On 29.07.15 03:06, Yang Yu wrote:
I configured bind to forward queries to 8.8.8.8
do you have any reason to do this?
BIND can resolve properly itself, it does not need to forward queries to
anyone unless you are firewalled (in such case, do you really need BIND?)
without forwarding you apparent
Hi Ben
On Tue, Jul 28, 2015 at 07:38:35PM -0400, Ben Croswell wrote:
> Absolutely there is a division of traffic. One set of servers hosting
> domains for the outside and another set with no inbound port 53 other than
> stateful replies to internally generated queries.
Keep in mind that some inte
Absolutely there is a division of traffic. One set of servers hosting
domains for the outside and another set with no inbound port 53 other than
stateful replies to internally generated queries.
Just looking to prioritize patching schedules.
On Jul 28, 2015 7:33 PM, "/dev/rob0" wrote:
> On Tue,
On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote:
> Is it safe to say the only vulnerable hosts would be those
> accepting queries from the outside world, or would this also
> pertain servers getting responses from the outside world with
> no inbound queries?
I would ask where does the
Is it safe to say the only vulnerable hosts would be those accepting
queries from the outside world, or would this also pertain servers getting
responses from the outside world with no inbound queries?
On Jul 28, 2015 5:42 PM, "Michael McNally" wrote:
> As the security incident manager for this
As the security incident manager for this particular vulnerability
notification, I'd like to say a little extra, beyond our official
vulnerability disclosure (https://kb.isc.org/article/AA-01272)
about this critical defect in BIND.
Many of our bugs are limited in scope or affect only users having
Yang Yu wrote:
>
> the query error log can be replicated with "dig www.vip.icann.org ds"
> This sounds like a DNSSEC validation issue, but why would I get DNS
> format error in the log
This is weird and interesting.
The name servers for vip.icann.org are doing some kind of minimal covering
NSEC3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlW315YACgkQL6j7milTFsGHDwCfa6XDemh7PaigLW8YL4hn/8lE
kWYAni1oMPpgcO96trazY
On Wed, Jul 29, 2015 at 2:17 AM, Lightner, Jeff
wrote:
> http://www.vip.icann.org/DS?
Your email client made it a hyperlink, not me. That's the response for
DS record.
>>>
I configured bind to forward queries to 8.8.8.8
dig www.vip.icann.org ds @8.8.8.8 returns SERVFAIL (NOERROR with +cd),
but 4
http://www.vip.icann.org/DS?
The http:// and /DS wouldn't be part of DNS name itself so you can't dig for
that. You'd have to point a browser (or command line tool like wget or curl)
to get that web page.
The vip IS part of the DNS name. Did you try "dig www.vip.icann.org"? It
works for m
I spotted DNS format error in bind 9.9.5 log
queries
28-Jul-2015 23:19:27.198 client client_IP #50270 (www.icann.org):
query: www.icann.org IN + (client_IP)
28-Jul-2015 23:19:29.872 client client_IP #46483 (www.icann.org):
query: www.icann.org IN A + (client_IP)
resolver
28-Jul-2015 23:19:3
Hi
Just downloaded the source code for Bind 9.9.7P1 and was trying to compile on
Sparc based Solaris 10but for some reason get the following errors when I
run make.
Have done this multiple times on Sparc Based Solaris 10 with the previous
versions of Bind.
Was wondering whether I am missi
Since the OP says he's not in Production yet I'd strongly advise moving on to
CentOS 7 for multiple reasons. I has a new base version of BIND and also has a
3.x kernel.
However, there is a learning curve because it also uses systemd rather than Sys
V init. The way bind-chroot runs is signifi
Am 28.07.2015 um 10:56 schrieb Matus UHLAR - fantomas:
but you *never ever* should only update specific packages on a
RHEL/CentOS system because that is *not supported and tested* at all
No? What are dependencies for, then?
Or don't yum/RPM support them in the way debian does?
(that is why it's
Am 28.07.2015 um 10:56 schrieb Matus UHLAR - fantomas:
but you *never ever* should only update specific packages on a
RHEL/CentOS system because that is *not supported and tested* at all
No? What are dependencies for, then?
Or don't yum/RPM support them in the way debian does?
(that is why it'
On 27.07.15 18:28, Leandro Roggerone wrote:
Hello , guys, I would like to know how to properly update my chroot bind
version.
I still can not get some nice doc / info about it.
Im using:
[root@centos-dns1 ~]# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3
running on a
[root@centos-dns1 ~]#
Am 28.07.2015 um 09:10 schrieb Matus UHLAR - fantomas:
On 27.07.15 18:28, Leandro Roggerone wrote:
Hello , guys, I would like to know how to properly update my chroot bind
version.
I still can not get some nice doc / info about it.
Im using:
[root@centos-dns1 ~]# named -v
BIND 9.8.2rc1-RedHat-
On 27.07.15 18:28, Leandro Roggerone wrote:
Hello , guys, I would like to know how to properly update my chroot bind
version.
I still can not get some nice doc / info about it.
Im using:
[root@centos-dns1 ~]# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3
running on a
[root@centos-dns1 ~]#
18 matches
Mail list logo
