Re: disable dnssec in bind resolver
On Fri, Jun 4, 2010 at 11:32 PM, Doug Barton do...@dougbarton.us wrote: With my business hat on though I can see at least 2 possible use cases for DO=0. The first being related to this thread, I can't/won't fix/remove the firewall today, I just want my resolver to work. The hapless user in that spot is either going to use another vendor, or go back to the old version of BIND that works. I know market share isn't a _primary_ concern for BIND, but I would argue that the go back to old version answer to this dilemma is something that we should all be concerned about. I understand - I do anticipate others share your concern. The other use case that leaps immediately to mind is We do 42 scintillion DNS queries per second and our bandwidth cost has tripled in the last 3 months! What in the name of J. Jonah Jameson is going on around here?!? DNSSEC support is a world wide expense. Not only for the users who deploy it and the registries that support it. But also in bandwidth. If your saying your DNS traffic has tripled thats sounds about right. Everybody profits and everybody pays. Since we have Paul's attention here my question is will he incorporate DNScurve into BIND now or does he intend to wait until it becomes an RFC? regards joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [ga] Re: Resolving .gov w/dnssec
On Fri, Apr 23, 2010 at 12:15 AM, Hugh Dierker hdierker2...@yahoo.comwrote: Fair trade is necessary trade. Unnecessary tradeoffs are lame. I agree. It is a tradeoff and not fair trade. These problems are not necessary -- except that they are within the given framework of lack of motivation to do better. It comes down to this, if we set our standards outside of competitive models there is no incentive to do better. ICANN, the Dnssec and this SAIC are working within government sanctioned slobbery, both intellectual and economic slobbery. I used to think it was snobbery, now I know it is a laziness born of shovel leaning bureaucrats. You may be kind and call it make work but would you call intentional fraud make work? Buggy whips and Railroad fireman is what this is. Again I agree. DNSSEC is a snow job by committee. SAIC is a joke. I root server in Beijing is still down. Where is SAIC on that. The plan I am putting together for the inculsives will generate some new fire under the pants of these obstructionists and they will find that a better mousetrap can be built. Thank you - I and my TLD holders thank you. regards joe baptista --- On *Thu, 4/22/10, Joe Baptista bapti...@publicroot.org* wrote: From: Joe Baptista bapti...@publicroot.org Subject: [ga] Re: Resolving .gov w/dnssec To: c...@cam.ac.uk, g...@gnso.icann.org GA g...@gnso.icann.org Cc: Paul Wouters p...@xelerance.com, Bind Users Mailing List bind-users@lists.isc.org, Timothe Litt l...@acm.org Date: Thursday, April 22, 2010, 8:07 AM Looks like the future of the DNSSEC make work project includes resolution failures here and there. More security - less stability - guaranteed slavery. I wounder if it's a fair trade. we'll see .. regards joe baptista On Thu, Apr 22, 2010 at 10:52 AM, Chris Thompson c...@cam.ac.ukhttp://us.mc529.mail.yahoo.com/mc/compose?to=c...@cam.ac.uk wrote: On Apr 22 2010, Paul Wouters wrote: On Thu, 22 Apr 2010, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long (~10 sec) delay. +cdflag provides an immediate response. Is anyone else seeing this? Ideas on how to troubleshoot? I have the same problems with our validating unbound instance. I suspect that this has to do with dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov. dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov. failing with timeouts, while dig +dnssec +norec +vc dnskey uspto.gov @ dns1.uspto.gov. dig +dnssec +norec +vc dnskey uspto.gov @dns2.uspto.gov. work fine ... with a 1736-byte answer. Probably the fragmented UDP response is getting lost somewhere near the authoritative servers themselves. -- Chris Thompson Email: c...@cam.ac.ukhttp://us.mc529.mail.yahoo.com/mc/compose?to=c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.orghttp://us.mc529.mail.yahoo.com/mc/compose?to=bind-us...@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: http://baptista.cynikal.net/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Resolving .gov w/dnssec
