hi,
Sharing internet access bandwidth between multiple
computers is common today.
Usually, bandwidth sharer bought a little router
with NAT/PAT function. After connecting that box to a
ADSL/LAN access link, multiple computer could share a
single access link.
I heard some company provi
hi,
we plan to set up a web site with two web servers.
The two servers should be under the same domain
name. Normally, web surfing load should be
distributed between the servers. when one server
fails, the other server should take all of load
automatically. When fault sever recovers, loa
fast as it
> can, and when it reaches the total the OS can handle
> it lets you know the time passed. Take that and
> divide by total number of connections and you get
> the average It won't be very accurate, but it
> will give you some kind of idea.
>
> Please forgive
hi,
is there any tool could measue e2e TCP connection
speed?
e.g. we want to measue the delay between the TCP SYN
and receiving SYN ACK packet.
Joe
__
Search, browse and book your hotels and flights through Yaho
hi,
I 'google' algorithm for radius based accounting.
but can't find anything.
My question is: what's the best algorithm for
constrcting broadband access record from radius
accouting packets?
To my knowledge, some system takes:
Record Accouting-on packet arriving time ->
re
hi,
is there any work or research on measuring method
for subscriber (customer)side feelings of network
service?
It seems that e2e ping delay, packet loss may miss
some important factor when we consider subscriber's
feelings.
Joe
__
Yahoo! Movies
hi,
Maybe this is out-of-topic ,but I can't find any
place where could find answer for this question.
If this is intrusive, just ingore it please.
my question is :
how does ISP do with DSL dial-up sessions which
pass the accouting period time.
E.g. If a customer subscribe DSL ser
I agree with Dale. The problem should be with e2e TCP
performance.
Maybe there is misconfigured firewall which block SYN
or ACK packet. Or, packet larger than 128B is dropped.
As you can find in your data, ping and traceroute show
different response speed.
Maybe you could try layer4 tracerout
AIL PROTECTED]> wrote:
>
> On 5/3/07, Joe Shen <[EMAIL PROTECTED]> wrote:
> > Is there any recommendation on Ratio between
> number of
> > radius accouting server and number of radius
> > authentication server, if accouting and
> authentication
> > are
Is there any recommendation on Ratio between number of
radius accouting server and number of radius
authentication server, if accouting and authentication
are executed by different hardware platform ?
Is there any way to estimate the burst rate of radius
protocol packet in ISP network?
thanks i
> > client device. In my experience there are almost
> no client devices that
> > actually display the "Reply-Message", but as
> always YMMV.
>
> It seems to me this would be something best reserved
> for the radius
> server, not the end-user to track.
>
To my opion, if customer's PC could s
hi,
We provide broadband access by ADSL. The cucurrent
session number and access port is controled by radius
server. E.g. an PPPoE account can ONLY be used with a
designated access port, and current session of that
account is limited to 3 or 5.
If a subscriber dials with a username. mis
It is heard many ISPs are implementing or plan to implement application
management facilities.
With such tools/facilities, it is said they could control applications in their
network, such as blocking
BT, degrade QoS of e2e VoIP , or control attacking traffic.
Is there anyone could tell me ho
>
>
> JS> Could it be any problem with AAA procedure?
>
> UDP is anycast-friendly. Your biggest problems are
> likely to be
> authentication database replication/synchronization
> and merging
> accounting records... i.e., nothing really different
> from standard
> RADIUS deployments.
What I m
e
> RADIUS, things like EAP that require multiple
> exchanges of RADIUS
> requests typically require state to be maintained in
> the single
> RADIUS server that is processing the entire EAP
> sequence.
>
> regards
>
> Hugh
>
>
> On 8 May 2006, at 14:07, Jo
Hi,
we have a radius server farm. there is a L4 switch
installed behind all servers. Incoming AAA packets are
switched by L4 switch to different servers.
In previous days we met a couple of problems with L4
switch which degraded our service a lot. Could it be
possible to implement IPv4 Anycas
Hi,
Is there any books or papers on carrier level DSL
access network and LAN access network? Specifically,
it should analysis the futures of DSL network and
security problems in DSL networks.
Joe
__
Meet your soulmate!
Yahoo! Asia presents M
> >What's your method to deal with such problem? Will
> CHAP in PPPoE help?
>
> That may help against password sniffing but won't
> help against sniffing
> traffic by an active attacker once the session has
> been established.
