Running BIND 9.10.1-P1 on Mac OS X 10.10.1. It’s been running fine - no
problems until this morning, when I got:
06-Jan-2015 01:33:33.356 transfer of 'rpz.spamhaus.org/IN/external' from
199.168.90.51#53: Transfer completed: 1 messages, 486 records, 11827 bytes,
0.292 secs (40503 bytes/sec)
06
Yes,
I have read that part of the FAQ, which concerns people asking whether they
need to add escape characters manually in the DMARC record.
I do not add these myself. As shown by my examples below, the entry in the
master zone is free of any escape characters. However, when an update is
trig
Phil,
I'm embarrassed that I didn't check that file earlier. Yes, those four DNS
resolvers sitting behind the load-balancer use 96.31.0.20:
mail1:~# dig -t txt o-o.myaddr.l.google.com +short
"96.31.0.20"
mail1:~#
It's been many moons since that backlist has been brought up, and when I
opened a
We use sortlists quite effectively, but there are some caveats to that approach:
1) If you have clients using "rogue" resolvers without any sortlist
definitions, that will limit the effectiveness of the technique somewhat
2) You need some discipline to keep the sortlist definitions up-to-date as
Hello Niall,
thank you for the advice.
I will stay with my solution.
Never touch a running system ;)
I would consider this topic as closed by now.
If anyone with a similar question needs my assistance, I would be glad to
help
Thanks!
2015-01-05 18:27 GMT+01:00 Christian Hain :
> Hello Niall,
>
Dave Warren wrote:
>
> http://www.dmarc.org/faq.html#s_12 has some information on what is happening
> here.
There is a fix for this which will be in the next 9.9 and 9.10 versions of
BIND.
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=9a36fb86f5019f25705d25ea729d03fcf8ecaa95
At Sat, 3 Jan 2015 19:24:47 +0100,
Christian Kette wrote:
>
> I have found a workaround.
> I defined a different zone for every network
A simpler solution might be to use a sortlist.
From the ARM:
6.2.16.13 The sortlist Statement
The response to a DNS query may consist of multiple resource
On 24/12/14 17:08, Frank Bulk wrote:
Except queries from 96.31.0.5 and 199.120.69.24 reliably return the
while queries from 96.31.0.20 do not. And we're all the same ISP, and in
the one case, from the same /24. I don't think Google is that granular. And
we do have good IPv6 connectivity.
On 2015-01-04 19:30, Chris Vaughan wrote:
I have been given the task of implementing DMARC in our BIND servers due the
recommendation of a security audit on our systems.
Whenever I create the record in the forward server, and refresh the zone, it
comes out in the slave zone with escape charact
9 matches
Mail list logo
