multiple IP addresses cause ZONE TRANSFER to fail.
My Debian box has two IP's running BIND 9. 209.113.151.5 and 209.113.151.7. BIND is setup to listen on 209.113.151.7 and act as a slave server. However, it makes the zone transfer from 209.113.151.5. The master server blocks these request. Is there a way to make the request come from 209.113.151.7. May 21 10:56:50 cp named[966]: client 209.113.151.5#4590: zone transfer 'hotsyboston.com/IN' deni Andrew P. Kaplan www.cshore.com A management team distracted by a series of short-term targets is as pointless as a dieter stepping on a scale every half-hour, Larry Page, one of Google's co-founders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: multiple IP addresses cause ZONE TRANSFER to fail.
Are you looking for somethings like that?
/etc/bind/named.conf.options [included via include
/etc/bind/named.conf.options; in /etc/bind/named.conf]
[snip]
version Windows 3.11;
notify yes;
query-source address 209.113.151.7;
notify-source 209.113.151.7;
transfer-source 209.113.151.7;
allow-query { any; };
allow-transfer { any; };
[snap]
rgds,
Andreas
Andrew P. Kaplan wrote:
My Debian box has two IP's running BIND 9. 209.113.151.5 and 209.113.151.7.
BIND is setup to listen on 209.113.151.7 and act as a slave server. However,
it makes the zone transfer from 209.113.151.5. The master server blocks
these request. Is there a way to make the request come from 209.113.151.7.
May 21 10:56:50 cp named[966]: client 209.113.151.5#4590: zone transfer
'hotsyboston.com/IN' deni
Andrew P. Kaplan
www.cshore.com
A management team distracted by a series of short-term targets is as
pointless as a dieter stepping on a scale every half-hour, Larry Page, one
of Google's co-founders
--
Andreas John
net-lab GmbH
Luisenstrasse 30b
63067 Offenbach
Tel: +49 69 85700331
http://www.net-lab.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: multiple IP addresses cause ZONE TRANSFER to fail.
Perhaps
options {
...
query-source address 209.113.151.7 port 53;
...
};
would help.
Christian
- Original Message -
From: Andrew P. Kaplan [EMAIL PROTECTED]
To: Debian-Isp [EMAIL PROTECTED]
Sent: Friday, May 21, 2004 6:23 PM
Subject: multiple IP addresses cause ZONE TRANSFER to fail.
My Debian box has two IP's running BIND 9. 209.113.151.5 and 209.113.151.7.
BIND is setup to listen on 209.113.151.7 and act as a slave server. However,
it makes the zone transfer from 209.113.151.5. The master server blocks
these request. Is there a way to make the request come from 209.113.151.7.
May 21 10:56:50 cp named[966]: client 209.113.151.5#4590: zone transfer
'hotsyboston.com/IN' deni
Andrew P. Kaplan
www.cshore.com
A management team distracted by a series of short-term targets is as
pointless as a dieter stepping on a scale every half-hour, Larry Page, one
of Google's co-founders
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: multiple IP addresses cause ZONE TRANSFER to fail.
Are you looking for somethings like that?
/etc/bind/named.conf.options [included via include
/etc/bind/named.conf.options; in /etc/bind/named.conf]
[snip]
version Windows 3.11;
notify yes;
query-source address 209.113.151.7;
notify-source 209.113.151.7;
transfer-source 209.113.151.7;
allow-query { any; };
allow-transfer { any; };
[snap]
rgds,
Andreas
Andrew P. Kaplan wrote:
My Debian box has two IP's running BIND 9. 209.113.151.5 and 209.113.151.7.
BIND is setup to listen on 209.113.151.7 and act as a slave server. However,
it makes the zone transfer from 209.113.151.5. The master server blocks
these request. Is there a way to make the request come from 209.113.151.7.
