Testing how lists.isc.org handles DMARC "Quarantine" (and "Reject")
policy. The enterpr...@mozilla.org mailing list forwards such email in a
way that some recipients choke on it (i.e., can't validate it).
___
Please visit
Following https://www.icann.org/en/system/files/files/sac-064-en.pdf,
it sounds like modest groups of Internet users (such as informal clubs)
that don't have their own official domain (like "iment.com") are out of
luck if they would like to have local subdomains -- unless they want to
use the
"... long ago adapted to using full numbers, including area codes, for
pretty much *all* phone dialing ..."
Except that that proved to be so onerous that people often use "speed
dialing" for commonly dialed numbers. (Not to mention the fact that
people usually address their friends and coworkers
Every so often, we get a run of peculiar queries to our (BIND / named)
DNS server. Note the apparently random mix of lower case and upper case
letters in the domain names.
Does anybody have any idea why somebody would be doing this? (It's
legal, I guess, but quite non-standard.)
Dec 22 12:05:43
I was pleased that I was able to get our two (successive) ISPs to set
up reverse DNS for our small number of IP addresses, and each twice to
change them when they moved us to moved us to new IP ranges (due to the
IPv4 crunch). It never even occurred to me that it might be possible to
have them
ernet connection"
>
> > Even if your ISP allows it, chances are that other mail servers will reject
> > it
>
> that's a completl different story
>
> > On 5/2/20 3:30 PM, Paul Kosinski via bind-users wrote:
> >> How many ISPs allow traffi
How many ISPs allow traffic on port 25? My impression is that even many
(non-enterprise) business customers can't use port 25.
On Sat, 2 May 2020 09:28:54 +0200
Reindl Harald wrote:
> Am 02.05.20 um 09:00 schrieb Michael De Roover:
> > That's actually my biggest concern with DoH, ISP blocking.
With regard to using chroot, hasn't named/BIND long had the "-u" (user)
and "-t" (directory) options to accomplish the same thing more easily?
On Fri, 16 Oct 2020 12:47:35 -0500
Chuck Aurora wrote:
> /me catching up on earlier parts of this thread,
>
> On 2020-10-15 11:42, alcol alcol wrote:
ski via bind-users wrote:
> > A very interesting article on how China uses DNS (among other things)
> > to "control" Internet usage.
> >
> > https://blog.thousandeyes.com/deconstructing-great-firewall-china/
>
>
> The term "DNSSEC" appears ju
A very interesting article on how China uses DNS (among other things)
to "control" Internet usage.
https://blog.thousandeyes.com/deconstructing-great-firewall-china/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
Yes indeed: I sent the last email (and this one) to bind-users and CC-ed to
you. That explains why there are two different ESMTP IDs.
The question is, have you, like I have, received two copies of any emails (from
lists.isc.org) where there *identical* ESMTP IDs in their associated sequences
t 21:56 -0500, Paul Kosinski via bind-users wrote:
> > I've been getting two identical copies of recent posts to this list...
>
> Me too, but it's because of people hitting reply-all thinking that they
> are replying to the list and the poster. People really need to verify
> who
I've been getting two identical copies of recent posts to this list
(such as this item). This only started happening in the past 24 hours
or so. Is anyone else seeing this?
Upon examination of the headers of the two copies, it looks like ISC's
list-servers are doing the duplication.
(The first
The site mxtoolbox.com has a suite of tools to check your DNS, email and Web
servers from the outside. They're easy to use and might turn up something.
On Fri, 11 Jun 2021 09:10:32 -0700
techli...@phpcoderusa.com wrote:
> Hi,
>
> The two domains I am working with on my SOHO home server are 1)
It ought to be possible to write a front-end to listen on the standard control
channel and only forward (properly-keyed) 'status' requests to the "real" port
that BIND listens to.
>From looking at the RNDC exchange via Wireshark however, you'd have to adapt
>some of BIND's code that does the
If you can have BIND log directly to a file, couldn't you use a FIFO
(prwxrwxrwx) or Unix domain socket (srwxrwxrwx) and avoid the disk I/O by
sending the log data directly to the forwarder? (E.g., Pulse Audio listens on a
socket for audio data from an application, and sends it in real-time to
Actually, it's in keeping with the *original* definition of hacking!
On Sun, 9 May 2021 23:55:13 -0600
@lbutlr wrote:
> On 06 May 2021, at 09:57, Dennis Clarke via bind-users
> wrote:
> > I do NOT trust a build result where I had to go hacking into all the
> > Makefiles just to get it to
On Fri, 4 Jun 2021 13:58:40 -0700
Gregory Sloop wrote:
> This feels a lot like responding to trolls, but I'll instead assume that
> you're asking (or making a point) in good faith.
>
> So, we'll stipulate that - you're actually interested in truth and knowledge.
