Hello,
Much attention has been given to DNSSEC - how it brings security - the
"chain-of-trust" - the root zone signed - activities of tld's to get
signed - ...
but we - I belong to an organisation in charge of a tld - should also pay
attention to the validating, client, side of DNSSEC.
What
Hello *,
does someone know, how to get easily all CNAME records for a Host?
For example I have:
vserver09.tamay-dogan.net. 604800 IN A88.168.69.36
www.can4linux.org. 86400 IN CNAMEvserver09.tamay-dogan.net.
www.fexray4linux.org.86400 IN CNAMEvserver09.tamay
On 09.11.10 14:01, Michelle Konzack wrote:
> does someone know, how to get easily all CNAME records for a Host?
>
> For example I have:
>
> vserver09.tamay-dogan.net. 604800 IN A88.168.69.36
>
> www.can4linux.org. 86400 IN CNAMEvserver09.tamay-dogan.net.
> www.fexray4lin
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
> I am not sure whether dnswalk over whole internet can do that, but on your
I will try it...
> server you can either run recursive grep over named data directory, or dump
> the named dsatabase and grep it...
This is not good idea to use statefull firewall on heavy loaded DNS
server. firewall becomes low place in the system.
As workaround you can use dns_flood_detector + simple script to insert
and remove IP's from firewall blocking table or chain.
27.10.2010 23:26, Sebastian Tymków пишет:
> In FreeBS
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
> I am not sure whether dnswalk over whole internet can do that,
"dnswalk" is already starting wierd behaviour:
[ command 'dnswalk vserver09.tamay-dogan.net.' ]
Checking vserver09.tamay-
In message <006001cb7ffe$7a6f5b10$6f4e11...@eurid.eu>, "Marc Lampo" writes:
> Hello,
>
>
>
> Much attention has been given to DNSSEC - how it brings security - the
> "chain-of-trust" - the root zone signed - activities of tld's to get
> signed - ...
> but we - I belong to an organisation in ch
Am Tue, 9 Nov 2010 15:14:04 +0100
schrieb Michelle Konzack :
> Hello Matus UHLAR - fantomas,
>
> Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
> > I am not sure whether dnswalk over whole internet can do that, but
> > on your
>
> I will try it...
>
> > server you can either run recurs
On Sunday 07 November 2010 20:02, Michelle Konzack wrote:
> I have (since several years) collected some domain names which do not
> exist (since years) and registered it in the last 4 month for the
> internal use of my Internet Service.
If these domains are for internal use only, why
On 09/11/2010 14:14, Michelle Konzack wrote:
Hello Matus UHLAR - fantomas,
Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
I am not sure whether dnswalk over whole internet can do that, but on your
I will try it...
server you can either run recursive grep over named data directory, o
Hey guys,
I have a zone that I update remotely via nsupdate. When I update the
zone and query it internal (view) I get the correct answer but when I do
a query from outside I still get the old A record.
So the same nameserver gives different answers.
"dig my.zone.tld A +short @ns.zone.tld".
I ha
Hi
If you have control over all zones, you could also pre-store the results of
your search in DNS :)
For all CNAME records, make e.g. a TXT record with the reverse result :
(TXT is maybe not the better record type...which ones (for specialists))
For each :
a-name IN A 1.2.3.4
an-alias IN CNAME a
On 11/09/2010 10:11 PM, Christian Ruppert wrote:
> Hey guys,
>
> I have a zone that I update remotely via nsupdate. When I update the
> zone and query it internal (view) I get the correct answer but when I do
> a query from outside I still get the old A record.
> So the same nameserver gives diffe
On 11/ 9/10 01:25 PM, Christian Ruppert wrote:
On 11/09/2010 10:11 PM, Christian Ruppert wrote:
Hey guys,
I have a zone that I update remotely via nsupdate. When I update the
zone and query it internal (view) I get the correct answer but when I do
a query from outside I still get the old A reco
PTR RRs benefit from label compression, whereas TXT records do not.
