Hi Donika,
I think it can be partially archieved by options use-vc in
/etc/resolv.conf on end clients. But I doubt every software would
process this flag, only part of them would use it. I doubt many daemons
doing direct DNS queries would follow such configuration.
Can you share why you are even
Hi Sonal,
I do not think forwarders specified in zone work as fixed order. It
would not work by first contacting 127.0.0.1, if that did not deliver
the answer, try 199.165.24.21. Forwarders in bind are configured as a
set, not ordered list. It would use whatever just gives faster replies.
I am af
Exactly!
On Thu, 30 Sep 2021, Carl Byington wrote:
On Thu, 2021-09-30 at 16:30 -0700, Fred Morris wrote:
https://github.com/m3047/tcp_only_forwarder
So what exactly are the media devices doing to screw up dns resolution
between the osx laptop and the local dns server?
Dropping UDP replies.
For those of you facing a curious issue with BIND failing to resolve records
for some zones today it’s not necessarily BIND having “a Friday moment” 😊
It looks like the LetsEncrypt root certificate expiry is even impacting some
DNSSEC zones that have used a LetsEncrypt certificate to sign their
I should be clearer about this. The media devices send a lot of traffic.
They manipulate the wifi landscape in proprietary (remember the TCP
throughput wars 20+ years ago?) or at least unexpected ways.
Stupid wifi access point follows "conventional wisdom" and drops UDP
traffic. Doesn't bother
Hi Richard,
this is not the case.
slack.com botched their DS/DNSKEY deployment (there’s a thread on
dns-operations about it).
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
> On 1. 10. 2021, at 18:46, Richard T.A. Neal wrote:
>
> For those of you facing a curious issue with BIND failing to re
Ondřej Surý said:
> Hi Richard,
> this is not the case.
> slack.com botched their DS/DNSKEY deployment (there’s a thread on
> dns-operations about it).
Thanks for the correction, my mistake. Apologies for the list spam!
Richard.
___
Please visit https
Hello Petr,
This setup was not meant to address a specific problem or be implemented
in a production situation. I am running an experiment
and one of the criteria was for clients to connect with us via tcp only.
I don't have control on the clients (only nameserver) and relying on
whether client
Hi Donika,
I would recommend adding dnsdist proxy on top of BIND 9. I believe it has all
the tools you need (TCPRule as selector and TCAction to truncate).
You can run dnsdist on external interface and named on localhost. Using the
right tool for the job is half of the success ;)
Ondřej
--
Ond
9 matches
Mail list logo
