On 09.02.12 11:43, Lyle Giese wrote:
This is just my opinion, but this is not a bug. It's the side effect
of a desirable feature called caching.
It's a design flaw - you cache something forever, even if case you
should not do it. The cache time is given and we should not expand it,
for vali
On 2/9/12 9:43 AM, "Lyle Giese" wrote:
> This is just my opinion, but this is not a bug. It's the side effect of
> a desirable feature called caching.
>
> Yea, we can brainstorm how to mitigate the effect, but in order to
> mitigate a problem, we have to know that there is a problem(revoked or
>
On 02/09/12 09:56, Matus UHLAR - fantomas wrote:
> Questions:
> (1) It looks to me like if the ghost name is in our
>DNS RPZ zone, then that 'fixes' the problem for
>that name. Is this correct?
Ghost domain could be redelegated to a new owner and become absolutely
legal.
On 09.02.12
> Questions:
> (1) It looks to me like if the ghost name is in our
>DNS RPZ zone, then that 'fixes' the problem for
>that name. Is this correct?
Ghost domain could be redelegated to a new owner and become absolutely
legal.
On 09.02.12 07:36, John Hascall wrote:
Caveat Emptor -- if
On Feb 9 2012, Peter Andreev wrote:
2012/2/9 John Hascall
[...snip...]
(2) It also looks like restarting bind flushes the cache
and that prevents the repopulation of the local cache
with names which are ghosts (new different ghost names
could, of course, be created).Is this corr
The easier way to mitigation is to enable dnssec validation on the
resolver (which is a good thing anyway). From my tests this changes the
behaviour of bind in so far that it respects the TTL of the NS set
rather strictly, and returns to the parent on expiry.
Looks like the most efficient long-te
> > Questions:
> > (1) It looks to me like if the ghost name is in our
> >DNS RPZ zone, then that 'fixes' the problem for
> >that name. Is this correct?
>
> Ghost domain could be redelegated to a new owner and become absolutely
> legal.
Caveat Emptor -- if you buy a former TDSS (or
2012/2/9 John Hascall
>
>
> Questions:
>
> (1) It looks to me like if the ghost name is in our
>DNS RPZ zone, then that 'fixes' the problem for
>that name. Is this correct?
>
Ghost domain could be redelegated to a new owner and become absolutely
legal.
>
> (2) It also looks like resta
Questions:
(1) It looks to me like if the ghost name is in our
DNS RPZ zone, then that 'fixes' the problem for
that name. Is this correct?
(2) It also looks like restarting bind flushes the cache
and that prevents the repopulation of the local cache
with names which are ghosts
9 matches
Mail list logo
