We have been running Bind 9.8 branches for years which has been very
stable, upgraded one box to Bind 9.9.5 last week and it has been running 3
times CPU as same bind 9.8 server.
All of our Bind servers(10 total) are behind F5 load balancers so the load
are spread evenly across the servers.
I hav
Hi Tony,
Tony Finch writes:
> Carsten Strotmann wrote:
>>
>> I do not understand how the NSEC3 hash can be defeated by an
>> attacker. Could you give a link to additional information or could you
>> explain the issue with NSEC3 salt in other words?
>
> http://www.vs.uni-due.de/personal/wander/2
Carsten Strotmann wrote:
>
> I do not understand how the NSEC3 hash can be defeated by an
> attacker. Could you give a link to additional information or could you
> explain the issue with NSEC3 salt in other words?
http://www.vs.uni-due.de/personal/wander/20130512_NSEC3_Hash_Breaking/
Tony.
--
Hello Mark,
Mark Andrews writes:
> Actually it is useless to change the salt regularly. Changing the
> salt provides no real benefit against discovering the names in a
> zone which is the reason people were saying to change the salt.
>
> The attacker uses cached NSEC3 records. When it gets a c
Thank Mark.
Another question is how can we determine the memory usage per 1 record?
--teenigma
On Fri, Jul 25, 2014 at 2:00 PM, Mark Andrews wrote:
>
> In message
>
> , Teerapatr Kittiratanachai writes:
>> Dear List,
>>
>> How can I approximate the memory usage of named process if I handle
>
In message
, Teerapatr Kittiratanachai writes:
> Dear List,
>
> How can I approximate the memory usage of named process if I handle
> all IPv6/32 rDNZ on a DNS server?
All the memory on the planet would not be enough. There are
79,228,162,514,264,337,593,543,950,336 addresses in a /32.
Delega
6 matches
Mail list logo