>
> So, it's easily compiled
On Tue, 6 Jul 2021 12:44:15 +
"MURTARI, JOHN" wrote:
> Folks, let me add my desire for a quick download dig supporting DoH. It
> could really help with some testing, some ready stuff for Ubuntu 18/20,
> Redhat/CentOS, could make a lot of people happy. Maybe the libs included
> and we
A couple of years ago, I tried using nsupdate to modify a dynamic (DHCP) IP
address for my very simple domain. It worked, except that it totally messed up
the organization of the zone file. Since the file only has 44 active lines
(which are organized logically), I maintain it by hand. After
Do you know about mxtoolbox.com? It (and other similar sites) does a good job
of diagnosing DNS-related problems. I use it now and then to check out my own
sites, as it gives a "second opinion".
In particular its "DNS Lookup' function reported the following for
"internet-dns1.state.ma.us"
I rather prefer tshark to tcpdump: it's essentially the command line version of
wireshark, and thus has wireshark's protocol "dissecting" abilities.
On Wed, 10 Feb 2021 22:20:08 +
"John W. Blue via bind-users" wrote:
> Three words: tcpdump and wireshark
>
> It is like peanut and jelly
Well said!
On Mon, 29 Mar 2021 16:11:54 +0100
Tony Finch wrote:
> alcol alcol wrote:
>
> > seriously? is like linux/unix FAQ
>
> Please, if you can't be helpful, don't reply at all. We all have to learn
> somehow, and the best way to show your knowledge is to share it generously.
>
>
Interesting, although we host different domains, in and from different
geographic areas, we got the same queries as yours on the same day, with some
at about the same time (we're EDT).
13-Apr-2021 02:19:58.468 security: info: client 76.20.145.58#3074 (sl): query
(cache) 'sl/ANY/IN' denied
Interesting observation. I just did lookups on 4 recent (< 24 hrs ago)
'sl/ANY/IN' queries logged by our BIND and got:
2 Comcast cable IPs (hsd1.tx.comcast.net and hsd1.ma.comcast.net)
1 OVH Hosting IP (Montreal)
1 Afranet IP (Tehran!)
The whois info for the OVH IP contains the line:
We also get *lots* of suspicious queries of the same kind, from various
privileged and unprivileged ports, which I'm pretty sure are DDoS attempts. For
example:
12-Apr-2021 23:44:17.767 security: info: client 107.213.131.17#80 (sl): query
(cache) 'sl/ANY/IN' denied
12-Apr-2021 23:44:19.477
I don't think tcpdump was installed by default with various versions of Debian
that I set up in the last few years for networking. I didn't bother to install
it, as it's output is different enough (old fashioned?) from the sharks to be
annoying. It *was* installed with OpenSuSE 15.2 though.
Our DMARC Policy has been "p=quarantine" since 30 Jun 2019, so I guess it won't
affect us. (It was "p=none" before that -- we only started using DKIM in Apr
2017.)
On Tue, 16 Feb 2021 20:54:30 + (UTC)
Dan Mahoney wrote:
> Greetings bind-users netizens.
>
> Dan Mahoney, ISC SysAdmin
It sounds to me like dnssec-verify is sending the output in question to STDERR
instead of STDOUT.
On Sat, 06 Feb 2021 19:02:28 +
Matthew Richardson wrote:
> I have been using Perl to do a reasonable amount of scripting, running bind
> utilities and processing the results into variables.
Would it be possible to use a virtual interface from within bind/named that
gets mapped by some privileged facility to a hardware interface? (This is the
sort of thing that VMs have to do all the time.) For example, could a brctl
bridge help?
Or maybe CAP_NET_BIND_SERVICE would allow the
On Thu, 17 Feb 2022 15:26:35 +0100
Ondřej Surý wrote:
...
> This is part of the problem - debugging on Windows is extremely painful and
> requires expertise with extremely high learning curve.
>
> --
> Ondřej Surý — ISC (He/Him)
I wonder if difficult debugging is deliberate -- it would
On Sat, 16 Sep 2023 10:22:26 +0100 (BST)
"G.W. Haywood via bind-users" wrote:
> Hi there,
> ...
>I'd be surprised if the OP couldn't manage with 2^20 IPs in a segment -
> but then I guess he does work in the .gov domain.
^^^
The OP's contact
There has been lots of discussion recently about DNSSEC issues, including
whether it's desirable to sign internal zones. Independent of this most recent
issue, a couple of weeks ago I did an informal survey, using DNSVIZ, of various
TLDs. I found the following rather surprising results:
On Wed, 3 Aug 2022 13:47:41 +0200
Victor Johansson via bind-users wrote:
> Hey,
>
> I just want to add that there is a better way to do this in iptables
> with hashlimit. The normal rate limit in iptables is too crude.
>
> Below is an example from the rate-limit-chain, to which you simply
On Wed, 3 Aug 2022 15:10:39 -0400
Timothe Litt wrote:
> Hmm. Your resolv.conf says that it's written by NetworkManager.
>
> What I suggested should have stopped it from updating resolv.conf.
>
> See
>
On Sat, 10 Jun 2023 19:24:03 +0200
Ondřej Surý wrote:
> You are over-complicating things. If unconfigured, named binds the outgoing
> UDP to 0.0.0.0 (::0), which means the chosen IP address is picked by the
> kernel. You need to configure priorities on your interfaces in the kernel -
> ip
36 matches
Mail list logo