Everyone got BIND updated?
http://arstechnica.com/security/2015/08/exploits-start-against-flaw-that-could-hamstring-huge-swaths-of-internet/
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Tue, Aug 04, 2015 at 10:03:33AM -0400,
Jay Ashworth j...@baylink.com wrote
a message of 6 lines which said:
Everyone got BIND updated?
For instance by replacing it with NSD or Unbound?
On Tue, Aug 04, 2015 at 10:03:33AM -0400,
Jay Ashworth j...@baylink.com wrote
a message of 6 lines which said:
Everyone got BIND updated?
For instance by replacing it with NSD or Unbound?
Or doing something better like not just replacing one evil with another,
and instead moving to a
So, you guys recommend replace Bind for another option ?
-Mensagem original-
De: NANOG [mailto:nanog-boun...@nanog.org] Em nome de Joe Greco
Enviada em: terça-feira, 4 de agosto de 2015 12:01
Para: Stephane Bortzmeyer
Cc: nanog@nanog.org
Assunto: Re: Exploits start against flaw that
On Tue, Aug 4, 2015 at 10:17 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote:
On Tue, Aug 04, 2015 at 10:03:33AM -0400,
Jay Ashworth j...@baylink.com wrote
a message of 6 lines which said:
Everyone got BIND updated?
For instance by replacing it with NSD or Unbound?
always great to jump
On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms khe...@zcorum.com wrote:
With the (large) caveat that heterogenous networks are more subject to
human error in many cases.
coughautomate!/cough
On Aug 4, 2015 9:25 AM, Joe Greco jgr...@ns.sol.net wrote:
So, you guys recommend replace Bind for
On Tue, 04 Aug 2015 15:06:36 -, Leonardo Oliveira Ortiz said:
So, you guys recommend replace Bind for another option ?
The *good* recommendation is to get some onboard security clue, and
learn procedures to mitigate the inevitable exploits against flaws in
infrastructure software.
Automation just means your mistake goes many more places more quickly.
On Aug 4, 2015 9:38 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:
On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms khe...@zcorum.com wrote:
With the (large) caveat that heterogenous networks are more subject to
human
On Tue, Aug 4, 2015 at 11:06 AM, Leonardo Oliveira Ortiz
leonardo.or...@marisolsa.com wrote:
So, you guys recommend replace Bind for another option ?
The humorous thing is that the security researcher who showed the
recent bind9 error (note: it isn't a vulnerability or a hack, it's
just a way to
So, you guys recommend replace Bind for another option ?
No. Replacing one occasionally faulty product with another occasionally
faulty product is foolish. There's no particular reason to think that
another product will be impervious to code bugs. What I was suggesting
was to use several
With the (large) caveat that heterogenous networks are more subject to
human error in many cases.
On Aug 4, 2015 9:25 AM, Joe Greco jgr...@ns.sol.net wrote:
So, you guys recommend replace Bind for another option ?
No. Replacing one occasionally faulty product with another occasionally
Darden, Patrick patrick.dar...@p66.com writes:
So, obviously, MPTCP can cause problems with Stateful Firewalls (as
in asymmetric routing, out of state packets, etc.). Cisco's take on
how to deal with MPTCP is just as interesting as MPTCP itself is.
...
It's not so much the statefulness of
Den 04/08/2015 19.18 skrev Christopher Morrow morrowc.li...@gmail.com:
On Tue, Aug 4, 2015 at 12:51 PM, Baldur Norddahl
baldur.nordd...@gmail.com wrote:
On 4 August 2015 at 18:48, Joe Greco jgr...@ns.sol.net wrote:
However, the original point was that switching from BIND to Unbound
or
I can also suggest you the Multi-Fiber-Tool from Solid Optics:
http://www.solid-optics.com/tools/multi-fiber-tool/so-multi-fiber-tool-id1768.html
Works great but I've never tested it with an Mac ... MacOS is at least listed
as supported.
Best regards
Jürgen Jaritsch
Head of Network
Automation just means your mistake goes many more places more
quickly.
and letting people keep poking at things that computers should be
doing is... much worse. people do not have reliability and
repeat-ability over time.
i love the devops movement; operators discover that those computers
I don't live in a new suburban community with modern utilities. Well, the 50
year-old water main on my street was replaced about 10 years ago. We haven't
suffered major flooding like UCLA experienced last year. My house was built in
1930. Much of that telco copper is pushing 70 years old or
On Tue, Aug 4, 2015 at 4:53 PM, Randy Bush ra...@psg.com wrote:
i love the devops movement; operators discover that those computers can
be programmed. wowzers!
Maybe we can give them a new title. I'm thinking, System Programmer.
With the (large) caveat that heterogenous networks are more subject to
human error in many cases.
Indeed. Everything comes with tradeoffs. More intimate familiarity
with the product and a uniformity of deployment strategy has made it
more practical here to stick with BIND; an update is a
I don't disagree, but automation usually protects against typing errors, it
doesn't protect against incorrect configurations. Using multiple vendors
or server software means that your people have to know all of the systems.