Therefore I prefer PTR records for any such "metadata" references within
DNS. There's no chance they'll be mistaken for, or conflict with reverse
DNS records if they're not in the in-addr.arpa branch of the namespace.
> Date: Tue, 09 Nov 2010 13:34:41 -0800
> From: Eric Ham
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
> On 11/ 9/10 01:25 PM, Christian Ruppert wrote:
> > On 11/09/2010 10:11 PM, Christian Ruppert wrote:
> >> Hey guys,
> >>
> >> I have a zone that I update remotely via nsupdate. Wh
Hello Torsten,
Am 2010-11-09 15:46:05, hacktest Du folgendes herunter:
> Maybe it's easier to get a dump with rndc dumpdb -zones and then run
> the grep on the dump file.
Ehm, but AFAIK the dumpfiles are the same as the orginal zone files in
/etc/bind or do I something missing?
Thanks, Greetin
Hello Robert Spangler,
Am 2010-11-09 10:34:52, hacktest Du folgendes herunter:
> If these domains are for internal use only, why did you list the DNS servers
> for them? You are aware that you can register a domain without listing a DNS
> Server?
Because my own customers (exclusively) must acc
Hello philippe.simo...@swisscom.com,
Am 2010-11-09 22:16:08, hacktest Du folgendes herunter:
> For all CNAME records, make e.g. a TXT record with the reverse result :
> (TXT is maybe not the better record type...which ones (for specialists))
>
> For each :
> a-name IN A 1.2.3.4
> an-alias IN CNAM
In message <20101110005445.go5...@michelle1>, Michelle Konzack writes:
> Hello philippe.simo...@swisscom.com,
>
> Am 2010-11-09 22:16:08, hacktest Du folgendes herunter:
> > For all CNAME records, make e.g. a TXT record with the reverse result :
> > (TXT is maybe not the better record type...whic
On Wed, Nov 10, 2010 at 01:47:44AM +0100,
Michelle Konzack wrote
a message of 115 lines which said:
> Even my simple squirrelmal login page from
> is spidered daily with more then 800 hits and I have already counted
> more then 80 different searchbots.
HTTP spidering issues are clearly off-t
Michelle Konzack wrote:
> Hello Robert Spangler,
>
> Am 2010-11-09 10:34:52, hacktest Du folgendes herunter:
>
>> If these domains are for internal use only, why did you list the DNS servers
>> for them? You are aware that you can register a domain without listing a
>> DNS
>> Server?
>>
rndc status
version: 9.6.2-P1
zone "abc.xyz.com"
{
type slave;
file "596251.db";
masters { 10.10.10.1; };
allow-notify { 10.10.10.2; };
};
==
When a NOTIFY is received from 10.10.10.2, does BIND query
abc.xyz.com's SOA against 10.10.10.1 or 10.10.10.2? Is there a
difference in behavio
Casey Deccio deccio.net> writes:
>
> Reproducing these errors and analyzing the debug-level log messages
> would be helpful since everything looks consistent from a DNSSEC
> perspective, as far as I can see.
Well, I have attempted this. I reproduced my existing bind configuration and
added the
In article ,
Michelle Konzack wrote:
> Hello Matus UHLAR - fantomas,
>
> Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
> > I am not sure whether dnswalk over whole internet can do that, but on your
>
> I will try it...
>
> > server you can either run recursive grep over named data d
On Tue, Nov 9, 2010 at 8:10 PM, Brian J. Murrell wrote:
> The only written to that file when one of those broken chain lookups happen
> is:
>
> dnssec: validating @0x2295e9b0: 41.70.55.206.sa-trusted.bondedsender.org TXT:
> starting
> dnssec: validating @0x2295e9b0: 41.70.55.206.sa-trusted.bonded
Am Wed, 10 Nov 2010 01:49:08 +0100
schrieb Michelle Konzack :
> Hello Torsten,
>
> Am 2010-11-09 15:46:05, hacktest Du folgendes herunter:
> > Maybe it's easier to get a dump with rndc dumpdb -zones and then run
> > the grep on the dump file.
>
> Ehm, but AFAIK the dumpfiles are the same as the
27 matches
Mail list logo
