Re: disable dnssec in bind resolver
Thanks @all, sorry i was out of office yesterday. I'll discuss the issue this week on the german Linux Tag in Berlin. What your meaning off firewalls, who looks into packets and block them if the filter don´t know a flag. First i´ve fixed the problem with edns no; Jan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec in bind resolver
i mean the parameter is the default. my problem is, if a client want to resolve a ip-address from my bind-server, the resolver set for some domains the D0 flag for the question. And this behaviour don´t like my firewall. Jan 2010/6/4 Lightner, Jeff : > I don't understand that. > > Are you saying that "dnsec-validation no;" is in your named.conf or are you > saying you don't believe it is necessary to set it there because by default > validation is off? If the latter what does it hurt to try it? Obviously > something isn't working the way you expect or you wouldn't have asked. > > -Original Message- > From: bind-users-bounces+jlightner=water@lists.isc.org > [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of > Jan Buchholz > Sent: Friday, June 04, 2010 10:50 AM > To: Paul Wouters > Cc: bind-users@lists.isc.org > Subject: Re: disable dnssec in bind resolver > > 2010/6/4 Paul Wouters : >> On Fri, 4 Jun 2010, Jan Buchholz wrote: >> >>> how i can disable dnssec in the bind resolver ? My firewall don´t let >>> packets with D0 flag through. I´ve tried 'dnssec-enable no;' , but >>> this don´t fix the problem. >> >> I believe that only disables *serving* DNSSEC records. >> >> I think you want 'dnssec-validation no;' >> >> Paul >> > > sorry, 'dnssec-validation no;' is already configured, because that´s > the default. > > Jan > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > Proud partner. Susan G. Komen for the Cure. > > Please consider our environment before printing this e-mail or attachments. > -- > CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential > information and is for the sole use of the intended recipient(s). If you are > not the intended recipient, any disclosure, copying, distribution, or use of > the contents of this information is prohibited and may be unlawful. If you > have received this electronic transmission in error, please reply immediately > to the sender that you have received the message in error, and delete it. > Thank you. > -- > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec in bind resolver
2010/6/4 Paul Wouters : > On Fri, 4 Jun 2010, Jan Buchholz wrote: > >> how i can disable dnssec in the bind resolver ? My firewall don´t let >> packets with D0 flag through. I´ve tried 'dnssec-enable no;' , but >> this don´t fix the problem. > > I believe that only disables *serving* DNSSEC records. > > I think you want 'dnssec-validation no;' > > Paul > sorry, 'dnssec-validation no;' is already configured, because that´s the default. Jan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
disable dnssec in bind resolver
hello together, how i can disable dnssec in the bind resolver ? My firewall don´t let packets with D0 flag through. I´ve tried 'dnssec-enable no;' , but this don´t fix the problem. Thanks, Jan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What are these entries in the log file - " query: . IN NS +"?
Hallo, i think disable queries at the root-zone for not internal networks is another answer for this problem . --- Jan 2009/1/27, Jukka Pakkanen : > > "Tony Toews [MVP]" kirjoitti > viestissä:... >> Noel Butler wrote: >> >> >Surely windows can block access to an inbound IP request from "some IP" >> >to local udp port 53 ? >> >> Not the firewall software built into Windows 2003 Server. >> >> >If not, you know what my next reply will be don't you :) >> >> Yeah, well switching to Linux ain't gonna happen. My friend and >> I have no >> experience with Linux and no desire to learn it. > > There are many free third party firewall packages that can be run in Windows > 2003 Server, we use the Net Firewall. > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
