> I could see it being useful to extend the enum to
> AUTH_QUERY_UPDATE/AUTH_QUERY_RESPONSE
That should read:
I could see it being useful to extend the enum to
AUTH_QUERY_UPDATE/AUTH_RESPONSE_UPDATE
___
Please visit https://lists.isc.org/mailman/lis
I had started down the path of adding a new enum. However, Robert's comment
made sense that the granularity of the enums is really for the QR bit and the
various points along the query resolution path, so I just used AUTH_QUERY for
prototyping purposes.
I could see it being useful to extend th
> On 3 Aug 2018, at 20:08, Robert Edmonds wrote:
>
> dnstap doesn't have any `Type` values for an authoritative nameserver
> that is an initiator. For NOTIFY, we might need to add AUTH_CLIENT_QUERY
> and AUTH_CLIENT_RESPONSE in order to distinguish the initiator and
> responder in a NOTIFY trans
On Fri, Aug 03, 2018 at 04:18:45PM -0400, Robert Edmonds wrote:
> greg.ra...@bt.com wrote:
> > Thanks Robert. I've added a few lines of code to BIND's client.c
> > source module to call dns_dt_send for updates with a type of
> > AUTH_QUERY, and it works as expected.
>
> > Is there any reason that
greg.ra...@bt.com wrote:
> Thanks Robert. I've added a few lines of code to BIND's client.c source
> module to call dns_dt_send for updates with a type of AUTH_QUERY, and it
> works as expected.
>
> Is there any reason that you can think that it should not be part of the
> standard BIND dnstap
Thanks Robert. I've added a few lines of code to BIND's client.c source module
to call dns_dt_send for updates with a type of AUTH_QUERY, and it works as
expected.
Is there any reason that you can think that it should not be part of the
standard BIND dnstap support? If not, I will gladly cont
Tony Finch wrote:
> greg.ra...@bt.com wrote:
>
> > I use nsupdate to send a DDNS update to my zone, which is added
> > successfully. However, the dnstap.output does not record the DNS
> > update.
>
> I think (arguably) this is a limitation of the dnstap specification. It's
> defined in a Protoc
On 03-Aug-18 14:00, Petr Menšík wrote:
> Hi!
>
> Our internal support reached to me with question, why are some queries
> bound to low ports silently dropped. I have found there is feature for
> that, that will silently drop queries from selected ports.
>
> I admit queries from such low ports are w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-08-03 at 20:00 +0200, Petr Mensik wrote:
> 1.
> https://gitlab.isc.org/isc-
> projects/bind9/commit/05d32f6b0f6590ca22136b753309f070ce769000
If I am reading the code correctly, that commit implies that building
bind with -DNS_CLIENT_DRO
On 08/03/2018 12:00 PM, Petr Menšík wrote:
Hi!
Hi,
Our internal support reached to me with question, why are some queries
bound to low ports silently dropped.
Please clarify if you're saying "bound to" as in the code that
originated the query came from said port or if you mean queries that
On 03.08.18 20:00, Petr Menšík wrote:
Our internal support reached to me with question, why are some queries
bound to low ports silently dropped. I have found there is feature for
that, that will silently drop queries from selected ports.
I admit queries from such low ports are wrong. But why ar
Hi!
Our internal support reached to me with question, why are some queries
bound to low ports silently dropped. I have found there is feature for
that, that will silently drop queries from selected ports.
I admit queries from such low ports are wrong. But why are some ports
allowed when some port
That would be the update response, but not the update request.
Regards,
Greg
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Darcy,
Kevin
Sent: Friday, August 3, 2018 12:56 PM
To: bind-us...@isc.org
Subject: Re: BIND 9.11.4 dnstap not capturing updates
I'm no expert in D
Thanks Tony, I see in the code now where it is not calling dns_dt_send() for
the update request.
Regards,
Greg
> I use nsupdate to send a DDNS update to my zone, which is added
> successfully. However, the dnstap.output does not record the DNS
> update.
I think (arguably) this is a limitatio
I'm no expert in DNSTAP, but I see this in the output:
opcode: UPDATE
along with proper reinterpretations of the sections:
ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
How is that "not record[ing} the DNS update"? Are you looking for something
prettier? More detailed?
- Kevin
On Fri,
Matus UHLAR - fantomas wrote:
> On 03.08.18 15:09, Tony Finch wrote:
> > minimal-any definitely reduces truncated responses - that's why I
> > implemented it :-)
>
> - are they so common that it does matter?
Well, they used to be, but Chris Thompson and I have done a lot to make
ANY queries on ou
On 03.08.18 12:10, Tony Finch wrote:
> I have a few config options which can affect TCP usage. These two should
> reduce it:
>
>minimal-responses yes;
>minimal-any yes;
Matus UHLAR - fantomas wrote:
I don't think so. minimal-responses only skip unnecessary info, so they
should have no
Matus UHLAR - fantomas wrote:
>
> it's the max-udp-size 1420 apparently.
>
> I set it to similar value because of problematic L3 switch in front of our
> DNS servers long ago.
>
> Should not be needed now.
I don't have that because of my network (which works OK), but because of
other people's bro
Matus UHLAR - fantomas wrote:
> On 03.08.18 12:10, Tony Finch wrote:
> > I have a few config options which can affect TCP usage. These two should
> > reduce it:
> >
> > minimal-responses yes;
> > minimal-any yes;
>
> I don't think so. minimal-responses only skip unnecessary info, so they
Daniel Stirnimann wrote:
>> In comparison, we get about 25-30% IPv6 queries.
We have slightly less then 25% for IPv6 queries.
On 03.08.18 12:19, Tony Finch wrote:
Hmm, I have 20% on one server and 22% on another.
it's the max-udp-size 1420 apparently.
I set it to similar value because of
Randy Bush wrote:
estimate or measure the distribution of the ratio of udp to tcp queries
on say 100 cctld servers.
On 03.08.18 12:10, Tony Finch wrote:
On a recently rebooted auth server, which hosts zones for a handful of
universities with and without DNSSEC, slightly less than 1% of querie
greg.ra...@bt.com wrote:
> I use nsupdate to send a DDNS update to my zone, which is added
> successfully. However, the dnstap.output does not record the DNS
> update.
I think (arguably) this is a limitation of the dnstap specification. It's
defined in a Protocol Buffers declaration file (see t
Daniel Stirnimann wrote:
> >> In comparison, we get about 25-30% IPv6 queries.
>
> We have slightly less then 25% for IPv6 queries.
Hmm, I have 20% on one server and 22% on another.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
a fair voting system for all elections
__
Randy Bush wrote:
>
> estimate or measure the distribution of the ratio of udp to tcp queries
> on say 100 cctld servers.
On a recently rebooted auth server, which hosts zones for a handful of
universities with and without DNSSEC, slightly less than 1% of queries are
over TCP.
$ curl -Ssf http:/
24 matches
Mail list logo
