RRSIG for glue records

2010-08-04 Thread rams
Hi , I have delegated NS records and those records pointed to A records in signed zone. When I queired for my delgated domain against bind 9.6-p3. Bind is returning NS records and RRSIG for NS in authority section correctly. Glue records are returned correctly in additional section but RRSIG

Re: Script-kiddie / client IP query (cache) 'host/MX/IN' denied

2010-08-04 Thread Matus UHLAR - fantomas
On 03.08.10 18:01, Denis BUCHER wrote: I have a question, it's not really a big problem, but it's annoying. In the logs I get plenty of lines like : client 202.152.172.4 query (cache) 'denkstelle.de/MX/IN' denied: 1 Time(s) client 202.152.172.4 query (cache) 'denkstunde.de/MX/IN' denied: 2

Re: Script-kiddie / client IP query (cache) 'host/MX/IN' denied

2010-08-04 Thread Denis BUCHER
Le 03.08.2010 21:25, Kevin Darcy a écrit : I would like to know if I can block hosts doing that at the level of /etc/hosts.allow or should I do it at the level of Bind itself ? Use IPTables or add rules to your firewall. I don't believe that BIND pays any attention to /etc/hosts.allow Yes I

Re: unexpected RCODE (REFUSED) resolving

2010-08-04 Thread Michelle Konzack
Hello Mark Andrews, Am 2010-08-04 08:32:29, hacktest Du folgendes herunter: Basically you need to complain to the administators for xensource.com to get the delegation cleaned up or the server configured. OK... done! xensource.com is delegated to 68.156.138.136 but that server is refusing

RE: Hijacked or Wrong Configuration?

2010-08-04 Thread Murphy, Rick
On 2010-08-03, Mark wrote: In message OF7DE7E9DC.8EF91A8C-ON88257775.000385AF- 88257775.00043...@kp.org, bill.li...@kp.org writes: Now they can NOT get to the site - am I configured wrong? -- or -- did the domain get hijacked in the interm? Site: hysl.org DNS:

Re: Script-kiddie / client IP query (cache) 'host/MX/IN' denied

2010-08-04 Thread Sten Carlsen
You may want to consider how to trigger removal of this blocking when the problem has gone away and the address is again used responsibly. Maybe add a log statement with a limitation of one per day and checking that this is no longer seen for some time? IPTABLES can do the logging. On 04/08/10

Re: RRSIG for glue records

2010-08-04 Thread Alan Clegg
On 8/4/2010 2:58 AM, rams wrote: I have delegated NS records and those records pointed to A records in signed zone. When I queired for my delgated domain against bind 9.6-p3. Bind is returning NS records and RRSIG for NS in authority section correctly. Glue records are returned correctly

Recursion problems

2010-08-04 Thread Baird, Josh
Hi, I am having problems with recursion for domains that reside on two particular nameservers. My BIND9 servers return a SERVFAIL and do not attempt to recurse to the authoritative nameservers for ugabookstore.com. I have verified that my caching servers are not contacting ugabookstore.com's