On 14/04/15 00:44, Mark Andrews wrote:
No. Named caches NXDOMAIN and NOERROR NODATA to ANY queries
indendently of qtype (with the exception of DS/NXDOMAIN).
Shrug. As I've said a couple of times, I'm not experiencing this
problem, so it makes no difference to me. I'm really just wondering al
In message <552bb1d3.10...@imperial.ac.uk>, Phil Mayers writes:
> On 11/04/15 14:03, Chuck Anderson wrote:
>
> > I can't stop clients from making certain kinds of queries (unless BIND
> > has a feature to refuse such queries or not recurse for them?).
> > Whenever a client makes the 'ANY' query,
On 13/04/15 14:28, Tony Finch wrote:
Phil Mayers wrote:
Be interesting to see what happens. I like the NSEC/TYPExxx idea for
simplicity.
The best suggestion so far is
http://www.ietf.org/mail-archive/web/dnsop/current/msg13945.html
Nice, didn't spot that one.
__
Phil Mayers wrote:
>
> Be interesting to see what happens. I like the NSEC/TYPExxx idea for
> simplicity.
The best suggestion so far is
http://www.ietf.org/mail-archive/web/dnsop/current/msg13945.html
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Tyne, Dogger: Variable 3 or 4, becoming southwe
On 13/04/15 14:12, Tony Finch wrote:
Phil Mayers wrote:
Ah ha. This is interesting.
If you like that you'll loathe this:
http://www.ietf.org/mail-archive/web/dnsop/current/msg13667.html
Yowza! The threads surrounding that one... I see djb chimed in.
ANY is useful. It would be a marginal p
Phil Mayers wrote:
>
> Ah ha. This is interesting.
If you like that you'll loathe this:
http://www.ietf.org/mail-archive/web/dnsop/current/msg13667.html
There has been a fair amount of discussion about taming ANY queries on the
dnsop list in recent weeks, though it has mostly focussed on positiv
On 13/04/15 13:48, Tony Finch wrote:
Phil Mayers wrote:
TBH I wonder if bind mightn't be better caching ANY as a separate
pseudo-type, if I'm understanding the problem correctly.
Actually I think you are asking for BIND not to treat ANY specially :-)
Maybe. I don't have ANY (ha! ha! oh my
Phil Mayers wrote:
>
> TBH I wonder if bind mightn't be better caching ANY as a separate
> pseudo-type, if I'm understanding the problem correctly.
Actually I think you are asking for BIND not to treat ANY specially :-)
If BIND gets a positive answer to an ANY query, it caches each RRset from
th
On 11/04/15 14:03, Chuck Anderson wrote:
I can't stop clients from making certain kinds of queries (unless BIND
has a feature to refuse such queries or not recurse for them?).
Whenever a client makes the 'ANY' query, it effectively causes a DoS
on that name. Luckily the MinTTL is only 30 second
On Thu, Apr 09, 2015 at 12:31:14PM +0100, Phil Mayers wrote:
> On 08/04/15 22:00, Chuck Anderson wrote:
>
> >No, you are right. My filtered view of the packet capture was missing
> >the fact that another unrelated client did an 'ANY' query. I found it
> >in the query log. BIND 9.10 implements p
On 08/04/15 22:00, Chuck Anderson wrote:
No, you are right. My filtered view of the packet capture was missing
the fact that another unrelated client did an 'ANY' query. I found it
in the query log. BIND 9.10 implements prefresh, but I'm on 9.8.2.
Oops just saw this, disregard my other ema
On 08/04/15 20:25, Chuck Anderson wrote:
My questions are, what is at fault here? Is it a BIND bug to expect
It all sounds really odd. In particular, if there is no recursive client
triggering them, and no prefetch, where are these ANY/A queries on TTL
expiry coming from?
Are you certain
In article ,
Chuck Anderson wrote:
> I will now go back to the load balancer vendor and see if they can
> make it answer 'ANY' queries correctly.
Don't hold your breath. Load balancers have been notoriously inept DNS
servers for many years.
--
Barry Margolin
Arlington, MA
___
On Wed, Apr 08, 2015 at 03:58:00PM -0400, Barry Margolin wrote:
> In article ,
> Chuck Anderson wrote:
> > 1. On TTL expiry, BIND sends an 'ANY' query for the RR in question to
> >the authoritative servers for the zone (load balancers). This
> >happens even if there is no current recursi
In article ,
Chuck Anderson wrote:
> I have load balancers (I know, run away now) acting as authoritative
> servers for a GSLB zone. The sub-zone is delegated properly from my
> main zone which runs BIND. All my clients are using the BIND server
> as their caching resolver.
>
> Every once in
I forgot to mention, this is on RHEL 6.6's package of bind, named -V
returned "BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2", so I don't
think 9.10's prefetch feature is involved.
On Wed, Apr 08, 2015 at 03:25:16PM -0400, Chuck Anderson wrote:
> I have load balancers (I know, run away now) acting a
I have load balancers (I know, run away now) acting as authoritative
servers for a GSLB zone. The sub-zone is delegated properly from my
main zone which runs BIND. All my clients are using the BIND server
as their caching resolver.
Every once in a while, my mail server gets back a 'NOANSWER' for
17 matches
Mail list logo
