Medina, Antonio wrote:
>
> We have noticed that each query forwarded towards root servers creates
> an extra NS ROOT query.
This is due to a long-standing bug which was recently fixed. You need
change number 4770 - see
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=CHANGES;hb=v9_9
Hello I would like to know if it is possible to add or remove IP addresses to bind acl list without service restart?Anvar Kuchkartaev an...@aegisnet.eu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bi
Hi Anvar,
Yes, you can change ACLs in named.conf, and then run "rndc reconfig"
which will pick up the changes. You don't need to restart BIND.
Regards,
Anand
On 19/01/2018 14:48, Anvar Kuchkartaev via bind-users wrote:
> Hello I would like to know if it is possible to add or remove IP addresses
On Thu, 2018-01-18 at 17:46 +, Tony Finch wrote:
> Brian J. Murrell wrote:
> > On Thu, 2018-01-18 at 15:41 +, Tony Finch wrote:
> > >
> > > The default is 10 minutes - try reducing it and see if the outage
> > > becomes shorter.
> >
> > If it does, what is that telling me?
>
> My hypothes
Brian J. Murrell wrote:
>
> Am I interpreting this correctly? If so, why would these queries come
> back with responses with no answers?
Those responses look like referrals from the root servers to the .com
servers; I would expect you to see `named` repeating the queries as it
follows the iterat
On Fri, 2018-01-19 at 14:54 +, Tony Finch wrote:
>
> Those responses look like referrals from the root servers to the .com
> servers;
Ahhh. Right. That makes sense.
> I would expect you to see `named` repeating the queries as it
> follows the iterative resolution algorithm.
Indeed. I wil
Brian J. Murrell wrote:
>
> So, between that initial:
>
> 19-Jan-2018 09:06:18.893 resquery 0x7f1010f3bd90 (fctx
> 0x7f1010f23d90(www.google.com/A)): response
>
> is just the referrals to .com for that query and the referrals to .com
> for the subsequent ns[1-4].google.com queries before we get t
On Fri, 2018-01-19 at 15:22 +, Tony Finch wrote:
>
> You don't have any weird middleboxes between your resolver and the
> Internet, do you?
I don't believe so. Not entirely sure what "weird middleboxes" refers
to in this context though. And by resolver are you referring to my
BIND9 server o
I've run into an odd problem. On the same host with nearly identical
configurations. Bind 9.10.6 can resolve and DNSSEC validate sss.gov but
Bind 9.11.2 cannot. If I turn off DNSSEC validation 9.11.2 resolves it
just fine. According to http://dnsviz.net/d/sss.gov/dnssec/ it looks
like the the d
Timothy A. Holtzen wrote:
> I've run into an odd problem. On the same host with nearly identical
> configurations. Bind 9.10.6 can resolve and DNSSEC validate sss.gov but
> Bind 9.11.2 cannot.
Ah, this is because sss.gov is hosted on Qwest's DNS servers that have
broken EDNS logic which is inc
But if you have more than 1000 client ip addresses which dynamically added and
removed to acl will rndc reconfig not take too much performance?
Anvar Kuchkartaev
an...@aegisnet.eu
Original Message
From: Anand Buddhdev
Sent: viernes, 19 de enero de 2018 14:53
To: Anvar Kuchkartaev; bind-user
On 19.01.18 19:26, Anvar Kuchkartaev via bind-users wrote:
But if you have more than 1000 client ip addresses which dynamically added and
removed to acl will rndc reconfig not take too much performance?
yes, it will. If you have that much clients, either authentize them via TSIG
or let them us
Hi Daniel
thank you very much for your answer. i want ask much more but my english
not good so once again thank you very much.
--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-u
Yes, qwest were informed years ago that there severs are broken. Report this to
the .gov site operators. The servers return BADVERS to the queries which was
never part of the EDNS spec and is a invention of the servers developers.
FORMERR was permissible by STD13 but this was tightened when th
You might want to check out the free service offered by Quad Nine
(9.9.9.9), they use RPZ in the backend to filter out known malicious domain
names. I do not know if they can filter out malware-related names.
On Sat, Jan 20, 2018 at 7:02 AM Syaifudin wrote:
> Hi Daniel
>
> thank you very much fo
As i know RPZ is usefull for random subdomain. So we can respon it localy. But if request with random sub domain, random domain and random tld its imposible to use RPZ. Dns server will check to root server. For now i still use iptables with regex to block that request so request not to dns but drop
On 01/18/2018 05:48 PM, Pierre Couderc wrote:
On 01/18/2018 01:01 PM, Anand Buddhdev wrote:
I don't know what the function "isc_file_isplainfile" checks for, but
perhaps the executable bits on the file are causing the failure. Log
files shouldn't be executable, so you normally need mode 0644
17 matches
Mail list logo
