Re: Problem with ACL in named.conf

On 30/08/12 03:19, GS Bryan wrote: > My BIND version, as shown by 'named -v' is BIND > 9.9.1-P1-RedHat-9.9.1-2.P1.el6. > > 'named-checkconf /etc/named.conf' doesn't throw any error messages whatsoever. > -- > Bryan S.G. > You're correct - named-checkconf doesn't see the problem, but named error

Re: Problem with ACL in named.conf

On 30/08/12 03:17, GS Bryan wrote: > hmm... that explains it. > > Damn, DNSMadeEasy needs to have notify notices sent to a different IP > set than their nameserver service. This means that I have to hardcode > this myself. > > Another question then, if zone 'example.net' has the NS records of > '

ho to filter hundeds of domains ?

Hello, I need to implement a bind filter for many hundreds of domains which are considered outlaw and illegal by italian government about gamble games. If I create a named zone for each illegal domain and configure my nameserver as authoritative for those zones, I can catch the DNS resolutions

Re: ho to filter hundeds of domains ?

On Thu, Aug 30, 2012 at 02:14:38PM +0200, fddi wrote a message of 23 lines which said: > I need to implement a bind filter for many hundreds of domains which > are considered outlaw and illegal See . Very good ebook. ___ Please

Re: ho to filter hundeds of domains ?

On 30 Aug 2012, at 13:14, fddi wrote: > I need to implement a bind filter for many hundreds of domains which are > considered outlaw and illegal > by italian government about gamble games. > > If I create a named zone for each illegal domain and configure my nameserver > as authoritative > for

Re: ho to filter hundeds of domains ?

fddi wrote: > > Is there another way I could achieve this ? BIND's RPZ (response policy zone) feature supports many kinds of evil. http://www.isc.org/community/blog/201007/taking-back-dns-0 Tony. -- f.anthony.n.finchhttp://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasi

Re: ho to filter hundeds of domains ?

On Thu, Aug 30, 2012 at 01:34:07PM +0100, Niall O'Reilly wrote a message of 32 lines which said: > Don't waste your time. > > This approach is superficial. http://www.bortzmeyer.org/images/please-close-gate.jpg :-) ___ Please visit ht

Re: ho to filter hundeds of domains ?

On 8/30/12 2:32 PM, Stephane Bortzmeyer wrote: On Thu, Aug 30, 2012 at 02:14:38PM +0200, fddi wrote a message of 23 lines which said: I need to implement a bind filter for many hundreds of domains which are considered outlaw and illegal See . Very good ebook. thank

Re: ho to filter hundeds of domains ?

On 8/30/12 3:14 PM, Stephane Bortzmeyer wrote: On Thu, Aug 30, 2012 at 01:34:07PM +0100, Niall O'Reilly wrote a message of 32 lines which said: Don't waste your time. This approach is superficial. http://www.bortzmeyer.org/images/please-close-gate.jpg :-) Often it is not

Re: ho to filter hundeds of domains ?

On Thu, Aug 30, 2012 at 03:16:32PM +0200, fddi wrote a message of 15 lines which said: > Actually many telephone companies in the world are doing this, They're wrong politically (censorship) and they're wrong technically (see O'Reilly's answer). Copying telephone companies is not a good ide

Re: ho to filter hundeds of domains ?

On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: On Thu, Aug 30, 2012 at 03:16:32PM +0200, fddi wrote a message of 15 lines which said: Actually many telephone companies in the world are doing this, They're wrong politically (censorship) and they're wrong technically (see O'Reilly's answer)

Re: ho to filter hundeds of domains ?

Normal web filtering software that auto updates is a better approach. Using Bind with a manual list of domains to try to achieve this is like trying to kill an ant hill 1 ant at a time -- Sent from my Android phone with K-9 Mail. fddi wrote: On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: >

Re: ho to filter hundeds of domains ?

Russell Jones wrote on 08/30/2012 09:39:17 AM: > Normal web filtering software that auto updates is a better > approach. Using Bind with a manual list of domains to try to achieve > this is like trying to kill an ant hill 1 ant at a time There are several sources of RPZ data such as Spamhaus an

Re: ho to filter hundeds of domains ?

On 8/30/2012 8:46 AM, wbr...@e1b.org wrote: Russell Jones wrote on 08/30/2012 09:39:17 AM: Normal web filtering software that auto updates is a better approach. Using Bind with a manual list of domains to try to achieve this is like trying to kill an ant hill 1 ant at a time There are several

Re: ho to filter hundeds of domains ?

add this line to /etc/named.conf include "locallyblockeddomains.zones"; contents of locallyblockeddomains.zones: // This bind zone is intended to be included in a running dns server for a local net // // It will return a 127.0.0.1 for the domains listed as malware // // This is for locally

dhcp error messages

I have started getting error sending response: not enough free resources on my dhcp server during random times during the day. Google isnt providing much other than it could be an issue with the switch, or a network card issue. top on the server doesnt show it using hardly any resources at all.

