On 10/29/2018 04:17 AM, Michał Kępień wrote:
Hi Grant,
Hi Michał,
You might want to keep an eye on:
https://gitlab.isc.org/isc-projects/bind9/issues/613
Indeed.
Thank you for bringing that to my attention.
I do appreciate the tools that I use having the options to do the things
tha
Hi Grant,
> > You could setup a DNSMASQ / Unbound service as a front end, which then
> > queried bind. Both of those allow the setting of a minimum TTL (max of
> > 3600 seconds in DNSMASQ). It cannot be done with bind by itself.
>
> *nod*
>
> I was aware that there were other resolvers that coul
On 10/26/2018 11:11 AM, Brian Greer wrote:
You could setup a DNSMASQ / Unbound service as a front end, which then
queried bind. Both of those allow the setting of a minimum TTL (max of
3600 seconds in DNSMASQ). It cannot be done with bind by itself.
*nod*
I was aware that there were other res
You could setup a DNSMASQ / Unbound service as a front end, which then queried
bind. Both of those allow the setting of a minimum TTL (max of 3600 seconds in
DNSMASQ). It cannot be done with bind by itself.
> On Oct 26, 2018, at 11:41, Grant Taylor via bind-users
> wrote:
>
> On 10/26/2018 01
On 10/26/2018 01:23 AM, Matus UHLAR - fantomas wrote:
there is not.
Thank you, Matus and Tony, for the direct answer.
using short TTLs is very risky, and forcing minimum TTL is apparently
not way to work around.
Understood. - I /think/ that I'm somewhat (dangerously?) informed and
/choos
Grant Taylor via bind-users wrote:
> Is there a way to enforce a minimum TTL?
Not without changing the code along the lines of
https://salsa.debian.org/dns-team/bind9/blob/master/debian/patches/10_min-cache-ttl.diff
Tony.
--
f.anthony.n.finchhttp://dotat.at/
champion the freedom, dignity,
On 10/25/2018 09:27 PM, Mark Andrews wrote:
Use a browser that maintains its own address cache tied to the HTTP
session. That is the only way to safely deal with rebinding
attacks. Rebinding attacks have been known about for years. There
is zero excuse for not using a browser with such protec
On 10/25/2018 09:27 PM, Mark Andrews wrote:
Use a browser that maintains its own address cache tied to the HTTP
session. That is the only way to safely deal with rebinding attacks.
Rebinding attacks have been known about for years. There is zero excuse
for not using a browser with such protec
Use a browser that maintains its own address cache tied to the HTTP session.
That is the only way to safely deal with rebinding attacks. Rebinding attacks
have been known about for years. There is zero excuse for not using a browser
with such protection.
> On 26 Oct 2018, at 12:02 pm, Grant
Is there a way to enforce a minimum TTL?
My initial searching indicated that ISC / BIND developers don't include
a way to do so on a matter of principle.
I'd like to enforce a minimum TTL of 5 minutes (300 seconds) on my
private BIND server at home. I'm wanting to use this as a method to
th
10 matches
Mail list logo