> Also, you'll have to revisit all CPE to explicitly
> disable PAP,
Hi,
We are facing problem with PPPoE in ethernet access
network.
To provide high speed access, 10Mbps/100Mbps ethernet
is used as access method. But, we found some guy
'steal' some other's account by listening to
broadcasting packets, and they also set up 'phishing'
PPPoE server to catch those
> why in the world
> would you want to do something like that rather than
> have another
> device generate flow records which you then can
> correlate with RADIUS
> accounting data?
>
The reason is the cost of system building. As there
are a lot of broadband subscribers, if we want to
core
I've read the public announcement of Chinese Ministry
of Information Industry. It just state that: there
will be another sub-domain mil.cn created besides
another six english lettter sub domain in .cn
And, it also states: three Chinese Character TLD is
establish which is "China"/"Cooperation"/"Ne
Hi,
In order to summrize broadband subsciber's traffic
data, we need to identify those traffic to our video
servers by BRAS which use Radius. Currently, our BRAS
could only report total amount of traffic a subscriber
transferred.
Could we make BRAS genenrate radius accounting data
including tag
Hi,
Today, some of our customers could not resolve
state.gov by our cache server.
I found state.gov is served by dnsauth1.sys.gtei.net,
dnsauth2.sys.gtei.net, dnsauth3.sys.gtei.net. Using
some others' DNS servers I found their IP addresses
should be 4.2.49.2, 4.2.49.3, 4.2.49.4. But, our cache
Last saturday one of our Web server experienced a TCP
SYN attck which make the system down for four hours.
It seems there is not a good solution which could
detect & defend DoS traffic at any time.
So, to the class ANY queries, should we only filtering
out class any queries on public cache serv
Hi,
Is there way to contact Gmail? Message in my gmail
account could not be access for three days.
When I tried to click on any message ( or search, move
to othe folder .. ) it always pop up with " Ooops, the
system was unable to perform your operation.Please try
again in a few seconds".
Joe
What I'm interested in is how the two service
providers will build a two tiered Internet.
To our experience, current QoS mechanism ( WRR +
multiple_Queue) could not differentiate service
quality when bandwidth is overprivisioned. If there is
congestion, why should I stay with it while there is
a
Could IPtables control traffic with inspecting layer7
information?
As someone suggested, bandwidth allocation could be
done with TCP protocol control ( ACK dropping or so);
How can we do that? NBAR only limit the bandwidth, and
to our experience with cisco7609 it cost a lot of cpu
time!
Whe
>
> While some people will cry network neutrality and
> think the Yellow Pages
> must sell only one size listing, some people are
> willing to pay for
> differentiated service. Trying to classify "bad"
> traffic can be
> done using products like Sandvine. But it may be
> easier to classify "pr
Maybe Bob Braden's presentaion in e2e task group could
do some help.
In fact, they just start to discusss what will be the
next generation architecture, but does not reach
agreement at all.
http://www.isi.edu/~braden/e2e-tf/braden.newarch.ppt
Joe
--- Randy Bush <[EMAIL PROTECTED]> wrote:
>
>
it seems some ISPs have started to introduce
management facilities into their networks. Is those
products of carrier level?
reference:
http://webreprints.djreprints.com/1341970908457.html
Joe
__
Do you Yahoo!?
New and Impr
Hi,
Is that possible to get full internet routing table
without help from upstream ISP? or is there anyway to
get some backbone network's internet routing table
directly?
thanks
Joe
Send instant messages to your online friends http://asia.messenger.yahoo.com
Hi,
is there any statistics on aggregated VoIP signaling
bandwidth and aggregated VoIP data bandwidth? eg. if
we monitored there is 2Mbps(average) traffic on VoIP
signaling protocol ports ( including SIP, H.323,
MGCP), how could we estimate average VoIP data
bandwidth?
Joe
Thanks for the response.
>
> You want to optimize for the lowest monetary cost
> network that still allows you
> to meet all the SLA's you've negotiated. And this
> depends on what you
> negotiated - for instance, if the SLA specifies 3
> 9's of reliability, spending
> money to build a 4 9's ne
Hi,
this may be a OOO..LD topic which is talked, discussed
or agrued for year. ISP networks may need to be
optimized continuously. But, it seems people have
different view of optimization when they use this word
at different place; sometimes optimization means
adding more access router, add more
hi,
>
> Christopher L. Morrow wrote:
>
> >>which can't really tell bittorrent (or ssh or aim
> or...) over tcp/80 from
> >>http over tcp/80... I think Joe's looking for
> something that knows what
> >>protocols look like below the port number and can
> spit out numbers for
> >>that... these, it
Hi,
As I know there is tools designed to analyze VoIP
traffic, but for viewpoint of traffic management this
is not enough. Is there tool which could classify
network traffic to its applications?
e.g. the tools catch network traffic and recognize its
application type automatically. If 80% of (80/
Hi,
How could load on multiple BGP peer links be balanced
automatically?
