find it a lot easier to setup/manage. Some > starting info: >

RE: "chase DS servers" while setting up a Split-DNS-Server with

Date: Tue, 14 Feb 2017 12:51:24 +0100 From: Johannes Kastl <m...@ojkastl.de> Hi all, I am trying to get more familiar with named/bind, and thus I am experimenting a little. I am seeking for guidance in setting up a split-dns server (aka resolving internal hosts that the outsid

  1   2   3   4   >