Well I guess there WAS an assumption being made. I'll have to be more
careful next time. :-)
-Original Message-
From: Chris Thompson [mailto:[EMAIL PROTECTED] On Behalf Of Chris
Thompson
Sent: Friday, October 03, 2008 3:19 PM
To: Jeff Lightner
Cc: Linux Addict; bind-users@is
Sent: Friday, October 03, 2008 2:19 PM
To: bind-users@isc.org
Subject: Re: BIND Based Appliances.
"Jeff Lightner" <[EMAIL PROTECTED]> writes:
> ...
>
> If you feel it eases your administrative burden and want to use an
> appliance then more power to you. It seems
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Peter Laws
Sent: Friday, October 03, 2008 11:40 AM
To: bind-users@isc.org
Subject: Re: BIND Based Appliances.
Jeff Lightner wrote:
> If you're a Linux Addict why not just buy a couple of x86 servers
I didn't abuse you - I simply made a suggestion. Since I don't know you
I have know way of knowing your level of knowledge as it regards Linux
and BIND.
From: Linux Addict [mailto:[EMAIL PROTECTED]
Sent: Friday, October 03, 2008 10:33 AM
To: Jeff L
If you're a Linux Addict why not just buy a couple of x86 servers and
install Linux with BIND on top of it?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Linux Addict
Sent: Friday, October 03, 2008 9:37 AM
To: bind-users@isc.org
Subject: BIND Based Appl
If you don't have GNU Date you can convert epoch with Perl:
This little script can be used to do it:
epoch_converter.pl
#!/usr/bin/perl
print scalar localtime $ARGV[0];
print "\n"
# alternate all in one line command would be:
# perl -e 'print scalar localtime $ARGV[0];print "\n"'
# where epoch
I'm being asked to create a record to point one domain name at a
separate domain for which we have an SSL security certificate installed.
This is due to slight variation in zone names (e.g. primary is something
like cat.com and the other one is cats.com.) We are authoritative for
both domains.
Well the easy fix would seem to be to create /var/named/chroot/usr/etc
and put the rndc file(s) there. The whole point of chroot is to make
the chrooted directory seem to be "/" from the standpoint of the
chrooted application.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PRO
I think the OP was asking how to restrict queries so that they are
honored only by specific DNS servers. That can certainly be done as
we're doing it here.
The reason for doing this might be that there are "internal" DNS servers
(e.g. Windows DNS) that all the client workstations are supposed to
Actually there are a few things named will try to write into
/var/named/chroot/var/named (e.g. named.run is written there for tracing
when you turn it on with rndc).
However rather than giving global write to the directory I've found just
giving write permission to the user running named was suffi
PM
To: bind-users@isc.org
Subject: Re: Recursive queries fail if query source port is not fixed
* Jeff Lightner <[EMAIL PROTECTED]> [2008-08-14]:
> Can you run "rpm -qa |grep -i bind" to verify the version of BIND
> packages you have? That is I'm looking for the full ver
Can you run "rpm -qa |grep -i bind" to verify the version of BIND
packages you have? That is I'm looking for the full version you're
using and not just 9.3.4-P1.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Andrey G. Sergeev (AKA Andris)
Sent: Thur
You said you installed 9.3.4-P1.
Was the update you did from a repository updated after July 10th?
I believe July 10th is the day RedHat back ported the fix into 9.3.4-P1.
CentOS is a binary compile of RHEL sources so it seems the 9.3.4-P1
update you would need from CentOS repositories would ha
My guess is you have a firewall that is only allowing port 53 outbound.
Are you running iptables? If so does turning it off temporarily resolve
the issue? Is there a firewall/switch upstream from your server that
needs to be adjusted?
We're running RHEL 5 with 9.3.4-P1 and it works fine here wi
FC2 is really old so I don't know that anyone would have compiled
anything newer for it. Certainly not the Fedora main repositories.
You might want to see if Dag Weirs' site has it.
You'll probably have to download source and compile your own.
I'd recommend planning for installing something a lo
If it's a slave one way to force tests to it might be to temporarily
stop named on the primary so queries have to use the slave.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kevin Darcy
Sent: Tuesday, August 12, 2008 12:51 AM
To: bind-users@isc.org
Subj
Responses should probably be based on reading what the OP wrote.
"without using rndc" was in the question.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Matus UHLAR - fantomas
Sent: Tuesday, August 05, 2008 9:51 AM
To: bind-users@isc.org
Subject: Re: BI
Similarly the 9.3.4-P1 for RHEL5 was backported and tests "great".
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Evan Hunt
Sent: Sunday, August 03, 2008 12:40 PM
To: Karl Auer
Cc: BIND users
Subject: Re: Is 9.3.4-P1 OK?
> Anyway, my question: Is this e
Interesting. There's an EOL for this but it shows they're still
selling it through July 2008 and shipping through October 2008.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/
ps2031/prod_eol_notice0900aecd80731dec.html
Apparently it's still supported - you just haven't
On RHEL5 with kernel 2.6.18-92.1.6.el5 the results are OK with the -r but not
without (it failed at 1022 sockets without).
It makes me wonder though - does BIND (named) automatically do what the -r flag
of selecttest is doing? Does it matter whether named is running as root or a
different use
cache has been poisoned, would more than just
flushing the cache be needed to remove the badness? Other than the
obvious: upgrade to a safe version and disable recursing for that
audience.
Jeff Lightner wrote:
> Yep.
>
>
> Recursion and cache query are both prohibited from outside
59 PM
To: Jeff Lightner
Cc: Graeme Fowler; bind-users@isc.org
Subject: Re: DNS Exploit Attempts??
No worries. This particular "attack" isn't new...it's probably just
being used a lot more. It's testing for low hanging fruit to target. If
your recursion is open to the worl
30, 2008 at 12:46 PM, Graeme Fowler <[EMAIL PROTECTED]>
wrote:
> On Wed, 2008-07-30 at 13:08 -0400, Jeff Lightner wrote:
> > Someone had apparently posted on a Fedora forum that seeing the high
> > level of query cache denied was a sign of people trying the exploit
but
&g
On my RHEL5 box the way I insured neither cache lookups nor recursive
lookups would work for outsiders was modify named conf to have:
1) options section:
allow-query { internaldns; externaldns; };
allow-recursion { internaldns; externaldns; };
2) Create ACLs named internaldns an
Amen to that.
Also most of the companies that reported "no problems" with Y2k were
publicly traded and didn't there admit to any problems no matter how
small.
On Y2K the one project of the large Fortune 500 I worked for DID have
two problems (albeit minor ones). Given the amount of prep work we
;t
need it.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Matus UHLAR - fantomas
Sent: Monday, July 28, 2008 10:44 AM
To: bind-users@isc.org
Subject: Re: how to setup revdns for /16 subnet
On 28.07.08 09:13, Jeff Lightner wrote:
> I had an issue with usi
I had an issue with using dig to query my reverse lookups so had to
create separate entries in named.conf like:
# Special notation required for internet delegation (e.g. dig -x ...)
#
zone "192/27.84.44.12.IN-ADDR.ARPA" {
type master;
file "arpa.12.44.84";
allow-transfer {
27 matches
Mail list logo
