On Oct 22, 2013, at 8:29 PM, brett smith wrote:
> Yes tuning off IPTABLES conn-tracking makes a huge difference. I also
> followed:
>
> https://access.redhat.com/site/solutions/304713
> https://access.redhat.com/site/solutions/168483
>
> I still see some SYN_SENT from Windows PC's on tcp port
Yes tuning off IPTABLES conn-tracking makes a huge difference. I also followed:
https://access.redhat.com/site/solutions/304713
https://access.redhat.com/site/solutions/168483
I still see some SYN_SENT from Windows PC's on tcp port 53 on the DNS
cache server.
Thank You, Brett
On Sun, Oct 20,
Are these queries mostly for names in an Active Directory domain? The
default for Active Directory is for *every* Domain Controller to
register NS records at the apex of the AD domain. Pretty soon, for any
reasonably-sized AD infrastructure, all of those NSes cause *all*
queries for *any* name
-Original Message-
From: Alan Clegg
Date: Tuesday, October 22, 2013 7:44 AM
To: "bind-users@lists.isc.org"
Subject: Re: Performance Tuning RHEL 5 and Bind
>On Oct 21, 2013, at 9:47 AM, wbr...@e1b.org wrote:
>
>>> From: Alan Clegg
>>
>>> Fix your windows clients.
>>
>> You can't fix s
Paweł Ch. wrote:
> Can I request server with special packet which named add entry to it?
You can make named log something under the security category by sending a
query with a TSIG key, like
$ dig -y abc123:abc123abc123 .
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East,
Hi list,
How to test that this logging works:
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity info;
print-time yes;
};
category security {
security_file;
};
The file is created /var/log/named/security.log but it is empty.
On Oct 21, 2013, at 9:47 AM, wbr...@e1b.org wrote:
>> From: Alan Clegg
>
>> Fix your windows clients.
>
> You can't fix stupid.
I have lots of windows clients and they don't exhibit this "feature". There's
something wrong on the windows clients and it's not the norm.
To be honest, recent w
7 matches
Mail list logo
