Re: high volume from outside our networks question

One very simple question - do you filter spoofed IPs at your firewalls? And, BTW, a lot of other must be stuff, like ports 135-139 ... (but that's another story) Personally I reject spoofed IPs even without logging. They are more then likely spoofed IP's and someone is using our servers to atta

Re: high volume from outside our networks question

I think this is one of those reasons why mixing caching/recursion with authoritative is bad. I think the option needed is 'additional-from-cache no;', but its only effective if 'recursion no' is done in global options ... or in a view? Hmm, wonder if view is the answerperhaps try somethin

Re: high volume from outside our networks question

I'm not entirely sure about the "allow-query { any; };" option you have configured in the main options section, by default bind allows queries from all anyway, try removing this and see if that fixes the issue, it could be having that set is somehow overriding some of the other statements. Steve _

Re: high volume from outside our networks question

In message , rich carroll writes: > > acl "trusted" { > xxx.xxx.xxx.0/20; > xxx.xxx.xxx.0/23; > xxx.xxx.xxx.0/22; > xx.xxx.xxx.0/23; > xx.xxx.xxx.0/23; > xx.xxx.xxx.0/23; > x.xx.xxx.0/21; > x.xx.xx.0/24; > xxx.xxx.xxx.0/24; > localhost; > l

Re: high volume from outside our networks question

acl "trusted" { xxx.xxx.xxx.0/20; xxx.xxx.xxx.0/23; xxx.xxx.xxx.0/22; xx.xxx.xxx.0/23; xx.xxx.xxx.0/23; xx.xxx.xxx.0/23; x.xx.xxx.0/21; x.xx.xx.0/24; xxx.xxx.xxx.0/24; localhost; localnets; }; options { // Relative to the chroot director

Re: high volume from outside our networks question

So the response you received wasn't recursed ";; WARNING: recursion requested but not available", so at least that ACL is holding up, but it could be that the response you got is still being served from your DNS server's cache. Can you share the exact configuration statements you have implemented f

high volume from outside our networks question

Currently our ISP's bind9 server is experiencing a lot of traffic. It looks like we are being used to attack ip addresses. We do have our own domains that host as well as resolving for our customers. I have an acl for our subnets and we allow-recursion and allow-query-cache for those subnets. The

Re: TKEY and zone transfer

> > Also, generate a TSIG key to use for the initial TKEY negotiation. > > I thought the point of TKEY was to upgrade from slow public key > authentication to fast secret key authentication, i.e. that you would > start off by authenticating the client with SIG(0). TKEY should work with SIG(0), bu

Re: TKEY and zone transfer

Evan Hunt wrote: > > Also, generate a TSIG key to use for the initial TKEY negotiation. I thought the point of TKEY was to upgrade from slow public key authentication to fast secret key authentication, i.e. that you would start off by authenticating the client with SIG(0). Tony. -- f.anthony.n.