Hi there,
Thanks for the update and here is my config and error I am getting. Can you
please suggest correct method that should be implemented?
**
zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
notify explicit;
On Fri, May 18, 2018 at 9:41 AM Blason R wrote:
> Hi there,
> Thanks for the update and here is my config and error I am getting. Can
you please suggest correct method that should be implemented?
I believe (but don't have a machine to confirm on) that the syntax should
be:
also-notify { 192.1
Thats correct taht worked for me and checking further now.
On Fri, May 18, 2018 at 1:23 PM, Warren Kumari wrote:
> On Fri, May 18, 2018 at 9:41 AM Blason R wrote:
>
> > Hi there,
>
> > Thanks for the update and here is my config and error I am getting. Can
> you please suggest correct method th
On 17.05.18 23:00, Blason R wrote:
I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master
# Slave configuration
response-policy { zone "malware.trap"; };
zone "malware.trap" {
type slave;
masters { 192.168.5.48; };
file
Rob Moser wrote:
>
> Which a little digging shows me is often the result of network
> connectivity problems, firewall misconfigurations, etc. But in our case
> the failures are intermittent (but frequent; roughly 40% of our zone
> refreshes seem to end this way.)
Have you made sure there is no c
Nah that is not my query; instead I wanted updates to be sent on other
port and not TCP/53. Queries let it happen on UDP 53
On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas
wrote:
> On 17.05.18 23:00, Blason R wrote:
>
>> I have RPZ installed on server and its acting as a master server b
Hi Guys,
I have this other query on RPZ; I have one master server [lets say
masterns.test.com.] on cloud. One slave [slavens.test.com] in my
organization and our partner would also want to sync with slave but not
with master server.
How can one slave can sync with other slave? Can someone please
On 17.05.18 23:00, Blason R wrote:
So here I am sending notification to 192.168.5.49 on port 4545; my
queries
are
1. How do I configure port on slave 4545 so that slave server can start
listening on that port.
On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas
wrote:
why do you
On 18.05.18 19:29, Blason R wrote:
I have this other query on RPZ; I have one master server [lets say
masterns.test.com.] on cloud. One slave [slavens.test.com] in my
organization and our partner would also want to sync with slave but not
with master server.
why? is there any logic in this?
H
why? is there any logic in this?
yeah management does not want to allow direct syncing with master as they
dont want to expose any info to them.
On Fri, May 18, 2018 at 7:32 PM, Matus UHLAR - fantomas
wrote:
> On 18.05.18 19:29, Blason R wrote:
>
>> I have this other query on RPZ; I have one m
>
> On 18 May 2018, at 16:16, Blason R wrote:
>
> why? is there any logic in this?
>
> yeah management does not want to allow direct syncing with master as they
> dont want to expose any info to them.
Interesting statement - especially since the slave servers will serve the exact
same dat
On 05/18/2018 08:02 AM, Matus UHLAR - fantomas wrote:
why? is there any logic in this?
I can see a case where a hidden / internal master is used and only
accessible by direct slaves in a DMZ.
So the slaves in the DMZ act as a contact point for the world.
--
Grant. . . .
unix || die
smi
Okies so zone xfer would happen on TCP/53 correct and notify would be sent
on udp/53?
On Fri, May 18, 2018, 7:31 PM Matus UHLAR - fantomas
wrote:
> >> On 17.05.18 23:00, Blason R wrote:
> >>> So here I am sending notification to 192.168.5.49 on port 4545; my
> >>> queries
> >>> are
> >>
> >>
On 17 May 2018 at 17:05, Rob Moser wrote:
> We're running a series of RHEL 7.4 machines (kernel version
> 3.10.0-693.1.1.el7.x86_64) running bind version 9.9.4-RedHat-9.9.4-51.el7.
> Our configuration consists of a hidden master and three hidden
> slave/recursive resolvers. I'm getting a LOT of
On 18.05.18 23:07, Blason R wrote:
Okies so zone xfer would happen on TCP/53 correct and notify would be sent
on udp/53?
maybe and maybe not.
both tcp/53 nd udp/53 are mandatory, and both can be used for any kind of
DNS traffic.
On Fri, May 18, 2018, 7:31 PM Matus UHLAR - fantomas
wrote:
>
CVE: CVE-2018-5736
Document Version:2.0
Posting date:18 May 2018
Program Impacted:BIND
Versions affected: 9.12.0 and 9.12.1
Severity:Medium
Exploitable: Remotely, if an attacker can trigger a zone transfer
Description:
An error in zone data
A new version of BIND is available to address two vulnerabilities
disclosed today: CVE-2018-5736 and CVE-2018-5737; see the respective
messages on this mailing list or consult the ISC Knowledge Base
https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/.
Only two releases
CVE: CVE-2018-5737
Document Version:2.0
Posting date:18 May 2018
Program Impacted:BIND
Versions affected: 9.12.0, 9.12.1
Severity:Medium
Exploitable: Remotely
Description:
A problem with the implementation of the new serve-stale feature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Honest question Why are there so many sourcecode
modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
files should obviously change between minor versions, but ~1300 ?
Bin9 v9.12.1-P2 changed files:
http://paste.debian.net/pl
On 18/05/2018 21:28, Jim Popovitch via bind-users wrote:
> Honest question Why are there so many sourcecode
> modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
> files should obviously change between minor versions, but ~1300 ?
>
> Bin9 v9.12.1-P2 changed files:
> http:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlr/TNkACgkQL6j7milTFsHqPQCfVCKLfx5wzLjm+UkCkJx2C6f1
AkwAnikf8H/hDq+yQJL
On Fri, May 18, 2018 at 04:28:24PM -0400, Jim Popovitch via bind-users wrote:
> Honest question Why are there so many sourcecode
> modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
> files should obviously change between minor versions, but ~1300 ?
Are you sure you're co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2018-05-19 at 01:03 +, Evan Hunt wrote:
> On Fri, May 18, 2018 at 04:28:24PM -0400, Jim Popovitch via bind-
> users wrote:
> > Honest question Why are there so many sourcecode
> > modifications/additions/deletions between v9.12.1 and
23 matches
Mail list logo
