auto setting for dnssec-validation and dnssec-lookaside

given the following settings in the options stanza [collected from named-checkconf -p]: dnssec-validation auto; dnssec-lookaside auto; bindkeys-file "/etc/bind/keys/dnssec/bind.keys"; i'm trying to understand portions of the following log snippit, following rndc reload/reconfig: 17-Jan-2012 22

built in empty zones default setting and log messages

hi- in the arm, it says "empty-zones-enable Enable or disable all empty zones. By default, they are enabled". as such, i've not include this directive in my config, expecting it to be enabled by default. when starting bind via its init script [effectively /usr/sbin/named -u bind -4], there i

Re: allow-query for a zone

On Jan 17, 2012, at 3:44 AM, Matus UHLAR - fantomas wrote: >>> Whether you set allow-query to none, or remove the zone statement, >>> clients will get an error when they try to query the zone. > > On 17.01.12 14:13, Jeff Peng wrote: >> There is a difference when you develop a web interface for D

Re: [patch] UNIX sockets support for lwresd

On 1/17/2012 5:57 AM, Ben Laurie wrote: > > > On 17 January 2012 04:31, Danny Mayer > wrote: > > This breaks O/S's that don't support Unix sockets, specifically Windows. > Please explain why Unix domain sockets are more effective and secure > rather than using

Re: Detailed Log Analysis based on rndc stats!!

2012/1/17 Shiva Raman > Hi All > > i am running Bind version 9.8.1 as an Authoritative Name server. From > the rndc.stats , i observe that there are some query failures happening > in the server. I am trying to get a detailed information of this query > failures, but the current logging option

Re: Defense against a client?

Tom Schmitt wrote on 01/16/2012 05:19:30 AM: > I have a problem with the load on my Bind. Normally it's fine, but > from time to time there are clients which causes through a > misconfiguration or a failed local service (not intentionally) a > very high amount of queries. After finding and info

Detailed Log Analysis based on rndc stats!!

Hi All i am running Bind version 9.8.1 as an Authoritative Name server. From the rndc.stats , i observe that there are some query failures happening in the server. I am trying to get a detailed information of this query failures, but the current logging options is not allowing me to get a detai

Re: Defense against a client?

On 01/17/2012 05:13 AM, Mark Andrews wrote: If one sets up a infrastructure such that a large number of end users "share the same fate" through having the same source address... then one should not be surprised when these end users actually do share the same fate... -DMM Assuming that there i

Re: Defense against a client?

> * Chuck Anderson: > > Unfortunately, these sorts of per-IP limiting are going to become more > > and more inappropriate with the likes of Carrier Grade NATs, since > > there will be many subscribers sharing a single public IP address. > > You may end up causing performance problems for legitimat

Re: allow-query for a zone

Whether you set allow-query to none, or remove the zone statement, clients will get an error when they try to query the zone. On 17.01.12 14:13, Jeff Peng wrote: There is a difference when you develop a web interface for DNS system. A user can "pause" the domain from web interface, if we remove

Re: allow-query for a zone

In article , Jeff Peng wrote: > > Whether you set allow-query to none, or remove the zone statement, > > clients will get an error when they try to query the zone. > > There is a difference when you develop a web interface for DNS system. > A user can "pause" the domain from web interface, if w