Maybe this, https://wiki.openstack.org/wiki/Designate, is what you are
thinking of.
On Mon, Aug 24, 2015 at 3:29 AM, Ken Peng wrote:
> I know it's DNS as a service.
> But what's the standard? how to implement it?
>
> Thanks.
> ___
> Please visit https:
On 2015-08-24 03:57, Daniel Ryslink wrote:
As for the SERIAL in SOA, it's just a good practice, it gives you the
information about when the zone was published, and creates less
problems when you transfer hosting of the domain to another
nameserver. Basically yes, it's just a number, but there i
Additional,
BIND is open source so you are free to modify it to see if doing
so helps you.
The forwarders are sorted in lib/dns/resolver.c.
The grammer is defined in lib/isccfg/namedconf.c
The forward table is constructed using the routines in lib/dns/forward.c
which are called from bin/n
The first thing I would do is make sure only the users you want to
be able to use the rndc key can read it. I would then generate a
new rndc key and configure both rndc and named to use it.
If that doesn't work generate a new rndc.conf file with a different
name that refers to a new rndc key. T
On Mon, Aug 24, 2015 at 07:41:27PM +, HARRIS, RAYMOND D wrote:
> When I query the server for version I get back "version: 9.9.7S5"
>
> The ics.org website lists the most current version as "9.9.7-P2"
Some of ISC's support customers run a limited-release "subscription"
version of BIND 9.9; it
Does the rndc protocol have a timeout? If so, what is it set to? I don't see
anything about a configurable timeout interval in the man pages for rndc or
rndc.conf.
What I'd probably do is turn off rndc in named.conf, set up a "dummy" server to
listen on port 953, which just accepts the connecti
Hi all,
after upgrading from Debian Wheezy to Jessie, bind9 receives "rndc
reconfig" commands every 30 minutes. I've never seen this before. Some
of my own scripts run "rndc restart/reload" after fiddling with network
interfaces, but none of these is the source of the observed 30 minutes
interval.
If you're going to obscure your version _anyway_, might as well put a short
math problem in the text; keep them occupied, slow down the attack. Hey, it's
worth a try... :-)
- Kevin
-Original Message-
From:
On 2015-08-24 12:45, Reindl Harald wrote:
Am 24.08.2015 um 21:41 schrieb HARRIS, RAYMOND D:
When I query the server for version I get back “version: 9.9.7S5”
The ics.org website lists the most current version as “9.9.7-P2”
How do I interpret these numbers to ensure I have implemented the most
Am 24.08.2015 um 21:41 schrieb HARRIS, RAYMOND D:
When I query the server for version I get back “version: 9.9.7S5”
The ics.org website lists the most current version as “9.9.7-P2”
How do I interpret these numbers to ensure I have implemented the most
current version?
besides that a securel
When I query the server for version I get back "version: 9.9.7S5"
The ics.org website lists the most current version as "9.9.7-P2"
How do I interpret these numbers to ensure I have implemented the most current
version?
Raymond D. Harris, Jr, CISA
Sr. Auditor - AT&T Audit Services
_
I believe you could implement what you're looking for with a
reasonably-sophisticated software/hardware load-balancer technology and/or some
number of virtual machines, no BIND code changes required.
Personally, I don't like forwarding much at all -- I only use it where it's
absolutely necessar
On 8/24/15 3:21 PM, n...@eml.cc wrote:
> Somehow all that ^ puffery translates into NOT wanting to allow the
> user to prioritize the use of forwarders the way they want?
You are trying to use forwarders in a way that they are not intended,
and is not a good idea. That is the translation of all o
Somehow all that ^ puffery translates into NOT wanting to allow the user to
prioritize the use of forwarders the way they want?
Um, ok ...
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users ma
Am 24.08.2015 um 21:09 schrieb n...@eml.cc:
On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
So, if your link is saturated to the point that you can't hold up a VPN
connection reliably, you fall back to an less-secure method of resolution?
No.
YES but you maybe don't realize
On 8/24/15 3:09 PM, n...@eml.cc wrote:
>
>
> On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
>> So, if your link is saturated to the point that you can't hold up a VPN
>> connection reliably, you fall back to an less-secure method of resolution?
>
> No.
Actually, "yes". That's pr
On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
> So, if your link is saturated to the point that you can't hold up a VPN
> connection reliably, you fall back to an less-secure method of resolution?
No.
> Non-deterministic security, what a concept!
Didn't take long for you to reso
So, if your link is saturated to the point that you can't hold up a VPN
connection reliably, you fall back to an less-secure method of resolution?
Non-deterministic security, what a concept!
Has it occurred to you, that you're giving the bad guys -- the ones that want
to pry on your query data
Am 24.08.2015 um 20:19 schrieb n...@eml.cc:
On Mon, Aug 24, 2015, at 11:10 AM, Darcy Kevin (FCA) wrote:
Forwarders are selected based on an RTT(round-trip-time)-based algorithm
There's an invalid presumption there -- that 'fastest' == 'most desired /
highest priority'. Regardless of a
Hi
On Mon, Aug 24, 2015, at 11:10 AM, Darcy Kevin (FCA) wrote:
> Forwarders are selected based on an RTT(round-trip-time)-based algorithm
There's an invalid presumption there -- that 'fastest' == 'most desired /
highest priority'. Regardless of any specific case, the requested feature
al
Forwarders are selected based on an RTT(round-trip-time)-based algorithm, so
none of this configuration complexity should be necessary from a
performance/availability standpoint. The algorithm will choose faster
forwarders over slower ones, and penalization/eventual-redemption of
failed/non-res
I run bind 9.10.2-P3.
I have three classes of forwarders that I'd like to use:
(1) my own, hosted forwarder. fast & private, but not redundant infrastructure
(2) private/encrypted hosted forwarders. slow, private, and redundant
infrastructure.
(3) reliable ISP & public forwarders. fast, redund
Actually, I think the "DNSaaS" term has come into vogue as part of OpenStack,
where the (sub-)project goes by the name "Designate". See
https://wiki.openstack.org/wiki/Designate
I don't know why the original poster would ask about it here, since Designate
seems to be more of a management layer
On 8/24/15, 6:40 AM, "bind-users-boun...@lists.isc.org on behalf of Reindl
Harald" wrote:
>
>Am 24.08.2015 um 12:29 schrieb Ken Peng:
>> I know it's DNS as a service.
>> But what's the standard? how to implement it?
>
>it's just a buzzword for DNS hosting
You could also say "SaaS" is just a buz
Daniel Ryslink wrote:
>
> As for the SERIAL in SOA, it's just a good practice, it gives you the
> information about when the zone was published, and creates less problems
> when you transfer hosting of the domain to another nameserver. Basically
> yes, it's just a number, but there is no real good
The reasons why not to use nslookup are summarized here:
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html
I have seen ISC developers discourage from using it in tihis mailing
list too.
As for the SERIAL in SOA, it's just a good practice, it gives you the
informati
Am 24.08.2015 um 12:29 schrieb Ken Peng:
I know it's DNS as a service.
But what's the standard? how to implement it?
it's just a buzzword for DNS hosting
signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/m
I know it's DNS as a service.
But what's the standard? how to implement it?
Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
Emil Natan wrote:
>
> I'm investigating an issue which started after upgrading to the latest
> version of BIND (bind-9.9.7-P2). I started with checking the changelog
> and I read a line saying:
>
> 4061. [bug] Handle timeout in legacy system test. [RT #38573]
>
> Where can I find more
29 matches
Mail list logo
