Hi,
We are new to BIND and would like to implement RPZ in BIND. I have a following
queries with respect to RPZ in BIND.
Please help me on this.
1. Do you have basic example/steps to configure RPZ in Bind? ( I need couple
of examples like /etc/named.conf file and zone files
On Fri, Nov 18, 2011 at 11:57:51PM +, Spain, Dr. Jeffry A. wrote:
> I'd like to ask for clarification on the operational issue stated below.
> Suppose there are no current changes to an inline-signed master zone,
> i.e. myzone.db.signed timestamp is later than myzone.db timestamp. In
> this cir
I'd like to ask for clarification on the operational issue stated below.
Suppose there are no current changes to an inline-signed master zone, i.e.
myzone.db.signed timestamp is later than myzone.db timestamp. In this
circumstance, is it safe to stop and restart the bind service or reboot the
s
On 11/18/2011 11:48, Evan Hunt wrote:
>> Personally I have always thought that the perl script in contrib is
>> overly complex.
>>
>> #!/bin/sh
>>
>> while : ; do
>> /path/named -f
>> sleep 17
>> done
>
> That works, but note that it won't catch the problem if named hangs.
Right, but t
> Personally I have always thought that the perl script in contrib is
> overly complex.
>
> #!/bin/sh
>
> while : ; do
> /path/named -f
> sleep 17
> done
That works, but note that it won't catch the problem if named hangs.
Running it in xinetd works too, but same note.
--
Evan Hu
> Thanks, Evan. Can you also comment about the meaning of
> "BITWS=201502" at the beginning of the output of named-journalprint?
> Jeff.
That's the serial number of the unsigned version of the zone, as of the
last time the signed version was updated from it.
("BITWS" is an abbreviation for "
On 11/17/2011 13:24, Jeremy C. Reed wrote:
> Also what other types of nanny scripts do you use? (I already saw other
> emails with a few suggestions.)
Personally I have always thought that the perl script in contrib is
overly complex.
#!/bin/sh
while : ; do
/path/named -f
sleep
Hello,
I have upgraded some of our servers and enabled DNSSEC validation on
others (9.8.0_p4). After short time, one of old servers crashed ith
different error:
Nov 18 19:30:19 t04.nx named[95
I wrote:
> I don't understand why named would try to use these ports in the first
> place as they appear in avoid-v4-udp-ports.
Mark Andrews replied:
The "::" in the log message is the IPv6 equivalent of 0.0.0.0 in IPv4.
You machine *is* dual stacked even if it only has IPv6 on loo
Thanks, Evan. Can you also comment about the meaning of "BITWS=201502" at
the beginning of the output of named-journalprint? Jeff.
-Original Message-
From: Evan Hunt [mailto:e...@isc.org]
Sent: Friday, November 18, 2011 1:59 PM
To: Spain, Dr. Jeffry A.
Cc: bind-users@lists.isc.org
Su
> I attempted to freeze the
> zone using "rndc freeze jaspain.net", and this resulted in the error
> message "rndc: 'freeze' failed: not dynamic". "rndc thaw jaspain.net"
> yielded no messages, but added a syslog entry that it was successful. The
> freeze failure is contrary to what I would have ex
I am testing bind 9.9.0b1 compiled on Ubuntu Oneiric x64 (nstest.jaspain.net).
I configured a zone as follows:
zone "jaspain.net" {
type master;
file "/var/lib/bind/jaspain.net/jaspain.net.db";
key-directory "/var/lib/bind/jaspain.net";
update-policy local;
Hello,
Read the BIND ARM (Admin Ref. Manual) about these settings, but here is an
example of what I use:
clients-per-query 10 ;
max-clients-per-query 20 ;
http://www.isc.org/software/bind/documentation
Previously, this resource was posted on this list which is good info to have
Not an answer to your basic question but I did want to mention that on most
UNIX/Linux terminal sessions you can hit "Ctrl-s" to stop scrolling and
"Ctrl-q" to resume it.
