On 2016-10-02 21:22, Reindl Harald wrote:
>
>
> Am 02.10.2016 um 22:42 schrieb David Ford:
>> On 2016-10-02 12:59, Reindl Harald wrote:
>>>
>>>> IOW, can a given *IP* appear in more than one A record? I realize
>>>> that this does have the problem t
On 2016-10-02 12:59, Reindl Harald wrote:
>
>> IOW, can a given *IP* appear in more than one A record? I realize
>> that this does have the problem that the reverses would resolve to
>> hostX not
>> test
>
> on IP should only have on PTR - period
>
> avoid anything else than PTR/A-matching if the m
i have a project i'm in the middle of developing a project that uses
postgresql as the dlz backend and has a web interface. it works for most
day-to-day operations for zone edits (GUI zone add/remove not yet in
place) and it is multi-user concurrent and uses a small middleware to
replicate to multi
We are also one of those services that will reject mail if DNS records
don't line up sufficiently to a) satisfy RFC requirements for DNS and b)
are clearly mismatched with your DNS A/MX/PTR/SPF and who you pretend to
be in HELO/EHLO
Those two simple rules block more than 92% of incoming spam attem
# dig +noall +answer dave.knig.ht a|awk '/IN\tA\t/ {print $NF}'
216.235.14.46
signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing li
On 02/26/2014 05:48 PM, Lawrence K. Chen, P.Eng. wrote:
> Except that security patches haven't been going into BIND 4 for some time
probably because BIND4 has been deprecated since 2007. BIND8 was
deprecated in 2008. BIND 9.4 was deprecated in 2008 with the last
release of 9.4-ESV in 2012. the la
it's posted 2x, slightly different.
To: comp.protocols.dns.b...@googlegroups.com
To: comp-protocols-dns-b...@isc.org
both cc the newsgroup
-david
On 06/25/2012 06:11 PM, Barry Margolin wrote:
I read bind-users through the comp.protocols.dns.bind newsgroup. I'm
seeing lots of duplicate posts.
fyi, DLZ external has been broken post 9.8.1p1. fails to compile with
an undefined reference to main. both for 9.8.2 and 9.9.0
-david
make[4]: Entering directory
`/usr/vport/portage/net-dns/bind-9.9.0/work/bind-9.9.0/bin/tests/system/dlzexternal'
/bin/sh /usr/vport/portage/net-dns/bind-9.9.0
i guess that depends on how particular you are about what a piece of
static data is, where it's stored, and what API you want to do your
talking with. all our dns is managed via a modified Ant web interface
that talks to a pgsql backend. that sql backend is what named uses.
-david
On 12/21/2011
ISC have replied and indicated that BIND 10 was designed, with
resilience to abnormal events, in mind. i'm eagerly looking forward to
trying it out now.
i disagree that it's easier to find and fix. many people will simply
wrap it in a while(1) and ignore it because we don't have the time to
sit
can we have a paradigm shift from ISC please? instead of falling over
dead with insist/assert, please bleat a warning and drop the problematic
issue on the floor instead and press on with business. many BIND DoS
attacks (and zone typos) are very effective for just this reason.
:)
__
methinks a few bytes got missed
--- sdlz_helper.c~ 2010-05-14 02:29:37.0 -0400
+++ sdlz_helper.c 2011-09-05 01:22:55.394409909 -0400
@@ -50,7 +50,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifdef DLZ
+#ifdef CONTRIB_DLZ
#include
:)
-david
_
if an interface flaps, bind 9.8.0p2 drops that IP binding and doesn't listen to
it any more, requiring a restart
known bug?
-david
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing li
https://blue-labs.org/software/dns/bogon-update.py
-david
On 02/23/11 23:04, Gregory Machin wrote:
> Hi.
> Thanks for the support and assitance. I see that the issue is related
> to the "bogon" filter in bind configuration.
>
> Where can I get a valid bogon list .
> Thanks
__
A snippet of the log to start with
11-Jun-2010 06:35:08.959 Postgres driver unable to find available
connection after searching 30 times
11-Jun-2010 06:35:08.959 Postgres driver unable to return result set for
findzone query
/*%
* Loops through the list of DB instances, attempting to loc
BIND has long had issues with threading since it started supporting
threaded operation. I recommend you simply recompile without thread
support.
I retry compiling with thread support about twice a year and as of late
last year, BIND still hung soon after restart with threading enabled.
-david
O
I don't use mysql, I use postgresql. For web mgt, I use a locally
modified copy of Ant.
-david
On 01/22/10 13:34, da...@from525.com wrote:
>
> All,
>
> I was wondering if any of the folks out there using bind-dlz with
> mysql have found a decent web based tool for managing their data?
>
> Thanks
There is no perfect solution which either a) is technically correct for
everyone, or b) is religiously correct for everyone.
Rather, try to learn how to best implement a given solution correctly
such as SPF if it has value to your organization. There will always be
someone foaming at the mout
Every few releases I try to add threads back in and get the same
results. Both on my 32bit linux and 64bit linux machines (current
gentoo). Named crashes or hangs.
Jeff Lightner wrote:
> This may have something to do with the different way Linux does threads
> compared to UNIX.
>
> On my RHEL5
Bind and threading don't get along, I have always had to force bind to
compile without thread support entirely.
Jesse Cabral wrote:
> So I can understand the original goal, let me re-clarify the objective.
>
> The problem of Bind hanging is thought to be caused by an interthread lock.
>
> The sugg
afaik, yes it's expected - for the reason that we don't yet have a smart
way across all types of database to find the most specific match without
doing multiple queries.
-david
Scott Haneda wrote:
> The DLZ users mailing list is pretty quiet, thought to ask here in
> case someone can elaborate.
