Am 12.02.2018 um 20:36 schrieb wbr...@e1b.org:
From: "Reindl Harald"
To: bind-users@lists.isc.org
the ISP has no business to touch any package bewteen source and me
because he can't know the implications - he even must not know about
them because it#s not his business
And yet they do (Su
Am 10.02.2018 um 05:11 schrieb John Levine:
But to answer your question, off-hand, I'd say that any TTL under 60s is =
suspicious and any TTL under 10s is almost certainly intentionally =
abusive.
I hope you're not planning to do much spam filtering
i do for years with a min-ttl of 90 secod
From: "Reindl Harald"
> To: bind-users@lists.isc.org
> the ISP has no business to touch any package bewteen source and me
> because he can't know the implications - he even must not know about
> them because it#s not his business
And yet they do (Supercookies?), and sell that data to any and a
On 2018-02-10 (12:15 MST), Barry Margolin wrote:
>
> Just because you have the right to do something doesn't mean it's a
> reasonable thing to do.
No one has made an argument that would imply this is not reasonable.
> And if you're offering a service, you have responsibilities to your customer
On 02/10/2018 12:15 PM, Barry Margolin wrote:
Just because you have the right to do something doesn't mean it's a
reasonable thing to do.
I never meant to imply that it was the reasonable thing to do.
I meant to imply that it is my choice how I run my servers.
And if you're offering a service
But to answer your question, off-hand, I'd say that any TTL under 60s is
=
suspicious and any TTL under 10s is almost certainly intentionally =
abusive.
On 09.02.18 23:11, John Levine wrote:
I hope you're not planning to do much spam filtering.
On Sat, Feb 10, 2018 at 2:42 PM, Matus UHLAR -
Ok, so I've never used forwarders (actually, that's not strictly true;
I've used them twice, but it was to work around weird issues, and I
felt dirty), but couldn't increasing the TTL cause stupid
configuration issues to become immortal RRs?
I've seen a number of instances where people who *do* fo
In article you write:
>The target, instead of very quickly rejecting the spam because of the =
>lack of a domain or the lack of DNS, instead has to deal with thousands =
>of different IPs.
That's not how spam filters work. They do filtering based on the IP
address sending the spam and maybe the
In article ,
Grant Taylor wrote:
> On 02/09/2018 09:37 AM, Barry Margolin wrote:
> > As long as you understand the implications of what you're doing?
>
> I don't think my level of understanding has any impact of my ability to
> override what the zone publisher sets the desired TTL (or any valu
On 2018-02-09 (21:11 MST), John Levine wrote:
>
> In article you write:
>> For the record, the issue is not RBLs or legitimate domains, it is =
>> spammer scum that set super-low DNS because they are shotgunning spam =
>> from a a vast botnet and they want to have maximal impact, so you get a =
But to answer your question, off-hand, I'd say that any TTL under 60s is =
suspicious and any TTL under 10s is almost certainly intentionally =
abusive.
On 09.02.18 23:11, John Levine wrote:
I hope you're not planning to do much spam filtering.
do you have any evidence where enforcing a 5s mi
In article you write:
>For the record, the issue is not RBLs or legitimate domains, it is =
>spammer scum that set super-low DNS because they are shotgunning spam =
>from a a vast botnet and they want to have maximal impact, so you get a =
>different IP for every spam they send. It is a way of try
On 02/09/2018 05:26 PM, @lbutlr wrote:
But to answer your question, off-hand, I'd say that any TTL under 60s
is suspicious and any TTL under 10s is almost certainly intentionally
abusive.
I thought there was a lower recommended boundary, particularly to detect
and avoid things like fast flux.
On 2018-02-08 (08:51 MST), Mukund Sivaraman wrote:
>
> Also, just for argument's sake, one user wants to extend TTLs to
> 5s. Another wants 60s TTLs. What is OK and what is going too far?
For the record, the issue is not RBLs or legitimate domains, it is spammer scum
that set super-low DNS bec
On 2018-02-08 (03:10 MST), Michelle Konzack
wrote:
>
> Hi,
>
> Am 2018-02-08 hackte LuKreme in die Tasten:
>> Is it possible to tell bind to ignore very short TTLs and enforce
>> a...say... 5 second minimum TTL?
>
> VERY SHORT TTL?
YEs.
> 5 sec minimum?
Yes.
