--On 1 June 2021 at 13:03:12 +0200 Anand Buddhdev wrote:
On 01/06/2021 12:55, Karl Pielorz wrote:
Hi Karl,
Anyone know why the Bind query appears to set such a low UDPsize? -
We've nothing in our config setting sizes, or maximums.
Here's an answer:
https://bind9.readthe
Hi,
If I switch between having Bind go lookup a name, and dig - I can see a
difference in tcpdump, i.e.
Bind 9.16.16:
11:44:19.041785 IP (tos 0x0, ttl 64, id 3613, offset 0, flags [none], proto
UDP (17), length 66)
Us.54445 > Them.53: 3636 [1au] MX? somedomain.org. ar: . OPT
UDPsize=12
--On 1 December 2020 at 10:30:21 -0600 Chuck Aurora wrote:
As for the wrong question - I don't get why it's 'wrong' to ask if
there's a better way of getting the total number of "denied" entries
Sorry, I skimmed the post quickly and thought you simply were asking about
parsing the stats fi
--On 1 December 2020 at 10:14:50 -0600 Chuck Aurora wrote:
On 2020-12-01 04:43, Karl Pielorz wrote:
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic) -
what I'm trying to find out if buried within the trov
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese
wrote:
You need to look at the reply named sends when it trips and starts
limiting UDP traffic source from a given IP address. It tells the
requestor to try again using TCP instead of UDP.
So if the requestor is a legit dns server, it will
Hi all,
So there's been quite a thread - that originally started as "Bind stats -
denied queries" - and morphed into a whole discussion on spoofed UDP,
logging, RRL etc.
In my original post - I never said the original traffic was likely
legitimate in anyway (just so we're clear - I didn't
--On 30 November 2020 at 08:53:27 -0600 Lyle Giese
wrote:
Be careful 'rejecting' these outright. These queries are UDP
traffic(not TCP) and the source address is easily forged. RRL is the
correct way to limit these.
So, as the original person that posted the question :)
My question sti
Hi,
We've been seeing a huge increase in 'denied queries' against a couple of
Bind servers we look after (Bind 9.16.9) - these are currently logged as:
"
Nov 30 00:00:00 client @0xX X.X.X.X#48536 (.): query (cache) './ANY/IN'
denied
"
This appears like it might be someone trying (unsu
--On 17 April 2020 at 15:45:16 +0200 sth...@nethelp.no wrote:
We have what appears to be a significant memory leak in BIND-9.16.1.
...
Running a ps command for the named process every minute and logging
the result, I see the named virtual memory size (VSZ) increasing at
around 1.2 Mbyte/min
9 matches
Mail list logo
