RE: Bind and blacklist IP file
-Original Message- From: bind-users-bounces+ian.t=thoughtbubble@lists.isc.org [mailto:bind-users-bounces+ian.t=thoughtbubble@lists.isc.org] On Behalf Of Nuno Paquete Sent: 11 October 2010 19:45 To: sth...@nethelp.no Cc: bind-users@lists.isc.org; uh...@fantomas.sk Subject: Re: Bind and blacklist IP file >Ok, but you can always browse by IP address and in this case there is no DNS server than can stop you from >browsing what you want. Vaguely related, are host headers - a lot of webservers share an IP address/many IP addresses and use host headers to 'display' the correct website. You wouldn't be able to browse a particular website hosted in this fashion, by IP address. Ian ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AXFR partially timed out
> > >I have a very strange problem with AXFR. We are using a master and a > > >secondary DNS Server with an internal and an external view. Depending > > >on the source address the secondary server will get the internal or > > >external view for zone transfer. > > > > > >Everything is working correct so far except only one specific zone file > > >won't get transferred. In the external view there are about 70 zones > > >defined. Every zone will get transferred except one and only one won't. > > >Therefor there can't be a problem with the firewall. > > > > > >Then I scaled down the seconday DNS server to just about 2 zones and > > >again: this specific zone file won't get transfered even the master > > >said "AXFR started" and "AXFR ended" for this particular zone. On > > >the secondary server I'll get "giving up: timed out". > > > Is the problem zone larger than the ones that are not a problem? If so > > it may be a MTU problem, or even a firewall that does things differently > > based on packet sizes. On 11.10.10 23:11, Beat Jucker wrote: > Indeed the trouble zone is about double the size of other zones. > Both DNS servers are Solaris boxes and comunicate by plain TCP (no VPN). > How can I check for MTU problem and how can I influence it? > > When I ask for the zone by dig utility everything is ok but not > when the zone get requested by named ... head scraping ... well, try in the following order: dig +notcp dig +tcp dig +notcp +bufsize=1480 dig +notcp +bufsize=1500 dig +notcp +bufsize=4096 that may tell you something... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and blacklist IP file
Hello Ian, Tue, 12 Oct 2010 10:54:19 +0100 "Ian Tait" wrote: >> Ok, but you can always browse by IP address and in this case there >> is no DNS server than can stop you from browsing what you want. > > Vaguely related, are host headers - a lot of webservers share an IP > address/many IP addresses and use host headers to 'display' the > correct website. > > You wouldn't be able to browse a particular website hosted in this > fashion, by IP address. If you know the website domain and the corresponding IP address and if your ISP prevents you from accessing this website by timing out or tampering DNS query results you can always put the entry like 192.168.10.20 www.domain.tld. to your hosts file and access the site. This technique is also in use when someone needs to access the site which is on a not delegated domains. -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
testing bounces please ignore
test ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AXFR partially timed out
On 10/11/2010 5:11 PM, Beat Jucker wrote: Is the problem zone larger than the ones that are not a problem? If so it may be a MTU problem, or even a firewall that does things differently based on packet sizes. Indeed the trouble zone is about double the size of other zones. Both DNS servers are Solaris boxes and comunicate by plain TCP (no VPN). How can I check for MTU problem and how can I influence it? look at: man ifconfig try setting the MTU to 1200 to see if the results are different. -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and blacklist IP file
On 10/12/2010 03:44 PM, Andrey G. Sergeev (AKA Andris) wrote: Hello Ian, Tue, 12 Oct 2010 10:54:19 +0100 "Ian Tait" wrote: Ok, but you can always browse by IP address and in this case there is no DNS server than can stop you from browsing what you want. Vaguely related, are host headers - a lot of webservers share an IP address/many IP addresses and use host headers to 'display' the correct website. You wouldn't be able to browse a particular website hosted in this fashion, by IP address. If you know the website domain and the corresponding IP address and if your ISP prevents you from accessing this website by timing out or tampering DNS query results you can always put the entry like 192.168.10.20 www.domain.tld. to your hosts file and access the site. This technique is also in use when someone needs to access the site which is on a not delegated domains. Even this way, you should know all the IP of subdomains to work properly. Try it for facebook, open homepage fine but once you login it will fail. Another thing, we are talking about a technical person, for other users they don't know about hosts file or they don't have access to change it even it they know about it. regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and blacklist IP file
In article , Alans wrote: > [ Norwegian Gov vs ISPs, banning domains, and inserting local host >entries to subvert such a ban ] > > Even this way, you should know all the IP of subdomains to work > properly. Try it for facebook, open homepage fine but once you login it > will fail. > Another thing, we are talking about a technical person, for other users > they don't know about hosts file or they don't have access to change it > even it they know about it. So there's a market opportunity for someone with half a clue to help out his "friends". Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
