On 22 January 2014 05:29, LuKreme wrote:
> OK, so in order to lock down your server agains DDOS DNS attacks you need to
> restrict the access to the recursive lookup, yes? But if you set 'recursion
> no;' then your own servers will not lookup IP addresses for, for example, you
> mail server to
On Jan 21, 2014, at 11:38 PM, LuKreme wrote:
>
> On 18 Jan 2014, at 06:52 , Larry Stone wrote:
>
>> That is not the problem.
>
> In the launchd plist do you have something like
>
>
> NetworkState
>
>
>
> or maybe
>
> inetdCompatibility
>
> Wait
>
>
>
> to tell the system not t
On Jan 22, 2014, at 3:43 AM, Steven Carr wrote:
> On 22 January 2014 05:29, LuKreme wrote:
>> in the options on the master and slave DNS servers (along with any other
>> specific IPs that I want to/need to allow). Given the risks in allowing
>> recursion for the wilds of the Internet, how ar
Alan Clegg wrote:
>
>In addition to being rate-limited, blocking, etc., I'm sure the Google
>servers are instrumented as data collection devices and are providing
>data back to someone regarding what DNS is actually doing and being
>used for.
>
>Why else would they do it? 8-)
>
>AlanC
Google ha
In article ,
Phil Mayers wrote:
> Alan Clegg wrote:
> >
> >In addition to being rate-limited, blocking, etc., I'm sure the Google
> >servers are instrumented as data collection devices and are providing
> >data back to someone regarding what DNS is actually doing and being
> >used for.
> >
> >W
On 22 Jan 2014, at 05:37 , Larry Stone wrote:
>
> On Jan 21, 2014, at 11:38 PM, LuKreme wrote:
>
>>
>> On 18 Jan 2014, at 06:52 , Larry Stone wrote:
>>
>>> That is not the problem.
>>
>> In the launchd plist do you have something like
>>
>>
>> NetworkState
>>
>>
>>
>> or maybe
>>
>
On 22 Jan 2014, at 01:43 , Steven Carr wrote:
> A better option (and better overall design) would be
> to split your DNS servers, leave the current DNS servers as
> authoritative only and install a second set of DNS servers as a
> caching layer allowing recursion and do not have any direct inbou
On 2014-01-22 00:43, Steven Carr wrote:
Well they probably are being subjected to DDoS all the time, but
Google uses their own DNS implementation so more than likely they have
written in functionality to rate-limit and block specific
clients/requests. They also have a lot of bandwidth and they ha
On Wed, 22 Jan 2014, LuKreme wrote:
Right, but Apple did this by having their compile of bind start
listening on 127.0.0.1 and then prodding it once the network was up and
the IP address was available. Since Apple doesn't take this extra step,
you'd need to tell launchd to wait for the Network
Thanks for that. I just remembered there was also the change to the db file
having a default raw format on slaves unless specified.
-Original Message-
From: Lawrence K. Chen, P.Eng. [mailto:lkc...@ksu.edu]
Sent: Tuesday, January 21, 2014 1:56 PM
To: bind-users@lists.isc.org
Subject: Re: U
-Original Message-
From: Mike Bernhardt
Date: Wednesday, January 22, 2014 at 3:25 PM
To: "'Lawrence K. Chen, P.Eng.'" ,
"bind-users@lists.isc.org"
Subject: RE: Upgrading from 9.8.3 to 9.9.4
>Thanks for that. I just remembered there was also the change to the db
>file
>having a default ra
11 matches
Mail list logo