The situation we are facing:
---|
| Service provider|
| |
--R1R2---
|\
Hi,
How can I contact Arbor's technical support enigneer?
Joe
Send instant messages to your online friends http://asia.messenger.yahoo.com
Hi,
Beside monitoring in/out traffic on each egress
links, is there a tool which could provide a summary
bandwidth utilization on two or more router
interfaces?
thanks
Joe
__
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions
AIL PROTECTED]> wrote:
> Hi Joe,
>
> Joe Shen wrote:
> > Hi,
> >
> > Using netflow based monitor tool, I noticed there
> is a
> > lot of traffic on 8094/UDP and 4662/TCP( both
> exceed
> > 1Gbps, and exist all the time)
> >
> >
> >
Hi,
Using netflow based monitor tool, I noticed there is a
lot of traffic on 8094/UDP and 4662/TCP( both exceed
1Gbps, and exist all the time)
What application use that port? Is there any P2P
application use UDP as transportation protocol?
thanks in advance.
Joe
Hi,
I'm very interested in technical solutions of ISP
based (D)DOS solutions. Where can I find
document/information on it?
thanks.
Joe
Send instant messages to your online friends http://asia.messenger.yahoo.com
Hi,
>
> Only if you wish to do all your other customers a
> disfavour
> by configuring your caching servers to support a
> private
> namespace then yes.
>
The problem is chinese domain name is hosted and could
be registered by people around.
So, we just have to enable
Hi,
Some of our customer complaint they could not visit
back to their web site, which use chinese domain name.
I google the net and found some one recommend to use
public-root.com servers in hint file.
I found domain name like xn--8pru44h.xn--55qx5d could
not be resolved either.
Our cache ser
Hi,
thanks for the help.
>
> Because IPv6 aware nameservers make queries
> for the
> IPv6 addresses of the nameservers and as a result
> see the
> NXDOMAIN / CNAME. The IPv4 only nameservers don't
> make
> these queries, as a matter of practice, and only
> see the
Hi,
I met a strange problem with my cache server, which
runs BIND9.3.1.
In past days, our customers complaint that three
domain names (www.hangzhou.gov.cn, www.zpepc.com.cn)
could not be resolved frequently. I checked on the
cache server and found, when the cache server could
not resolve www.han
ay be type of attack. If we only rely on
cacheing to remove paient of CPU time, cache server
load will be increased. So, what I'm tryting to ask
is , is there some mechanism proposed to deal with
such problem? BIND is just a sample.
joe
--- Paul Vixie <[EMAIL PROTECTED]> wrote:
&
Sorry to attach the "rndc stats" result.
I run "rndc stats" continuously( interval is less than
2 seconds), it's shown:
success 17950622
referral 225680
nxrrset 1691861
nxdomain 11203490
recursion 3648017
failure 1363923
...
--- Statistics Dump --- (1116319437)
+++ Statistic
Sorry to attach the "rndc stats" result.
I run "rndc stats" continuously( interval is less than
2 seconds), it's shown:
success 17950622
referral 225680
nxrrset 1691861
nxdomain 11203490
recursion 3648017
failure 1363923
...
--- Statistics Dump --- (1116319437)
+++ Statistic
Hi,
thanks for your help.
I noticed that the requests of those non-exist domain
name disappeared yesterday. But the NXDOMAIN record in
named.stats keep increasing. ( see attachment)
I'm using BIND9.2.5 & BIND9.3.1 on two Solaris box,
each box has two CPUs installed. it's found BIND8.4.6
running
Hi,
In past days I noticed the nxdomain statistics in
named.stats keeps increasing.( I run it every 5 min)
By tcpdump, it's found a remote computer keep asking
address for record like
999d38e693b9e6293b450.0existence.com,
60d38e693b9e6293b450.0be6c1xfa.net.
is that a virus affacted computer?
Hi ,
currently, I run named with -f option. As named is
started at system boot time, a starting up script hang
around console is a possible problem for system
administration & security.