> What Du you mean with ignorin
On 02/09/2018 09:37 AM, Barry Margolin wrote:
As long as you understand the implications of what you're doing?
I don't think my level of understanding has any impact of my ability to
override what the zone publisher sets the desired TTL (or any value) to be.
I have the right to run my networ
In article you write:
>As long as you understand the implications of what you're doing?
>
>The zone owner may be using short TTLs to implement load balancing
>and/or quick failover. If you extend the TTLs, your users may experience
>poor performance when they try to go to these sites using out-o
Am 09.02.2018 um 17:45 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
As long as you understand the implications of what you're doing?
The zone owner may be using short TTLs to implement load balancing
and/or quick failover. If you extend the TTLs, your users may experience
poor
Am 09.02.2018 um 17:45 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
As long as you understand the implications of what you're doing?
The zone owner may be using short TTLs to implement load balancing
and/or quick failover. If you extend the TTLs, your users may experience
poo
In article ,
Reindl Harald wrote:
> > As long as you understand the implications of what you're doing?
> >
> > The zone owner may be using short TTLs to implement load balancing
> > and/or quick failover. If you extend the TTLs, your users may experience
> > poor performance when they try to go
Am 09.02.2018 um 17:37 schrieb Barry Margolin:
In article ,
Grant Taylor wrote:
On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
Also, just for argument's sake, one user wants to extend TTLs to
5s. Another wants 60s TTLs. What is OK and what is going too far?
I think what is "OK" is up t
In article ,
Grant Taylor wrote:
> On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
> > Also, just for argument's sake, one user wants to extend TTLs to
> > 5s. Another wants 60s TTLs. What is OK and what is going too far?
>
> I think what is "OK" is up to each administrator.
>
> Obviously the
Am 09.02.2018 um 13:15 schrieb Tony Finch:
Reindl Harald wrote:
CISCO router with "DNS-ALG"
Oh god, never turn on PIX/ASA protocol fuxup features
well, i did not know that the ISP ships that crap with the feature
enabled and even if i did not imagine that it takes a zone-transfer on
the
Leave off the "protocol fixup feature", its cleaner
:-P
On Fri, Feb 9, 2018 at 7:15 AM, Tony Finch wrote:
> Reindl Harald wrote:
>>
>> CISCO router with "DNS-ALG"
>
> Oh god, never turn on PIX/ASA protocol fuxup features.
>
> Tony.
> --
> f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h
Reindl Harald wrote:
>
> CISCO router with "DNS-ALG"
Oh god, never turn on PIX/ASA protocol fuxup features.
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Malin: West 5 or 6, backing south 7 to severe gale 9 for a time. Very rough or
high. Rain or wintry showers. Good, o
Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no:
Yesterday I measured, on our busiest resolvers, the amount of replies
with TTL=0 the resolvers received (from the authoritative servers).
Turns out we receive around 2.3 percent replies with TTL=0. This is
a percentage I can live with, and I see n
Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no:
I think what is "OK" is up to each administrator.
Obviously the zone administrators have decided that they want people to
use the 2s TTL.
That being said, it is up to each individual recursive server operator
if they want to honor what the zon
> I think what is "OK" is up to each administrator.
>
> Obviously the zone administrators have decided that they want people to
> use the 2s TTL.
>
> That being said, it is up to each individual recursive server operator
> if they want to honor what the zone administrators have published, or if
On Thu, Feb 8, 2018 at 4:34 PM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
>
>> Also, just for argument's sake, one user wants to extend TTLs to 5s.
>> Another wants 60s TTLs. What is OK and what is going too far?
>>
>
> I think
On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
Also, just for argument's sake, one user wants to extend TTLs to
5s. Another wants 60s TTLs. What is OK and what is going too far?
I think what is "OK" is up to each administrator.
Obviously the zone administrators have decided that they want peo
Am 08.02.2018 um 17:07 schrieb Tony Finch:
Reindl Harald wrote:
yes, you are free to decide that named don't need to support the users wish of
such a feature. but the result is that the user stops to use named at all on a
inbound-mailserver and is done
Or you could use patched versions fro
Am 08.02.2018 um 17:10 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote:
I doubt the zone owner is forcing you to use their zone. You can nix
fetches to it. If you want the zone data, then follow what the zone
owner requires.
does not matter
It matter
On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote:
> > I doubt the zone owner is forcing you to use their zone. You can nix
> > fetches to it. If you want the zone data, then follow what the zone
> > owner requires.