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightn
On Fri, 18 Nov 2011, Ryan Novosielski wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How does one get a current bogons list? I'm assuming that there are
entries that are generally recommended to be in there (and that they're
provided with BIND's source when installing).
SOURCE="http://
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How does one get a current bogons list? I'm assuming that there are
entries that are generally recommended to be in there (and that they're
provided with BIND's source when installing).
On 11/18/2011 11:33 AM, Evan Hunt wrote:
>> 1. When was 1/8 alloc
> 1. When was 1/8 allocated, recently? Maybe you need to update your
>bogon filter?
That's my guess. 1.0.0.0/8 was one of the last network blocks
allocated--last April, IIRC--and prior to that time it was often
filtered because it was commonly used in spoofing attacks.
In fact, the BIND 9 do
1. When was 1/8 allocated, recently? Maybe you need to update your
bogon filter?
Can we anyhow find when an IP block is assigned to an organization by RIR
???
I have tried WHOIS but didn't find anything for the same.
Thanks and Regards,
Gaurav Kansal
8860785630
9910118448
Never mind it's blocked on the IP level. Sorry to bring up stuff on a busy
week.
Thanks for all the help folks!
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems
The University of Tennessee
135D Kingston Pike Building
2309 K
On Friday 18 November 2011 09:19:18 King, Harold Clyde (Hal) wrote:
> I have found that www.thisisgame.com does not resolve on our DNS
> servers. Google DNS works fine.
Looks fine from here.
> According to dns.14x.org the top
> level domain "com" is w. I do not see a "w" server. I have the
> most
Site is based in Korea based on the IP and whois, so it does sound like
some sort of access controls are in place on one end or the other. I was
able to access the site.
-Will
On Fri, Nov 18, 2011 at 9:30 AM, Jan-Piet Mens wrote:
> > I have found that www.thisisgame.com does not resolve on ou
Oops, left off the most important part:
thisisgame.com. 1800IN A 1.234.35.120
thisisgame.com. 1800IN NS ns1.thisisgame.com.
;; Received 82 bytes from 1.234.35.141#53(ns1.thisisgame.com) in 187 ms
Full results:
; <<>> DiG 9.8.0-P2 <<>> +trace thisisg
I had a situation a couple of days ago where a compromised machine in the DMZ
portion of my network began sending an incredible number of queries to a couple
of the primary internal DNS servers. The traffic was so intense that legitimate
queries were unable to get through, or the customer timed
> I have found that www.thisisgame.com does not resolve on our DNS servers
You haven't done anything wrong. thisisgame.com has a single name
server, and that is currently not open to business, at least not from
my part of the world, maybe due to some firewall rule. (Google's NS do
indeed have acce
Maybe a network/firewall issue? My results below.
dig +trace thisisgame.com
; <<>> DiG 9.8.0-P2 <<>> +trace thisisgame.com
;; global options: +cmd
. 432154 IN NS b.root-servers.net.
. 432154 IN NS l.root-servers.net.
.
This is the trace I get trying to resolve the domain.
dig +trace thisisgame.com
; <<>> DiG 9.8.1-P1 <<>> +trace thisisgame.com
;; global options: +cmd
. 456080 IN NS d.root-servers.net.
. 456080 IN NS h.root-servers.net.
.
I have found that www.thisisgame.com does not resolve on our DNS servers.
Google DNS works fine. According to dns.14x.org the top level domain "com" is
w. I do not see a "w" server. I have the most recent named.root file from June.
What have I done wrong?
Thanks for looking during this busy tim
Hi there,
On Thu, 17 Nov 2011 Jeremy C. Reed wrote:
> On Wed, 16 Nov 2011, Phil Mayers wrote:
> >
> > It might be good if bind were able to re-start itself, rather than dying
> > outright (e.g. re-exec the process) but that is dangerous too; it's better
> > done by an unrelated supervising process
28 matches
Mail list logo
