Zitat von Romgo ro...@free.fr:
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
It is a somewhat special case. UDP by itself is not stateful at all so
any stateful firewall have to use some timeout values to
Zitat von Romgo ro...@free.fr:
I see, but It should be statefull right ?
If using stateful UPD filtering you might get hit by short timeout
values for UDP state matching, so packets get dropped if the query is
too slow.
Regards
Andreas
___
Zitat von sasa sasa sasasa20...@yahoo.com:
Hi,
I got a server with 16GB memory, want to install 2 BIND on CentOS,
one cache only and another authoritative.
Is it better to install 2 OS virtually and run BIND in them or run 2
instances of BIND on the same OS? I mean what is the best practice
Zitat von Adamiec, Lawrence ladam...@kentlaw.edu:
Here are some results using the same commands you used.
# dig @63.200.45.18 ns1.bonsi.org soa
; DiG 9.6.1-P3 @63.200.45.18 ns1.bonsi.org soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status:
Zitat von Kevin Oberman kob6...@gmail.com:
On Tue, Jun 28, 2011 at 7:32 AM, Ryan Novosielski novos...@umdnj.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/28/2011 12:30 PM, David Sparro wrote:
On 6/28/2011 11:15 AM, iharrathi@orange-ftgroup.com wrote:
Hi all,
I'm testing
Zitat von iharrathi@orange-ftgroup.com:
on server1(64 bit) i have 2 Intel E5310 quad-core 1.6Ghz and on
server2(32 bit) i have 2 Intel Xeon dual-core 2.33Ghz.
means 8*1.6 Ghz on server1 and 4*2.33 on server2.
8*1.6 is better and faster than 4*2.33, no?
This would only apply for
Zitat von Stephane Bortzmeyer bortzme...@nic.fr:
On Tue, May 31, 2011 at 05:59:08PM -0400,
Warren Kumari war...@kumari.net wrote
a message of 52 lines which said:
Does anyone else find the bind-users list to be very slow?
Same problem for me.
No wonder the list is slow if everyone send
Zitat von Dan Pritts da...@internet2.edu:
Hi,
A question regarding BIND defaults. I'd love the same answer for
other nameserver software if anyone
cares to share.
http://www.unbound.net/documentation/info_timeout.html
For sure Bind is doing something similar.
Regards
Andreas
Zitat von Anand Buddhdev ana...@ripe.net:
On 16/05/2011 14:11, Dennis Perisa wrote:
Hi folks,
We are looking to dual-stack our 9.7.3 DNS resolvers and I had a
question about BIND's behaviour in a dual-stack configuration.
Assuming the resolver's cache is empty, will a query that arrives on
Zitat von babu dheen babudh...@yahoo.co.in:
Hi,
We have two internal Windows DNS servers which answer all DNS query
by forwarding it to gateway DNS server running in Redhat BIND. But i
have a query regarding allowing ROOT DNS query on internal DNS server.
I guess it does not mean your
Zitat von Lazy lazy...@gmail.com:
2010/12/30 Lazy lazy...@gmail.com:
2010/12/28 Dennis Clarke dcla...@blastwave.org:
trying to resolve www.microsoft.com or microsoft.com results in a
connection timed out; no servers could be reached
Well, for what it's worth - it's not just you having
Zitat von Mark Andrews ma...@isc.org:
Is this still with BIND 9.7.0-P1 or something more recent? If it
is still BIND 9.7.0-P1 then please upgrade. There really is no
point debugging validation failures in BIND 9.7.0-P1 anymore as the
validator has had really extensive changes since then.
Zitat von John Williams john.1...@yahoo.com:
I'm being told there is an RSA verification failure on the .US domain. I''m
getting details from the following; http://dnsviz.net/d/us/dnssec/ I have a
signed zone under us. How does this affect my domain and other signed zones
under .US?
As
Zitat von David Forrest d...@maplepark.com:
On Tue, 16 Nov 2010, Mark Andrews wrote:
snipped
Isn't sufficient to configure the root trust anchor inside
managed-keys {};
statement? If I understand correctly the key should be automatically
updated, shouldn't it?
For 9.7 yes.
I just
Zitat von Mark Andrews ma...@isc.org:
Is this still with BIND 9.7.0-P1 or something more recent? If it
is still BIND 9.7.0-P1 then please upgrade. There really is no
point debugging validation failures in BIND 9.7.0-P1 anymore as the
validator has had really extensive changes since then.
Zitat von Mark Andrews ma...@isc.org:
In message 20101118131400.37717e5p5tard...@webmail.kwsoft.de,
lst_ho...@kwsof
t.de writes:
We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many broken
trust chain errors in
We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many broken
trust chain errors in the bind log for non existing records. One
example is
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain)
Zitat von Maria Iano bind-li...@iano.org:
We are working with a software vendor whose software only works with
relative hostnames - they say it can't cope with a fully-qualified
domain name. They want us to make sure the necessary domain is in
all clients' search lists. Does anyone have
Zitat von The Doctor doc...@doctor.nl2k.ab.ca:
My question is how can you detect if a DSN / Domain name
has been 'poisoned'?
Compare what your cache deliver with results from other sites. To
prevent cache poison you might use DNSSEC if the zones which are
affected support it and at least
Zitat von Barry Margolin bar...@alum.mit.edu:
In article mailman.265.1285967251.555.bind-us...@lists.isc.org,
lst_ho...@kwsoft.de wrote:
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at
our caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to alwawys
force obeying DNSSEC signed zones for resolving eg. if i use dig
+cdflag
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:26 PM, lst_ho...@kwsoft.de wrote:
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at our
caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
invalid DNSSEC data *in all cases* eg. even if a client ask with the
cdflag (checking disable) set.
CD means don't check, so you can't by
23 matches
Mail list logo
