Re: Question about visibility
Em 11/10/18 16:13, Barry Margolin escreveu:
If you accidentally, or someone else intentionally, create a link to the
site that uses the IP and put it on a web page that Google can get to,
it will probably find the page.
robots.txt, on your website root, is your friend. Simply deny web
crawling on it, and you're (probably) done.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: designing the DNS from the scratch
Em 10/07/17 11:12, Matthew Seaman escreveu:
Or you could buy a service from one of a number of DNS service providers
who provide pretty much exactly what I described. That will still be
quite expensive, but not to the extent that it would cause inadvertent
emission of bodily fluids.
I have been using Amazon AWS Route 53 DNS services and i'm loving
them. The price is really low for the availability i'm experiencing, the
easy management.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: how to ignore external queries?
Em 19/03/2010 19:43, ic.nssip escreveu:
and the results came up with a statement that "External Queries are
REJECTED" and "It would be better for it to ignore external queries."
_Question is... How can I IGNORE External Queries instead of Rejecting
them?_
firewall them !!! The better would be to completly avoid external
queries for even reaching your DNS server
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How to find out DNS Server version ?
Tibo escreveu:
I think I found it : fpdns -f NAMESERVER
Is it always OK ?
No, that's not always OK, because -f option of fpdns relies on the
version.bind record, which i explained on my previous message that
sometimes cant be queries and other times can fake some false version id.
fpdns -fand the dig command i gave you queries exactly the same thing.
none of those (which are in fact the sam thing) are 100% reliable for
identifying remote dns server versions
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How to find out DNS Server version ?
you can always try:
dig @dns.server.to.query version.bind chaos txt
which would return something like:
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
version.bind. 0 CH TXT "djbdns 1.05"
(sorry for the djbdns i found no bind that allows that for
examplifying it :) )
the big problem here is that DNS servers, quite usually, do not
accept this queries or, in some other quite usual configuration, change
the text for some generic string, which can be easily done in BINDs for
example:
;; ANSWER SECTION:
version.bind. 0 CH TXT "version goes here"
there's absolutely no guaranteed way of getting the correct version
running on DNSs server you have no admin access. The only guaranteed to
work 100% of the simes still seems to be the 'named -v' on the machine's
console.
Tibo escreveu:
Hello !
I have a little problem :
We have 4 little datacenters over the world.
I would like to check if all DNS servers are up to date but only people
responsible of a datacenter can access their servers for security
reasons.
I know some tools on the net can do that but it's not easy for me and
I'd like to automatise all of that.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Modified a zone, so when it becomes available?
Marcos Lorenzo de Santiago escreveu:
When I modify a RR or add a new one on an existing zone, I have to
restart master server to make the change available. Is there any other
way to reload the zone without stopping bind?
I've tried with:
- rdnc reload [zone]
- rndc reconfig [zone]
- rndc refresh [zone]
Am I missing anything?
'rndc reload' is enough to make the zones being re-read and
new/updated records available.
Problably you're missing:
1) to increment the zone serial ... if you dont do that, bind wont know
you updated the zone. That's important, ALWAYS update the serial when
changing/adding records;
2) your DNS server itself is using another DNS server which is caching
the records, so cache needs to expire so new/updated records can be
seen. You can have your DNS server using itself (127.0.0.1) as DNS
server, that should solve if this is the problem;
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
SERVFAIL debugging
Hello, I'm having SERVFAIL problems on some domains. I'm pretty sure it's not a bind problem, because everything is working but some few domains. I'm already running 9.6.0-P1 ... is it possible to, using dig or some other bind tool, to grab informations from running BIND and debug exactly why i'm having this SERVFAILs ??? At the right moment, the only think i know is that a full stop/start will make those domains works fine but in some hours, i start having SERVFAILs and have to stop/start again . is there something i can do to track this and, at least, try to find exactly what's happening ? Thanks. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it smime.p7s Description: S/MIME Cryptographic Signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Avoiding being used as DDoS reflector.
Leonardo Rodrigues Magalhães escreveu:
Nathan Ollerenshaw escreveu:
I have an Authoritative BIND server. It is configured to only allow
recursive queries from localhost, with recursion disabled for any
remote clients.
If you attempt to perform a recursive query against this server, it
will respond with a "query refused" packet, as this is what BIND does
if you try to recursively query a server configured to disallow
recursive queries.
