On Oct 21, 2013, at 9:47 AM, wbr...@e1b.org wrote:
>> From: Alan Clegg
>
>> Fix your windows clients.
>
> You can't fix stupid.
I have lots of windows clients and they don't exhibit this "feature". There's
something wrong on the windows clients and it's not the norm.
To be honest, recent w
Hi list,
How to test that this logging works:
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity info;
print-time yes;
};
category security {
security_file;
};
The file is created /var/log/named/security.log but it is empty.
Paweł Ch. wrote:
> Can I request server with special packet which named add entry to it?
You can make named log something under the security category by sending a
query with a TSIG key, like
$ dig -y abc123:abc123abc123 .
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East,
-Original Message-
From: Alan Clegg
Date: Tuesday, October 22, 2013 7:44 AM
To: "bind-users@lists.isc.org"
Subject: Re: Performance Tuning RHEL 5 and Bind
>On Oct 21, 2013, at 9:47 AM, wbr...@e1b.org wrote:
>
>>> From: Alan Clegg
>>
>>> Fix your windows clients.
>>
>> You can't fix s
Are these queries mostly for names in an Active Directory domain? The
default for Active Directory is for *every* Domain Controller to
register NS records at the apex of the AD domain. Pretty soon, for any
reasonably-sized AD infrastructure, all of those NSes cause *all*
queries for *any* name
Yes tuning off IPTABLES conn-tracking makes a huge difference. I also followed:
https://access.redhat.com/site/solutions/304713
https://access.redhat.com/site/solutions/168483
I still see some SYN_SENT from Windows PC's on tcp port 53 on the DNS
cache server.
Thank You, Brett
On Sun, Oct 20,
On Oct 22, 2013, at 8:29 PM, brett smith wrote:
> Yes tuning off IPTABLES conn-tracking makes a huge difference. I also
> followed:
>
> https://access.redhat.com/site/solutions/304713
> https://access.redhat.com/site/solutions/168483
>
> I still see some SYN_SENT from Windows PC's on tcp port
7 matches
Mail list logo
