Hello,
I have several entries as below in my name server logs. Would any one
please assist me to knowing the exact reason of this,
Also this IP 46.105.221.247 not in my trusted list.
Dec 17 05:35:39 ns20 named[1530]: DNS format error from 46.105.221.247#53
resolv
Am 18.12.2017 um 10:16 schrieb Mohammed Ejaz:
Hello,
I have several entries as below in my name server logs. Would any one
please assist me to knowing the exact reason of this,
Also this IP 46.105.221.247 not in my trusted list.
no, but it's the auth-nameserver of that domain operatd by
$ dig mumbai-m.site ns
; <<>> DiG 9.11.1-P3 <<>> mumbai-m.site ns
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mumbai-m.site. IN NS
;; ANSWER SECTION:
MUMBAI-M.site. 3380 IN NS win-1ikkrphg9jj.
I seemed to have cached o
Barry Margolin wrote:
> vijay bommareddy wrote:
> >
> > Can someone tell me, how many number of slaves does BIND technically
> > support? Is there a maximum limit per master server?
>
> Why would there be any limit? The master doesn't need to keep track of
> slaves, it just responds to queries fr
vijay bommareddy wrote:
>
> I generally do multiple slaves to a set of masters. But I'm just wondering
> if daisy chaining slaves i.e slave to a slave to a slave to a master, a
> good practice in general? What are the pros and cons of it?
In my setup there are a couple of reasons for daisy-chaini
On 18-Dec-17 01:07, Dave Warren wrote:
> On 2017-12-15 06:23, Petr Menšík wrote:
>>
>> Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a):
>>> Hi there,
>>>
>>> On Fri, 15 Dec 2017, Petr Men??k wrote:
>>>
... current time is not available or can be inaccurate.
>>>
>>> ntpdate?
>>>
>
Thank you for the detail explanation really appreciated .
We have asked by our National cyber Security Center to investigate on this,
as they have detected massive malicious requests from our DNS servers which are
( 212.119.64.2 and 212.119.64.3).
Malicious domain is mumbai-m.sit
On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy
wrote:
Hello folks,
I'm trying to find more information on the practical limitations of adding
more slaves.
Can someone tell me, how many number of slaves does BIND technically
support? Is there a maximum limit per master server?
Thank you
V
That is a valid consideration but being a slave doesn't always mean being
in the NS records.
On Dec 18, 2017 9:47 AM, "Barry S. Finkel" wrote:
> On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy
> wrote:
>
>> Hello folks,
>>
>> I'm trying to find more information on the practical limitations
In article ,
"Barry S. Finkel" wrote:
> On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy
> wrote:
> > Hello folks,
> >
> > I'm trying to find more information on the practical limitations of adding
> > more slaves.
> > Can someone tell me, how many number of slaves does BIND technically
>
Hi
Don't forget that any traffic may be spam, also the reject messages if
they are directed towards the victim.
I think this is how it works here:
a large number of hosts send requests to your server for some domain.
All these requests have a fake sender: IP 212.76.76.18, this means that
all tho
On 18/12/2017 14:44, Timothe Litt wrote:
>
> On 18-Dec-17 01:07, Dave Warren wrote:
>> On 2017-12-15 06:23, Petr Menšík wrote:
>>>
>>> Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a):
Hi there,
On Fri, 15 Dec 2017, Petr Men??k wrote:
> ... current time is not
Barry has a good point. I've seen cases where folks have added all of the
Domain Controller addresses for an AD forest to the NS list for a domain.
This results in huge TCP response packets for ALL requests to that domain.
Folks don't seem to get the concept of stealth slaves and the associated
NOT
Bob McDonald wrote:
> I've seen cases where folks have added all of the Domain Controller
> addresses for an AD forest to the NS list for a domain. This results in
> huge TCP response packets for ALL requests to that domain.
You can safely reduce the size of answers using the `minimal-responses
The expiry inflation can be removed if you use a servers that support the EDNS
EXPIRE option.
--
Mark Andrews
> On 18 Dec 2017, at 23:03, Tony Finch wrote:
>
> vijay bommareddy wrote:
>>
>> I generally do multiple slaves to a set of masters. But I'm just wondering
>> if daisy chaining slave
On 12/18/2017 12:24 PM, Bob McDonald wrote:
I've seen cases where folks have added all of the Domain Controller
addresses for an AD forest to the NS list for a domain.
I believe that DCs do this by themselves if they are using MS-DNS. (I
think the netlogon service does a dynamic DNS update an
Mark Andrews wrote:
> The expiry inflation can be removed if you use a servers that support
> the EDNS EXPIRE option.
Ooh, I forgot about that, thanks for the reminder! (It's reassuring too,
because it means my secondaries should never serve expired RRSIGs despite
my chained transfers.)
Tony.
-
On 2017-12-18 06:44, Timothe Litt wrote:
On 18-Dec-17 01:07, Dave Warren wrote:
On 2017-12-15 06:23, Petr Menšík wrote:
Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a):
Hi there,
On Fri, 15 Dec 2017, Petr Men??k wrote:
... current time is not available or can be inaccurate.
Thanks all.
No this IP 212.76.76.18 doesn’t belongs to us and even not in a trusted list
of our DNS. After looking at my logs I noticed this IP asked for this domain
mumbai-m.site to which our name server denied as shown in the below logs.
Whereas our NCSA claiming that massive maliciou
19 matches
Mail list logo
