hi, every body:
as all know: bind9 already support edns now.
i build my local dns(ldns) and author dns(adns) with bind, and test as
follows:
1. request to ldns with edns info;( such as: dig @ldns cxdtest.com
+subnet=192.168.1.128)
2. ldns has no cache for the request,and f
2018-01-31 21:47 GMT+01:00 Petr Menšík :
> Hi Ludovic,
>
Hi Petr,
I didn't expect to discuss directly with the Fedora maintainer :-)
Just in case you are at DNS devroom of FOSDEM this Sunday:
https://fosdem.org/2018/schedule/track/dns/
I'm interested in to meet you.
Anyway, about SELinux discus
Hi Ludovic,
On Fedora, CAP_DAC_OVERRIDE is not granted to bind, because it might be
dangerous feature. CAP_DAC_READ_SEARCH is a little bit safer, but still
might be unnecessary. It should be possible to run even without it with
careful permission configuration of keys and config files.
I think CA
Dne 31.1.2018 v 15:37 Reindl Harald napsal(a):
>
> Am 31.01.2018 um 15:18 schrieb Petr Menšík:
>> as a Fedora maintainer of BIND package, I can say only that SELinux in
>> enforcing mode will provide better hardening than most of suggested
>> changes. That does not mean they are not useful, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlpx93oACgkQL6j7milTFsGfCACeLvDHoWvmTAGe28j/C7tIw99n
eu4AoIN8klyuHs7cUaB
> Am 31.01.2018 um 16:35 schrieb Daniel Stirnimann:
>>> that don't change the fact that from that moment on all protections for
>>> *that* service are gone while with layered security and
>>> systemd-hardening are still in place
>>
>> Where is the layered security if you disable for e.g. systems-ha
Am 31.01.2018 um 16:35 schrieb Daniel Stirnimann:
that don't change the fact that from that moment on all protections for
*that* service are gone while with layered security and
systemd-hardening are still in place
Where is the layered security if you disable for e.g. systems-hardening
for a
> that don't change the fact that from that moment on all protections for
> *that* service are gone while with layered security and
> systemd-hardening are still in place
Where is the layered security if you disable for e.g. systems-hardening
for a service? I don't understand your argument. If y
Am 31.01.2018 um 16:16 schrieb Daniel Stirnimann:
it is completly irrelevant because when you switch SELinux to
"permissive" in case you need to debug something it's gone and hence
layered-security is always the way to go
I don't understand this negative perception of SELinux. Why do you thin
> it is completly irrelevant because when you switch SELinux to
> "permissive" in case you need to debug something it's gone and hence
> layered-security is always the way to go
I don't understand this negative perception of SELinux. Why do you think
debugging differs from any other applied hard
Am 31.01.2018 um 15:18 schrieb Petr Menšík:
as a Fedora maintainer of BIND package, I can say only that SELinux in
enforcing mode will provide better hardening than most of suggested
changes. That does not mean they are not useful, but most of them are
irrelevant with SELinux in enforcing mode.
Hi,
as a Fedora maintainer of BIND package, I can say only that SELinux in
enforcing mode will provide better hardening than most of suggested
changes. That does not mean they are not useful, but most of them are
irrelevant with SELinux in enforcing mode. We want all Fedora users to
run in enforci
Hi Rick.
It would be more useful if you provided full output of DIG. There should
not be any private information. If there are private IPs, just replace them.
I would start with
dig @corpdc12.na.ads.idt.com -t NS eng.idt.com.
If it does not know your domain as I expect, you would get NXDOMAIN.
13 matches
Mail list logo
