At Tue, 25 Aug 2009 22:08:11 +0200,
clemens fischer wrote:
> > How about the patch copied below? With this it would fail like this:
> >
> > 24-Aug-2009 16:46:41.334
> > /Users/jinmei/src/isc/bind9-current/bin/named/named.conf:22: failed to
> > add dnsbl-1.uceprotect.net for deny-answer-addresse
JINMEI Tatuya wrote:
> How about the patch copied below? With this it would fail like this:
>
> 24-Aug-2009 16:46:41.334
> /Users/jinmei/src/isc/bind9-current/bin/named/named.conf:22: failed to
> add dnsbl-1.uceprotect.net for deny-answer-addresses: already exists
> 24-Aug-2009 16:46:41.334 load
At Fri, 21 Aug 2009 10:42:31 -0500 (CDT),
"Jeremy C. Reed" wrote:
> > deny-answer-addresses {
> > 127/8; 192.168/16; 10/8; 172.16/12;
> > } except-from {
> > "zen.spamhaus.org";
> > "dnsbl-1.uceprotect.net";
> > "dnsbl-1.uceprotect.net";
>
> This is repeated, resultin
Jeremy C. Reed wrote:
> Thank you very much for testing the alpha release.
My pleasure! I had a workaround resulting in dns-rebind protection in
my pdnsd[1] resolver, but pdnsd doesn't support dnssec and a few other
features.
[1] http://www.phys.uu.nl/~rombouts/pdnsd.html
>> deny-answer-addr
On Fri, 21 Aug 2009, clemens fischer wrote:
> BIND 9.7.0a2 built with '--prefix=/opt/bind/9.7.0a2'
> '--with-openssl=yes' '--disable-linux-caps'
> '--sysconfdir=/usr/local/etc' '--localstatedir=/var' 'CFLAGS=-O'
Thank you very much for testing the alpha release.
> deny-answer-addresses {
>
'uname -rms'
Linux 2.6.30.4-spott-gecd13d4 i686
'/l/sbin/named -V'
BIND 9.7.0a2 built with '--prefix=/opt/bind/9.7.0a2'
'--with-openssl=yes' '--disable-linux-caps'
'--sysconfdir=/usr/local/etc' '--localstatedir=/var' 'CFLAGS=-O'
I want to disallow rebinding-attacks in a caching resolver. In the
6 matches
Mail list logo
