Re: BIND listen backlog too small

Thanks Mark. That's what I was looking for! On Thursday, October 16, 2014 3:36 PM, Mark Andrews wrote: 2fd63cf5 (Mark Andrews      2003-04-10 02:16:11 + 279)        tcp-listen-queue ; -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: BIND listen backlog too small

2fd63cf5 (Mark Andrews 2003-04-10 02:16:11 + 279) tcp-listen-queue ; -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists

RE: BIND listen backlog too small

Yeah, in that case you might see higher-than-normal TCP traffic ☺ - Kevin From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Shawn Zhou Sent: Thursday, October 16, 2014 6:08 PM To:

Re: BIND listen backlog too small

This is for one of our masters which has about 20K zones and handles zone transfer traffic from few hundred of our slaves. On Thursday, October 16, 2014 2:27 PM, Barry Margolin wrote: In article , Shawn Zhou wrote: > Hello, > While I was investigating potential SYN flooding warn

Re: BIND listen backlog too small

In article , Shawn Zhou wrote: > Hello, > While I was investigating potential SYN flooding warning messages on my Linux > box for our DNS traffic,I was very surprised to see the backlog was set to > very small numbers for BIND tcp sockets. > strace showed backlog was '10' for listening socket

BIND listen backlog too small

Hello, While I was investigating potential SYN flooding warning messages on my Linux box for our DNS traffic,I was very surprised to see the backlog was set to very small numbers for BIND tcp sockets. strace showed backlog was '10' for listening socket for port 53 and '128' for listening socket

Re: multiple zones in single file, nsupdate and "ignoring out-of-zone data" as result

You maintain seperate files and use nsupdate to update then individually. In message , Dmitry Sukhodoyev wri tes: > --===3034082043946855899== > Content-Type: multipart/alternative; boundary=089e013a0bc62a812c0505888e93 > > --089e013a0bc62a812c0505888e93 > Content-Type: text/plain;

multiple zones in single file, nsupdate and "ignoring out-of-zone data" as result

I have magic zone file in my bind 9.7 for three identical zones: $TTL 86400 @ IN SOA localhost. root.localhost. ( 20141010222676 3H ; refresh 15M ; retry 1W ; expiry 1D ); minimum IN NS ns1 IN NS n

Re: injecting records into transfered zone (hidden primary/inline DNSSEC)

Thomas Goldberg wrote: > Essentially we're looking for a way to inject DS records into a slave > zone (transfered from another DNS server). One way to do this is with my nsdiff script which was written to do a similar job to inline-signing mode for older versions of BIND. http://dotat.at/prog/ns

injecting records into transfered zone (hidden primary/inline DNSSEC)

Hello, we're using bind 9.9 as authoritative DNS servers for some locally managed zones and some windows 2008 R2 active directory DNS zones (hidden primary). Now we would like to enable DNSSEC (inline signing by bind) for the windows zones. Unfortunately we came across a small problem with this se