We have found that RPZ works quite well for us.
We have 366825 names in our RPZ zone at present
and scaling thus far has been a non-issue.
John
---
John Hascall, j...@iastate.edu
Team Lead, NIADS (Network Infrastructure,
On Dec 3, 2012, at 5:52 PM, rvandol...@esri.com wrote:
> All;
>
> Am looking to do some DNS blackholing based on a pre-defined, dynamic list
> (such as DNS-BH). Am looking for feedback on approaches for this.
>
> Sounds like automatically generating an includeable config file with zone
> ent
All;
Am looking to do some DNS blackholing based on a pre-defined, dynamic list
(such as DNS-BH). Am looking for feedback on approaches for this.
Sounds like automatically generating an includeable config file with zone
entries which point to a fairly bare zone definition file returning a hone
So,
Had this same issue where a customer forgot whom they actually
supported. Grep the named.conf for the zones (Shows active Zones). Then
grep the db file for the A records of each active zone. Then write a script
to querry 8.8.8.8 or whois for the names. This returns the customer info.
You c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/03/2012 06:52 PM, Dan Mahoney wrote:
>> Hi all,
>>
>> I don't know if there's an easy, or even moderately easy way to
>> do this, but can one somehow figure out/get a list of all domains
>> for which the nameserver is set to a given IP/server na
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/03/2012 06:45 PM, Chuck Swiger wrote:
> Registrars are expected to have both a billing/admin contact and a
> technical contact; make sure that people who expect you to make
> their domains work put you as the tech contact, and you will at
> lea
> Hi all,
>
> I don't know if there's an easy, or even moderately easy way to do
> this, but can one somehow figure out/get a list of all domains for
> which the nameserver is set to a given IP/server name? For reasons I
> won't get into, the people who register the domains are not the same
> as t
Hi--
On Dec 3, 2012, at 3:30 PM, Novosielski, Ryan wrote:
> I don't know if there's an easy, or even moderately easy way to do
> this, but can one somehow figure out/get a list of all domains for
> which the nameserver is set to a given IP/server name?
It's easy enough to test whether a specific
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I don't know if there's an easy, or even moderately easy way to do
this, but can one somehow figure out/get a list of all domains for
which the nameserver is set to a given IP/server name? For reasons I
won't get into, the people who register
I edited the working directory to /etc/bind because this is the directory
where I have all the zone data files.
If I use the default /var/cache/bind do I have to move also the zone data
files (or, at least, create an alias)?
I'm saying this because even if the default configuration has
/var/cache/b
On Dec 3, 2012, at 7:41 AM, Daniele Imbrogino wrote:
> Using BIND 9.8.1 on Ubuntu 12.04, I try to save the server cache using the
> command "sudo rndc dumpdb -cache" (without quotes, obviously), but then I
> can't find the file "/etc/bind/named_dump.db" being "/etc/bind/" the working
> director
On Dec 2, 2012, at 6:10 PM, Paul Romano wrote:
> Chris.
> Thanks for the correction on the term TTL instead of timer. The engineer I
> inherited this environment from has the refresh set to 40 minutes and the
> zone expiration set to 2 hours. The explanation I got was that since we are
> author
On 03/12/12 15:41, Daniele Imbrogino wrote:
Using BIND 9.8.1 on Ubuntu 12.04, I try to save the server cache using
the command "sudo rndc dumpdb -cache" (without quotes, obviously), but
then I can't find the file "/etc/bind/named_dump.db" being "/etc/bind/"
the working directory of the server.
Using BIND 9.8.1 on Ubuntu 12.04, I try to save the server cache using the
command "sudo rndc dumpdb -cache" (without quotes, obviously), but then I
can't find the file "/etc/bind/named_dump.db" being "/etc/bind/" the
working directory of the server.
Why?
__
On 11/30/2012 01:30 PM, Matus UHLAR - fantomas wrote:
> On 28.11.12 18:38, Tony Finch wrote:
>> Yes it does. For example, have a look at responses to queries for
>> dotat.at
>> in mx for various buffer sizes and observe that RRsets are dropped but
>> the
>> TC bit is not set.
>
> Nice to see. I'm
15 matches
Mail list logo
