Vernon Schryver wrote:
>
> About chasing CNAMEs safely or otherwise, please recall the somewhat
> controversial DontExpandCnames. The current cf/README says:
>
> confDONT_EXPAND_CNAMES DontExpandCnames
> [False] If set, $[ ... $] lookups that
> do DNS base
> From: Tony Finch
> Sendmail at one time tried to use ANY for combined MX+A lookups, which
> doesn't work.
That would be true and relevant if sendmail did that. Requesting ANY,
not getting all of the MX, A, and/or records needed, and failing
to continue making other DNS requests simply do
Barry Margolin wrote:
> In article ,
> Tony Finch wrote:
>
> > The ANY query does not trigger alias processing, so if there is a CNAME
> > chain you have to follow it yourself. This is a waste because if you made
> > an MX query in the first place the server would have given you the whole
> > ch
In article ,
Tony Finch wrote:
> The ANY query does not trigger alias processing, so if there is a CNAME
> chain you have to follow it yourself. This is a waste because if you made
> an MX query in the first place the server would have given you the whole
> chain without further queries.
Unless
Vernon Schryver wrote:
>
> > [ANY query for combined MX/A lookup was] a bad hack then and it
> > has remained a bad hack :-)
>
> I would not agree if you could rely on the open resolvers continuing
> to do what they're doing, if you didn't care about parsing 3 or 4
> KBytes of irrelevant bits to g
Doug Barton wrote:
> On 06/05/2013 11:33 AM, Tony Finch wrote:
> > I believe the ANY hack on mail servers was a Sendmailism 20ish years ago.
>
> s/Send/q/
No, I meant Sendmail - see http://fanf.livejournal.com/10.html
Sendmail at one time tried to use ANY for combined MX+A lookups, which
doe
> From: Dave Warren
> >> I thought Google Public DNS re-fetched RRsets as they were expiring in
> >> >order to keep the cache populated, which would explain what you see,
> > I don't understand how they could pre-fetch the gazillions of RRsets
> > that are rarely requested.
> ...
> I'm not conv
On 2013-06-05 12:28, Vernon Schryver wrote:
I thought Google Public DNS re-fetched RRsets as they were expiring in
>order to keep the cache populated, which would explain what you see,
I don't understand how they could pre-fetch the gazillions of RRsets
that are rarely requested.
As far as I
> From: Tony Finch
> > a few minutes playing around, you might come to my conclusion. I think
> > they treat ANY as if it were psuedo-rdataset containing some of the
> > RRs for the domain with a TTL equal to the minimum of all of the TTLs
> > of the contained rdatasets. (I thought I sometimes
On Jun 5, 2013, at 11:59 AM, Doug Barton wrote:
> On 06/05/2013 11:33 AM, Tony Finch wrote:
>> I believe the ANY hack on mail servers was a Sendmailism 20ish years ago.
>
> s/Send/q/
That makes even more sense. DJB always thinks he knows best.
___
Plea
On 06/05/2013 11:33 AM, Tony Finch wrote:
I believe the ANY hack on mail servers was a Sendmailism 20ish years ago.
s/Send/q/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
Vernon Schryver wrote:
>
> If you have a domain to which you can can add records for a subdomain
> with differing 5-30 second TTLs and can spend not just 5 seconds but
> a few minutes playing around, you might come to my conclusion. I think
> they treat ANY as if it were psuedo-rdataset containin
> From: Tony Finch
> You are not quite correct. See http://fanf.livejournal.com/10.html for
> details.
It is obvious to anyone willing to spend a few seconds experimenting that
is true of current BIND9 code (and as far as I know old versions):
} If a DNS cache already has any records (usu
Leonard Mills wrote:
> If your some of your clients are SMTP relays, then ANY is the default
> lookup for an MX and is perfectly normal. Much better from the point of
> view of the mail servers to do one lookup instead of several.
You are not quite correct. See http://fanf.livejournal.com/10
Leonard Mills wrote:
>If your some of your clients are SMTP relays, then ANY is the default
>lookup for an MX and is perfectly normal.
>
Not correct. This is only done by some brokenware. The vast majority of mtas do
correct MX and a/ lookups.
And as has been pointed out elsewhere in the t
um.mit.edu]
Sent: Tuesday, June 04, 2013 01:37 AM
To: comp-protocols-dns-b...@isc.org
Subject: Re: any requests
In article ,
"Novosielski, Ryan" wrote:
> If it were not already in the cache, I would not need to refresh the cache.
> Are you absolutely certain? If so, it is possible
In article ,
"Novosielski, Ryan" wrote:
> If it were not already in the cache, I would not need to refresh the cache.
> Are you absolutely certain? If so, it is possible that this is a difference
> between BIND and AD DNS (I'm generally trying to refresh AD DNS caches), but
> I'm nearly certa
ched entry on a BIND-hosted domain.
- Original Message -
From: Barry Margolin [mailto:bar...@alum.mit.edu]
Sent: Tuesday, June 04, 2013 01:01 AM
To: comp-protocols-dns-b...@isc.org
Subject: Re: any requests
In article ,
"Novosielski, Ryan" wrote:
> Not in my experience -
In article ,
"Novosielski, Ryan" wrote:
> Not in my experience -- in fact, I often do an ANY query to refresh the
> cache.
That will work if the name is not currently in the cache -- the caching
server will query the auth server, and get everything from there.
But if it already has the name
Not in my experience -- in fact, I often do an ANY query to refresh the cache.
From: Chris Buxton [mailto:cli...@buxtonfamily.us]
Sent: Monday, June 03, 2013 08:47 PM
To: Leonard Mills
Cc: bind-users@lists.isc.org
Subject: Re: any requests
If you have mail relays acting this way, you&#
; Much better from the point of view of the mail servers to do one lookup
> instead of several.
>
> Len
>
>
> From: hugo hugoo
> To: Vernon Schryver ; "bind-users@lists.isc.org"
>
> Sent: Monday, June 3, 2013 12:26 PM
> Subject: RE: any requests
>
&
Schryver ; "bind-users@lists.isc.org"
>
>Sent: Monday, June 3, 2013 12:26 PM
>Subject: RE: any requests
>
>
>
>
>Hello,
>
>Thanks for your answer.
>I see ANY queries from my clients (we do not use open resolvers)
>
>I do not see why these kind of quer
In article ,
hugo hugoo wrote:
> Hello,
>
> Thanks for your answer.
> I see ANY queries from my clients (we do not use open resolvers)
That's strange. Client applications shouldn't use ANY queries, because
you can't be sure of which record types are in the resolver's cache.
I recall reading
records?
Hugo,
> Date: Sun, 2 Jun 2013 22:13:33 +
> From: v...@rhyolite.com
> To: bind-users@lists.isc.org
> Subject: Re: any requests
>
> > From: Matus UHLAR - fantomas
>
> > On 02.06.13 20:28, hugo hugoo wrote:
>
> > >I plan to block these ki
> From: Matus UHLAR - fantomas
> On 02.06.13 20:28, hugo hugoo wrote:
> >I plan to block these kind of requests on the dns cache servers in order to
> > avoid any amplification attack.
> hard to say, but as I stated before: don't do that.
Instead, use RRL to mitigate many kinds of amplificatio
On 02.06.13 20:28, hugo hugoo wrote:
Can anyone explain me the purpose of ANY requests sent to cache dns servers?
their point is to give every available information for the given domain.
I plan to block these kind of requests on the dns cache servers in order to
avoid any amplification attack
26 matches
Mail list logo
