Zitat von Romgo :
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
It is a somewhat special case. UDP by itself is not stateful at all so
any stateful firewall have to use some timeout values to decide if the
"co
Zitat von Romgo :
I see, but It should be statefull right ?
If using stateful UPD filtering you might get hit by short timeout
values for UDP state matching, so packets get dropped if the query is
too slow.
Regards
Andreas
___
Please visit
Zitat von sasa sasa :
Hi,
I got a server with 16GB memory, want to install 2 BIND on CentOS,
one cache only and another authoritative.
Is it better to install 2 OS virtually and run BIND in them or run 2
instances of BIND on the same OS? I mean what is the best practice
to take advantage o
Zitat von "Adamiec, Lawrence" :
Here are some results using the same commands you used.
# dig @63.200.45.18 ns1.bonsi.org soa
; <<>> DiG 9.6.1-P3 <<>> @63.200.45.18 ns1.bonsi.org soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9
Zitat von iharrathi@orange-ftgroup.com:
on server1(64 bit) i have 2 Intel E5310 quad-core 1.6Ghz and on
server2(32 bit) i have 2 Intel Xeon dual-core 2.33Ghz.
means 8*1.6 Ghz on server1 and 4*2.33 on server2.
8*1.6 is better and faster than 4*2.33, no?
This would only apply for applicat
Zitat von Kevin Oberman :
On Tue, Jun 28, 2011 at 7:32 AM, Ryan Novosielski wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/28/2011 12:30 PM, David Sparro wrote:
On 6/28/2011 11:15 AM, iharrathi@orange-ftgroup.com wrote:
Hi all,
I'm testing the same version of bind 9.4-ESV-R4
Zitat von Stephane Bortzmeyer :
On Tue, May 31, 2011 at 05:59:08PM -0400,
Warren Kumari wrote
a message of 52 lines which said:
Does anyone else find the bind-users list to be very slow?
Same problem for me.
No wonder the list is slow if everyone send a confirmation that it is slow ;-)
Zitat von Dan Pritts :
Hi,
A question regarding BIND defaults. I'd love the same answer for
other nameserver software if anyone
cares to share.
http://www.unbound.net/documentation/info_timeout.html
For sure Bind is doing something similar.
Regards
Andreas
___
Zitat von Anand Buddhdev :
On 16/05/2011 14:11, Dennis Perisa wrote:
Hi folks,
We are looking to dual-stack our 9.7.3 DNS resolvers and I had a
question about BIND's behaviour in a dual-stack configuration.
Assuming the resolver's cache is empty, will a query that arrives on
an IPv6 socket a
Zitat von babu dheen :
Hi,
We have two internal Windows DNS servers which answer all DNS query
by forwarding it to gateway DNS server running in Redhat BIND. But i
have a query regarding allowing ROOT DNS query on internal DNS server.
I guess it does not mean your internal servers shoul
Zitat von Lazy :
2010/12/30 Lazy :
2010/12/28 Dennis Clarke :
trying to resolve www.microsoft.com or microsoft.com results in a
"connection timed out; no servers could be reached"
Well, for what it's worth - it's not just you having that issue. When
testing from home and from work I get th
Zitat von David Forrest :
On Tue, 16 Nov 2010, Mark Andrews wrote:
Isn't sufficient to configure the root trust anchor inside
"managed-keys {};"
statement? If I understand correctly the key should be automatically
updated, shouldn't it?
For 9.7 yes.
I just updated to 9.7.2-P3 and got
Zitat von John Williams :
I'm being told there is an RSA verification failure on the .US domain. I''m
getting details from the following; http://dnsviz.net/d/us/dnssec/ I have a
signed zone under us. How does this affect my domain and other signed zones
under .US?
As far as i know you are
Zitat von Mark Andrews :
Is this still with BIND 9.7.0-P1 or something more recent? If it
is still BIND 9.7.0-P1 then please upgrade. There really is no
point debugging validation failures in BIND 9.7.0-P1 anymore as the
validator has had really extensive changes since then.
Okay, compiled
Zitat von Mark Andrews :
Is this still with BIND 9.7.0-P1 or something more recent? If it
is still BIND 9.7.0-P1 then please upgrade. There really is no
point debugging validation failures in BIND 9.7.0-P1 anymore as the
validator has had really extensive changes since then.
Please remember,
Zitat von Mark Andrews :
In message <20101118131400.37717e5p5tard...@webmail.kwsoft.de>,
lst_ho...@kwsof
t.de writes:
We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many "broken
trust chain" errors in the bind log
Zitat von Mark Andrews :
In message <20101118131400.37717e5p5tard...@webmail.kwsoft.de>,
lst_ho...@kwsof
t.de writes:
We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many "broken
trust chain" errors in the bind log
We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many "broken
trust chain" errors in the bind log for non existing records. One
example is
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain)
res
Zitat von Maria Iano :
We are working with a software vendor whose software only works with
relative hostnames - they say it can't cope with a fully-qualified
domain name. They want us to make sure the necessary domain is in
all clients' search lists. Does anyone have any good references fo
Zitat von The Doctor :
My question is how can you detect if a DSN / Domain name
has been 'poisoned'?
Compare what your cache deliver with results from other sites. To
prevent cache poison you might use DNSSEC if the zones which are
affected support it and at least use a recent Resolver wit
Zitat von Barry Margolin :
In article ,
lst_ho...@kwsoft.de wrote:
Zitat von Alan Clegg :
> On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
>
>> Sorry for being unclear. We want the SERVFAIL as it should be for
>> invalid DNSSEC data *in all cases* eg. even if a client ask with the
>> cdfla
Zitat von Alan Clegg :
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
invalid DNSSEC data *in all cases* eg. even if a client ask with the
cdflag (checking disable) set.
CD means "don't check", so you can't by definition.
A
Zitat von Alan Clegg :
On 10/1/2010 4:26 PM, lst_ho...@kwsoft.de wrote:
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at our
caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to alwawys
force obey
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at
our caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to alwawys
force obeying DNSSEC signed zones for resolving eg. if i use "dig
+cdflag www
24 matches
Mail list logo
