Re: transfer-source / notify-source warnings if a port is specified

Duncan wrote: > > Is there any option to suppress warnings if using transfer-source / > notify-source specifying ports ? There are good reasons for these warnings. NOTIFY uses UDP, and source port randomization in UDP is important to protect against spoofing. Spoofing NOTIFY is relatively

Re: Spurious failures in a dynamically updated to a sub /24 reverse DNS domain P.S.

Mirsad Goran Todorovac wrote: > Please excuse me, as I am a bit confused ... > > I have tried to verify your findings, but I've found something awkward: Something has changed, because earlier I got: ; <<>> DiG 9.10.6 <<>> soa 192/27.186.198.193.in-addr.arpa @193.0.9.6 ;; global options: +cmd

DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

Hello, I have an authoritative DNS server for a domain, but I was also going to use the same server as a recursive DNS for my internal network, limiting recursion by the IP. Apparently, this is a bad idea that can lead to cache poisoning... After watching a Computerphile Youtube video

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

Danilo Godec via bind-users wrote: > > I have an authoritative DNS server for a domain, but I was also going to > use the same server as a recursive DNS for my internal network, limiting > recursion by the IP. Apparently, this is a bad idea that can lead to > cache poisoning... Sort of. It's

Re: Spurious failures in a dynamically updated to a sub /24 reverse DNS domain

Mirsad Goran Todorovac wrote: > > I have recently implemented dynamic updates to a sub /24 reverse DNS > domain, 193.198.186.192/27. > I had upstream domain 192/27.186.198.193.in-addr.arpa. delegated from > authoritative servers. > > However, something still isn't right. In some reverse PTR

transfer-source / notify-source warnings if a port is specified

Hi! Is there any option to suppress warnings if using transfer-source / notify-source specifying ports ? /etc/bind/named.conf:90: 'notify-source': specifying a port is not recommended /etc/bind/named.conf:91: 'notify-source-v6': specifying a port is not recommended

Re: Spurious failures in a dynamically updated to a sub /24 reverse DNS domain

On 12/29/2021 6:57 PM, Tony Finch wrote: Mirsad Goran Todorovac wrote: I have recently implemented dynamic updates to a sub /24 reverse DNS domain, 193.198.186.192/27. I had upstream domain 192/27.186.198.193.in-addr.arpa. delegated from authoritative servers. However, something still isn't

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

On Wed, Dec 29, 2021 at 5:31 AM Danilo Godec via bind-users wrote: > I have an authoritative DNS server for a domain, but I was also going to > use the same server as a recursive DNS for my internal network, limiting > recursion by the IP. Apparently, this is a bad idea that can lead to > cache

Re: Spurious failures in a dynamically updated to a sub /24 reverse DNS domain P.S.

Hello Tony, Please excuse me, as I am a bit confused ... I have tried to verify your findings, but I've found something awkward: root@domac:~# host -t any 186.198.193.in-addr.arpa dns1.carnet.hr Using domain server: Name: dns1.carnet.hr Address: 161.53.123.2#53 Aliases:

Re: transfer-source / notify-source warnings if a port is specified

On 29.12.21 18:58, Duncan wrote: Is there any option to suppress warnings if using transfer-source / notify-source specifying ports ? yes, don't specify source port. /etc/bind/named.conf:90: 'notify-source': specifying a port is not recommended /etc/bind/named.conf:91: 'notify-source-v6':