On Friday, July 4, 2014, Warren Kumari wrote:
> On Thu, Jul 3, 2014 at 6:04 PM, Tim Wicinski > wrote:
> >
> > Mark
> >
> > Unbound has this feature, but its' a % of the TTL (oh they may of changed
> > this).
> >
> > You may be also interested in this idea which was floated during IETF,
> and
> >
On Jul 5, 2014, at 5:04 AM, Paul Vixie wrote:
> dnstap is completely open source, with a BSD-style license (Apache 2.0). it
> is sponsored by farsight because we need a uniform DNS telemetry
> format for our business purposes.
I read the dnstap preso with great interest when it was posted, an
Roland Dobbins wrote:
> I know that some DNS operators disable logging of queries/responses due to
> the overhead of doing so - are most folks on this list with large-scale DNS
> recursive and/or authoritative DNS infrastructure disabling logging, enabling
> it, and/or logging queries/response
On Fri, Jul 4, 2014 at 1:00 PM, Roland Dobbins wrote:
> [..] authoritative DNS infrastructure disabling logging, enabling it, and/or
> logging queries/responses out-of-band via packet-capture taps, databases,
> etc.?
At dnswl.org, we use a dedicated logging on a selection of the
authoritative se
On Thu, Jul 3, 2014 at 6:04 PM, Tim Wicinski wrote:
>
> Mark
>
> Unbound has this feature, but its' a % of the TTL (oh they may of changed
> this).
>
> You may be also interested in this idea which was floated during IETF, and
> not rejected, just a small sliver of useful customer base:
>
> http:/
On 07/04/2014 07:44 AM, Stephane Bortzmeyer wrote:
> On Fri, Jul 04, 2014 at 06:00:48PM +0700, Roland Dobbins
> wrote a message of 23 lines which said:
>> and/or logging queries/responses out-of-band via packet-capture
>> taps, databases, etc.?
>
> Following OARC workshops, it seems many operat
On Wed, Jul 02, 2014 at 10:28:31PM +0200,
bert hubert wrote
a message of 7 lines which said:
> On Wed, Jul 02, 2014 at 09:36:38PM +0200, Stephane Bortzmeyer wrote:
> > We know how to use dig and whois :-) The No-IP zones are all back to
> > No-IP (from Microsoft) and seem to work.
>
> ORG isn
On Jul 4, 2014, at 7:32 PM, bert hubert wrote:
> "almost all", I would suggest.
I figured this was still the case, just wanted confirmation, thanks!
> We've had great results with a format that stores all relevant details. It is
> called PCAP.
Yes, hence 'packet-capture'.
;>
--
On Fri, Jul 04, 2014 at 06:00:48PM +0700, Roland Dobbins wrote:
>
> I know that some DNS operators disable logging of queries/responses due to
"almost all", I would suggest.
> the overhead of doing so - are most folks on this list with large-scale
> DNS recursive and/or authoritative DNS infrast
On Jul 4, 2014, at 6:44 PM, Stephane Bortzmeyer wrote:
> Following OARC workshops, it seems many operators of authoritative name
> servers log everything, with capture taps + a NoSQL-bigdata-thing.
Gotcha, makes sense.
> There are also captures of traffic at recursors, for instance Farsight'
On Fri, Jul 04, 2014 at 06:00:48PM +0700,
Roland Dobbins wrote
a message of 23 lines which said:
> I know that some DNS operators disable logging of queries/responses
> due to the overhead of doing so
Logging in the name server itself is typically very slow, take
resources and, more seriously
I know that some DNS operators disable logging of queries/responses due to the
overhead of doing so - are most folks on this list with large-scale DNS
recursive and/or authoritative DNS infrastructure disabling logging, enabling
it, and/or logging queries/responses out-of-band via packet-captur
On Thu, Jul 03, 2014 at 10:19:30PM -0700, Kelsey Cummings wrote:
> We are seeing a pretty short list of domains used for this attack right now
> so I don't see any short term scaling issues. Are other providers seeing a
> large number of domains used?
We see a short list of domains, rotating qu
13 matches
Mail list logo
