Strange log messages

2020-04-22 Thread Lars Kollstedt
rently 1:9.11.3+dfsg-1ubuntu1.11. Anyone else seeing this messages, too? ;-) Kind regards Lars -- Lars Kollstedt Telefon: +49 6151 16-71027 E-Mail: l...@man-da.de man-da.de GmbH Dolivostraße 11 64293 Darmstadt Sitz der man-da.de GmbH: Darmstadt Amtsgericht Darmstadt, HRB 9484

Re: Strange log messages

2020-04-23 Thread Lars Kollstedt
ultiple times? I would expect such for www.google.de IN A or but not for in-addr.arpa IN SOA. ;-) I don't experience any delays when doing my troubleshooting queries, and I'm seeing the TTL properly decreasing when querying the resolver. Kind regards, Lars -- Lars Kollst

Re: Peculiar DNS queries

2019-12-22 Thread Lars Kollstedt
ions/265/attachments/254/471/ ISC-case-sensitivity.pdf I at first wondered about this, too. ;-) But it's a technology to add addition entropy to the DNS communication (to prevent cache poisoning based on spoofed answers), especially for the case the authoritative Server doesn't support DN

Re: Peculiar DNS queries

2019-12-23 Thread Lars Kollstedt
break things. ;-) Kind regards Lars -- Lars Kollstedt Telefon: +49 6151 16-71027 E-Mail: l...@man-da.de man-da.de GmbH Dolivostraße 11 64293 Darmstadt Sitz der Gesellschaft: Darmstadt Amtsgericht Darmstadt, HRB 9484 Geschäftsführer: Andreas Ebert ___

Re: Peculiar DNS queries

2019-12-30 Thread Lars Kollstedt
bout DNS UPDATE specified by RFC2136 (to dynamically update information on authoritatives). dnsext-dns0x20-00 can't be used for securing DNS UPDATE, since the sensitive information goes in the opposite direction there. Kind regards Lars -- Lars Kollstedt Telefon: +49 6151

Re: Peculiar DNS queries

2019-12-30 Thread Lars Kollstedt
r non DNS mechanisms like mDNS, NIS+ or /etc/hosts as far as I remember. NIS+ and at least some versions and parts of /etc/hosts tooling are really case sensitive. Kind regards, Lars -- Lars Kollstedt Telefon: +49 6151 16-71027 E-Mail: l...@man-da.de man-da.de GmbH Dolivos

Re: Assistance Needed: "Too Many Records" Error When Reloading Zone `example.com`, BIND: 9.18.29

2024-09-23 Thread Lars Kollstedt
RRs for a DoS amplification attack against third parties (the real owners of the forged source IPs). The attacker just needs to send requests for text.example.com IN TXT with the forged IP of the victim, and the victim will get your hundreds of TXT records under this name from your server for each

Re: Assistance Needed: "Too Many Records" Error When Reloading Zone `example.com`, BIND: 9.18.29

2024-09-23 Thread Lars Kollstedt
On 23.09.24 10:23, I wrote: The attacker just needs to send requests for text.example.com IN TXT with the  forged IP of the victim, and the victim will get your hundreds of TXT records under this name from your server for each of them. s/forged/faked/g ;-) -- Lars Kollstedt Telefon: +49