Looks like the future of the DNSSEC make work project includes resolution failures here and there. More security - less stability - guaranteed slavery. I wounder if it's a fair trade. we'll see .. regards joe baptista On Thu, Apr 22, 2010 at 10:52 AM, Chris Thompson c...@cam.ac.uk wrote: On Apr 22 2010, Paul Wouters wrote: On Thu, 22 Apr 2010, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long (~10 sec) delay. +cdflag provides an immediate response. Is anyone else seeing this? Ideas on how to troubleshoot? I have the same problems with our validating unbound instance. I suspect that this has to do with dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov. dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov. failing with timeouts, while dig +dnssec +norec +vc dnskey uspto.gov @ dns1.uspto.gov. dig +dnssec +norec +vc dnskey uspto.gov @dns2.uspto.gov. work fine ... with a 1736-byte answer. Probably the fragmented UDP response is getting lost somewhere near the authoritative servers themselves. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
On Wed, Feb 24, 2010 at 10:23 PM, Alan Clegg acl...@isc.org wrote: Joe Baptista wrote: dnssec-enable yes; and dnssec-validation yes; are the defaults since BIND 9.5 How do I turn it off. Since you edited out the most important part of my post, I'll repeat it here before I answer your question: Sorry - not my intention. It's just that part of the post did not apply to me. My question was not related to an authoritative server but a recursive only server. Serving signed zones requires signed zone data to serve. Validation requires configuration of trust anchors. To turn it off, Don't sign your zones and don't configure trust anchors. Like I said the server is recursive only - no zones served. Or, if you think you might accidentally sign your zones or configure trust anchors, you can: dnssec-enable no; dnssec-validation no; OK - so if I do the above - will that prevent my recursive server from doing DNSSEC if it gets information from a DNSSEC signed zone? Thanks for your help here joe ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
reply below On Wed, Feb 24, 2010 at 1:06 AM, Evan Hunt e...@isc.org wrote: I humbly suggest Dr. Bernstein who is behind DNScurve thinks the IETF is full of wackos. So it is unlikely he will ever be bothered to dance the IETF RFC jig. Is there a requirement that Dr. Bernstein must personally do the dancing? Let someone else write the RFC, if it needs writing. Someone else has written the RFC draft - which see http://bit.ly/b5mFkV Looks like Matthew Dempsky and OpenDNS have taken the lead here. While the existence of an RFC isn't an absolute requirement for BIND to implement something, it certainly helps. But what helps a lot more is evidence that the thing in question is getting widespread use, or that there's significant user demand for it. Now there is. OpenDNS support of DNScurve means over 20 billion DNS queries per day. I think thats enough evidence to get cracking and write the code. So far, we're not seeing either of those things with DNSCurve. Were not seeing much of the same with DNSSEC. Thats not the case with DNScurve. Again I stress - over 20 billion requests per day at OpenDNS are DNScurve compatible.The traffic in DNSSEC is chicken feed compared to DNScurve. When we do, I'll be happy to write the code. It's happened - start writing. regards joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
On Wed, Feb 24, 2010 at 1:13 AM, Michael Sinatra mich...@rancid.berkeley.edu wrote: As someone who both signs his production zones and does DNSSEC validation, I can assure you that DNSSEC works. But you've done as good job as I can imagine in making the case for DNScurve. Done. regards joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
On Wed, Feb 24, 2010 at 11:33 AM, Evan Hunt e...@isc.org wrote: Thats not the case with DNScurve. Again I stress - over 20 billion requests per day at OpenDNS are DNScurve compatible. The traffic in DNSSEC is chicken feed compared to DNScurve. ORG and GOV and quite a lot of the ccTLD's are DNSSEC compatible, so I don't actually think it'd be much of a horserace if compatibility is all you're looking for. I agree they are both DNSSEC compatible but .GOV has only deployed DNSSEC in 20% of it's zones. I'm not sure what the percentage is in .ORG - 5% ? less ? is it even 1% of the zones? The make work project continues. Thats what I like about DNScurve. No make work projects. But I get your point. What'll be interesting is how many queries the root and TLD servers start seeing for uz5*/NS. It's going to be interesting to watch. I guess that depends on if DNSSEC is turned on by default in BIND. Incidentally - is it? regards joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
