I have tried enabling with the significant bits
server 0.0.0.0/0 { edns no; };
server ::/0 { edns no; };
But, I get the following Error
Error in named configuration:
/etc/named.conf:120: '{' expected near '/'
Error in /var/log/messages
Aug 5 11:59:19 coorg named: failed
Aug 5 11:59:19 coor
In message
, Harshith Mulky writes:
> Hello,
>
> Is there a option in named to turn off EDNS Responses(not Requests) Globally
>
> I have tried with this Option on named
>
> server 0.0.0.0
> {
> edns no;
> };
You need specify the significant bits. By default all the bits are significant.
ser
Hello,
Is there a option in named to turn off EDNS Responses(not Requests) Globally
I have tried with this Option on named
server 0.0.0.0
{
edns no;
};
But does not seem to work
Any other options?
Thanks
Harshith
___
Please visit https://l
>
> In message , "Darcy
> Kevin (FCA)"
> writes:
> > That's only a problem if the clients are constantly looking up the
> > name, right? If they're looking it up only _occasionally_, with some
> > degree of entropy, then the query load gets spread out.
>
> Provided there isn't multiple caches
In message , "Darcy Kevin
(FCA)"
writes:
> That's only a problem if the clients are constantly looking up the name,
> right? If they're looking it up only _occasionally_, with some degree of
> entropy, then the query load gets spread out.
Provided there isn't multiple caches involved.
> So, in
That's only a problem if the clients are constantly looking up the name, right?
If they're looking it up only _occasionally_, with some degree of entropy, then
the query load gets spread out.
So, in those cases, implement something on the client side that pre-expires the
cache entry with some d
In message , "Darcy Kevin
(FCA)" writes:
> "many client have caused a burst DNS traffic" is not much of a problem
> statement, honestly.
>
> What does this patch add, of value, that isn't already covered by
> "max-cache-ttl"?
>
> If you're trying to allow the operators of intermediate resolvers t
So, fix the TTLs on the RBLs, sheesh! Pathological use cases don't warrant
deviation from standard.
- Kevin
-Original Message-
From: Reindl Harald [mailto:h.rei...@thelounge.net]
Sent: Thursday, August 04, 2016 2:3
"many client have caused a burst DNS traffic" is not much of a problem
statement, honestly.
What does this patch add, of value, that isn't already covered by
"max-cache-ttl"?
If you're trying to allow the operators of intermediate resolvers to override
the intentions of the data owner, by enfo
Most likely, it has to do with recursion settings, yes, but indirectly. When
recursion is not honored for a client, the next thing that named does is check
whether the answer, or anything relevant to the answer, is in cache. But access
to the cache, these days, defaults to being as restrictive a
Hello!
When I see this in the log, does this mean it is because the server
does not allow recursion?
Aug 4 18:52:19 bitmachine1 named[26142]: client 127.0.0.1#52733
(c303.cloudmark.com): query (cache) 'c303.cloudmark.com/A/IN' denied
Aug 4 18:56:08 bitmachine1 named[26142]: client 127.0.0.1#32
Hello Sirs,
I am Sukmoon Lee, a software developer and network engineer in South Korea.
Recently, most clients(smart phone) have a local DNS cache.
The Cache DNS TTL affects the client cache expiration time domain. So many
clients have caused a burst DNS traffic.
In order to solve this issue ma
Hi!
> Tony Finch schrieb am 04.08.16 um 09:21:36 Uhr:
> > The error suggests to me that you have a key-directory mismatch, but you
> > seem to have that under control.
That was the right hint! I had no key-directory "/var/lib/named/keys";
specified in named.conf.
There also is no key-directory
Andreas Meyer wrote:
> Tony Finch schrieb am 04.08.16 um 09:21:36 Uhr:
> >
> > The error message refers to the key ID rather than the filename - in more
> > recent versions it has been clarified to use the actual filename.
>
> Is it possible to look for the filename without upgrading bind or is
>
Hello!
Tony Finch schrieb am 04.08.16 um 09:21:36 Uhr:
> > The key is named Kbitcorner.de.+005+16938.private but named is looking for
> > a key named bitcorner.de/RSASHA1/16938 or is it just substituting?
>
> The error message refers to the key ID rather than the filename - in more
> recent ver
Andreas Meyer wrote:
>
> dns_dnssec_keylistfromrdataset: error reading private key file
> bitcorner.de/RSASHA1/16938: file not found
>
> I think it must have something to do with the name itself, could it be?
>
> The key is named Kbitcorner.de.+005+16938.private but named is looking for
> a key n
16 matches
Mail list logo
