On 03/28/2018 08:31 PM, Blason R wrote:
Right now I have around 27 zones added in DNS but that is with
direct zones NO RPZ. And my config is 4 vCPU 8Gb RAM its running well
and around 700 users
:-)
The only concern thing for me is I may need to re-write all my scripts
to load those zones
Agree!!
Right now I have around 27 zones added in DNS but that is with direct
zones NO RPZ. And my config is 4 vCPU 8Gb RAM its running well and around
700 users
The only concern thing for me is I may need to re-write all my scripts to
load those zones in RPZ format hence wondering if RPZ can
On 03/28/2018 12:51 AM, Blason R wrote:
Interesting I didn't know that. Let me dig in..can I have few examples
please?
RPZ zones are effectively standard zones. The only difference is that
the CNAME record is used to convey information to the RPZ engine (? is
that an accurate description ?)
Blason R wrote:
> Interesting I didn't know that. Let me dig in..can I have few examples
> please?
Check out https://dnsrpz.info/
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Viking, North Utsire, South Utsire, Northeast Forties: Southeasterly 6 to gale
8, occasionall
Interesting I didn't know that. Let me dig in..can I have few examples
please?
On Wed, Mar 28, 2018, 9:36 AM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 03/27/2018 08:54 PM, Blason R wrote:
> > Is there any DNS sizing guide available? I have created a sinkhole
> > server w
On 03/27/2018 08:54 PM, Blason R wrote:
Is there any DNS sizing guide available? I have created a sinkhole
server which is catering around 25 - 30 zones loaded with 4 CPU
and 8 GB RAM. I am daily adding around 1-5k of zones.
I don't have an answer to your question. But I do wonder why
My server once ran about 200,000 zones on a VPS with 4GB RAM, 2 vCores,
BIND powered.
Running tests against them is good.
https://www.nominum.com/measurement-tools/
On 2018/3/28 星期三 AM 10:54, Blason R wrote:
Hi,
Is there any DNS sizing guide available? I have created a sinkhole
server which
I agree that it could be the NAT firewall: some firewalls have features to
network-address-translate the answer portion of DNS responses.
Or with bind “views" (or “RRL") you could deliberately make it give
differing answers, but you’d know.
The firewall documentation might help.
Or you can test wh
Am 04.02.2016 um 22:01 schrieb Mike Hoskins (michoski):
Do you really want to return RFC1918 to the Internet? Not the end of
the world, but some consider it unnecessary information disclosure. :-)
funny to read that from a @cisco.com sender when all the DNS mangeling
in the last deacde i h
Do you really want to return RFC1918 to the Internet? Not the end of the
world, but some consider it unnecessary information disclosure. :-)
I've seen this on various WAN/fw/router used at home over the years (arris,
cisco, linksys, etc) and unlike the commands Reindal shared which are geared
Am 04.02.2016 um 21:29 schrieb David Hornsby:
I am having an issue with an authoritative dns server that sits behind a
nat. I have replicated this problem on two different servers on
different versions of bind which is why I am now perplexed. In the zone
file the LAN address of the server has an
Hi Mark,
Thank you every much for you help. I can solve the problem now.
On Thu, Feb 4, 2010 at 7:52 AM, Mark Andrews wrote:
>
> In message ,
> Makara writes:
> > Hi,
> >
> > I'm dns administrator, please give me an excuse if it's not the right
> place
> > to ask the question. My dns server is
In message ,
Makara writes:
> Hi,
>
> I'm dns administrator, please give me an excuse if it's not the right place
> to ask the question. My dns server is attacked, below are the log
You are not being attacked. The zone 26.178.115.in-addr.arpa is
delegated to you but you are not configured to s
Agarwal Vivek-RNGB36 wrote:
Hi All
Im using a BIND 9.3. I have been asked to block the responses from some of the
DNS Servers in the internet. Is there any way how can I do that
It's not clear what you're trying to do. Block *responses*? So, you're
going to send these nameservers queries,
Thanks Yohann
Regards
Vivek Aggarwal
+973-36583058
-Original Message-
From: Yohann LEPAGE [mailto:yohann.lep...@laposte.fr]
Sent: Wednesday, October 07, 2009 4:52 PM
To: Agarwal Vivek-RNGB36
Cc: bind-users@lists.isc.org
Subject: Re: DNS Server
Agarwal Vivek-RNGB36 a écrit
RM.pdf
Thanks
Regards
Vivek Aggarwal
+973-36583058
-Original Message-
From: Todd Snyder [mailto:tsny...@rim.com]
Sent: Wednesday, October 07, 2009 4:38 PM
To: Agarwal Vivek-RNGB36; bind-users@lists.isc.org
Subject: RE: DNS Server
There are a few approaches you could take, and it de
Snyder [mailto:tsny...@rim.com]
Sent: Wednesday, October 07, 2009 4:38 PM
To: Agarwal Vivek-RNGB36; bind-users@lists.isc.org
Subject: RE: DNS Server
There are a few approaches you could take, and it depends on what you are
trying to do.