On Wed, Feb 24, 2010 at 10:08 PM, Alan Clegg acl...@isc.org wrote: dnssec-enable yes; and dnssec-validation yes; are the defaults since BIND 9.5 How do I turn it off. Thanks joe ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
OpenDNS today announced it has adopted DNSCurve to secure DNS
Now that OpenDNS the largest provider of public DNS supports DNSCurve http://twitter.com/joebaptista/status/9555178362 Would it be possible to include DNScurve support in bind? thanks joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
It would be nice to see it as an RFC. I agree with that. But from what I know it will be a pretty cold day in hell before it becomes an RFC. I humbly suggest Dr. Bernstein who is behind DNScurve thinks the IETF is full of wackos. So it is unlikely he will ever be bothered to dance the IETF RFC jig. I do disagree with you that bind should only implement what is in the RFC. Lets not forget the IETF has had 15 years to secure the DNS. The result is the DNSSEC abortion. It has failed. This announcement today is a stiff well deserved kick in the balls to the DNSSEC crowd. We can not rely on the IETF for security. Commerce and simple common sense communications are screaming for security solutions today. DNSCurve is perfect and it works out of the box. Folks. OpenDNS has set the DNS standard. We can start securing the DNS with every new dnscurve upgrade to bind. Imagine how much money is being spent on the DNSSEC make work project - time and energy wasted. DNScurve installs - configures and runs. No need for a make work project. agreed? regards joe baptista On Tue, Feb 23, 2010 at 10:28 PM, Michael Sinatra mich...@rancid.berkeley.edu wrote: On 02/23/10 18:31, Joe Baptista wrote: Now that OpenDNS the largest provider of public DNS supports DNSCurve http://twitter.com/joebaptista/status/9555178362 Would it be possible to include DNScurve support in bind? thanks joe baptista I'd love to see BIND adopt DNScurve...when it becomes an RFC. Until then, I'd prefer that BIND stick to the existing body of RFCs. If DNScurve is important enough for the whole Internet to use, then it's important enough to drag it through the whole IETF process, political as it may or may not be. Personally, I think DNScurve misses the mark. My concern, as someone who operates both authoritative and recursive servers, is that the data on the authority side be authentic end-to-end. With DNSSEC, I can validate that that's true. DNScurve advocates, on the other hand, point out that DNS isn't encrypted. Well, neither is the phone book. So what? I regard DNS as a public database, and it's more important to me that it be authentic--from the source--than obscurified. While I think the OpenDNS people (especially David U., their founder) have a huge amount of clue, I think they're barking up the wrong tree here. michael ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to setup a local root nameserver?
see my comments below ... On Tue, Feb 2, 2010 at 8:18 AM, Joseph S D Yao j...@tux.org wrote: On Tue, Feb 02, 2010 at 12:50:56AM +0100, fddi wrote: Hello, I need to setup a local named configuration so that ANY request will be resolved to a specific single IP only. I mean any kind of DNS resolutin request www.luth.se www.isc.org www.anything.tld should be resolved in 172.16.30.30 for example zone . { type master; file zone.root; }; zone.root: @ SOA ... NS localhost localhost A 127.0.0.1 * A 172.16.30.30 NOTE: this does exactly what you asked. And may have unexpected consequences [as in, be careful what you ask for; you may get it]. For instance, this had better be the name server, as well! NO OTHER IP ADDRESS IN THE ENTIRE WORLD will be resolved. Unless you add domains on this same name server. Correct .. but as you say you just add domains on the same name server. Simple make the NS the localhost and assign localhost the A record of 127.0.0.1. Or lets say the name server is at 172.16.30.31 then you can do as follows NS any.domain.name any.domain.name A 172.16.30.31 * A 172.16.30.30 That will work too. regards joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to setup a local root nameserver?