Re: ho to filter hundeds of domains ?

Russell Jones wrote on 08/30/2012 10:28:07 AM: > Oh I know, I use spamhaus myself for spam filtering - catches a > ridiculous amount of spam. It is my understanding though the OP wants to > filter domains for NSFW web browsing, not spam - specifically gambling > sites. Spamhaus describes it

Re: ho to filter hundeds of domains ?

In article , Stephane Bortzmeyer wrote: > On Thu, Aug 30, 2012 at 03:16:32PM +0200, > fddi wrote > a message of 15 lines which said: > > > Actually many telephone companies in the world are doing this, > > They're wrong politically (censorship) and they're wrong technically > (see O'Reill

Re: ho to filter hundeds of domains ?

On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: > On Thu, Aug 30, 2012 at 03:16:32PM +0200, > fddi wrote > a message of 15 lines which said: > >> Actually many telephone companies in the world are doing this, > > They're wrong politically (censorship) and they're wrong technically > (see O'Re

Re: ho to filter hundeds of domains ?

On 8/30/12 5:05 PM, wbr...@e1b.org wrote: > Russell Jones wrote on 08/30/2012 10:28:07 AM: > >> Oh I know, I use spamhaus myself for spam filtering - catches a >> ridiculous amount of spam. It is my understanding though the OP wants to > >> filter domains for NSFW web browsing, not spam - spec

Re: ho to filter hundeds of domains ?

On Thu, 2012-08-30 at 17:25 +0200, Emanuele Balla (aka Skull) wrote: > On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: > > On Thu, Aug 30, 2012 at 03:16:32PM +0200, > > fddi wrote > > a message of 15 lines which said: > > > >> Actually many telephone companies in the world are doing this, > >

Re: ho to filter hundeds of domains ?

Rick Coloccia wrote: add this line to /etc/named.conf include "locallyblockeddomains.zones"; contents of locallyblockeddomains.zones: // This bind zone is intended to be included in a running dns server f a local net // // It will return a 127.0.0.1 for the domains listed as malware // //

Re: ho to filter hundeds of domains ?

On 8/30/12 6:09 PM, Mark Elkins wrote: >> Still, that kind of setup is *mandatory* for ISPs in Italy :-\ > > Is the mandatory setup to actually use 'DNS' to block access to gambling > sites? Its easy enough to script an automatic update if someone central > and with the necessary authority decide

Re: ho to filter hundeds of domains ?

On Thu, Aug 30, 2012 at 03:18:25PM +0200, fddi wrote: > On 8/30/12 3:14 PM, Stephane Bortzmeyer wrote: > >On Thu, Aug 30, 2012 at 01:34:07PM +0100, > > Niall O'Reilly wrote > > a message of 32 lines which said: > > > >>Don't waste your time. > >> > >>This approach is superficial. > > > >

Re: dhcp error messages

> I have started getting error sending response: not enough free resources > on my dhcp server during random times during the day. Google isnt > providing much other than it could be an issue with the switch, or a > network card issue. top on the server doesnt show it using hardly any > resourc

Re: ho to filter hundeds of domains ?

On 8/30/2012 10:33 AM, Rick Coloccia wrote: add this line to /etc/named.conf include "locallyblockeddomains.zones"; contents of locallyblockeddomains.zones: // This bind zone is intended to be included in a running dns server for a local net // // It will return a 127.0.0.1 for the domains

Re: ho to filter hundeds of domains ?

In message <1346342946.14282.32.ca...@mjelap.posix.co.za>, Mark Elkins writes: > On Thu, 2012-08-30 at 17:25 +0200, Emanuele Balla (aka Skull) wrote: > > On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: > > > On Thu, Aug 30, 2012 at 03:16:32PM +0200, > > > fddi wrote=20 > > > a message of 15 line

Re: ho to filter hundeds of domains ?

On 8/31/12 1:21 AM, Mark Andrews wrote: >> Note to self, run own recursive DNS resolver on my laptop whilst >> travelling in Italy. >> >> 8.8.8.8 ? > > Which is exactly why the DNS is the wrong level to do this at if > you have a legal obligation to block access. The only way to do > that is to

Re: ho to filter hundeds of domains ?

> Again, it's not about how effective the block is or can be. Unless Italy > becomes like China or even worse (but the US had the chance end up > almost in the same situation very recently, so this is NOT an > Italian-only problem), there is no way to inhibit users from reaching a > given resource