Re: RPZ with Spamhaus

is list wanting to test the zones for themselves, ping me off list and I can get you a signup for six months free of charge — perhaps longer if we can come up with suitable reasons why. Just don’t tell a grumpy engineer who may be on this list to

Re: Barclays bank domain unresolvable only on some servers

proper troubleshooting would involve checking what each of the authoriatatives say. But it’s Sunday and the dogs need a walk. :-) Simon > On 16 Jun 2019, at 09:43, Sebastian Arcus wrote: > > I have discovered Friday that the following domain used by Barclays bank in > UK doesn

Re: load balancing

Thanks Warren. Are we support this with our current release? Rgds Simon On Tue, Sep 18, 2018 at 3:04 PM Leroy Tennison wrote: > Before selecting round robin consider the drawbacks - a DNS server being > down, DNS server inconsistency, an application expecting some kind of >

Re: load balancing

h case, once the IP address is given out, it goes to the end of the list. The fourth user, therefore, will be sent to the first IP address, and so forth. Rgds Simon On Tue, Sep 18, 2018 at 1:22 PM Warren Kumari wrote: > > > On Tue, Sep 18, 2018 at 4:01 PM SIMON BABY wrote: > &

load balancing

Hi, Are we support load balancing with latest DNSSEC ? I have a DNSSEC application with unbound library. Do i have to add any extra configuration to support Load Balancing? Rgds Simon ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-users Digest, Vol 2842, Issue 2

Thanks a lot Warren . Can you please write me the steps to make the bind only as a resolver . It will be great if you could send me if there is any document . Rgds Simon On Wednesday, February 21, 2018, Warren Kumari wrote: > On Wed, Feb 21, 2018 at 3:06 PM, SIMON BABY wrote: >

Re: bind-users Digest, Vol 2842, Issue 2

Hi, 1. Can I use BIND9, for implementing only the client resolve/validation part? My system has limited memory and CPU power. 2. In the client resolution part, can i send the queries directly to any of the root servers? Instead of any public name server. Rgds Simon On Wed, Feb 21, 2018 at

Re: DNSSEC validation

Thanks Evan for answering my questions. I will look more into getdns-api or libunbund library for the client side resolve. Rgds Simon On Tue, Feb 13, 2018 at 3:00 PM, Evan Hunt wrote: > On Tue, Feb 13, 2018 at 01:33:10PM -0800, SIMON BABY wrote: > > 1. Assume if I use an external

Re: DNSSEC validation

Thanks Warren. I will look into https://getdnsapi.net/ . Rgds simon On Tue, Feb 13, 2018 at 2:07 PM, Warren Kumari wrote: > On Tue, Feb 13, 2018 at 3:42 PM, SIMON BABY wrote: > > Hello Evan, > > > > Thank you so much for the quick response. > > > > My req

Re: DNSSEC validation

. Can I integrate dnsmasq option with my client application? Any reference. Thanks once again for your help and time. Rgds Simon On Tue, Feb 13, 2018 at 1:11 PM, Evan Hunt wrote: > On Tue, Feb 13, 2018 at 12:42:26PM -0800, SIMON BABY wrote: > > My requirement is to implement only the

Re: DNSSEC validation

my application to send queries and validate the answer in my client code itself. Can you please point if any sample code. Rgds Simon On Tue, Feb 13, 2018 at 12:26 PM, Evan Hunt wrote: > On Tue, Feb 13, 2018 at 12:08:18PM -0800, SIMON BABY wrote: > > I am trying to implement the full

DNSSEC validation

Hello, I am trying to implement the full recursive resolver with libbind library in my client code. I am not using resolv.conf in my implementation. Can anyone please help to point any sample code for this. Thank you for your help and time. Rgds simon

Re: frequent queries to root servers

Akamai users (so the smaller players). ISC is aware of the issue. I do not believe that the cause has been identified. Simon ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-us

Re: Handling of expired RRSIG records - ise.gov

On 21 May 2014, at 13:01, Stephane Bortzmeyer wrote: > Probably because there is no DS record for ise.gov, which prevents the > validator to try. Thanks, and indeed no DS in .gov, knew I was missing something basic. ___ Please visit https://lists.isc

Handling of expired RRSIG records - ise.gov

Dear Bind Users, BIND 9 logs report: RRSIG has expired for "www.ise.gov" And "no valid signature found" for "ise.gov A". Yet I can still resolve and visit the website http://ise.gov/ DNS recursive server has: dnssec-validation yes; dnssec-enable yes; dnssec-accept-expired

Re: Is SpamHaus Feed for RPZ is free or subscription based?

Put another way, if you subscribe to the rsync service for 10,000 users and decide to repurpose the data to make it available to the same audience via RPZ, your call. For the record, I work for the commercial arm of Spamhaus[1]. All the best Simon [1] As this statement may get some people ra

Re: RRL probably not useful for DNS IP blacklists,

e mail server I'm sending from is in your DCC database.) > I suspect a real (as opposed to synthetic) DNSBL has > a lot of repetition in all except the last labels. Yeah. Depends on the DNSBL. But not in this case. Nonetheless, Tony's stats were interesting. ATB Simon signatur

Re: RRL probably not useful for DNS IP blacklists, was Re: New Versions of BIND are available (9.9.4, 9.8.6, and 9.6-ESV-R10)

On 23 Sep 2013, at 19:24, Tony Finch wrote: > Simon Forster wrote: >> >> As a matter of interest, if one had a DNSBL with 5.5 million entries >> (i.e. 5.5 million IPs): >> >> 1) What needs to be done to rewrite that to a BIND zone? >> 2) What sort of

Re: RRL probably not useful for DNS IP blacklists, was Re: New Versions of BIND are available (9.9.4, 9.8.6, and 9.6-ESV-R10)

of interest, if one had a DNSBL with 5.5 million entries (i.e. 5.5 million IPs): 1) What needs to be done to rewrite that to a BIND zone? 2) What sort of machine would be required to load that zone? 3) How long would it take to load into BIND? TIA Simon >> I was looking for somethin

Re: 100% CPU / wedge with 9.8.3-P4 & RPZ?

e in beta while minor tweaks are made to the production process. Customers now should see updates to the DBL zone file every 3 minutes and updates to the DROP zone every 15 minutes. Additionally, the latency between zone updates and zone propagation has been reduced by two minutes. ATB Simon Forster

Re: load balance of DNS

Hi, sure it is. Here a more detailed version: http://www.zytrax.com/books/dns/ch9/rr.html Regards, Simon On Fri, 13 Jan 2012 22:40:31 +0800, MyDots.net wrote: Hi, Is there a good way of running the current BIND (9.7 and later) for load balancing a special record? for example

Re: Delegating in reverse lookup zones

Thanks for the replies, everyone; I think the consensus is that having ARIN redelegate is the correct solution, and that's fine by me. (As mentioned, my marching orders were to do this without redelegating, but if that's the correct way to do it, I can make that case.) -Simon On T

Delegating in reverse lookup zones

in 0 ms What really baffles me is that this worked for several hours yesterday, and apparently quit overnight. One option is just to change the delegation at ARIN, but we want to avoid that and in any event I'd like to know what the issue is. Any ideas on what I'm doing wrong? -Simon _

Re: [DNSSEC] Validating resolver which is also authoritative: no AD bit set

m=117310800721413&w=2 > If I delete this domain from the list of zones served by this BIND, I > get the AD bit again. > > Is it normal? Should the client be happy with just the AA bit? Last time I checked they weren't, but things may have changed. Simon