command channel protocol

2011-04-25 Thread Karl Auer
Hi all. This may be the wrong place to ask this, in which case I humbly request correction/redirection. Is the protocol used by rndc, the "command channel" protocol, defined or documented anywhere outside the sources to rndc/bind? We have a requirement that would be best solved by talking direct

shared KSK for static zone and dynamic subzone?

2011-04-25 Thread /dev/rob0
I feel like I am understanding the "how" of this DNSSEC stuff, but I'm not so sure about some of the "whys". This post is asking a bit of both. I've got a static zone, nodns4.us., which is now signed. It's the parent zone to dynamic.nodns4.us., a dynamic zone. Is there any reason why I can't u

Re: continous DNS query to ROOT DNS server

2011-04-25 Thread SM
At 11:33 25-04-2011, babu dheen wrote: Dears, I have DHCP server running in Windows Operating System(Windows 2003), i have configured forwarder towards gateway DNS server(running in redhat). When i check the firewall hits for DHCP server i can see, my DHCP server is sending too many DNS q

Re: continous DNS query to ROOT DNS server

2011-04-25 Thread Kevin Darcy
On 4/25/2011 2:33 PM, babu dheen wrote: Dears, I have DHCP server running in Windows Operating System(Windows 2003), i have configured forwarder towards gateway DNS server(running in redhat). When i check the firewall hits for DHCP server i can see, my DHCP server is sending too many DNS quer

continous DNS query to ROOT DNS server

2011-04-25 Thread babu dheen
Dears,    I have DHCP server running in Windows Operating System(Windows 2003), i have configured forwarder towards gateway DNS server(running in redhat).    When i check the firewall hits for DHCP server i can see, my DHCP server is sending too many DNS query towards ROOT DNS servers(192.175.48.

Re: strange queries in my DNS

2011-04-25 Thread Matthew Seaman
On 25/04/2011 13:30, Victor Hugo dos Santos wrote: > Yes.. I already readed about DNS amplifier attack.. but in > amplification attack, the query is about ".", but in my case, the > queries isn't by the "root", but for "unused type" No -- confusion of terms: '.' is the *root* of the DNS hiera

Re: dynamic update is not working for signed zone

2011-04-25 Thread Mark Andrews
In message , rams writes: > Hi, > When i do a dynamic update using nsupdate, i am unable to add record into > signed zone. > steps followed: > [root@stulcqacustbind2 muktha]# nsupdate > > server > > update add net.rameshnu.sun. 86400 IN A 1.2.3.4 > > send > update failed: SERVFAIL > > > > Bind l

dynamic update is not working for signed zone

2011-04-25 Thread rams
Hi, When i do a dynamic update using nsupdate, i am unable to add record into signed zone. steps followed: [root@stulcqacustbind2 muktha]# nsupdate > server > update add net.rameshnu.sun. 86400 IN A 1.2.3.4 > send update failed: SERVFAIL > Bind log: 25-Apr-2011 12:43:22.166 update: info: client i

Re: strange queries in my DNS

2011-04-25 Thread Victor Hugo dos Santos
On Fri, Apr 22, 2011 at 3:34 AM, Matthew Seaman wrote: Hello Matthew, > This is an attempt to use your DNS servers as a traffic amplifier in a > DoS attack.  By sending a spoofed query for the root '.' the attackers > cause your DNSes to send kilobytes of the root zone to the target IP > (208.10