On 04/09/10 20:50, Alex wrote:
> Hi,
>
>> Let's be clear on what "this" is please, since I don't think the OP's
>> post was clear about what he wanted to implement. :)
>
> I'm really interested in security, reducing resources, and making sure
> the server is current with today's standards. I'd li
On Sat, Apr 10, 2010 at 01:08:16AM -0400, Joseph S D Yao wrote:
...
> I strongly recommend that anyone wanting some degree of security use
> look at the lists of IPv4 networks in RFC 5735/6/7 and the list of IPv6
> networks in RFC 5156. Decide which of those networks you want to block
> or blackho
On Fri, Apr 09, 2010 at 11:41:09PM -0400, Alex wrote:
...
> Ah,. I was expecting it to be a lot more involved than that, I guess.
...
It is. Do not expect to implement ANYTHING involving a "bogon" list
without it requiring CONSTANT MAINTENANCE.
The Bogon list as it is today has shrunk greatly f
Hi,
> Let's be clear on what "this" is please, since I don't think the OP's
> post was clear about what he wanted to implement. :)
I'm really interested in security, reducing resources, and making sure
the server is current with today's standards. I'd like to make sure
it's properly set up and th
Hi,
>> I think that's really designed for router ACL's.
>
> Not exclusively, hence
> http://www.cymru.com/Documents/secure-bind-template.html
Yes,. that's exactly where I found the reference, and have known about
it for years but only now want to try and make use of it to reduce any
load from the
In message , Barry Mar
golin writes:
> In article ,
> Mark Andrews wrote:
>
> > I would be asking operators of primary-dns.co.uk why they are
> > actively cache poisioning. They have not been delegated aaisp.net.uk
> > so they should not be serving aaisp.net.uk.
>
> They could be a stealth sl
In article ,
Mark Andrews wrote:
> I would be asking operators of primary-dns.co.uk why they are
> actively cache poisioning. They have not been delegated aaisp.net.uk
> so they should not be serving aaisp.net.uk.
They could be a stealth slave, hidden master, etc. There's no rule that
says th
From: ma...@isc.org [mailto:ma...@isc.org]
Sent: 09 April 2010 11:15 PM
To: Doug Barton
Cc: David Forrest; Steven Wilmot; bind-users@lists.isc.org
Subject: Re: CNAME Issue - Whether to use CNAME-data or Response-Flag
>>> I would be asking operators of primary-dns.co.uk why they are actively
cach
-Original Message-
From: Doug Barton
>>> I'll leave it up to the protocol experts to answer your question, but my
followup question is:
>> "what bad thing are you seeing happen because of this?"
A very minor side-effect (but one that I would like to understand the cause
of) is that w
Inline reply below
-Original Message-
From: David Forrest [mailto:d...@maple.maplepark.com]
Sent: 09 April 2010 9:28 PM
To: Doug Barton
Cc: Steven Wilmot; bind-users@lists.isc.org
Subject: Re: CNAME Issue - Whether to use CNAME-data or Response-Flag
>> Doug: I think it is a server error
See inline replies below
-Original Message-
From: Doug Barton [mailto:do...@dougbarton.us]
Sent: 09 April 2010 8:50 PM
To: Steven Wilmot
Cc: bind-users@lists.isc.org
Subject: Re: CNAME Issue - Whether to use CNAME-data or Response-Flag
>> When I try to resolve mail.wilmot.me.uk against
See inline replies below...
-Original Message-
From: David Forrest [mailto:d...@maple.maplepark.com]
Sent: 09 April 2010 7:53 PM
To: Steven Wilmot
Cc: bind-users@lists.isc.org
Subject: Re: CNAME Issue - Whether to use CNAME-data or Response-Flag
On Fri, 9 Apr 2010, Steven Wilmot wro
In message <4bbf91de.2070...@dougbarton.us>, Doug Barton writes:
> On 04/09/10 13:28, David Forrest wrote:
> >
> > Doug: I think it is a server error that is being reported because
> > the status is NXDOMAIN instead of the expected NOERROR.