May 21 10:56:50 cp named[966]: client 209.113.151.5#4590: zone transfer
'hotsyboston.com/IN' deni
Andrew P. Kaplan
www.cshore.com
A management team distracted by a series of short-term targets is as
pointless as a dieter stepping on a scale every half-hour, Larry Page, one
of Google's co-founders
--
Andreas John
net-lab GmbH
Luisenstrasse 30b
63067 Offenbach
Tel: +49 69 85700331
http://www.net-lab.net
Re: multiple IP addresses cause ZONE TRANSFER to fail.
Perhaps
options {
...
query-source address 209.113.151.7 port 53;
...
};
would help.
Christian
- Original Message -
From: Andrew P. Kaplan [EMAIL PROTECTED]
To: Debian-Isp debian-isp@lists.debian.org
Sent: Friday, May 21, 2004 6:23 PM
Subject: multiple IP addresses cause ZONE TRANSFER to fail.
My Debian box has two IP's running BIND 9. 209.113.151.5 and 209.113.151.7.
BIND is setup to listen on 209.113.151.7 and act as a slave server. However,
it makes the zone transfer from 209.113.151.5. The master server blocks
these request. Is there a way to make the request come from 209.113.151.7.
May 21 10:56:50 cp named[966]: client 209.113.151.5#4590: zone transfer
'hotsyboston.com/IN' deni
Andrew P. Kaplan
www.cshore.com
A management team distracted by a series of short-term targets is as
pointless as a dieter stepping on a scale every half-hour, Larry Page, one
of Google's co-founders
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: specifying which IP addresses can send mail for a domain
On Fri, Oct 10, 2003 at 03:09:54PM +1000, Russell Coker wrote: Joel, can you please provide information on the experimental method for specifying which IP addresses may be used to send mail from a particular domain? The one I personally like best, at the moment, is Paul Vixie's proposal (draft-vixie-repudiating-mail-from); however, as has been pointed out, most of the active, or remotely reasonable, proposals have come under the aegis of the IETF ASRG working group, and probably belong there. None of them currently have (nor are they likely to have in the immediate future) enough weight to be terribly useful; the main benefit of the ASRG process is that we will (almost certainly) end up with one protocol blessed with full RFC status, which is a fairly major advantage in terms of convincing mail software writers and DNS maintainers to actually implement it in a widespread enough fashion that it will have noticeable impact. I favor Vixie's proposal primarily because it's simple, elegant, and it requires neither new DNS RR types, nor excessive handling of things which are documented as poor DNS practice, such as widecards. Anything requiring DNS upgrades will take at least five years, if not longer, before it is deployed in sufficient density to be meaningful - many folks still run BIND 4 based resolvers. And the merits of avoiding the use of poor DNS practices should be, well, obvious. Using one special hostname that is unlikely to be used for anything else on an operational network isn't such a high price, by comparison, and it can be implemented entirely at the application level using well-established query pathways (even resolvers that break things like wildcards are unlikely to break MX+priority information). However, as I said, I'm betting that none of them will gain much steam until the ASRG renders a decision. So we'll just have to see what comes out of it. -- Joel Baker [EMAIL PROTECTED],''`. Debian GNU NetBSD/i386 porter: :' : `. `' `- pgp0.pgp Description: PGP signature
Re: specifying which IP addresses can send mail for a domain
On Oct 10, Russell Coker [EMAIL PROTECTED] wrote: The method in question has never taken off because of lack of application support. If we make all mail servers in Debian support it then that could be what is needed to make it a success. I would be happy to devote some coding time to this if it can result in a net reduction of SPAM. Sadly it's more complex than this. Protocols like SPF (http://spf.pobox.com/, which I believe is the best of them) did not take off because of multiple reasons. If you are seriously interested in this then I suggest you look at the past threads on SPAM-L and the other appropriate forums. -- ciao, | Marco | [2322 mi/eMbJhFdzPI] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
specifying which IP addresses can send mail for a domain
Joel, can you please provide information on the experimental method for specifying which IP addresses may be used to send mail from a particular domain? The method of using DNS to specify that only certain IP address ranges may send mail purporting to be From: your domain has the potential to offer significant benefits for spam blocking as well as allowing us to reduce our reliance on other methods (eg the contentious services such as dynablock.easynet.nl which get debated on these lists). I would be happy to configure my servers to avoid checking the dial-up lists if such a method could be used instead, and I think that this would make a lot of people happy. The method in question has never taken off because of lack of application support. If we make all mail servers in Debian support it then that could be what is needed to make it a success. I would be happy to devote some coding time to this if it can result in a net reduction of SPAM. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
