Re: frequent client query errors: "rpz_rewrite_name: mismatched summary data" ?

2018-02-09 Thread Tony Finch
PGNet Dev wrote: > ping, anyone? You know as much about these errors as I do ... Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode Fisher, German Bight: Mainly southerly 5 to 7. Moderate or rough. Occasional rain. Good, occasionally

Re: frequent client query errors: "rpz_rewrite_name: mismatched summary data" ?

2018-02-09 Thread PGNet Dev
ping, anyone? On 2/1/18 10:22 AM, PGNet Dev wrote: I recently updated to named -v BIND 9.12.0 compiled locally with ... --enable-rpz-nsip --enable-rpz-nsdname --enable-querytrace ... Now, in logs I'm seeing many of these

Re: Minimum TTL?

2018-02-09 Thread Barry Margolin
In article , Reindl Harald wrote: > > As long as you understand the implications of what you're doing? > > > > The zone owner may be using short TTLs to implement load balancing > > and/or quick failover. If you

Re: Minimum TTL?

2018-02-09 Thread John Levine
In article you write: >As long as you understand the implications of what you're doing? > >The zone owner may be using short TTLs to implement load balancing >and/or quick failover. If you extend the TTLs, your users may experience >poor

Re: Minimum TTL?

2018-02-09 Thread Reindl Harald
Am 09.02.2018 um 17:45 schrieb Barry Margolin: In article , Reindl Harald wrote: As long as you understand the implications of what you're doing? The zone owner may be using short TTLs to implement load balancing

Re: Minimum TTL?

2018-02-09 Thread Reindl Harald
Am 09.02.2018 um 17:37 schrieb Barry Margolin: In article , Grant Taylor wrote: On 02/08/2018 08:51 AM, Mukund Sivaraman wrote: Also, just for argument's sake, one user wants to extend TTLs to 5s. Another

Re: Minimum TTL?

2018-02-09 Thread Reindl Harald
Am 09.02.2018 um 17:45 schrieb Barry Margolin: In article , Reindl Harald wrote: As long as you understand the implications of what you're doing? The zone owner may be using short TTLs to implement load

Re: Minimum TTL?

2018-02-09 Thread Barry Margolin
In article , Grant Taylor wrote: > On 02/08/2018 08:51 AM, Mukund Sivaraman wrote: > > Also, just for argument's sake, one user wants to extend TTLs to > > 5s. Another wants 60s TTLs. What is OK and what is going

Re: Minimum TTL?

2018-02-09 Thread Grant Taylor via bind-users
On 02/09/2018 09:37 AM, Barry Margolin wrote: As long as you understand the implications of what you're doing? I don't think my level of understanding has any impact of my ability to override what the zone publisher sets the desired TTL (or any value) to be. I have the right to run my

Re: Minimum TTL?

2018-02-09 Thread @lbutlr
On 2018-02-08 (03:10 MST), Michelle Konzack wrote: > > Hi, > > Am 2018-02-08 hackte LuKreme in die Tasten: >> Is it possible to tell bind to ignore very short TTLs and enforce >> a...say... 5 second minimum TTL? > > VERY SHORT TTL? YEs. > 5 sec minimum? Yes.

Re: Minimum TTL?

2018-02-09 Thread John Levine
In article you write: >For the record, the issue is not RBLs or legitimate domains, it is = >spammer scum that set super-low DNS because they are shotgunning spam = >from a a vast botnet and they want to have maximal impact, so you get a =

Re: Minimum TTL?

2018-02-09 Thread Grant Taylor via bind-users
On 02/09/2018 05:26 PM, @lbutlr wrote: But to answer your question, off-hand, I'd say that any TTL under 60s is suspicious and any TTL under 10s is almost certainly intentionally abusive. I thought there was a lower recommended boundary, particularly to detect and avoid things like fast

Re: Minimum TTL?

2018-02-09 Thread @lbutlr
On 2018-02-08 (08:51 MST), Mukund Sivaraman wrote: > > Also, just for argument's sake, one user wants to extend TTLs to > 5s. Another wants 60s TTLs. What is OK and what is going too far? For the record, the issue is not RBLs or legitimate domains, it is spammer scum that set

Re: Minimum TTL?

2018-02-09 Thread Tony Finch
Reindl Harald wrote: > > CISCO router with "DNS-ALG" Oh god, never turn on PIX/ASA protocol fuxup features. Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode Malin: West 5 or 6, backing south 7 to severe gale 9 for a time. Very rough

Re: Minimum TTL?

2018-02-09 Thread Warren Kumari
Leave off the "protocol fixup feature", its cleaner :-P On Fri, Feb 9, 2018 at 7:15 AM, Tony Finch wrote: > Reindl Harald wrote: >> >> CISCO router with "DNS-ALG" > > Oh god, never turn on PIX/ASA protocol fuxup features. > > Tony. > -- >

Re: Minimum TTL?

2018-02-09 Thread Matus UHLAR - fantomas
Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no: Yesterday I measured, on our busiest resolvers, the amount of replies with TTL=0 the resolvers received (from the authoritative servers). Turns out we receive around 2.3 percent replies with TTL=0. This is a percentage I can live with, and I see

Re: Minimum TTL?

2018-02-09 Thread Reindl Harald
Am 09.02.2018 um 13:15 schrieb Tony Finch: Reindl Harald wrote: CISCO router with "DNS-ALG" Oh god, never turn on PIX/ASA protocol fuxup features well, i did not know that the ISP ships that crap with the feature enabled and even if i did not imagine that it takes