Hi Normal,
Norman Fournier writes:
>
> ns2:~ norman$ apachectl -t
> Syntax OK
> ns2:~ norman$ apachectl restart
> launchctl: CFURLWriteDataAndPropertiesToResource
> (/System/Library/LaunchDaemons/org.apache.httpd.plist) failed: -10
> ns2:~ norman$ apachectl start
> launchctl: CFURLWriteDataAndP
Ronald F. Guilmette wrote:
>
> P.P.S. Yes, yes, I _am_ aware... as someone will surely point out...
> that part (1) above contains the seed of potential abuse. A malicious
> prankster could, in theory send spoofed packets of type (1) above to
> lots and lots of DNS servers which he believes that
In message <201306140321.r5e3l7py017...@calcite.rhyolite.com>,
Vernon Schryver wrote:
>> From: "Ronald F. Guilmette"
>
>} That is an interesting contention. Is there any evidence of, or even any
>} reasonably reliable report of any DDoS actually being perpetrated IN PRACTIC
>E
>} using strict
In message <20130614050625.850cf35e5...@drugs.dv.isc.org>,
Mark Andrews wrote:
>In message <15120.1371179...@server1.tristatelogic.com>, "Ronald F. Guilmette"
> writes:
>> >* Large numbers of ISPs claim they implement BCP 38.
>>
>> I claimed that I was Charlie Chaplin once. Unfortunately, Rob
>OK. I just want to be clear here, and make sure that I have properly
>understood what you have said. Would it be correct, then, to say that
>at the present moment you are not actually able to produce, cite, or
>describe, with any particularity or specificity, even one individual
>specific incide
On 6/11/2013 7:12 PM, Gary Wallis wrote:
What really happens in the real world when 1 out of three
authoritative NSs are down for 30 minutes due to a datacenter outage?
For example, we have 3 NSs:
ns1.someisp.net 12.23.34.45
ns2.someisp.net 23.34.45.56
ns3.someisp.net 34.45.56.67
All in dif
We are running Bind 9.9.2 and would like to invoke the rate-limit option but
named says 'unknown option'.
Do we need to upgrade bind to get this option?
Using this syntax:
rate-limit { responses-per-second 5; window 5; };
Thanks
John Manson
US House of Representatives
CAO/HIR/NAF/Data-Communicat
You need to patch your 9.9.2 source code and recompile. Take a look at:
http://www.redbarn.org/dns/ratelimits
cheers,
~Carlos
On 6/14/13 11:27 AM, Manson, John wrote:
> We are running Bind 9.9.2 and would like to invoke the rate-limit option
> but named says ‘unknown option’.
>
> Do we need to
On 14/06/13 15:27, Manson, John wrote:
We are running Bind 9.9.2 and would like to invoke the rate-limit option
but named says ‘unknown option’.
Do we need to upgrade bind to get this option?
You need to apply the patches here:
http://ss.vix.su/~vjs/rrlrpz.html
It's not built into bind (yet)
On Fri, Jun 14, 2013 at 02:27:50PM +,
Manson, John wrote
a message of 138 lines which said:
> We are running Bind 9.9.2 and would like to invoke the rate-limit
> option but named says 'unknown option'.
RRL (Response Rate Limiting) is an unofficial patch. You'll have to
patch the source fi
In message <18216.1371209...@server1.tristatelogic.com>, "Ronald F. Guilmette"
writes:
>
> In message <20130614050625.850cf35e5...@drugs.dv.isc.org>,
> Mark Andrews wrote:
>
> >In message <15120.1371179...@server1.tristatelogic.com>, "Ronald F.
> >Guilmette"
> > writes:
> >> >* Large numbers
On Jun 14, 2013, at 6:28 AM, "Ronald F. Guilmette"
wrote:
>
> In message <201306140321.r5e3l7py017...@calcite.rhyolite.com>,
> Vernon Schryver wrote:
>
>>> From: "Ronald F. Guilmette"
>>
>> } That is an interesting contention. Is there any evidence of, or even any
>> } reasonably reliabl
On Jun 14, 2013, at 10:37 AM, Stephane Bortzmeyer wrote:
> On Fri, Jun 14, 2013 at 02:27:50PM +,
> Manson, John wrote
> a message of 138 lines which said:
>
>> We are running Bind 9.9.2 and would like to invoke the rate-limit
>> option but named says 'unknown option'.
>
> RRL (Response R
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
> It's not built into bind (yet).
Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
compile-time option (--enable-rrl).