IP addresses
hello, maybe somewhere is information about how many IP addresses is used as network and broadcast address today? How many addresses is unused yet? When has been created IPv4? - Kasparavicius Andrius http://www.andrius.org ICQ:17701001 tel.: +370 87 25630 nick: Casper AND-RIPE AND-6BONE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IP addresses
hello, maybe somewhere is information about how many IP addresses is used as network and broadcast address today? How many addresses is unused yet? When has been created IPv4? - Kasparavicius Andrius http://www.andrius.org ICQ:17701001 tel.: +370 87 25630 nick: Casper AND-RIPE AND-6BONE
Re: IP addresses
On Sat, 19 Aug 2000, Andrius Kasparavicius wrote: hello, maybe somewhere is information about how many IP addresses is used as network and broadcast address today? How many addresses is unused yet? When has been created IPv4? http://www.nua.ie/surveys/ would be a good place to start looking. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
RE: ip addresses
Have you ever had a problem with people spoofing MAC addresses to get IP's? We haven't run into that yet. Seems like if they're going to the trouble to give you the MAC address you might as well give them fixed ip's. This is a good point, as it is a direct connection the customer is always online with us. We have to have one IP for each customer, at least. I am not sure why the decision was made to go this route (I wasn't with the company at the time, and the guy who made the decision is the one I replaced.) I think they were having problems keeping track of who had what ip address. From what I hear my predecessor fealt DHCP was safer for our customers, he thought if we used DHCP that it would be more difficult to crack one of our customers computers. Have you ever had anybody try to scram your network? Not yet...knock on wood. -Original Message- From: Chris Wagner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 08, 2000 11:22 PM To: debian-isp@lists.debian.org Subject: RE: ip addresses Interesting. Have you ever had a problem with people spoofing MAC addresses to get IP's? How does your system react if more than one host presents a request for an IP if that MAC has already been assigned an IP? Seems like if they're going to the trouble to give you the MAC address you might as well give them fixed ip's. Do you have more customers than IP's? Have you ever had anybody try to scram your network? :) At 11:17 AM 8/8/00 -0500, Jamie Bumsted wrote: then have a linux box running DHCPD right before the customer hits the router. They must give us their mac address and we place that in the DHCPD.CONF file and allow only known hosts. +---+ | -=H E L L - J U S T D O N ' T V O T E F O R G O R E=- | |=- -=ANYBODY FOR PRESIDENT=- -=| | George W. Bush Alan Keyes Hey, Atleast They're Not Robots | |=-- http://www.Keyes2000.com. --=| ++ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ip addresses
On Mon, 07 Aug 2000, Jamie Bumsted wrote: Hi all! Just wondering what most people do for customer IP addresses. I am new to the ISP business and the system that I have taken over assigns routable ip's to customers via DHCP. I was just wondering if anyone used private IP's and applied NAT to their customers or if that can even be done. Sure, NAT is easy to apply to customers. But it is a lower quality of service (they can't run servers, and custom programs may not work through NAT). If they have an implied contract which involves real IP addresses then applying NAT to them would be a breach of contract. I have worked for ISPs that offer various types of service, some of which had NAT. At one ISP they paid more because it was part of a service to protect users from accessing pr0n sites. ;) How do you apply IPs via DHCP anyway? -- My current location - X marks the spot. X X X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: ip addresses
