Match-Clients not working in DNS
Hi All Iam running BIND-9.3.3 on Linux Server. I have configured match-clients in the named.conf file. I added some more IPS to this and restarted the named process. The issue is its not getting updated and the new added IPs cant resolve the dns queries. Can anyone please help me Thanks in advance Regards Vivek Aggarwal +973-36583058 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Problema Bind 9.6.1 CentOS 5.3
Hi guys! We have some DNS servers with BIND version 9.6.1-P1 and we have some problems to resolve domain addresses. But to clear the cache (rndc-flush) they return to settle for some time. When the resolution gives error, we have the following message: ;; Connection timed out, the servers could be reached But in another moment had the following message: dig: isc_socket_create: address family not supported Use the barefruit, it would be something related to it? Has anyone had this same problem. Thank you. -- __ Luiz Ricardo Olcio Guimares Coordenao de Operaes de Redes Cia. de Telecomunicaes do Brasil Central http://www.ctbc.com.br ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Match-Clients not working in DNS
On Mon, Nov 16, 2009 at 7:08 AM, Agarwal Vivek-RNGB36 rng...@motorola.com wrote: Iam running BIND-9.3.3 on Linux Server. I have configured match-clients in the named.conf file. I added some more IPS to this and restarted the named process. The issue is its not getting updated and the new added IPs cant resolve the dns queries. Can anyone please help me The safe bet is You did it wrong. If you could include your configuration and the bits from the log file that show what happened to the queries from the new IPs you were trying to set up might help to give you some more specific advice. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: confused wiht the full resolver and stub resolver
On Nov 15, 2009, at 11:35 PM, aihua zhang wrote: HI, here is my understanding about the stub resolver and full resolver: stub resolver,used by client and independent name server. application will call the routine of the lwreslib(such as lwres_getrdatabyname()) and the lwresd will handle the request using the lightweight protcol. when lwresd received the request it will render it and send it to the name server listed in the resolv.conf. here is my confused: 1. I find the helper document written:the full resolver is part of the caching name server or reolver demon the stub resolver talks to , can i unstand all request from the stub resolver handled by the full resolver in the name server . if not which module handle this kind request 2. if the request tackle by the full resolver , the client.h of the named module handle which type? The job of the stub resolver is to be a DNS client. Applications on client machines use the stub resolver, typically (part of) a dynamic library of some sort, to interface with the DNS as well as other name resolution systems, such as /etc/hosts. The stub resolver in BIND 9 is, I believe, somehow based on or intertwined with lwresd. However, it is not the only stub resolver implementation out there. The job of the full resolver is to recurse through the DNS name hierarchy in response to requests. It is almost always a service that gets requests via the DNS protocol. For example, the BIND 9 name server can act as a full resolver, when configured as a caching name server. However, it's perfectly possible (but highly unusual) for the (full) resolver to replace the stub resolver, taking requests from clients via a library function call and doing its own recursion. The typical resolution process works like this: 1. An application invokes the stub resolver as function call, from a library. 2. The stub resolver, possibly after consulting /etc/hosts, ldap, nis+, etc., sends a recursive DNS query to a DNS server via the network. If necessary, the stub resolver will retransmit the query, query another DNS server, etc., until either it gets an answer or gives up. 3. The DNS server, acting as a full resolver (a caching name server), consults its cache and then, if necessary, performs recursion (asks other name servers, traversing the DNS name hierarchy) in order to find the answer. 4. The caching name server (full resolver) sends an answer back to the stub resolver in the form of a DNS message. 5. The stub resolver function returns a data structure to the application. However, again, this is only the most typical procedure. Variations are quite possible, including removing the stub resolver entirely. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Match-Clients not working in DNS
On Nov 16, 2009, at 4:08 AM, Agarwal Vivek-RNGB36 wrote: Hi All Iam running BIND-9.3.3 on Linux Server. I have configured match-clients in the named.conf file. I added some more IPS to this and restarted the named process. The issue is its not getting updated and the new added IPs cant resolve the dns queries. Can anyone please help me If you want detailed help, please post your named.conf, what you wanted to have happen, and what's happening instead. I don't see any mention of views in your request. Match-clients only makes sense inside a view statement. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
how to defense against ddos attack to dns?
Hello, all. I have operated some dns servers and I'm curious what should I do if ddos attck to my dns servers. So do you know how to defense against dns dddos attack like root server? Surely, various ddos attack may be occurred. My idea is.. -. filtering 53/udp traffic that the byte is over 512 byte -. rate-limit against 53/udp queries (but useless if the attack spoof the source ip) -. deny recursion -. anycast? Is ther any comments or proposal? Thanks in advance. _ 새로운 Windows 7: 일상 작업을 단순화하세요. 여러분에게 맞는 최상의 PC를 찾으세요. http://windows.microsoft.com/shop ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to defense against ddos attack to dns?
In message blu149-w13ef74e1e2eba2fe9dd3f385...@phx.gbl, MontyRee writes: Hello, all. I have operated some dns servers and I'm curious what should I do if ddos attck to my dns servers. So do you know how to defense against dns dddos attack like root server? Surely, various ddos attack may be occurred. My idea is.. -. filtering 53/udp traffic that the byte is over 512 byte -. rate-limit against 53/udp queries (but useless if the attack spoof the source ip) -. deny recursion -. anycast? Is ther any comments or proposal? How you defend against a DoS attack depends on the actual attack and what services you are attempting to provide and to whom. You want to minimise collateral damage and some of the methods above are likely to introduce collateral damage. Thanks in advance. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users