In message <65a8901490745bf21a8ec6c58b161...@ausics.net>, Noel Butler writes:
>
> and use modern version of bind and RRL.
Definitely use a modern version of BIND. I don't know how often
we get bug reports against stuffed we fixed years ago even from our
support customers. If you are on a Linux
On 05/09/2015 11:41, Mike Hoskins (michoski) wrote:
Actually, PIX had issues... I can attest to that, having administered
several Cisco-based networks including PIX years before I was "a Cisco
The biggest issues we really saw with PIX protected networks was in
early 2000's,
it used to bit
On 05/09/2015 05:00, Leandro wrote:
> Reindl , I agree with you.
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure
On 9/4/15, 9:29 PM, "bind-users-boun...@lists.isc.org on behalf of Noel
Butler" wrote:
>On 05/09/2015 04:49, Reindl Harald wrote:
>
>> mostly people who are throwing as much as possible appliances and
>> firewalls in front of their machines doing that because missing
>> knowledge
>
>and falling
On 05/09/2015 04:49, Reindl Harald wrote:
mostly people who are throwing as much as possible appliances and
firewalls in front of their machines doing that because missing
knowledge
and falling for some salesman's BS, the moment they sniff you have no
idea, they rub their hands together think
There are stupid firewalls that drop DNS queries with the last
reserved bit set. This should be ignored by the nameserver.
There are stupid firewalls that drop DNS queries with DO=1.
This breaks DNSSEC. Most of these are gone now but some still
exist. They took years to effectively remove from
On Fri, Sep 04, 2015 at 05:27:18PM +, Mike Hoskins (michoski)
wrote:
> On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf
> of /dev/rob0" r...@gmx.co.uk> wrote:
>
> >On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote:
> >> Am 03.09.2015 um 22:59 schrieb Robert Mosk
On Fri, Sep 4, 2015 at 3:29 PM, wrote:
>> One Firewall should be enough.
>> So, what you consider this firewall should do ?
>> In my opinion:
>> Block requests coming from a blacklist (Who will generate this list ?)
>> Block denial of service requests. It needs to measure the requests rate
>> to
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure the requests rate
> to detects when is under attack.
> Block port sca
Reindl , I agree with you.
One Firewall should be enough.
So, what you consider this firewall should do ?
In my opinion:
Block requests coming from a blacklist (Who will generate this list ?)
Block denial of service requests. It needs to measure the requests rate
to detects when is under attack.
Am 04.09.2015 um 20:41 schrieb Leandro:
I think that regarding security issues, is better to prevent as much as
possible.
Here we have two different opinions:
People that agree to use firewall and people against (or arguing that is
not necessary):
I would like to hear both and then decide. If
I think that regarding security issues, is better to prevent as much as
possible.
Here we have two different opinions:
People that agree to use firewall and people against (or arguing that is
not necessary):
I would like to hear both and then decide. If we share our points maybe
can get a bet
On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf of
/dev/rob0"
wrote:
>On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote:
>> Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
>> >On 09/03/2015 04:35 PM, Leandro wrote:
>> >>Ok ...
>> >>I got BIND 9.10.2-P3 working.
>> >
On Thu, Sep 03, 2015 at 11:02:23PM +0200, Reindl Harald wrote:
> Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
> >On 09/03/2015 04:35 PM, Leandro wrote:
> >>Ok ...
> >>I got BIND 9.10.2-P3 working.
> >>I compiled with
> >>
> >>./configure --with-openssl --enable-threads --with-libxml2
> >>--wit
Am 03.09.2015 um 23:16 schrieb Robert Moskowitz:
On 09/03/2015 05:02 PM, Reindl Harald wrote:
Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
On 09/03/2015 04:35 PM, Leandro wrote:
Ok ...
I got BIND 9.10.2-P3 working.
I compiled with
./configure --with-openssl --enable-threads --with-lib
On 09/03/2015 05:02 PM, Reindl Harald wrote:
Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
On 09/03/2015 04:35 PM, Leandro wrote:
Ok ...
I got BIND 9.10.2-P3 working.
I compiled with
./configure --with-openssl --enable-threads --with-libxml2
--with-libjson
make
make install
Json sta
Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
On 09/03/2015 04:35 PM, Leandro wrote:
Ok ...
I got BIND 9.10.2-P3 working.
I compiled with
./configure --with-openssl --enable-threads --with-libxml2 --with-libjson
make
make install
Json statistics channel is working and chroot is not longe
On 09/03/2015 04:35 PM, Leandro wrote:
Ok ...
I got BIND 9.10.2-P3 working.
I compiled with
./configure --with-openssl --enable-threads --with-libxml2 --with-libjson
make
make install
Json statistics channel is working and chroot is not longer mandatory.
But do make sure you have selinux e
Ok ...
I got BIND 9.10.2-P3 working.
I compiled with
./configure --with-openssl --enable-threads --with-libxml2 --with-libjson
make
make install
Json statistics channel is working and chroot is not longer mandatory.
Im happy.
Thanks!
Leandro.
On 03/09/15 15:47, Mike Hoskins (michoski) wrote
Few points for clarification:
With rhel/centos you're not getting the major version as reported. You
need to look at the changlog for the package to see what fixes/features
have been backported. That effort including associated QA is part of what
you're paying for with rhel or getting for free a
On 09/03/2015 01:45 PM, Leandro wrote:
Dear All:
While installing bind still have not clear some issues:
Im using Centos 6.6 since Im not very comfortable with Centos7 yet.
My final goal is to get an updated and stable version and also use
json format for the statistics channel.
1) Some bin
On 9/3/2015 12:53 PM, Reindl Harald wrote:
Am 03.09.2015 um 19:45 schrieb Leandro:
Dear All:
While installing bind still have not clear some issues:
Im using Centos 6.6 since Im not very comfortable with Centos7 yet.
My final goal is to get an updated and stable version and also use json
form
Am 03.09.2015 um 19:45 schrieb Leandro:
Dear All:
While installing bind still have not clear some issues:
Im using Centos 6.6 since Im not very comfortable with Centos7 yet.
My final goal is to get an updated and stable version and also use json
format for the statistics channel.
1) Some bind
Dear All:
While installing bind still have not clear some issues:
Im using Centos 6.6 since Im not very comfortable with Centos7 yet.
My final goal is to get an updated and stable version and also use json
format for the statistics channel.
1) Some bind users recommended to get at least a 9.10
24 matches
Mail list logo