There are many cases where, for example, a Cisco like CLI will make a
On Tue, Aug 4, 2015 at 9:39 AM, Mark Andrews ma...@isc.org wrote:
In message 9c2aca5a-755d-4fcf-8491-745a1f911...@puck.nether.net, Jared
Mauch writes:
I recommend using DNSDIST to balance traffic at a protocol level as you
can h=
ave implementation diversity on the backside.=20
I can
- Original Message -
From: Scott Helms khe...@zcorum.com
On Aug 4, 2015 9:38 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:
On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms khe...@zcorum.com
wrote:
With the (large) caveat that heterogenous networks are more
subject to
In message 9c2aca5a-755d-4fcf-8491-745a1f911...@puck.nether.net, Jared Mauch
writes:
I recommend using DNSDIST to balance traffic at a protocol level as you can h=
ave implementation diversity on the backside.=20
I can send an example config out later for people. You can balance to bind N=
On 4 Aug 2015, at 23:21, Christopher Morrow wrote:
and letting people keep poking at things that computers should be
doing is... much worse. people do not have reliability and
repeat-ability over time.
I've personally never come across an accidental route hijack (of the
subset of which I
On Tue, Aug 4, 2015 at 12:51 PM, Baldur Norddahl
baldur.nordd...@gmail.com wrote:
On 4 August 2015 at 18:48, Joe Greco jgr...@ns.sol.net wrote:
However, the original point was that switching from BIND to Unbound
or other options is silly, because you're just trading one codebase
for another,
On 4 August 2015 at 18:48, Joe Greco jgr...@ns.sol.net wrote:
However, the original point was that switching from BIND to Unbound
or other options is silly, because you're just trading one codebase
for another, and they all have bugs.
It is equally silly to assume that all codebase are the
On Aug 3, 2015, at 10:09, Matthew Black matthew.bl...@csulb.edu wrote:
I ran a few Google searches and came across a trove of complaints against
Frontier. Seems they are far worse than GTE/Verizon. On the few occasions I
have called for FIOS support, always reached someone knowledgeable
Hi Jared,
On 4 Aug 2015, at 12:00, Jared Mauch wrote:
I recommend using DNSDIST to balance traffic at a protocol level as
you can have implementation diversity on the backside.
I can send an example config out later for people. You can balance to
bind NSD and others all at the same time :-)
On Tue, Aug 4, 2015 at 11:46 AM, Scott Helms khe...@zcorum.com wrote:
Automation just means your mistake goes many more places more quickly.
and letting people keep poking at things that computers should be
doing is... much worse. people do not have reliability and
repeat-ability over time.
hi ya
On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms khe...@zcorum.com wrote:
With the (large) caveat that heterogenous networks are more subject to
human error in many cases.
coughautomate!/cough
...
On 08/04/15 at 12:21pm, Christopher Morrow wrote:
On Tue, Aug 4, 2015 at 11:46
On Tue, 04 Aug 2015 15:54:53 -0400, Barry Shein said:
Wow this thread went off-track in nanoseconds.
So which bind versions are ok?
This week's.
pgpakL0r72_lt.pgp
Description: PGP signature
On 4 Aug 2015, at 15:54, Barry Shein wrote:
Wow this thread went off-track in nanoseconds.
So which bind versions are ok?
9.10.2-P3 is marked current stable, and 9.9.7-P2 is marked
current-stable ESV at:
https://www.isc.org/downloads/
The bind-users is probably a place where this kind
On Wed, Aug 05, 2015 at 02:39:18AM +1000, Mark Andrews wrote:
In message 9c2aca5a-755d-4fcf-8491-745a1f911...@puck.nether.net, Jared
Mauch writes:
I recommend using DNSDIST to balance traffic at a protocol level as you can
h=
ave implementation diversity on the backside.=20
I can
On Tue, Aug 04, 2015 at 01:48:56PM -0400, Joe Abley wrote:
Hi Jared,
On 4 Aug 2015, at 12:00, Jared Mauch wrote:
I recommend using DNSDIST to balance traffic at a protocol level as you
can have implementation diversity on the backside.
I can send an example config out later for people.
Wow this thread went off-track in nanoseconds.
So which bind versions are ok?
-b
So, obviously, MPTCP can cause problems with Stateful Firewalls (as in
asymmetric routing, out of state packets, etc.). Cisco's take on how to deal
with MPTCP is just as interesting as MPTCP itself is.
I recommend using DNSDIST to balance traffic at a protocol level as you can
have implementation diversity on the backside.
I can send an example config out later for people. You can balance to bind NSD
and others all at the same time :-) just move your SPoF
Jared Mauch
On Aug 4, 2015, at
I can attest to the quality of the Flexbox. It is fantastic! All of our
employees have Mac's and they work great.
Originally you had to use Java in FireFox to make it work, but they now
have a Chrome app that works in Chrome which is even easier (don't have
to get the right Java version loaded
Anyone from dropbox please contact
n...@fiberinternetcenter.com
Multiple peering session - peering sessions are up/established - prefixes
are received - but no website and customers complaining to us.
Thank You
Bob Evans
CTO
As someone who once hosted TLD zones in a way that a query to a
particular nameserver could be answered by either NSD or BIND9, my
advice would be don't do that. You're setting yourself up for
troubleshooting hell.
for some folk, complexity is a career. i worked for circuitzilla
for 15
On Tue, Aug 04, 2015 at 12:00:32PM -0400, Jared Mauch wrote:
I recommend using DNSDIST to balance traffic at a protocol level as you can
have implementation diversity on the backside.
Here's an example dnsdist config you might find helpful:
This sends queries to the first two
40 matches
Mail list logo