For bind 9.9.3 build on Ubuntu 12.04LTS x64, I see log messages, for example,
"/etc/bind/named.conf.local:4: zone 'jaspain.biz': missing 'file' entry" for
each slave zone configured for inline signing. The file clause is, in fact,
present in the configuration file, for example:
zone "jaspain.biz
I've only ever come across bind configs where forwarding is in place to
locate certain zones, then all other queries are handled by either
recursion or authoritatively. But what about the other way around, where
I'm master for a few zones but forward the rest? Consider this:
view "the-internet" {
As I understand AUTHORITATIVE trumps anything. For example, from an inside
intranet name server forward the root (".") to somewhere on your edge, sprinkle
in a few internal-only authoritative zones, and enjoy. This is certainly not
the only choice, but it functions pretty well.
Len
>___
All,
Can anyone explain me the purpose of ANY requests sent to cache dns servers?
I plan to block these kind of requests on the dns cache servers in order to
avoid any amplification attack.
But I was wondering if complaints can come if I do such limitation.
Thanks in advance for your help.
H
On 02.06.13 20:28, hugo hugoo wrote:
Can anyone explain me the purpose of ANY requests sent to cache dns servers?
their point is to give every available information for the given domain.
I plan to block these kind of requests on the dns cache servers in order to
avoid any amplification attack
On 02.06.13 15:10, Jonathan Reed wrote:
I've only ever come across bind configs where forwarding is in place to
locate certain zones, then all other queries are handled by either
recursion or authoritatively. But what about the other way around, where
I'm master for a few zones but forward the re
On 02.06.13 14:27, Spain, Dr. Jeffry A. wrote:
For bind 9.9.3 build on Ubuntu 12.04LTS x64, I see log messages, for
example, "/etc/bind/named.conf.local:4: zone 'jaspain.biz': missing 'file'
entry" for each slave zone configured for inline signing. The file clause
is, in fact, present in the con
> Have you looked carefuly enough, and to the correct file if there is no
> missed character that makes the configuration invalid?
> Have you run named-checkconf with and without the given file as parameter?
The log message is new since bind-9.9.2-P2 with no changes to the configuration
files. T
> From: Matus UHLAR - fantomas
> On 02.06.13 20:28, hugo hugoo wrote:
> >I plan to block these kind of requests on the dns cache servers in order to
> > avoid any amplification attack.
> hard to say, but as I stated before: don't do that.
Instead, use RRL to mitigate many kinds of amplificatio
In message <7610864823c0d04d89342623a3adc9de54c4a...@hopple.countryday.net>, "S
pain, Dr. Jeffry A." writes:
> For bind 9.9.3 build on Ubuntu 12.04LTS x64, I see log messages, for example,
> "/etc/bind/named.conf.local:4: zone 'jaspain.biz': missing 'file' entry" for
> each slave zone configured
> The brackets were wrong and we should have checked that obj was true.
The patch you provided makes the log message go away. The bind9 service appears
to be working normally, and named-checkconf produces no output. Thanks. Jeff.
___
Please visit https
11 matches
Mail list logo
