At 21:10 16-10-2012, pangj wrote:
IMO, a resolver will have the ability to get the public key of a ZSK
for validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
See http://www.nlnetlabs.nl/publications/dnssec_howto/
Regards,
-sm
I have read the document of redbarn RRL for BIND and this NSD RRL:
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
I have a question that, since the DDoS to DNS are coming from spoofed
IPs. But RRL is working based on source IP. So how can it stop the real
life attack?
Thanks.
___
On 10/17/2012 09:17 AM, pangj wrote:
I have read the document of redbarn RRL for BIND and this NSD RRL:
https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
I have a question that, since the DDoS to DNS are coming from spoofed
IPs. But RRL is working based on source IP. So how can it stop the
In article ,
pangj wrote:
> I have read the document of redbarn RRL for BIND and this NSD RRL:
> https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
>
> I have a question that, since the DDoS to DNS are coming from spoofed
> IPs. But RRL is working based on source IP. So how can it stop th
Anybody have had any luck to get the latest BIND 9.9.2 to compiled on
Solaris 11 SPARC to support 64-bit binaries?
I have tried with both GCC version 4.5.2 and Solaris Studio 12.3.
Everything configure, link and compile fine, but when I try to run named
or dig I get core dumps. Not sure if the
I'm not sure if this is of interest to anyone, but I wrote a FreeBSD
accept filter for DNS a few years ago. An accept filter is a socket
option that you can use to tell the kernel to wait before the
accept() syscall returns. In this case, the accept filter delays
the return of accept until there is
> In article ,
> pangj wrote:
>
>> I have read the document of redbarn RRL for BIND and this NSD RRL:
>> https://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
>>
>> I have a question that, since the DDoS to DNS are coming from spoofed
>> IPs. But RRL is working based on source IP. So how can it
>> You're thinking that the rate limit is intended to protect YOUR server.
>> It's actually to prevent your server from being used as a reflector to
>> attack some OTHER server. The spoofed addresses all point to that
>> server.
>Sorry I just can't understand that why my server is being used to
>From time to time I notice a large number of queries like these to one of my
>external dns servers:
14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.01529 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.03688 121.10.105.66 -> 143.231.1.67 D
Hi--
On Oct 17, 2012, at 11:17 AM, Manson, John wrote:
> From time to time I notice a large number of queries like these to one of my
> external dns servers:
>
> 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
> [ ... ]
> 14:14:40.98668 121.10.105.66 -> 143.231.1.67 DNS
babu dheen wrote:
>
> All users in our company using internal DNS server for name resolution.
> All internal DNS server are pointed to our gateway recursive BIND name
> server which is responsible for getting DNS queries from authoritative
> internet DNS server.
>
> Now we would like to configure
Thanks
So that is why there are usually no NS records?
-Original Message-
From: Chuck Swiger [mailto:cswi...@mac.com]
Sent: Wednesday, October 17, 2012 2:31 PM
To: Manson, John
Cc: bind-users@lists.isc.org
Subject: Re: Possible DDoS?
Hi--
On Oct 17, 2012, at 11:17 AM, Manson, John wrote:
> From time to time I notice a large number of queries like these to one
> of my external dns servers:
>
> 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet *
> ?
>
> Does this rise to the level of a DDoS attack?
> No NS record for this IP.
> I blackhole IPs that behave lik
On 10/17/2012 07:39 PM, Dennis Clarke wrote:
I have the exact same problem with an ip inside State of Colorado
General Government Computer subnet :
http://whois.arin.net/rest/org/SCGGC
That's not exactly a fly-by-night organisation; have you contacted them?
Some server there has been pound
I used to get the same problem but that was everytime from three or four
different source IP and they are all querying "ripe.net IN ANY" for around 10
queries per second.
I am pretty sure the sources were hacked because one of my another DNS server
also become the source to attack and from the
On 10/18/2012 12:12 AM, Tony Xue wrote:
I am pretty sure the sources were hacked because one of my another
What makes you think the source IPs were real?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this li
Because my server also used to be hacked and send this kind of junk queries and
my server was null-routed by the datacenter. The high bandwidth was happened
exactly on my server.
-Original Message-
From: Phil Mayers
Sender: bind-users-bounces+xuezxbb=gmail@lists.isc.orgDate: Thu, 18
On Oct 16, 2012, at 7:48 PM, pangj wrote:
>
> $ dig +dnssec udp53.org soa
>
> ; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONA
18 matches
Mail list logo
