postfix both delivered to them just fine.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
backported to RHEL 6's kernel, but I haven't checked that. In mainline
> Linux, it is only present in versions >= 3.9.)
I didn't try actually using it, but the current RHEL 6 kernel-headers do
define SO_REUSEPORT.
--
Chris Adams
__
client will wait, send restries, etc., which takes
a while to time out before moving to the next server.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs ma
n-service.com. 172800 IN A 63.238.52.1
;; Query time: 2 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue May 13 13:30:43 2014
;; MSG SIZE rcvd: 130
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oar
. It is easy to do with a more featureful local resolver,
something like unbound or bind (I'm not sure if dnsmasq can do it).
Then you'd point resolv.conf to 127.0.0.1.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.d
have access to the
"nameserver" (aka the local machine). I don't know why you are trying
to make this so difficult.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listin
ions's assumption that all requests will go to the
same server. Even if a client sends requests to the same IP, anycast
can mean they go to a different server.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
htt
of the ntpd process fixed it.
Is this just with a particular clock type (or multiple types but all
using NMEA sentences)? I have an old Trimble Resolution T in TSIP
binary mode rather than NMEA, and it doesn't appear to have had any
issue.
--
Chris Adams
__
ould I just enable it for all
requests? In Unbound terms, enable "client-subnet-always-forward"?
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
vers to have ECS enabled (or that they'd be expected to give
different results if it was).
Thanks all.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
itial difference is the full problem, but it does seem to
indicate some internal issue at Facebook's DNS.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
get email notifications from the registrar before expiration.
I have other things that I'm expected to renew without prompting (my
state driver's license doesn't send notifications for example), so I
guess I'm just used to keeping up with things myself.
--
Chris Adams
___
.118.1.101), we'd like to know.
For now, we're sending our va.gov requests from a different server, but
it'd be nice to get this cleared up.
Thanks.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://l
Once upon a time, Viktor Dukhovni said:
> On Fri, Jan 21, 2022 at 10:18:21AM -0600, Chris Adams wrote:
>
> > One of my work recursive DNS servers (used by a bunch of ISP customers)
> > has apparently been blocked by the va.gov authoritative servers
> > (requests just ti
our
other IPs for this set of servers have been blocked, so if there was
some issue, it must have been transient.
Hopefully the response from Cameron Dixon will get some movement.
Thanks!
--
Chris Adams
___
dns-operations mailing list
dns-operations
n attachments unless you recognize and/or trust the sender. Contact your
> component SOC with questions or concerns.
>
>
> On Fri, Jan 21, 2022 at 12:08:38PM -0600, Chris Adams wrote:
>
> > > The current-deferal.csv data file
> > > (https://urldefense.us/v3/__https:
potential damage of hijacking of an old IP would be
minimized.
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
It appears that the PGP key used to sign the data at
https://data.iana.org/root-anchors is no longer on a public key server
(at least the common ones I checked). I had a DNSSEC setup script that
checked the PGP signature as an additional security check and now it
fails.
--
Chris Adams
Systems
Once upon a time, Stephane Bortzmeyer said:
> On Fri, Dec 02, 2011 at 11:05:26AM -0600,
> Chris Adams wrote
> a message of 30 lines which said:
>
> > FYI: here's a pcap filter that will match only UDP DNS ANY queries:
>
> No, only if no EDNS is used in the quer
number of queries from a customer, you can shut off the
customer (because either they have broken software or they're infected).
--
Chris Adams
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
tack would
still be CPE->Target (just not going to another server in-between). It
is easier to find an open CPE being used to attack and shut it down when
it sends every request back out to the ISP's recursive servers.
--
Chris Adams
Systems and Network Administrator - HiWAAY Internet Ser
I'm seeing a bunch of DNS ANY requests to my authoritative servers with
Amazon EC2 source IPs. I guess somebody is now trying to run an
amplification attack against Amazon?
This is the first time I've seen Amazon targeted this way; are others
seeing this (am I just late to the party)?
m each)?
--
Chris Adams
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
23 matches
Mail list logo