Is there any configurable watchdog of BIND server
deamon? E.g. once it found named is down, it will
shutdown
e traffic should be carried at the best
performance/cost rate.
joe
--- Suresh Ramasubramanian <[EMAIL PROTECTED]>
wrote:
> Local telco concerned about voip eating into their
> revenues, and wants
> to push through legislation or something? :)
>
> On 4/27/05, Joe Shen <[E
Hi,
we want to collect statistics in our backbone
networks.
Is there any good method to this? is there any product
for this ?
Joe
_
Do You Yahoo!?
嫌邮箱太小?雅虎电邮自助扩容!
http://cn.rd.yahoo.com/mail_cn/tag/10m/*http://cn.mail.yahoo.com/event/10
Hi,
maybe this is an OLD topic, but the problem is "what
is security? " or "how to define a secure internet
access service ". E.g. should ISP respond for managing
application transmitted across its backbone? if so,
how to define "standard" appliation model while
keeping internet a flexible platfo
thanks.
> No, because both routers are reached through the
> same L1/L2 medium, so
> Quagga can't use link-state to determine
> reachability of the next-hop.
> You could fix that by getting rid of the switches,
> and just having a bunch
> of router interfaces facing two Ethernet interfaces
> on
Hi,
I'm trying to set up a anycast DNS server farm for
customer service. In order to improve availability, we
plan to install those servers in
one LAN which has the similar structure like :
server-(1,3)---switch1---router-1---(outside)
|
|
server-(2,4)---switch
Yes. Can I do this on a Linux box without having to
install Zebra BGP on it?
Joe
>
> Something like this?
>
> [EMAIL PROTECTED] root]# lft www.level3.net -A
>
> Tracing .
>
> TTL LFT trace to Level3.com (209.245.19.41):80/tcp
> 1 [AS24730] amsterdam-c1-f1.prolo
Hi,
maybe this is a OLD question. But, where can I get a
traceroute program which can show ASN beside each hop
IP address?
I know router with full BGP routes could traceroute
with ASN, but can a linux box do the same?
thanks
Joe
__
Do You Yah
Hi,
I'm trying to identify how an AS is interconnected
with other ASes. For example, I can access our border
router which has BGP run, and I want to know how
another AS ( e.g. 1234 ) is connected to internetwork
( e.g. as1234 interconnects with as1235, as1236,
as1345 ).
How can I do it?
Hi,
>
> you aren't distinguishing between 'dos attack' and
> 'scan' or 'probe' or
> 'welcome to the Internet!' traffic. The Arbor
> systems may see 'scan'
> traffic (depending upon sample rates and traffic
> loads) and they may
> not... They aren't designed to see that, they are
> designed to:
Hi,
> It frightens me that you're sitting on 11Gb/s+ and
> unable to utilize
> existing toold to determine what is within profile
> for your network and
> what is not.
That what makes me think it's not possible to
determine "legal" traffic model by available tools.
The total BW keeps increasi
Hi,
I use flow-tools to monitor the link bandwidth
utilization on three backbone interfaces. The total
bandwidth utilized is about 11Gbps, and netflow data
is analyzed to show statistics on some special port
(e.g. port 0, port 445 etc.). I think this could give
us some indication of possible DoS
Hi,
is there any recommended method to measure overall
network availability?
Currently we use packet loss rate as indication of
network availability, but to my understanding this
just means the possiblity of e2e communication degrade
but not the network availability.
regards
Joe
I don't think PPLB is compatible with anycast esp. in
situation when we consider end-to-end communication
with multiple packets.
As PPLB may derive to out-of-sequence between TCP
pacekets & different DNS server destination of the
same UDP stream, it will broke anycast DNS service in
some situa
Hi,
That's what I want to discuss about. The paper gives a
very detailed explanation on anycast with OSPF_ecmp,
and what I want to know is:
is there anything not included in it but must be
considered carefully when anycast cache server farm is
to be established in MAN ?
Will there be any prob
My question:
I noticed that people always talked about BGP when
they talked about anycast dns server farm.
But, is there any problem or anything must be taken
care about when anycast is employed within a DNS
server farm within MAN?
What I mean is, if we want to employ anycast in a
cache serv
Thanks for all your reply.
My situation is not to apply QoS policy to those
application but to get statistics of applications.
According to netflow records, the traffic across our
egress interface has port number range from 11 to
65534 , there is record for port 0!