Thats the baptista vortex. I've used it to clean up root servers of traffic. Where every name resolves to the same IP address. I don't know if it still works under bind. You can try. You simply setup a root zone file with a wildcard pointing to the A record. Or you can build a server to do that. regards joe baptista If you need help get back to me privately. On Mon, Feb 1, 2010 at 6:50 PM, fddi f...@gmx.it wrote: Hello, I need to setup a local named configuration so that ANY request will be resolved to a specific single IP only. I mean any kind of DNS resolutin request www.luth.se www.isc.org www.anything.tld should be resolved in 172.16.30.30 for example I need this because I need to redirect users to a local web portal authentication page and I need to do it using DNS. is there any kind of named configuration which can allow me to achieve this result ? I tryed hard but without any success for example I tryed this: in named.conf: zone . IN { type master; file named.root; }; then in named.root: $TTL86400 $ORIGIN . @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ); minimum 1D IN NS@ 1D IN A 172.16.30.30 but it works only for . and not recursively for anydomain issued in the request. thank you Rick ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNS inventor Dr. Paul Mockapetris audio interview available at NPR
Since we have been talking about DNS recently here is an audio interview by NPR with DNS inventor Dr. Paul Mockapetris quote: *A friend of mine said I was smart enough to invent the DNS, but not smart enough to own it, * http://bit.ly/8iSEql This link guaranteed free of evil (signed joe baptista) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Punycode nslookup
You configure an idn zone the same way you do for any other - so I assume your config below is correct - although the location of the master file master/umlauttestäöü.de.hosts contains non ascii char I don't think that is an issue in todays unix/linux environment. It would of been a problem in the old days. As for you question concerning the browser converting the domain to punycode before asking a nameserver - yes that is what some browsers do. I'm not sure why because it must confuse some users when that happens. regards joe baptista On Fri, Dec 4, 2009 at 9:41 AM, Kai Szymanski k...@codebiz.de wrote: Hi! One of our customers wan't a Domain with Umlaute (german special characters like ä). Is it correct when i have configured the zone like zone xn--umlauttest-z5a0tyc.de { type master; file master/umlauttestäöü.de.hosts; allow-transfer { can_transfer; }; # allow-update { can_update; }; }; and the record like xn--umlauttest-z5a0tyc.de. IN SOA ns.foobar.de. hostmaster.foobar.de. ( 2009120401 ; Serial 8H ; refresh 4H ; retry 5w6d16h ; expiry 1D ); minimum IN NS ns.foobar.de. IN NS ns2.foobar.de. If so: When you enter the Domainname in a Browser: Did the Browser also encode the url to punycode before asking a nameserver ? Thanks for your hints! Best regards, Kai. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Punycode nslookup
On Fri, Dec 4, 2009 at 10:23 AM, Kai Szymanski k...@codebiz.de wrote: Hi Joe, my problem is: I can't test the zone with nslookup (only when i use the puny-encoded domainname). Also other tools who uses dns to resolv the entered domainname (like ping www.umlauttestäöü.dehttp://www.xn--umlauttest-z5a0tyc.de) did'nt work. I'm not sure what the state of nslookup is these days with respect to support for idn. One would think it should accept umlauts and translate to punycode. I can see how a lack of idn support can cause even programmers confusion. So i thought that 1. The User enters a url with Umlauts in browser 2. Browser examine url, see that there is umlaut in the domainname, an encoded it (internal, so the user did'nt see it) to puny code and ask the default nameserver for the domainname in punycode Is this correct ? Thats how it should work. Its more of a cosmetic user thing and if browsers did that much user confusion would be reduced if they could see the idn domain instead of so an xn--* domain. Now there could very well be a browser that does this. I don't know - the last time I tested this was back when Ubuntu 7.?? was released. Don't remember the exact date and the only browser I tested it on was Firefox. Have you tried other browsers? And what browser(s) have you tested this on. You have hit on a very important point here. regards joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Punycode nslookup
On Fri, Dec 4, 2009 at 12:26 PM, Chris Buxton cbux...@menandmice.comwrote: nslookup will only understand IDN if BIND is compiled with that option in the ./configure step. might be a good idea if it was the default option. as idn becomes popular the lack of idn support for the tools will result in confusion. The browser has to understand IDN. Most current browsers do, including (I believe) IE 7 and later, Firefox 2 and later, and Safari 3 and later. Does anyone have a list of idn domains? I'd like to try it out. cheers joe baptista ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: When dnssec-validation stops working?
