Re: Query NS Root

2004-02-02 Thread Florian Weimer
Hans Spaans wrote: 'dig . ns @nameserver /etc/bind/db.root' can give you a new db.root file for your nameserver. If its wise? Yes and no, your db.root must contain valid data, but to take a random nameserver, that is not wise. Most resolvers return an empty additional section anyway, which

Re: Query NS Root

2004-02-02 Thread Florian Weimer
Hans Spaans wrote: 'dig . ns @nameserver /etc/bind/db.root' can give you a new db.root file for your nameserver. If its wise? Yes and no, your db.root must contain valid data, but to take a random nameserver, that is not wise. Most resolvers return an empty additional section anyway, which

Re: Query NS Root

2004-02-01 Thread Dale Amon
On Sun, Feb 01, 2004 at 02:29:53PM +0100, Hans Spaans wrote: But than a gain, you can do a joke next month so people have a problem or you can fix this problem by adding allow-query statements to your named.conf and forcing people to abuse someone else. Actually that's precisely how I

Re: Query NS Root

2004-02-01 Thread Hans Spaans
On Sunday 01 February 2004 14:50, Dale Amon wrote: Actually that's precisely how I discovered it. I added allow queries and was trying to figure out why I was denying so many queries per second. You added it globally and to every zone? Also allow-transfer is a nice own to get into place. But

Re: Query NS Root

2004-02-01 Thread Hans Spaans
On Sunday 01 February 2004 14:02, Dale Amon wrote: What is the purpose of a DNS query NS Root? It returns to the requester my list of root servers, which seems pointless... and I am getting hit by them at the rate of several a second from various nameservers. 'dig . ns @nameserver

Re: Query NS Root

2004-02-01 Thread Dale Amon
On Sun, Feb 01, 2004 at 02:29:53PM +0100, Hans Spaans wrote: But than a gain, you can do a joke next month so people have a problem or you can fix this problem by adding allow-query statements to your named.conf and forcing people to abuse someone else. Actually that's precisely how I

Re: Query NS Root

2004-02-01 Thread Hans Spaans
On Sunday 01 February 2004 14:50, Dale Amon wrote: Actually that's precisely how I discovered it. I added allow queries and was trying to figure out why I was denying so many queries per second. You added it globally and to every zone? Also allow-transfer is a nice own to get into place. But

Re: Query NS Root

2004-02-01 Thread Dale Amon
On Sun, Feb 01, 2004 at 03:46:07PM +0100, Hans Spaans wrote: You added it globally and to every zone? Also allow-transfer is a nice own to get into place. But you will see queries being denied and if you Yes, I've got allow-transfer groups on all domains; allow-query { any; } on all domains I