How do you apply IPs via DHCP anyway? We provide wireless high speed internet. The customers have a cable modem in their home that connects to an antenna on their roof. It is a microwave signal to our tower, that gets translated into ethernet in our tower hut, we then have a linux box running DHCPD right before the customer hits the router. They must give us their mac address and we place that in the DHCPD.CONF file and allow only known hosts. -Original Message- From: Russell Coker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 08, 2000 10:52 AM To: Jamie Bumsted; [EMAIL PROTECTED] Subject: Re: ip addresses On Mon, 07 Aug 2000, Jamie Bumsted wrote: Hi all! Just wondering what most people do for customer IP addresses. I am new to the ISP business and the system that I have taken over assigns routable ip's to customers via DHCP. I was just wondering if anyone used private IP's and applied NAT to their customers or if that can even be done. Sure, NAT is easy to apply to customers. But it is a lower quality of service (they can't run servers, and custom programs may not work through NAT). If they have an implied contract which involves real IP addresses then applying NAT to them would be a breach of contract. I have worked for ISPs that offer various types of service, some of which had NAT. At one ISP they paid more because it was part of a service to protect users from accessing pr0n sites. ;) How do you apply IPs via DHCP anyway? -- My current location - X marks the spot. X X X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: ip addresses
Interesting. Have you ever had a problem with people spoofing MAC addresses to get IP's? How does your system react if more than one host presents a request for an IP if that MAC has already been assigned an IP? Seems like if they're going to the trouble to give you the MAC address you might as well give them fixed ip's. Do you have more customers than IP's? Have you ever had anybody try to scram your network? :) At 11:17 AM 8/8/00 -0500, Jamie Bumsted wrote: then have a linux box running DHCPD right before the customer hits the router. They must give us their mac address and we place that in the DHCPD.CONF file and allow only known hosts. +---+ | -=H E L L - J U S T D O N ' T V O T E F O R G O R E=- | |=- -=ANYBODY FOR PRESIDENT=- -=| | George W. Bush Alan Keyes Hey, Atleast They're Not Robots | |=-- http://www.Keyes2000.com. --=| ++ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ip addresses
On Mon, 07 Aug 2000, Jamie Bumsted wrote: Hi all! Just wondering what most people do for customer IP addresses. I am new to the ISP business and the system that I have taken over assigns routable ip's to customers via DHCP. I was just wondering if anyone used private IP's and applied NAT to their customers or if that can even be done. Sure, NAT is easy to apply to customers. But it is a lower quality of service (they can't run servers, and custom programs may not work through NAT). If they have an implied contract which involves real IP addresses then applying NAT to them would be a breach of contract. I have worked for ISPs that offer various types of service, some of which had NAT. At one ISP they paid more because it was part of a service to protect users from accessing pr0n sites. ;) How do you apply IPs via DHCP anyway? -- My current location - X marks the spot. X X X
RE: ip addresses
How do you apply IPs via DHCP anyway? We provide wireless high speed internet. The customers have a cable modem in their home that connects to an antenna on their roof. It is a microwave signal to our tower, that gets translated into ethernet in our tower hut, we then have a linux box running DHCPD right before the customer hits the router. They must give us their mac address and we place that in the DHCPD.CONF file and allow only known hosts. -Original Message- From: Russell Coker [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 08, 2000 10:52 AM To: Jamie Bumsted; debian-isp@lists.debian.org Subject: Re: ip addresses On Mon, 07 Aug 2000, Jamie Bumsted wrote: Hi all! Just wondering what most people do for customer IP addresses. I am new to the ISP business and the system that I have taken over assigns routable ip's to customers via DHCP. I was just wondering if anyone used private IP's and applied NAT to their customers or if that can even be done. Sure, NAT is easy to apply to customers. But it is a lower quality of service (they can't run servers, and custom programs may not work through NAT). If they have an implied contract which involves real IP addresses then applying NAT to them would be a breach of contract. I have worked for ISPs that offer various types of service, some of which had NAT. At one ISP they paid more because it was part of a service to protect users from accessing pr0n sites. ;) How do you apply IPs via DHCP anyway? -- My current location - X marks the spot. X X X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ip addresses
Hi all! Just wondering what most people do for customer IP addresses. I am new to the ISP business and the system that I have taken over assigns routable ip's to customers via DHCP. I was just wondering if anyone used private IP's and applied NAT to their customers or if that can even be done. TIA Jamie Bumsted [EMAIL PROTECTED]