On 8/16/09, John Marshall john.marsh...@riverwillow.com.au wrote: I'm new at DNSSEC. This server is the first one we have configured. I have the following in the global configuration options: dnssec-enable yes; dnssec-validation yes; dnssec-lookaside . trust-anchor dlv.isc.org.; my recommendation is dnssec-enable no; dnssec-validation no; // dnssec-lookaside . trust-anchor dlv.isc.org.; that should fix the problem. then lobby the bind bunnies at isc to incorporate dnscurve into bind. dnscurve is the future of dns security. dnssec is just a bad joke best avoided at all costs. cheers joe baptista -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: The Year of the Sevenfold Increase
You guys get excited over small potatoes. There are hundreds of millions of potential DLV RRsets. This is not even a drop in the bucket. cheers joe baptista p.s. this message does not imply i support dnssec deployment. dnscurve is the solution to our woes http://bit.ly/pJVq4 On Thu, Jul 30, 2009 at 11:37 AM, Chris Thompson c...@cam.ac.uk wrote: [You'll find a mighty strange web page if you google for that subject, but I couldn't resist...] On 30 July 2008, dlv.isc.org had 113 DLV RRsets On 30 July 2009, dlv.isc.org had 791 DLV RRsets (and I didn't cheat! it came out exactly 7x) So, will we see another 7x increase by 30 July 2010, or will the numbers start dropping as higher-level domains get their signed delegation procedures going? Anyway, congratulations and thanks to ISC for providing this service. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: The Year of the Sevenfold Increase
I don't think buddha cares much for bind. cheers joe baptista On Thu, Jul 30, 2009 at 2:26 PM, fakessh fake...@fakessh.eu wrote: nb : Buddha peace themselve On Thu, 30 Jul 2009 13:41:17 -0400, Joe Baptista bapti...@publicroot.org wrote: You guys get excited over small potatoes. There are hundreds of millions of potential DLV RRsets. This is not even a drop in the bucket. cheers joe baptista p.s. this message does not imply i support dnssec deployment. dnscurve is the solution to our woes http://bit.ly/pJVq4 On Thu, Jul 30, 2009 at 11:37 AM, Chris Thompson c...@cam.ac.uk wrote: [You'll find a mighty strange web page if you google for that subject, but I couldn't resist...] On 30 July 2008, dlv.isc.org had 113 DLV RRsets On 30 July 2009, dlv.isc.org had 791 DLV RRsets (and I didn't cheat! it came out exactly 7x) So, will we see another 7x increase by 30 July 2010, or will the numbers start dropping as higher-level domains get their signed delegation procedures going? Anyway, congratulations and thanks to ISC for providing this service. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: domain name length
yes - you can do that. and even assign the same NS or other if you want. a domain can be very large to the human eye. I'm not sure how many characters - but more then 200 I think. Go crazy. regards joe baptista On Mon, Jun 29, 2009 at 9:28 PM, Dan Letkeman danletke...@gmail.com wrote: Hello, Are there any issues with have domains like location.domain.com so all of my hosts will be host.location.domain.com ? Currently we have everything under domain.com and it is getting to be very messy. Dan. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSDigger.com - An announcement and request for feature tips.
Can DNSdigger see .GOD? What about .SATAN. Does DNSdigger see the Peking University on the China National TLD DNS? What happens if I ask it a question on the domain 北京大学.中国 or the equivalent ascii IDN of xn--1lq90ic7fzpc.xn--fiqs8s ? Well I tried digger. I know it does not speak Chinese, Peaking University at 北京大学.中国 does not resolve. Nor does the ascii xn--1lq90ic7fzpc.xn--fiqs8s resolve - so we can assume digger can't yet see China. Thats unfortunate. Until digger can see China - it sure won't see .GOD and .SATAN. But that fault aside - I like digger. I'll use it - so sad it has limited vision of the name space. But I'm sure it will improve. cheers joe baptista - thats one recommend bookmark ;) On Tue, Jun 16, 2009 at 8:19 PM, Jay Ess li...@netrogenic.com wrote: DNSDigger.com - A massive reverse resolver that lets you dig deeper into the Net. DNSDigger.com is a service that lets you get more information about an domain name. It can show you what other domain names is hosted on a server. For example can that information be a valuable data for a hosting company that want to estimate how many customers a competitor has or se what other domains is hosted on a shared server and estimate the likelihood of that server being DDOSed. I am posting this to the Bind emailing list for two reasons. 1. To announce a relevant service (relevant to DNS) 2. To ask you for feature requests. I hope you don't get to pissed off ;) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: www.joebaptista.wordpress.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users