If you are actually trying to block traffic to a specific
There are a few approaches you could take, and it depends on what you are
trying to do.
If you are actually trying to block traffic to a specific server/servers, I'd
say use a firewall. If you're running on a linux box, it's pretty easy:
http://www.cyberciti.biz/faq/howto-null-route-an-attacke
In article ,
Matus UHLAR - fantomas wrote:
> On 21.09.09 19:26, Shi Jin wrote:
> > I've confirmed that the problem is firewall related. I've replaced my
> > current Untangle firewall with a simplest Linux NAT iptables firewall and
> > everything works perfectly, without any complains.
>
> I'd s
On 21.09.09 19:26, Shi Jin wrote:
> I've confirmed that the problem is firewall related. I've replaced my
> current Untangle firewall with a simplest Linux NAT iptables firewall and
> everything works perfectly, without any complains.
I'd say it was bad configuration, not necessarily a bad firewal
Thank you all.
I've confirmed that the problem is firewall related. I've replaced my current
Untangle firewall with a simplest Linux NAT iptables firewall and everything
works perfectly, without any complains.
Thank you very much for your kind help/suggestions.
Shi
1) Confirm whether you need to forward at all. If you don't need to,
then remove the forwarders entries and that should take care of the
errors in your log.
2) If you *must* use forwarders, look at the part of the config that you
didn't show us, and determine whether there is something there (e.
In message <865284.37771...@web36203.mail.mud.yahoo.com>, Shi Jin writes:
>
> > "host unreachable" is one of the clearer error messages, so
> > you need
> > to do some digging. From the box that you've set up bind9
> > on you'll
> > need to use dig to query the ISP's name servers. If that
> > wor
> "host unreachable" is one of the clearer error messages, so
> you need
> to do some digging. From the box that you've set up bind9
> on you'll
> need to use dig to query the ISP's name servers. If that
> works, then
> you'll have to use tcpdump on that box to find out what
> named is doing.
>
>
Shi Jin wrote:
> Hi there,
>
> I've setup a DNS server running bind9 in my LAN and set it up to ISP provided
> DNS servers as the forwarders. Currently this DNS server works in the sense
> both internal and external names are resolved without any problem. However,
> for each DNS query, the sysl
> Try
> dig @216.171.238.66 hp.com
> to see if the .66 host answers to your queries. Maybe you
> got a wrong IP
> there? Try the same for .67, the other DNS.
>
Thank you very much. I tried what you suggested and it seems that these two
servers work perfectly. In fact, I can simply set my DNS t
On Montag 21 September 2009 Shi Jin wrote:
> However, it looks to me like the ISP provided DNS server
> (216.171.238.66) was not able to resolve any of the names and all the
> resolving is done at the top level servers. Is my understanding
> correct?
Try
dig @216.171.238.66 hp.com
to see if the .6
Thank u for you response, i'll install the version that u recommend me, any
consideration to follow up?, also I've assume that the problem that i had
was for the general: error: socket: too many open but finally i've
found that the domains that my server cannot resolve was for and ACL Bogon,
t
sage
From: Prabhat Rana
To: Linux Addict
Cc: sergiot...@gmail.com; comp-protocols-dns-b...@isc.org
Sent: Thursday, February 26, 2009 1:24:33 PM
Subject: Re: DNS server can resolve some domains - BIND 9.4.2-P1
Sorry. Yes I meant /etc/system file.
--- On Thu, 2/26/09, Linux Addict wrote:
&g
Sorry. Yes I meant /etc/system file.
--- On Thu, 2/26/09, Linux Addict wrote:
> From: Linux Addict
> Subject: Re: DNS server can resolve some domains - BIND 9.4.2-P1
> To: prana9...@yahoo.com
> Cc: comp-protocols-dns-b...@isc.org, sergiot...@gmail.com
> Date: Thursday, Februa
:
>
> > From: JINMEI Tatuya / 神明達哉
> > Subject: Re: DNS server can resolve some domains - BIND 9.4.2-P1
> > To: comp-protocols-dns-b...@isc.org
> > Cc: sergiot...@gmail.com
> > Date: Thursday, February 26, 2009, 11:49 AM
> > At Wed, 25 Feb 2009 12:27:29 -0800
Also you may want to increase the File descriptor limits in /etc/service file
* Set File descriptor (FD) limits
set rlim_fd_max=
--- On Thu, 2/26/09, JINMEI Tatuya / 神明達哉 wrote:
> From: JINMEI Tatuya / 神明達哉
> Subject: Re: DNS server can resolve some domains - BIND 9.4.2-P1
>
At Wed, 25 Feb 2009 12:27:29 -0800 (PST),
sergiot...@gmail.com wrote:
>
> I have a server installed, with Solaris 9 and BIND 9.4.2-P1, 1 week
> ago, i began to receive some messages in the message logs:
>
> 25-Feb-2009 15:30:35.826 general: error: socket: too many open file
> descriptors
> 25-Feb
33 matches
Mail list logo
