Re: getaddrinfo and TTL
On 08/03/2012 05:48 PM, Martin McCormick wrote: Can one read the TTL for a given lookup in getaddrinfo? I don't believe so. Better yet, is there a listing of the entire range of values one can read from all the structures? The getaddrinfo() interface is specified in RFC 3493. Specific platforms might extend the struct addrinfo (maybe?) but AFAIK most / all implementations just conform to the basic RFC. I wrote an application years ago to let us change the name of a host. The old code uses zone transfer to pull in the whole zone, actually several zones in to a pile of A records. We look for the old name, replace it with the new name and then do a delete and add. I don't understand this I'm afraid. If getaddrinfo contains this value, the replace application can run much faster, just doing one lookup, and the new record we write back will keep whatever value we originally had. If you want TTL, you will need to use DNS-specific functions like the res_* API. You need to be sure you are querying the master, otherwise the TTL will be the one from cache, not the real value. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
security BIND
Hi what are recomendations regarding security and DNS service? Thnks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: security BIND
Hello Alberto, On Sat, 4 Aug 2012, Alberto Rasillo wrote: Hi what are recomendations regarding security and DNS service?Thnks it is difficult (impossible?) to answer such a generic question. Generic security advice for a DNS service: * read your DNS servers documentation carefully * understand every bit of your configuration * don't use configuration settings you don't fully understand * understand hos DNS works (read a good book or visit a good DNS training) * run recent software (not old software that has know security issues) * monitor your DNS server (DNS server logfiles, DNS traffic-patterns) * don't run an 'open resolver' (https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59) Anything more specific your would like to know? -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dig 9.9.1 AD-bit
On 3 Aug 2012, at 02:25, Marco Davids (SIDN) marco.dav...@sidn.nl wrote: Dig 9.9.1 is setting the AD-bit in queries by default. Does anyone know why? It means I want the results of DNSSEC validation but not all the RRSIG and NSEC records I would get from DO=1. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users