Re: BIND and UDP tuning

2018-10-01 Thread Shaun 
Hi Alex,

On Mon, 1 Oct 2018 12:51:46 -0400
Alex  wrote:

> I believe I said as many as 500 qps, but I believe that's wrong. It's
> more like a sustained 200 q/s.

One other thing you might double check is whether or not any consumer
equipment (cable modem, router) has a firewall setting that could be
interfering.

My newest router came with a built-in DDOS protection feature, which
caused me some difficulty with UDP applications until I disabled it. The
default threshold for UDP was something like 200 or 300 pps. The manual
isn't clear on how the "protection" works, but I assume it starts
dropping packets on the floor when the threshold is exceeded. I turned
off that feature and the problem went away.

Apologies if you've already looked into this; long thread and I'm
jumping in late.

-s
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

delv 9.16.0, failed to add trusted key '.': ran out of space

2020-02-28 Thread Shaun via bind-users 
Hi,

The 9.16.0 version of delv seems to have trouble reading the root trust
anchor from the bind.keys file. I'm seeing this in multiple environments,
CentOS 6.10 and FreeBSD 11.3:

[user@host ~]$ delv -v
delv 9.16.0
[user@host ~]$ delv isc.org
;; /etc/bind.keys:31: failed to add trusted key '.': ran out of space
;; setup_dnsseckeys: failure

Attempting to rule out a problem with my local bind.keys, I grabbed a
fresh copy, but delv produces the same output:

[user@host ~]$ wget -qO /tmp/bind.keys.916 
https://gitlab.isc.org/isc-projects/bind9/raw/v9_16/bind.keys
[user@host ~]$ delv -a /tmp/bind.keys.916 isc.org
;; /tmp/bind.keys.916:31: failed to add trusted key '.': ran out of space
;; setup_dnsseckeys: failure

The above output is from CentOS but the behavior is identical on FreeBSD.
Has anyone observed delv 9.16.0 to work in these environments? Before
opening a bug I want to make sure I didn't goof something on my end.

Thanks,

Shaun
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: delv 9.16.0, failed to add trusted key '.': ran out of space

2020-02-28 Thread Shaun via bind-users 
On Fri, 28 Feb 2020 20:07:47 +
Tony Finch  wrote:

> Shaun via bind-users  wrote:
> >
> > The 9.16.0 version of delv seems to have trouble reading the root trust
> > anchor from the bind.keys file.
> 
> I see this too. The bug is that dns_client_addtrustedkey() has a buffer
> for parsing DNSKEY or DS records, but it's only big enough for DS.

Thanks for tracking this down! I've opened an issue in GitLab and
included your patch there.

Shaun
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Compile errors for Bind 9.16.1 on RHEL7.x and RHEL 6.X

2020-03-24 Thread Shaun via bind-users 
Hi Sandeep,

I encountered this on RHEL 6 and got past it by tweaking an environment
variable:

export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig

libuv places a meta file into that directory, and the configure script
needed a little hint to find it.

Shaun

On Tue, 24 Mar 2020 19:44:20 +
"Bhangui, Sandeep - BLS CTR via bind-users"  wrote:

> Hello
> 
> Trying to compile Bind 9.16.1 on RHEL 7.X and RHEL 6.X and getting compile 
> errors hopefully someone can point me in the right direction.
> 
> The download for the source code from the ISC site was done sometimes late 
> last week.
> 
> Configuration.
> 
> RHEL 7.X  and RHEL 6.X running on HP-BLADE physical server.
> 
> RHEL 7.X Kernel
> 
> Linux  3.10.0-1062.12.1.el7.x86_64 #1 SMP Thu Dec 12 06:44:49 EST 2019 x86_64 
> x86_64 x86_64 GNU/Linux
> 
> As far as I can tell has the libuv library packageis installed on this 
> RHEL 7.X machine.
> 
> sh-4.2# rpm -qa | grep -i libuv
> 
> libuv-1.34.0-1.el7.x86_64
> 
> 
> This is the configure error I getwhen I try to compileon the RHEL 7.X 
> machine.
> 
> checking for sched_setaffinity... yes
> 
> checking for pthread_setname_np... yes
> 
> checking for pthread_set_name_np... no
> 
> checking for pthread_np.h... no
> 
> checking for libuv... checking for libuv >= 1.0.0... no
> 
> configure: error: libuv not found
> 
> + exit 0
> 
> I am getting a similar error on RHEL 6.X machine but on that machine I do not 
> have the libuv package so that could explain that.
> 
> Please advise.
> 
> Thanks in advance.
> 
> Sandeep
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How do subdomains get discovered by adversaries?

2022-12-22 Thread Shaun Cummiskey via bind-users 
On Thu, 22 Dec 2022 05:19:46 +
Michael De Roover  wrote:

> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I have
> been seeing something that's been baffling me for quite a while now.
> Somehow there are services like c99.nl [1] and Criminal IP [2], which
> can enumerate various subdomains on a given target domain. I am
> confused as to how they can enumerate this information.

In addition to techniques others have mentioned, here are some
possibilities:

- TLS certificate issuance. When a CA issues a certificate, some data
about the cert and the associated hostname(s) is posted to public
certificate transparency logs. Based on the output of the c99 site, I
have a hunch this is where it gets much of its information.

- Passive DNS logs. A variety of orgs with access to enormous amounts of
network traffic are actively sniffing port 53 DNS traffic and logging
everything they see.

- Dictionary style enumeration. Some attackers (or "researchers") will
attempt to resolve many thousands of commonly-used hostnames in your
zone, recording which ones return RRs. If you have an authoritative BIND
server configured with the rate-limit {} option, these attacks will show
up in the corresponding rate-limit logging channel.

Shaun
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users