Re: Bind open to query from anyone

2009-01-06 Thread John Wobus
As you suspect, this is a bad idea. Those who cannot query the server cannot poison the cache using the loopholes in the DNS protocol, i.e. put false data in your nameserver for names like www.google.com, www.yahoo.com, etc. There can be other impediments to poisoning the cache in this manner, bu

Re: Using bind 9.5.0 with Active directory

2009-01-06 Thread Rob Austein
No obvious reason why it shouldn't work with ms-subdomain. Next step is probably a protocol trace to see what's happening on the wire. wireshark/tshark is pretty good for this kind of analysis. Probably best to run named with -g while you're doing the trace and capture the output as well (if you

Re: split view dns, with a shared dynamic zone?

2009-01-06 Thread Paul B. Henson
On Mon, 5 Jan 2009, Adam Tkac wrote: > Btw setup with slave zone in second view is described in FAQ as well: > - https://www.isc.org/faq/bind > - Configuration and Setup Questions -> "How do I share a dynamic zone > between multiple views?" Cool, thanks for the pointer. I searched with google and

Re: error compiling bind 9.5.1 with static

2009-01-06 Thread mingdawang
Thank you for your reply! I installed libcap 1.97 with source code, and copied libcap.a to the /lib directory. Then reinstalled bind9.5.1 with configure. Everything seems OK. On 1/6/09, JINMEI Tatuya / 神明達哉 wrote: > > At Mon, 5 Jan 2009 19:52:54 +0800, > mingdawang wrote: > > > > [1.1 ] > > > I

Re: General performance

2009-01-06 Thread Sam Wilson
In article , Stephane Bortzmeyer wrote: > On Tue, Dec 23, 2008 at 08:36:36PM -0800, > Scott Haneda wrote > a message of 35 lines which said: > > > First, if I learn it is in fact true that all 50K zones will be > > identical, is there any reason to make 50K zone files? > > No. > > > Is it

Re: Bind open to query from anyone

2009-01-06 Thread Stephane Bortzmeyer
On Mon, Jan 05, 2009 at 03:15:36AM -0800, Chris Henderson wrote a message of 12 lines which said: > That is, any one can use my name server to query any host name, > eg. www.google.com, www.yahoo.com etc. Is this a bad idea? Yes, very bad. See RFC 5358 __

Re: dnsperf and BIND memory consumption

2009-01-06 Thread Doug Barton
Danny Mayer wrote: > Doug Barton wrote: >> You'd have to dig into the source and really understand what's happening >> now vs. what was happening before in order for me to answer this >> question, and by the time you had done that work I would not need to >> answer this question for you. :) > > Yo