>
> Well that's all you really had to say. :) I admit
In message , "Gordon
A. Lang" writes:
> Regarding my wild idea for synchronizing mulitiple dynamic masters..
> my idea is flawed.
>
> Evidently, the "allow-update-forwarding" only forwards to the MNAME
> configured in the SOA. I was thinking it forwarded to the masters
> configured in the conf
On 04/09/10 14:23, Kevin Oberman wrote:
> The FreeBSD default configuration does this,
Let's be clear on what "this" is please, since I don't think the OP's
post was clear about what he wanted to implement. :)
The default named.conf for FreeBSD implements local, empty zones for
various things tha
> Date: Fri, 9 Apr 2010 16:27:38 -0400
> From: Alex
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
> Hi,
>
> I'm interested in implementing an updated Cymru bogon list, but would
> like some examples on how best to do this. Much of my searching has
> resulted in old configurations t
On 09.04.2010, at 22:32, Bryan Irvine wrote:
I think that's really designed for router ACL's.
Not exclusively, hence http://www.cymru.com/Documents/secure-bind-template.html
I'm not sure what you'd do with regards to BIND or even why you'd want
to handle it there.
Well, for example for a
On 04/09/10 13:28, David Forrest wrote:
>
> Doug: I think it is a server error that is being reported because
> the status is NXDOMAIN instead of the expected NOERROR.
Well that's all you really had to say. :) I admit that I didn't catch
the NXDOMAIN bit when I looked at the dig output, I was fo
On 04/09/10 13:27, Alex wrote:
> Hi,
>
> I'm interested in implementing an updated Cymru bogon list,
Why don't you take a step back and let us know what you're trying to
accomplish first.
Doug
--
... and that's just a little bit of history repeating.
-- Prope
I think that's really designed for router ACL's.
Most reliable method might be to subscribe to their BGP feed.
I'm not sure what you'd do with regards to BIND or even why you'd want
to handle it there.
.
On Fri, Apr 9, 2010 at 1:27 PM, Alex wrote:
> Hi,
>
> I'm interested in implementing an
Hi,
I'm interested in implementing an updated Cymru bogon list, but would
like some examples on how best to do this. Much of my searching has
resulted in old configurations that weren't complete and seemed to
contain errors.
Where is the best place to go to find a template on how best to do
this?
This goes out of BIND topics so you may want to respond back to me personally.
What I get is:
us...@debian:~$ dig -x 212.106.31.50 +short
212-102-31-50.adsl.inetia.pl.
us...@debian:~$ dig 212-102-31-50.adsl.inetia.pl +short
us...@debian:~$
The host does not have A record and Postfix rejects say
When I try to resolve mail.wilmot.me.uk against my local resolver (which
happens to be BIND 9.6.2-P1 atm) I get the expected result:
host mail.wilmot.me.uk
mail.wilmot.me.uk is an alias for wilmot.me.uk.mail.aaisp.net.uk.
wilmot.me.uk.mail.aaisp.net.uk has address 81.187.30.19
wilmot.me.uk.mail.aa
HI,
Ustun Kaya wrote:
> I would suspect from Postfix behavior if you don't see any BIND
> timeout error around. By saying valid hostname, you don't mean ARPA
> records I suppose? Postfix rejects them depending on the configuration
> (reject_unknown_client, as a result of a search).
>
> And the er
I am currently in the middle of trying to troubleshoot a DNS issue that
seems to produce different results when using BIND and Microsoft DNS Servers
(This is also an open support-incident with both my ISP and Microsoft
Support)
What I am hoping is that somebody might be able to help point me i
Regarding my wild idea for synchronizing mulitiple dynamic masters..
my idea is flawed.
Evidently, the "allow-update-forwarding" only forwards to the MNAME
configured in the SOA. I was thinking it forwarded to the masters
configured in the conf file. Oh well. I guess we'll just have to
wait fo
Hi,
I have v9.4.2 running on Linux and I'm seeing a bunch of messages in
my mail logs like the following:
reject: RCPT from unknown[xxx.217.8.156]
Trying to later resolve this IP returns a valid hostname, so I'm
concerned that there is perhaps a timeout value that is too low for my
system, whic
27 matches
Mail list logo
