Hi,I have a few servers running a recursive DNS bind service, i configured one
of the servers to limit the rate of requests.my configuration is:rate-limit {
log-only yes; errors-per-second 8; nxdomains-per-second 8; ipv4-prefix-length
32;As soon as i apply these changes my server drop 90% of the
On 10/17/2016 05:50 PM, Mark Andrews wrote:
> In message ,
> "Pallissard, Matthew" writes:
>> On 10/16/2016 09:34 PM, Mark Andrews wrote:
>>> In message , "Pallissard,
>>> Matt" writes:
Has anyone successfully used LDAP as a dynamic back-end for bind 9.11?
Unless I'm reading
In message , "Pallissard,
Matthew" writes:
> On 10/16/2016 09:34 PM, Mark Andrews wrote:
> > In message , "Pallissard,
> > Matt" writes:
> >>
> >> Has anyone successfully used LDAP as a dynamic back-end for bind 9.11?
> >>
> >> Unless I'm reading the release notes/new features pages incorrectly
On 10/16/2016 09:34 PM, Mark Andrews wrote:
> In message , "Pallissard,
> Matt" writes:
>>
>> Has anyone successfully used LDAP as a dynamic back-end for bind 9.11?
>>
>> Unless I'm reading the release notes/new features pages incorrectly the
>> bind-dyndb-ldap plugin has been rolled into ISC's o
Hi there,
On Mon, 17 Oct 2016, Daniel Stirnimann wrote:
I have upgraded some of our BIND resolvers from BIND 9.9.9-P3 to BIND
9.11.0 and I notice timeouts for 3 - 5 seconds about every 1 to 5 hour.
Something to do with dlv.isc.org?
--
73,
Ged.
___
And don't forget the copious comments in named.conf, so that your successor can
easily see, at a glance, what start/end addresses those clusters of ACL
elements represent.
sure! :-)
thanks
Pol
___
Please visit https://lists.isc.org/mailman/listinf
And don't forget the copious comments in named.conf, so that your successor can
easily see, at a glance, what start/end addresses those clusters of ACL
elements represent.
- Kevin
-Original Message
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I
think you want:
acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; }
acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26;
192.168.1.192/29; }
thanks guys :-)
_
Well, things are messy, because you haven't carved up your subnet on
bit-boundaries. BIND ACLs are either individual IPs, CIDR blocks, negations, or
some combination of these. It can be done:
192.168.1.1 through 192.168.1.99 = !192.168.1.0; 192.168.1.0/26;
192.168.1.64/27; 192.168.1.96/30;
192
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I
think you want:
acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; }
acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26;
192.168.1.192/29; }
On 2016-10-17, 13:41, "bind-users on be
Hello all :-)
I need to setup 2 kind of acl on same network, ie:
ip from 192.168.1.1 to 192.168.1.99 belongs to acl1
and ip from 192.168.1.100 to 192.168.1.199 to acl2
acl net1 { 192.168.1.1-99/24 };
acl net1 { 192.168.1.99-199/24 };
what's the correct way? I didn't find nothing :-/
thanks fo
On 14/10/2016 13:13, Matus UHLAR - fantomas wrote:
> On 14.10.16 13:51, Job wrote:
>> There is now way to update dinamically the match_clients without
>> reconfig/reloading?
What are you using the different views for, that the clients allowed to
access them are changing so often?
There may be a b
Hi,
I have upgraded some of our BIND resolvers from BIND 9.9.9-P3 to BIND
9.11.0 and I notice timeouts for 3 - 5 seconds about every 1 to 5 hour.
I have managed to trace this back to our RPZ configuration. I have 14
RPZ zones configured. Some of them are quite large (e.g. Spamhaus). The
only work
13 matches
Mail list logo
