On Thu, Oct 25, 2018 at 2:57 PM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 10/25/18 2:34 PM, N6Ghost wrote:
>
[snip]
>
> > next, we where a bind shop but switched to infoblox for some stuff and
> > now out grew it. and are going back to bind.
> >
> > but we started using
On 10/25/2018 09:27 PM, Mark Andrews wrote:
Use a browser that maintains its own address cache tied to the HTTP
session. That is the only way to safely deal with rebinding attacks.
Rebinding attacks have been known about for years. There is zero excuse
for not using a browser with such protec
Use a browser that maintains its own address cache tied to the HTTP session.
That is the only way to safely deal with rebinding attacks. Rebinding attacks
have been known about for years. There is zero excuse for not using a browser
with such protection.
> On 26 Oct 2018, at 12:02 pm, Grant
Is there a way to enforce a minimum TTL?
My initial searching indicated that ISC / BIND developers don't include
a way to do so on a matter of principle.
I'd like to enforce a minimum TTL of 5 minutes (300 seconds) on my
private BIND server at home. I'm wanting to use this as a method to
th
On 10/25/2018 06:26 PM, Lee wrote:
If you're using those addresses internally it makes sense to filter them
from 'outside'.
That's what I thought.
I play those games at times also :) So it sounds like what I was
missing is that you like a challenge & are using more address space that
I thou
On 10/25/18, Grant Taylor via bind-users wrote:
> On 10/25/2018 03:25 PM, Lee wrote:
>
>> I'm missing what filtering out things like benchmarking & documentation
>> network addrs gets you beyond maybe saving some bandwidth?
>
> I do use all sorts of IP ranges (test networks extensively) in my home
Hello,
I'm new to this list, but I use BIND for quite some time.
I have a machine running BIND which is authoritative for some domains I
own and is the nameserver for my home network.
Thus:
- BIND answers to any query from my home network
- BIND answers to queries from the whole planet Earth
On 10/25/18 2:34 PM, N6Ghost wrote:
I want to move a core namespace to the load balancer but i want them to
let me assign them a new zone thats internally authoritative and use it
as the LB domain.
which would be:
cname name.domain.com -> newname.newzone.domain.com
they want:
cname name.domain.
On 10/25/2018 03:25 PM, Lee wrote:
I feel like I'm missing something :(
I'll see if I can fill in below.
I read this
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
and used RPZ to block anything coming from outside that might be
On 10/24/18, Grant Taylor via bind-users wrote:
> On 08/09/2018 01:01 AM, Lee wrote:
>> it does, so you have to flag your local zones as rpz-passthru.
>
> Thank you again Lee. You gave me exactly what I needed and wanted to know.
you're welcome :)
> I finally got around to configuring my RPZ to
Hi All,
have two questions first, I am not a huge fan of using forwarding zones
and our "load balancing" team, has there zone delegated to them in a
way that needs an internal forward zone to work properly on the inside
and not rely on on internet POP.
I want to move a core namespace to the load
Hi there,
On Thu, 25 Oct 2018, Grant Taylor wrote:
On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote:
A server on a non-standard port is often neglected.? Its security may
be less well maintained than one that is intentionally public.
Why and how do you make that correlation?
Years
12 matches
Mail list logo