So, what are those applicatio
Hi,
I'm trying to identify applications which generate
those traffic on our border routers. I use sampled
netflow as data source and some flow-tools as
analizer.
Currently, I use (protocol, port_number) as indicator
of application. Referring to rfc on wellknown protocol
and port allocation, I
Hi,
I'm looking for information on backbone/PoP topology
.
To my memory there is a web has a lot of topology
graphs but I can't call it.
Could anybody do some help?
thanks
Joe
__
Do You Yahoo!?
Log on to Messenger with your mobile phone!
ht
Hi,
Is there any tool to monitor BGP route stablity?
thanks
Joe
__
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com
Hi,
I'm trying to analize our egree router traffic by
using flow-tools and CUFlow.
There are three edge routers: two Juniper M160 and one
Cisco GSR. All of them are set up to sample outgoing
interfaces.
With Juniper M160, I set up forwarding-option as:
=
forwarding-
Hi,
We plan to set up netflow analysis in our backbone.
It's hoped to be able to track communication demand
inside our AS as well as our AS and other ASes. It
also expected to be able to support route optimization
and to detect abnormal network behavior .
And, report generation is needed too.
Hi,
Is there similar problem existing with sending email
to email server inside china?
maybe you could check end-to-end delay and packet
loss rate.
Another method, ask your customer to cut the
attachment to several parts and send them seperately.
Joe
--- Lou Laczo <[EMAIL PROTECTED]
o Blocking VoIP ( H.323) ?
> >
> > On Thu, 11 Nov 2004, Robert Mathews wrote:
> > >
> > >
> > > To Joe Shen:
> > >
> > > Perhaps 'I am failing to see it' but, what can
> be gained by blocking VoIP
> > > traffic other than freeing bandw
Hi,
How could it be done to block VoIP at access router?
I've thought about using ACL to block UDP port
1719,but this could be overcome by modifying protocol
port number.
regards
Joe
__
Do You Yahoo!?
Log on to Messenger with your mobile phon
> On Fri, 15 Oct 2004 00:14:11 -0800, Joe Shen wrote:
> >|-(ADSL)\
> > customer/
> --Edge_router---...---Japan Server
> > \-(100Methernet)-/
>
>
> it is probably worth doing an experiment, by placing
> a target h
Hi,
I googled with "CCR" but it seems nothing useful in 5
pages. Would you please do me a favor to give the URL
of that tool ?
I tried to set up MRTG monitoring Unishpere BRAS 1400
and M160, but I failed with data collection because
wrong OID used ( CPU, mem, tempreture, BW etc ) :-(
regards
I read document of these tools and find they work with
Cisco products. But, how about Juniper M160 or M320,
Unishpere's BRAS products? Where can I find Juniper's
OID on its tempreture, chassis, CPU, bandwidth ? Does
anyone have a running configuration for M160 or
Unishpere's BRAS products?
On
>
> It's generally a bad idea to turn of ethernet
> autonegotiation unless
> the equipment at the other side doesn't support it.
>
Yes, we've checked the configuration, both access
router interface and customer's ethernet interface are
forced to be (100Mbsp, full duplex). And, there is no
CRC
Hi,
the network path is:
|-(ADSL)\
customer/ --Edge_router---...---Japan
Server
\-(100Methernet)-/
So, from edge_router to Japan server the path is
identical.
>
> There is something wrong with both scenarios.
>
> A 5 Mbyte file is 40 megabits. W
Hi,
I met a question with upload speed and network access
speed.
One of our customer lease two lines from us. One is
2Mbps ADSL line the other is 100Mbps fiber ethernet
link. The customer needs to upload files to server in
Japan usually. Now, the customer complaint that the
upload speed of A
Hi,
I'm , but I met some questions when reading those
paper from ISC on F-root anycasting.
1. As it's descripted in J.Abley's paper, DNS server
in anycast group should be configured with a real IP
on its NIC and one or two service IP on loopback
interface(s). BIND listen on both real IP and serv
Hi,
I just received an email from one of my friends and he
told me http://www.hriders.com/ is providing free 10GB
email box for subscribers.
Is that crazy in competition of BIG size free email
account?
Joe
__
Do You Yahoo!?
Log on to Messenger wi
Hi,
We want to analize log from Cisco and Juniper Router
and switch periodically.
We have set up a Solaris box to collect all those log
generated by Juniper router ,Cisco Router , cisco
L2/L3 switch. But, we found log file format diverse
greatly even between Cisco products.