>
> does not matter
It matters to us.
Mukund
___
Reindl Harald wrote:
yes, you are free to decide that named don't need to support the users wish of
such a feature. but the result is that the user stops to use named at all on a
inbound-mailserver and is done
On 08.02.18 16:07, Tony Finch wrote:
Or you could use patched versions from FreeBS
Barry Margolin wrote:
> There are some servers that will avoid expiring records if the auth
> servers stop responding, as a fail-safe mechanism.
For instance, BIND 9.12 - https://www.isc.org/blogs/bind-9-12-almost-ready/
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Ir
Am 08.02.2018 um 17:03 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
frankly, even *if* i pay for the service i would call it a good citizen
to produce less load and the "minimum-ttl" also reduces load from other
RBL's without any restriction
If the service provider is worrie
Reindl Harald wrote:
>
> yes, you are free to decide that named don't need to support the users wish of
> such a feature. but the result is that the user stops to use named at all on a
> inbound-mailserver and is done
Or you could use patched versions from FreeBSD or Debian ...
https://svnweb.fr
Am 08.02.2018 um 16:51 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
If the RRset wants a TTL of N seconds, then that is the authoritative
instruction from the owner of the zone about how the data shou
In article ,
Reindl Harald wrote:
> frankly, even *if* i pay for the service i would call it a good citizen
> to produce less load and the "minimum-ttl" also reduces load from other
> RBL's without any restriction
If the service provider is worried about load, they should increase
their TTL
On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote:
>
>
> Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
> > On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> > > Hello Harald,
> > > Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > > > you miss the topic
> > >
Am 08.02.2018 um 16:39 schrieb Reindl Harald:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the sa
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP unt
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> Hello Harald,
> Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > you miss the topic
> >
> > many DNSBL's have a very short TTL and at the same time a limit of
> > queries froma single IP until you need to pay for the service
>
Am 08.02.2018 um 16:16 schrieb John Levine:
In article you write:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries from a single IP until you need to pay for the service
This doesn't sound like a technical problem.
Is there some reason you shoul
In article you write:
>you miss the topic
>
>many DNSBL's have a very short TTL and at the same time a limit of
>queries froma single IP until you need to pay for the service
This doesn't sound like a technical problem.
Is there some reason you shouldn't pay for the service you're using?
___
Am 08.02.2018 um 12:30 schrieb Michelle Konzack:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP until you need to pay for the service
so if you have a inbound MX and
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
> you miss the topic
>
> many DNSBL's have a very short TTL and at the same time a limit of
> queries froma single IP until you need to pay for the service
>
> so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet
> is
Am 08.02.2018 um 11:10 schrieb Michelle Konzack:
Am 2018-02-08 hackte LuKreme in die Tasten:
Is it possible to tell bind to ignore very short TTLs and enforce
a...say... 5 second minimum TTL?
VERY SHORT TTL?
5 sec minimum?
What Du you mean with ignoring?
It is you YOU have to configure Bin
Thankyou for clarification...
Am DATE hackte AUTHOR in die Tasten: Karol Augustin
> On 2018-02-08 10:10, Michelle Konzack wrote:
>> Hi,
>>
>> Am 2018-02-08 hackte LuKreme in die Tasten:
>>> Is it possible to tell bind to ignore very short TTLs and enforce
>>> a...say... 5 second minimum TTL?
>>
>>
On 2018-02-08 10:10, Michelle Konzack wrote:
> Hi,
>
> Am 2018-02-08 hackte LuKreme in die Tasten:
>> Is it possible to tell bind to ignore very short TTLs and enforce
>> a...say... 5 second minimum TTL?
>
> VERY SHORT TTL?
>
> 5 sec minimum?
>
> What Du you mean with ignoring?
> It is you YOU
Hi,
Am 2018-02-08 hackte LuKreme in die Tasten:
> Is it possible to tell bind to ignore very short TTLs and enforce
> a...say... 5 second minimum TTL?
VERY SHORT TTL?
5 sec minimum?
What Du you mean with ignoring?
It is you YOU have to configure Bind9 correctly to longer TTLs.
If the NS Entry
Am 08.02.2018 um 09:52 schrieb LuKreme:
Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5
second minimum TTL?
no, such a feature was refused because it violates RFC's (questionable
justification for a local decision not enbaled by default) and hence on
a inboun
52 matches
Mail list logo