Re: Getting RPZ statistics

> If you have a pointer to the technique you're using to > distinguish images and serve up replies, i'd be interested to see it. I'll be the first to admit it's not perfect, but even if we send the wrong content, it's better than what they would have gotten! :) First we just look at th

Re: Getting RPZ statistics

now their machine is probably infected with malware. John ------- John Hascall, j...@iastate.edu Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services) IT Services, The Iowa State University o

Re: DNS Blackholing

--- John Hascall, j...@iastate.edu Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services) IT Services, The Iowa State University of Science and Technology > On 12/4/2012 6:00 AM, John

Re: DNS Blackholing

We have found that RPZ works quite well for us. We have 366825 names in our RPZ zone at present and scaling thus far has been a non-issue. John --- John Hascall, j...@iastate.edu Team Lead, NIADS (Network Infrastructure

DNS RPZ and different answers for IPv6 vs IPv4

What I would like to have happen is for the IPv6 () query for "evil-domain.com" to return "no data", but for the IPv4 (A) query for "evil-domain.com" to return "CNAME ". Is this possible? If so, how? Thanks, John ___ Please visit https://lists.is

Re: CVE-2012-1033 (Ghost domain names) mitigation

> > Questions: > > (1) It looks to me like if the ghost name is in our > >DNS RPZ zone, then that 'fixes' the problem for > >that name. Is this correct? > > Ghost domain could be redelegated to a new owner and become absolutely > legal. Caveat Emptor -- if you buy a former TDSS (or

CVE-2012-1033 (Ghost domain names) mitigation

which are ghosts (new different ghost names could, of course, be created).Is this correct? Thanks, John --- John Hascall, j...@iastate.edu Team Lead, NIADS (Network Infrastructure, Authentication & Directory Service

Re: CVE-2011-0414 and Bind 9.7.3

> > How sure are we that 9.7.3 fixes CVE-2011-0414? > Pretty darn sure. > > Because we are seeing behaviour that looks like CVE-2011-0414 > > on our 9.7.3 server... > Please send details to bind9-b...@isc.org. It was just as we saw with 9.7.2, the last thing in the log is an IXFR and then boom n

CVE-2011-0414 and Bind 9.7.3

How sure are we that 9.7.3 fixes CVE-2011-0414? Because we are seeing behaviour that looks like CVE-2011-0414 on our 9.7.3 server... Thanks, John --- John Hascall, j...@iastate.edu Team Lead, NIADS (Network

Re: Delegation or PEBKAC problems?

ht not be able to do that). If your first server can't talk to the other (delegated zone's) NS's (say because of a firewall issue) you can get something that matches what you seem to be getting. John ------- Joh