(Our usual policy is not to add substantial new features in maintenance
releases like 9.9.4; ma
Evan,
thanks for the heads up. Do you have a estimated time of release for
9.9.4 and 9.9.10 ?
Warm regards,
~Carlos
On 6/14/13 1:08 PM, Evan Hunt wrote:
> On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
>> It's not built into bind (yet).
>
> Correct. For the record, it'll be in
On Jun 14, 2013, at 12:08 PM, Evan Hunt wrote:
> On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
>> It's not built into bind (yet).
>
> Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
> compile-time option (--enable-rrl).
Thank you for the clarification. Loo
> Or, I believe, you can pay for a BIND^w DNS-Co subscription and download
> a version with the magic built in?
This is also true. DNSco subscribers get first bite at the apple with this
and several other features that will be in 9.10. (Primarily GeoIP support,
DSCP, and some enhancements to DLZ.
On Fri, Jun 14, 2013 at 01:10:47PM -0300, Carlos M. Martinez wrote:
> thanks for the heads up. Do you have a estimated time of release for
> 9.9.4 and 9.9.10 ?
Every time I make predictions about dates, events conspire to make
me wrong, but I'm *hoping* to have 9.9.4 out in early August.
--
Evan
tks !!
On 6/14/13 1:21 PM, Evan Hunt wrote:
> On Fri, Jun 14, 2013 at 01:10:47PM -0300, Carlos M. Martinez wrote:
>> thanks for the heads up. Do you have a estimated time of release for
>> 9.9.4 and 9.9.10 ?
> Every time I make predictions about dates, events conspire to make
> me wrong, but I'm *
On Jun 14 2013, Evan Hunt wrote:
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
It's not built into bind (yet).
Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
compile-time option (--enable-rrl).
The latter is particularly good news in view of the ESV st
Hello Norman,
Norman Fournier writes:
>
> I posted this to httpd.apache.org but have not had any response, so I
> think it may be more related to BIND than DNS. Apologies for the
> cross-post.
the information you give is not enough to debug the problem or even to
have a sense if it is a DNS pro
On 06/14/2013 09:08 AM, Evan Hunt wrote:
(Our usual policy is not to add substantial new features in maintenance
releases like 9.9.4; making it a compile-time option that defaults to off
is our way of tiptoeing around the rule.)
Quite reasonable, and much appreciated. :)
___
In message <51baa714.9020...@dougbarton.us>,
Doug Barton wrote:
>It's obvious you're frustrated (understandable), and enthusiastic
>(commendable), but you might want to consider dialing down your
>"rhetoric" a bit.
Great idea! I have only one small question... Would you be willing to
provi
Ronald,
You started this thread a bit off topic, but now you've wandered pretty
far off into the rhetorical weeds. So I'm going to respond to you here
so that the archives have a little more utility, then I'm going to let
you have the last word.
On 06/14/2013 02:04 PM, Ronald F. Guilmette w
> From: Doug Barton
> is that (like RRL) your proposal relies on people updating their
> software.
RRL needs only authority and open recursive servers to be updated.
The vast majority of DNS installations are closed recursive and stubb
servers that do not need RRL. (A case could be mad
On 06/14/2013 05:13 PM, Vernon Schryver wrote:
From: Doug Barton
is that (like RRL) your proposal relies on people updating their
software.
RRL needs only authority and open recursive servers to be updated.
The vast majority of DNS installations are closed recursive and stubb
serve
> From: Doug Barton
> > RRL needs only authority and open recursive servers to be updated.
> > The vast majority of DNS installations are closed recursive and stubb
> > servers that do not need RRL. (A case could be made for RRL on a
> > minority of private recursive servers.)
>
> You're right o
In message <51bbb83a.7040...@dougbarton.us>, Doug Barton writes:
> Personally I've never understood why RRL wasn't already baked in. The
> only way a legitimate client could send the same query over and over in
> a short period of time (intentionally being vague on both terms) is that
> it is b
Thank you.
This is great news.
Jerry
On 06/14/13 11:08 AM, Evan Hunt wrote:
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote:
It's not built into bind (yet).
Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a
compile-time option (--enable-rrl).
(Our usual po
2013/6/14 Phil Mayers :
> On 14/06/13 15:27, Manson, John wrote:
>>
>> We are running Bind 9.9.2 and would like to invoke the rate-limit option
>> but named says ‘unknown option’.
>>
>> Do we need to upgrade bind to get this option?
>
>
> You need to apply the patches here:
>
> http://ss.vix.su/~vj
30 matches
Mail list logo