>
I use the DLZ/PG backend and it's rock solid. I use Ant with a few
modifications for my front end.
Stephen Carville wrote:
> I have to bother you all again.
>
> I was asked Friday afternoon about using a database with the new BIND
> servers. To me it seems using MySQL or PostgreSQL is a bit like
libtool: link: i686-pc-linux-gnu-gcc -O2 -mtune=i686 -march=i686 -pipe
-D_GNU_SOURCE -I/usr/include/libxml2 -o .libs/named .libs/builtin.o
.libs/client.o .libs/config.o .libs/control.o .libs/controlconf.o
.libs/interfacemgr.o .libs/listenlist.o .libs/log.o .libs/logconf.o
.libs/main.o .libs/notify.
Here's a question. Are we incapable of dealing with things like
underscores in hostnames? Is there any significant harm in adapting?
-david
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
JINMEI Tatuya / 神明達哉 wrote:
> At Fri, 06 Feb 2009 21:36:18 -0500,
> David Ford wrote:
>
> You specify the IP address of the NS in question as bogon. That
> should be the reason for the SERVFAIL.
>
>
>> acl "bogon" {
&
An intelligently designed firewall rule that drops the incoming requests
isn't doing exactly what the attacker wants. It's the opposite. The
main effect of forged lookups is a response flood. And so it is also
intended to flood the victim with overwhelming amounts of DNS
responses. It, like any
Yes, I'll be happy to test it.
-david
JINMEI Tatuya / 神明達哉 wrote:
>
> If you can easily reproduce the problem (I guess so according to the
> above), an experimental patch to diagnose such errors may help. It
> will be available in the next versions of BIND9 (9.6.1 etc), but if
> you're willing t
NS ns2.linkyo.com.
> supermedia.howtoburndvd.net. 3600 INNS ns1.linkyo.com.
>
> Andy
>
> David Ford wrote:
>> The hostname is: emailimage2.howtoburndvd.net
>>
>> I have two nameservers running 9.6.0-p1. If I query ns{1,2}.linkyo.com
>> directly I
The hostname is: emailimage2.howtoburndvd.net
I have two nameservers running 9.6.0-p1. If I query ns{1,2}.linkyo.com
directly I always get an answer. If I use my own nameservers I get
mostly failures of NXDOMAIN of linkyo.net or SERVFAIL for the hostname.
DNS testers yield similar but without e
Use the DLZ extension. It's been around for a while.
I.e. put the following in your named.conf and use whatever interface you
wish. I use Ant with a few modifications. I don't have nearly the
number of domains that you do so my simple system works fine.
dlz "postgres zone" {
database "p
Naive users messing up using CNAMEs is really neither here nor there
because they are just as likely to mess up any other type of DNS
record. The fact that CNAME MX records has not destroyed the internet
belittles the staunch firestorm that CNAME MX records will destroy the
internet. I've never h
Thank you for this notification. It indicates that today would be a
great day for for miscreants to make hacking attempts at your account.
You don't put a sign up in the front yard of your home that you're away
on vacation do you?
;-)
-david
rd...@monroehosp.org wrote:
> I will be out of the o
I see it all the time on both sides of the fence. I personally support
it because even though I sometimes am impacted by it, the amount of
actual spam I filter out because of this is significant.
>> - it's clear violation of RFC 5321 (and former 2821, 821) - server MUST NOT
>> reject connection
for a while now and I don't know
if the current releases of BIND have incorporated any thought to
handling DNSSEC for DLZ zones. Very few people use DLZ but I'm most
sure that a solution is or will be made soon.
-david
Bill Larson wrote:
> On Dec 29, 2008, at 11:35 PM, David Fo
I don't. I have a working DLZ setup.
Scott Baker wrote:
> Just out of curiosity, what real world scenario do you have 50 million
> records under one domain?
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinf
I use DLZ w/ postgres. It's been working pretty good for me for a while
now.
-david
Andrew Ferk wrote:
>> What are the backend database options available? Is bind-sdb active
>> developed and is it production ready?
>>
>
> You can use mysql with dlz. I have yet to get it successfully
> work
did you update the ns records with your registrar?
Milo Hyson wrote:
> I'm seeing what looks like a stuck glue record in the GTLD servers and
> I'm hoping I've just overlooked something simple. There are several
> domains which list the following as their nameservers:
Sam Wilson wrote:
> I hadn't noticed it but all the records in the response to a request for
> the MX for tmomail.net have a TTL of 60 seconds, that's the MX record,
> the NS authority record and the additional A record. The names in the
> delegation NS records for for tmomail.net are different
I frequently send short messages to some cellphone users on
tmomail.net. Several weeks ago I started noticing that bind is having
problems keeping records for tmomail once they get stale. Specifically
the MX record. If I restart bind, I can immediately get the MX record
again.
I'm running 9.5.0
Is there any indication about why named shuts down immediately in those
logfiles?
-david
Alberto Colosi/SI/RM/GSI/it wrote:
>
> For sure as IBM or Microsoft or an org so big could have!.
> My named.conf is really full of ACL and confs.
>
> my logging channels are: (but I should find something
Look at your log files, commonly in /var/log/
Did you define other logfiles in your named.conf that you had working
with 9.51b3?
-david
Alberto Colosi/SI/RM/GSI/it wrote:
>
> Hi, why I have BIND from 4 and 8 releases and from born of 9 release I
> lifted up till 9.5.1b3 that is working fine.
>
>
>> > style=3D'font-size:10.0pt;
>> font-family:Arial'> =
>> &=
>> nbsp; &n=
>> bsp; &nb=
>> sp; 2008110601
>> ; serial
>>
when replying or forwarding, please try to trim off this
gawdawfulfuckery that m$ mail produces. the original email is <1k in
si
42 matches
Mail list logo