Hi All,
We're running a series of RHEL 7.4 machines (kernel version
3.10.0-693.1.1.el7.x86_64) running bind version 9.9.4-RedHat-9.9.4-51.el7. Our
configuration consists of a hidden master and three hidden slave/recursive
resolvers. I'm getting a LOT of errors on the slaves that look like:
On 17 May 2018 at 13:30, Blason R wrote:
> Hi,
>
> I have RPZ installed on server and its acting as a master server but
> somehow port setting is not working on master
>
> [...]
>
> So here I am sending notification to 192.168.5.49 on port 4545; my
> queries are
>
> How do
Hi,
I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master
## Master Server configuration
response-policy { zone "malware.trap"; };
zone "malware.trap" {
type master;
file "/var/lib/bind/malware.trap.db";
notify explicit;
Hey Nico, long time no speak, hope you are well! You still at Efficient IP?
Yes that would be a great idea in theory but in practice it would require a
massive infrastructure change for this customer, we'd also have to migrate the
anycast IPs to these new nodes (does dnsdist support anycast?),
Hi Roberto,
> On 17 May 2018, at 16:25, Roberto Carna wrote:
>
> Dear Tony, so you say that it's impossible what I want...
>
> In this scenario that my two DNS servers respond queries at the same
> time, suppose the primary server goes downhow do clients know that
On Thu, May 17, 2018 at 4:26 PM Roberto Carna
wrote:
> Dear Tony, so you say that it's impossible what I want...
> In this scenario that my two DNS servers respond queries at the same
> time, suppose the primary server goes downhow do clients know that
> they have
OK, now I understandthank you very much !!!
Regards.
2018-05-17 11:25 GMT-03:00 Roberto Carna :
> Dear Tony, so you say that it's impossible what I want...
>
> In this scenario that my two DNS servers respond queries at the same
> time, suppose the primary server
Dear Tony, so you say that it's impossible what I want...
In this scenario that my two DNS servers respond queries at the same
time, suppose the primary server goes downhow do clients know that
they have to query the secondary DNS server at this moment?
Thanks again.
2018-05-17 11:19
On Thu, May 17, 2018 at 4:07 PM Roberto Carna
wrote:
> Hi people, I've implemented two BIND9 servers for my company, one as
> primary public DNS server and the other as secondary public DNS
> server.
> I always believed that all the client queries coming from Internet
Dear Nico, my BIND servers are authoritativethey have delegated
several zones.
2018-05-17 11:12 GMT-03:00 Nico CARTRON :
> Hi Roberto,
>
> On 17 May 2018, at 16:06, Roberto Carna wrote:
>
> Hi people, I've implemented two BIND9 servers for my
Roberto Carna wrote:
>
> I always believed that all the client queries coming from Internet go
> to the DNS primary server, and if it is down, just in this case go to
> the DNS secondary server.
It can't happen that way because there's no way for a resolver to tell
Hi Roberto,
> On 17 May 2018, at 16:06, Roberto Carna wrote:
>
> Hi people, I've implemented two BIND9 servers for my company, one as
> primary public DNS server and the other as secondary public DNS
> server.
>
> I always believed that all the client queries coming
Hi people, I've implemented two BIND9 servers for my company, one as
primary public DNS server and the other as secondary public DNS
server.
I always believed that all the client queries coming from Internet go
to the DNS primary server, and if it is down, just in this case go to
the DNS
Hi Paul,
> On 17 May 2018, at 13:46, Paul Roberts wrote:
>
> Good grief indeed!
>
> I would love to implement 'fetches-per-zone' but we need to get them onto
> BIND 9.11 first, that's a few months away.
>
> Unfortunately I can't just block this traffic else I'll
Good grief indeed!
I would love to implement 'fetches-per-zone' but we need to get them onto BIND
9.11 first, that's a few months away.
Unfortunately I can't just block this traffic else I'll have the security teams
wanting to know why we are compromising their desktop security.
Even
nagaraju wrote:
>
> Scenario: Querying information of Domain "A" and "B", use the IP address
> of the domain "B" to associate for domain "A"
>
> Issue: During the above scenario testing, observed there rejection of DNS
> update requests by named process.
What
Paul Roberts wrote:
> After doing some more packet captures, it looks like a lot of the
> queries are related to Sophos live protection DNS lookups (lots of
> queries for sophosxl.net), so there are a lot of queries which don't get
> resolved.
Good grief.
There are a
please wrap your lines when possible. <76 characters ideally.
On 17.05.18 08:32, Paul Roberts wrote:
After doing some more packet captures, it looks like a lot of the queries
are related to Sophos live protection DNS lookups (lots of queries for
sophosxl.net), so there are a lot of queries
After doing some more packet captures, it looks like a lot of the queries are
related to Sophos live protection DNS lookups (lots of queries for
sophosxl.net), so there are a lot of queries which don't get resolved. We see
multiple queries for the same name and the resolver seems to retransmit
19 matches
Mail list logo