Is there any good t
Is that a variant of Nachi B. ? The source address may
be generated.
joe
--- Robert Scott <[EMAIL PROTECTED]> wrote:
>
> The University of Central Florida has seen a sudden
> jump in tcp 445
> denies. It began a little after 9:00 AM EDST. New
> Worm?
>
> I am denying about 32 thousand packet
There has been some public available software for
backing up Cisco router configuration.
The backup is not in CVS but in plain file.
Joe
--- Alexei Roudnev <[EMAIL PROTECTED]> wrote:
>
> Hmm, there are many approaches, starting with _what
> is primary_ (in Moscow's
> ISP files was prima
Hi,
Is there any free tools or methods to measure SMTP
performance and email service quality between two
email server ?
Is there any implementation of message track?
thanks
Joe
--- "Hosman, Ross" <[EMAIL PROTECTED]>
wrote:
>
> I've gotten a few emails asking why we are doing
> this.
>
>
In those network administration software it seems
configuration management, e.g. periodic backup,
integrity checking etc, is not covered. Is that
possible to include this ?
Joe
--- Philippe Ombredanne <[EMAIL PROTECTED]> wrote:
>
> If you are in the San Francisco Bay Area, you can
> join us
Hi,
we do not sniffing the Gbps ethernet link, and the box
I mentioned in previous message is not oversubscribed
at all. In fact, the 10Gbps switch is newly installed
and only two link connected ( one to catalyst6509, one
to firewall).
Anyway, thanks for your analysis and I want to know
what's
Hi,
I'm using Harbour 10G lay3 switch which interconnects
a Catalyst6509 and a Foundry switch. the
interconnecting lines are all 1Gbps ethernet (1000Gb
LX).
Catalyst6509Harbour 10G switchFoundry
Switch---Firewall
the firewall and harbour interconnect at layer 3.
We noticed there is
What does "find" in the report mean? no lookup
timeout or no out-of-sync?
Joe
--- Daniel Roesen <[EMAIL PROTECTED]> wrote:
>
> DNS WEATHER REPORT for selected infrastructure zones
>
> Issue 2004-09-07
>
> Zones analyzed and their SOA
Hi,
I'm woring with QoS level analysis in ISP networks.
But I don't know where could I find infomation on the
following questions:
1. Is there a list of ISPs providing QoS in their
networks?
2. Where could I find detailed infomation on QoS level
parameters in those ISPs who do QoS?
e.g.,( e2e
environment? esp. in DiffServ network
5. Is there any possible security problem in a QoS
enabled network?
6. How could we optimize network architecutre
according to QoS policy?
Each word will be highly appreciated.
Joe Shen
__
Do You Yahoo!?
Download
it been since you have used it?
> What browsers were you using?
>
> I have had a few issues but they have all been
> resolved so Im unsure as
> to were your problems stem from.
>
> Just curious.
>
> Andre
>
> On Thu, 2004-08-19 at 02:28, Joe Shen wrote:
>
Gmail seems to be in Beta stage. I got a Gmail account
months ago, but I do not use it by now.
The reason is it does not solve two bugs I met.
The first is, after logining into gmail it will prompt
with "Ooops, the system was unable to perform your
operation. Please try again in a few seconds" if
Hi,
> > in situation of DoS attack or situation of high
> > session rate;
>
> Routers with hardware based access lists. No
> problem.
What I'm not sure about ACL on router is, how to
survive DNS server under DoS/DDos attack. We suffered
from DoS attack last year, and we found the source IPs
of
Hi,
thanks for your help on my question.
After reading carefully those comments, I reach the
following conclusion:
1. ISPs use firewall to protect their DNS server;
2. ACL on router may be a good solution for protecting
DNS servers, the policy could be "only pass those
packets, whose originat
Hi,
We are trying to extend our DNS service system in near
future. In current stage, it consist of 2 SUN FIRE
Server with Solaris8 and BIND9 installed. Each server
is configured with a IP address which is known to our
customers. The DNS server is set up as Cache Server
because it only servers our
Hi,
>The paper doesn't pass any judgement on types of lookups, but obviously
>not all DNS lookups are equal from the end user perspective.
In our observation, looking for IP address consists 70% of our cache server load,
MX consists of 14% and PTR only occupies 5%. And, on the other hand, the
1 - 100 of 111 matches
Mail list logo