[ ]
Any ideas? Anyone facing this same problem found a solution? I'd be
glad to hear it :)
if you're running authoritative only for localhost and is not
answering network requests at all, then you could probably firewall
incoming packets to UDP 53 port !!! Let the responses in, let the new
requests out.
i cant imagine anything simplier than that.
even simplier than that would be:
options {
...
listen-on { 127.0.0.1; };
};
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Avoiding being used as DDoS reflector.
Nathan Ollerenshaw escreveu:
I have an Authoritative BIND server. It is configured to only allow
recursive queries from localhost, with recursion disabled for any
remote clients.
If you attempt to perform a recursive query against this server, it
will respond with a "query refused" packet, as this is what BIND does
if you try to recursively query a server configured to disallow
recursive queries.
[ ]
Any ideas? Anyone facing this same problem found a solution? I'd be
glad to hear it :)
if you're running authoritative only for localhost and is not
answering network requests at all, then you could probably firewall
incoming packets to UDP 53 port !!! Let the responses in, let the new
requests out.
i cant imagine anything simplier than that.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: negative cache TTLs
JINMEI Tatuya / escreveu:
I strongly recommend you to upgrade to 9.5.1-P1. 9.5.0-P2 has several
known issues that can lead to SERVFAIL, and it's normally not very
easy to identify the cause. If you still see the problem with 9.5.1,
please report it again.
i have updated to 9.5.1-P1 . anyway, the related problem was NOT
happening frequently. In fact it was the first time my users complained
about that and i noticed it. Maybe it happened other times, but i didnt
noticed that.
max-ncache-ttl 30;
max-cache-ttl 7200;
These are most likely to be irrelevant to your problem.
let's suppose that SERVFAIL wasnt related to some bug and it was,
indeed, a DNS failure resolution. In that case, of a legitime DNS
failure resolution, would it be the max-ncache-ttl that would control
this SERVFAIL time-to-live ?? If not, is there some parameter to control
these SERVFAIL caches ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
negative cache TTLs
Hi,
Today, for some unknown reason, one of my servers which is running a
local DNS caching server (bind 9.5.0-P2) was answering SERVFAIL for a
specific host which i know exists and was working fine.
Maybe it was some temporary fail, some temporary internet connection
problem . anyway, it was returning SERVFAIL and even after
minutes it was returning that. From other servers, i could successfully
resolve that name.
i had to stop/start bind to make it resolves that name correctly again.
Question ... which parameters are used to control the TTL of
this 'failed' answers ?? I'm already running with:
max-ncache-ttl 30;
max-cache-ttl 7200;
i tought ncache-ttl would control these failed answers, but seems it
didnt ...
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: zone transfer problem
Sener ATAS escreveu:
Hi,
I try to add slave dns server. But there is a problem about zone
transfer.
If I don't edit manually slave server's named.conf file, zone files
don't transfer from master to slave.
log file at slave dns is;
02-Jan-2009 16:40:03.226 notify: client 192.168.117.50#63516: received
notify for zone 'yyy.aaa.com': not authoritative
192.168.117.50 my master dns.
both server is FREE BSD with BIND 9.5.1
where's the problem !?!? This is the correct (and so the expected
one) behavior of bind. There's no auto-configuration for slave zones.
You'll have to, somehow, sinc your configurations so slave servers can
receive the new slave zones.
there's no problem at all, just a misunderstanding that bind should
transfer all zones automatically.
this was discussed some days ago on the list ...
https://lists.isc.org/pipermail/bind-users/2008-December/074290.html
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: bind memory usage
Peter Dambier escreveu:
I can confirm bind 9.4 does run on an (IBM, not Intel) 486-SCL/2 with 16 MB.
That cpu can address no more than 16 MB.
i have tried running 9.4.3 instead of 9.5.0-P2 and got odd results.
9.5.0-P2 right after start. Not a single query was made to it, just
the daemon started:
r...@sede:/# pmap 26858
26858: /usr/sbin/named -c /etc/bind/named.conf
[ ]
total 6644K
r...@sede:/#
with 9.4.3, compiled the exact way 9.5.0-P2 was compiled, threads
disabled, the very same config file.
r...@sede:/etc/init.d# pmap 27726
27726: /usr/sbin/named -c /etc/bind/named.conf
[ . ]
total 8056K
r...@sede:/etc/init.d#
So, at least here, 9.4.3 seems to use more memory than 9.5.0-P2.
i was thinking that maybe the fact i'm running on a MIPS and with
uclibc (instead of common glibc) plataform has some difference on
results you got from x86 platform do you think this could have some
relation to the memory usage ???
r...@sede:/# cat /proc/cpuinfo
system type : Atheros AR7130 rev 2 (id:0xa8)
processor : 0
cpu model : MIPS 24K V7.4
just for information, i'm also running squid on this RouterBoard
with 32Mb of RAM. After some config file tweaks, i got a stable memory
usage of about 5,5-6Mb. And that's quite stable even during peak times.
Of course all in-memory caches are disabled as well as disk-caches.
Squid is just running for blocking somethings and logging. Anyway, on
the same machine i did the memory usage tests above, squid seems to be
doing very well, stable memory use.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Where is the open recursion test?
Gregory Hicks escreveu:
Greetings:
Seeing in my named.log entries for "too many timeouts resolving
''..." makes me wonder if my server is an
open recursive server.
Where is the test please for open recursion so I can check?
http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: bind memory usage
Peter Dambier escreveu:
I can confirm bind 9.4 does run on an (IBM, not Intel) 486-SCL/2 with 16 MB.
That cpu can address no more than 16 MB.
$ cat /proc/meminfo
total:used:free: shared: buffers: cached:
Mem: 14540800 10596352 398 3194880 1003520 3518464
very good to know that 9.4 is running OK on a 16Mb machine, a
situation even worst than mine, which is 32Mb :) i'll try to
install 9.4 this week instead of 9.5 and check if it has a slower memory
footprint.
thanks for the tip !!!
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: bind memory usage
JINMEI Tatuya / escreveu: question is is there something i can do to low bind's memory usage and successfully run it on those very low embedded devices ??? Admittedly, BIND9 tends to require a lot of memory. I'm not sure if it can reasonably function with a total system memory of 32MB. Some related points: - if you enable threads, disable them. With the thread support BIND9 will require even more memory. yes threads are already disabled. Compilation is done this way: CONFIGURE_ARGS += \ --enable-shared \ --enable-static \ --enable-ipv6 \ --with-randomdev="/dev/urandom" \ --disable-threads \ --with-openssl="$(STAGING_DIR)/usr" \ --with-libtool \ --with-libxml2=no \ , \ BUILD_CC="$(TARGET_CC)" \ - "max-cache-size 1048576" is a meaningless configuration: Any positive values less than 2MB will be ignored reset to 2MB. (from ARM) i do RTFM :) and on the options section, max-cache-size description, there's nothing about that. But if you say so, i'm sure it's there somewhere :) I have done a quick search on 9.5 ARM and really didnt find it . anyway, i successfully found that validation on the code ... dns_cache_setcachesize and DNS_CACHE_MINSIZE . anything smaller than 2Mb is replaced by 2Mb. Anyway, even the 1Mb being meaningless, it would force the DNS_CACHE_MINSIZE (2Mb) to be used and not the default one which is 32Mb. Even if the 1Mb parameter is ignored, the 2Mb would be something to me, comparing to 32Mb default one. anyway, thanks for the tip. I would never realize that. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind memory usage
Hi, i'm trying to run bind 9.5.0-P2 on a very low memory system. It's a RouterBoard 450 with 32Mb RAM running OpenWRT. r...@sede:~# cat /proc/meminfo MemTotal:29920 kB the problem is that bind seems to consume a LOT of memory ... well, a lot for low memory devices, i never noticed that on machines with GBs of RAM. Right after starting, bind uses 15% of my system memory, which would be about almost 4,5Mb. And memory usage grows when requests are being answered. I have seen bind using 25% of my memory, which would be about 7.5Mb. Of course there's all the cache stuff, which i tried to limit with: max-cache-size 1048576; but it didnt helped much even with very few thing stored on cache, which i can check with 'rndc stats', bind memory keeps growing to unnaceptable levels given my very low memory resources. rndc flush, which should empty the cache, simply didnt low memory usage, thus showing that it's not the cache that's eating that much memory. just for comparison, maradns, another caching nameserver (not simply dns forwarder, it's a recursive server) that i'm used to run on OpenWRT, has a memory usage of about 1Mb and it didnt vary too much from that. Of course maradns dont have LOOOTS of features bind has but i'm really interested on running bind because i'll have to configure some DNSSec verifications and none of these 'small' DNS servers do that. question is is there something i can do to low bind's memory usage and successfully run it on those very low embedded devices ??? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
