On 23/01/2019 06:45, Grant Taylor via bind-users wrote:
[...]
I think I'm now geared towards this solutions which seems to be the
simpler one to implement.
I think it's at least worth playing out to see if it fails or if it
works well enough for your needs.
[...]
Please share what you end up
On 24/01/2019 10:26, Sam Wilson wrote:
Note: I'm assuming a zone expiry of a week to a month. I think that
would accommodate most outages.
I thought of that too :-) A week would be far enough in my case.
Be careful of what you mean by "a week". If a problem happens on a
Friday just after
Everyone please remember that no one can give you accurate answers without
knowing the ACTUAL details. Both FIREWALL and NAMESERVER need to be tested
TOGETHER.
Well if it is this set of servers below you either have a routing issue or a
firewall which is blocking all DNS queries to 186.154.147.
On 01/28/2019 02:22 AM, Blason R wrote:
Can someone guide me on prevention and possible configuration in BIND
from DNS Re-bind attack?
Please clarify what you mean by "rebinding" and what you're trying to
protect against.
From one of you other messages, you indicate that you are already usin
It's a custom message ;), the real versión is:
ns.01.ignios.net 9.11.4P1_1 FreeBSD
ns.02.ignios.net 9.11.2 Linux
ns.03.ignios.net 9.11.2 Linux
ns.04.ignios.net 9.11.2 Linux
Atentamente.
German Molano
IgniOS Corp.
Cel: +57-3005706799
PBX: +57-8-2762624
Skype: ignios.corp
On 01/28/2019 04:13 AM, Blason R wrote:
Thanks for the revert however, in my scenario I have Windows AD server
is being used as a Authoritative DNS for exmaple.local which has
forwarding set to BIND acting as a RPZ and wanting to see if we can
conceal this vulnerability on BIND.
Am I understa
Hi to all.
Checking on the website (https://dnsflagday.net/) my domains are affected by
the EDNS compliance update. I use the RMPs provided by 510 SG
(https://www.five-ten-sg.com/mapper/bind) The last version is Bind 9.12.3-P1
this version is ok? Or there is something else that i have to fix o
Hi Max
ALG seems to be managing sessions.
Specifically, if the DNS query packet is the first packet
After creating a session and receiving a DNS responce packet
The session seems to be closed with ALG.
It is thought that attention is needed when ALG is disable.
If ALG is disable, the session will
Blason R wrote:
>
> not sure if that would take effect?
Based on your description, neither am I, I'm afraid.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Trafalgar: North or northwest 5 or 6. Moderate or rough. Showers. Good.
___
Please visit https:
Hi Tony,
Thanks for the revert however, in my scenario I have Windows AD server is
being used as a Authoritative DNS for exmaple.local which has forwarding
set to BIND acting as a RPZ and wanting to see if we can conceal this
vulnerability on BIND.
I think since BIND is not a NS for example domai
Blason R wrote:
>
> Can someone guide me on prevention and possible configuration in BIND from
> DNS Re-bind attack?
Have a look for "rebinding" in
https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/Bv9ARM.ch06.html
There is evidence that very few people are using `deny-answer-aliases`
https://kb.isc.
On 28.01.19 13:28, Umut Arus wrote:
Don't forget check your IPS. Some IPS rules and tcp ACL can block the
requests. For example, our Checkpoint IPS stopped the requests.
were they requests from you as client or to you as server?
On Mon, Jan 28, 2019 at 1:14 PM Matus UHLAR - fantomas via bind-
Hi,
Don't forget check your IPS. Some IPS rules and tcp ACL can block the
requests. For example, our Checkpoint IPS stopped the requests.
regards.
On Mon, Jan 28, 2019 at 1:14 PM Matus UHLAR - fantomas via bind-users <
bind-users@lists.isc.org> wrote:
> On 28.01.19 09:25, MEjaz wrote:
> >For th
On 28.01.19 09:25, MEjaz wrote:
For the upcoming DNS Flag Day on February 1st, 2019. Is there any impact on
the user whose using bind name servers.
As per the infoblox DNS service, they will not be impacted on DNS Flag day.
So Do I need configure support for EDNS0 standards? In bind if yes ho
Hi Team,
Can someone guide me on prevention and possible configuration in BIND from
DNS Re-bind attack?
Thanks and Regards,
Blason R
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing li
Hi Daniel,
> Error: Package: 1:nfs-utils-1.3.0-0.61.el7.x86_64 (@anaconda)
>Requires: libevent-2.0.so.5()(64bit)
>Removing: libevent-2.0.21-4.el7.x86_64 (@anaconda)
>libevent-2.0.so.5()(64bit)
>Updated By: libevent-2.1.8-3.el7.x86_64 (isc-bind)
>
Dear list
I tried the new ISC bind BIND 9.12 Packages repo with a vanilla centos7
installation.
https://copr.fedorainfracloud.org/coprs/isc/bind/
[root@ict-networks-010-000-002-015 ~]# yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.init7.net
Dear list
I tried the new ISC bind BIND 9.12 Packages repo with a vanilla centos7
installation.
https://copr.fedorainfracloud.org/coprs/isc/bind/
[root@ict-networks-010-000-002-015 ~]# yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.init7.net
18 matches
Mail list logo