On the DNS server, a large number of ANY type queries occur,why? The same IP
address, produced a large number of requests within a very short period of
time. Can I block these IPs?
ShanyiWan___
Please visit
On 28.03.12 16:08, ShanyiWan wrote:
On the DNS server, a large number of ANY type queries occur,why? The
same IP address, produced a large number of requests within a very
short period of time. Can I block these IPs?
yes you can. I would also wonder who sends such queries, maybe they
ask...
On Wed, Mar 28, 2012 at 04:08:33PM +0800,
ShanyiWan w...@114.com.cn wrote
a message of 104 lines which said:
On the DNS server, a large number of ANY type queries occur,why?
Probably the reflection+amplification attack which goes on, specially
in China, for several months. CNCERT knows
On 28/03/2012 10:21, Stephane Bortzmeyer wrote:
The same IP address, produced a large number of requests within a
very short period of time. Can I block these IPs?
You probaably should not. The source IP address is forged, it is the
address of the victim. If you block it, the victim will
On Wed, Mar 28, 2012 at 10:20:40AM +0200,
Matus UHLAR - fantomas uh...@fantomas.sk wrote
a message of 18 lines which said:
yes you can.
But it is a bad idea, since the source IP addresses are almost
certainly forged.
___
Please visit
On Wed, Mar 28, 2012 at 10:39:11AM +0200,
Anand Buddhdev ana...@ripe.net wrote
a message of 25 lines which said:
It's probably better to rate-limit the address. You can do that on
your server with iptables (Linux) or ipfw (*BSD) or on your router.
A possible solution for Linux' Netfilter
On 28 Mar 2012, at 02:16, Jon A. wrote:
I'm looking for a best practice to keep zone data across multiple views on
multiple servers sync
FWIW, you're not alone.
I have three views too, internal, external, and mendacious.
The last is for coercing unregistered
Is signing not done at zone file level?
For our views even when the zones are identical I keep separate copies for the
internal and external views so I would have thought this wouldn't be an issue.
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
On the DNS server, a large number of ANY type queries occur,why?
Probably the reflection+amplification attack which goes on, specially
in China, for several months. CNCERT knows about it so I suggest you
contact them.
Note that there are multiple reflection+amplification attacks going
on,
Hello,
You're right Mark, thanks. The problem I said yesterday was solved
with the implementation of TSIG as mentioned in
https://www.isc.org/faq/item/182.
What happened was that my slave was receiving zones from the same
master view. I know, my fault! but I hope my error helps you
if the recrustion is the only thing we can might use a inclue file to
include all the zones in specific direcotry.
so you manage one server but more views...
On 28/03/2012 11:38, Niall O'Reilly wrote:
On 28 Mar 2012, at 02:16, Jon A. wrote:
I'm looking for a best practice to keep zone data
On 28 Mar 2012, at 13:01, Lightner, Jeff wrote:
Is signing not done at zone file level?
Yes, but that's not the problem.
For our views even when the zones are identical I keep separate copies for the
internaland external views so I would have thought this wouldn't be an issue.
We've been having this issues with neweggbusiness.com - it seems the A rec for
neweggbusiness.com is round robin load balanced:
;; ANSWER SECTION:
neweggbusiness.com. 3600 IN A 216.52.208.154
neweggbusiness.com. 3600 IN A 204.14.213.154
;; ANSWER SECTION:
neweggbusiness.com. 3600 IN NS
Jon A. continualus...@gmail.com wrote:
Is there a better practice to serve 100% the same authoritative data
in two views, but block recursion, cache use, and out of zone data?
Don't use views, use allow-query and allow-recursion ACLs.
Tony.
--
f.anthony.n.finch d...@dotat.at
The problem is that their servers are returning non-authoritative
answers from the cache without also adding the NS records for the
child zone to allow the interative resolver to find a authoritative
answer. The parent server is configured as a recursive server not
a authoritative server.
On
Dear all,
Suppose you i have phlevanzadeh.info domain and FQDN
shared.pahlevanzadeh.info,
Question:
I installed bind9, and defined zone of pahlevanzadeh.info ,now , NS of
pahlevanzadeh.info can become itself?
such as:
dig pahlevanzadeh.info NS :
pahlevanzadeh.info. 14400 IN NS
On Thu, Mar 29, 2012 at 6:33 AM, Mohsen Pahlevanzadeh
moh...@pahlevanzadeh.org wrote:
pahlevanzadeh.info. 14400 IN NS shared.pahlevanzadeh.info.
Is it Possible?
Yes. Google does it
$ dig google.com ns
; DiG 9.8.1-P1 google.com ns
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode:
Fajar,
Yes,
This is glue record.
pahlevanzadeh.info. 14400 IN NS shared.pahlevanzadeh.info.
shared.pahlevanzadeh.info. Ayour ns server IP address
On Thu, Mar 29, 2012 at 7:46 AM, Fajar A. Nugraha w...@fajar.net wrote:
On Thu, Mar 29, 2012 at 6:33 AM, Mohsen Pahlevanzadeh
In message cagafdpr2qkbr6_yq9rmr4gpsykewoadnpaemu9yx94wb8ms...@mail.gmail.com,
Amir Haris Ahmad writes:
Fajar,
Yes,
This is glue record.
pahlevanzadeh.info. 14400 IN NS shared.pahlevanzadeh.info.
shared.pahlevanzadeh.info. Ayour ns server IP address
And you should be
We are using lwresd to resolve DNS ENUM queries with the cache TTL set to 1
second (effective off) and only two servers on a Solaris 10 Netra 5220 system.
Performance is reasonable if the first server is up, but when the first server
stops responding, we get unreasonably bad performance.
With
20 matches
Mail list logo