Re: Socket buffer space?

On Tue, Dec 11, 2018 at 05:46:10PM +0100, Havard Eidnes wrote: > > Hmm, I already have that, but I wonder, how big is "bigger"? Well, > looks like the answer is that BIND tries to probe for the biggest it > can be allowed to set on startup, by starting with a large value and > approximately halfi

BIND 9.14.2 configure problem

Hi Folks, I am attempting to build BIND 9.14.2 on a CentOS 7 machine, and having problems with "configure: error: ECDSA support in OpenSSL is mandatory." When I build OpenSSL 1.1.1c, I have tried to explicitly enable ECDSA when running config (first attempt was to just leave the defaults): ./co

Re: BIND 9.14.2 configure problem

greg.ra...@bt.com wrote: > However when I specify this freshly built OpenSSL 1.1.1c install > location when configuring BIND 9.14.2, it still complains: Try LD_RUN_PATH=/opt/tmp/openssl/lib ./configure --with-openssl=/opt/tmp/openssl What's probably happening is that the configure script's Ope

RE: BIND 9.14.2 configure problem

That makes sense, but unfortunately it does not resolve the problem. I've tried specifying LD_RUN_PATH and LD_LIBRARY_PATH, and exporting them both as well, but BIND 9.14 configure script still complains about lack of ECDSA support in OpenSSL. Greg -Original Message- From: Tony Finch

Re: BIND 9.14.2 configure problem

The script reports everything is missing. You’ll need to check config.log for more details what’s happening. Anyway it should work with stock OpenSSL, so why don’t you just use that? Cheers, Ondrej -- Ondřej Surý — ISC > On 7 Jun 2019, at 17:12, wrote: > > That makes sense, but unfortunately

RE: BIND 9.14.2 configure problem

Hi Ondrej, My intent is to build BIND 9.14 as a statically linked binary. The details of the config.log reveal that the OpenSSL tests are using dlopen, and since I have only a static library, those tests fail. I worked around the problem by specifying LDFLAGS=-ldl. Thanks, Greg -Original

BIND ignores queries from specific privileged source ports

Can someone explain why BIND (I'm using bind-9.9.4-73.el7_6.x86_64 but have also tried 9.10.3-P4-Ubuntu) seems to ignore DNS queries initiated from specific privileged source ports but not others? Example: [root@ns ~]# dig +short -b 127.0.0.1 @localhost google.com 172.217.6.110 [root@ns ~]# di

Re: BIND ignores queries from specific privileged source ports

Named drops those ports as they can be used in reflection attacks. Sane NAT developers avoid those ports for just that reason. The full list is below. static int ns_client_dropport(in_port_t port) { switch (port) { case 7: /* echo */ case 13: /* daytime */ case 19: