On Fri, 26 Oct 2018 17:37:47 +
Joe Dahlquist wrote:
> N6Ghost,
>
> Re: DNS Firewall options on bind, a shameless plug for Threatstop.com
> and the first you should investigate.
>
> Other sources of RPZ with quality data you can look at: Farsight,
> SURBL, Spamhaus
>
> Regards,
> Joe Dahlqu
N6Ghost,
Re: DNS Firewall options on bind, a shameless plug for Threatstop.com and
the first you should investigate.
Other sources of RPZ with quality data you can look at: Farsight, SURBL,
Spamhaus
Regards,
Joe Dahlquist
On 10/26/18, 9:49 AM, "bind-users on behalf of N6Ghost"
wrote:
>On
On 10/26/2018 11:11 AM, Brian Greer wrote:
You could setup a DNSMASQ / Unbound service as a front end, which then
queried bind. Both of those allow the setting of a minimum TTL (max of
3600 seconds in DNSMASQ). It cannot be done with bind by itself.
*nod*
I was aware that there were other res
You could setup a DNSMASQ / Unbound service as a front end, which then queried
bind. Both of those allow the setting of a minimum TTL (max of 3600 seconds in
DNSMASQ). It cannot be done with bind by itself.
> On Oct 26, 2018, at 11:41, Grant Taylor via bind-users
> wrote:
>
> On 10/26/2018 01
On Fri, 26 Oct 2018 10:52:17 -0400
Kevin Darcy wrote:
> My basic rule of thumb is: use forwarding when connectivity
> constraints require it. Those constraints may be architectural, e.g.
> a multi-tiered, multi-layer network for security purposes, or may be
> the result of screwups or unintended
On Fri, 26 Oct 2018 10:40:40 -0400
Bob Harold wrote:
> On Thu, Oct 25, 2018 at 4:34 PM N6Ghost wrote:
>
> > Hi All,
> >
> > have two questions first, I am not a huge fan of using forwarding
> > zones and our "load balancing" team, has there zone delegated to
> > them in a way that needs an inte
On Fri, 26 Oct 2018 09:46:39 -0600
Grant Taylor via bind-users wrote:
> On 10/26/2018 01:08 AM, N6Ghost wrote:
> > maybe its just old habits,
>
> Fair enough. I know that I have plenty of my own old (¿bad?) habits
> too.
>
> > i think its a bad idea to build your infrastructure in a way the
On Fri, 26 Oct 2018 09:50:31 -0600
Grant Taylor via bind-users wrote:
> On 10/26/2018 08:52 AM, Kevin Darcy wrote:
> > My basic rule of thumb is: use forwarding when connectivity
> > constraints require it. Those constraints may be architectural,
> > e.g. a multi-tiered, multi-layer network for s
On 10/26/2018 08:52 AM, Kevin Darcy wrote:
My basic rule of thumb is: use forwarding when connectivity constraints
require it. Those constraints may be architectural, e.g. a multi-tiered,
multi-layer network for security purposes, or may be the result of
screwups or unintended consequences, e.g
On 10/26/2018 01:08 AM, N6Ghost wrote:
maybe its just old habits,
Fair enough. I know that I have plenty of my own old (¿bad?) habits too.
i think its a bad idea to build your infrastructure in a way the needs
forward zones to work. not when you can build it with proper delegation.
i just
On 10/26/2018 01:23 AM, Matus UHLAR - fantomas wrote:
there is not.
Thank you, Matus and Tony, for the direct answer.
using short TTLs is very risky, and forcing minimum TTL is apparently
not way to work around.
Understood. - I /think/ that I'm somewhat (dangerously?) informed and
/choos
My basic rule of thumb is: use forwarding when connectivity constraints
require it. Those constraints may be architectural, e.g. a multi-tiered,
multi-layer network for security purposes, or may be the result of screwups
or unintended consequences, e.g. a routing blackhole. Use forwarding to get
ar
On Thu, Oct 25, 2018 at 4:34 PM N6Ghost wrote:
> Hi All,
>
> have two questions first, I am not a huge fan of using forwarding zones
> and our "load balancing" team, has there zone delegated to them in a
> way that needs an internal forward zone to work properly on the inside
> and not rely on on
On 26/10/2018 08:08, N6Ghost wrote:
> maybe its just old habits, i think its a bad idea to build your
> infrastructure in a way the needs forward zones to work. not when you
> can build it with proper delegation.
>
> i just think when building namespaces proper delegation should be used
> and for
Grant Taylor via bind-users wrote:
> Is there a way to enforce a minimum TTL?
Not without changing the code along the lines of
https://salsa.debian.org/dns-team/bind9/blob/master/debian/patches/10_min-cache-ttl.diff
Tony.
--
f.anthony.n.finchhttp://dotat.at/
champion the freedom, dignity,
On 10/25/2018 09:27 PM, Mark Andrews wrote:
Use a browser that maintains its own address cache tied to the HTTP
session. That is the only way to safely deal with rebinding
attacks. Rebinding attacks have been known about for years. There
is zero excuse for not using a browser with such protec
On 26.10.18 00:12, Frédéric Lochon wrote:
I'm new to this list, but I use BIND for quite some time.
I have a machine running BIND which is authoritative for some domains
I own and is the nameserver for my home network.
Thus:
- BIND answers to any query from my home network
- BIND answers to q
On Thu, 25 Oct 2018 15:57:48 -0600
Grant Taylor via bind-users wrote:
> On 10/25/18 2:34 PM, N6Ghost wrote:
> > I want to move a core namespace to the load balancer but i want
> > them to let me assign them a new zone thats internally
> > authoritative and use it as the LB domain.
> >
> > which
On Thu, 25 Oct 2018 15:57:48 -0600
Grant Taylor via bind-users wrote:
> On 10/25/18 2:34 PM, N6Ghost wrote:
> > I want to move a core namespace to the load balancer but i want
> > them to let me assign them a new zone thats internally
> > authoritative and use it as the LB domain.
> >
> > which
19 matches
Mail list logo
