Re: How to suppress ADDITIONAL SECTION per zone

On 01.07.13 04:02, blrmaani wrote: We are noticing that a handful of our domains are being used for amplification attacks and we would like to reduce outgoing (DNS response) packet size. One solution is to reduce the additional sections in the response for these handful zones and I would like to

Re: Reverse address entries

>In article , > Charles Swiger wrote: >> Certainly. Various software performs what's called a double-reverse >> lookup >> to confirm that the A and PTR records match. In article , Matus UHLAR - fantomas wrote: He apparently meant exactly the same. Also calles FcRDNS - "forward confirmed" or

Re: Reverse address entries

In article , Matus UHLAR - fantomas wrote: > >> On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" wrote: > >> > Hello all, is there any reason to setup reverse address entries for a > >> > zone? > > >In article , > > Charles Swiger wrote: > >> Certainly. Various software performs what's called a

Re: How to suppress ADDITIONAL SECTION per zone

On 01/07/13 12:02, blrmaani wrote: We are noticing that a handful of our domains are being used for amplification attacks and we would like to reduce outgoing (DNS response) packet size. One solution is to reduce the additional sections in the response for these handful zones and I would like to

Re: Discover Unreferenced Zones/Records

Hi Tony,On Jul 01, 2013, at 06:19 AM, Tony Finch wrote:Bryan Harris wrote: > > I have discovered that we have an excessive amount of old zones not being > used.  Is there a trick, or a simple way to determine which zones have not > been referenced in a long time? BIND can ke

Re: Discover Unreferenced Zones/Records

Bryan Harris wrote: > > I have discovered that we have an excessive amount of old zones not being > used.  Is there a trick, or a simple way to determine which zones have not > been referenced in a long time? BIND can keep per-zone counts of response codes (success, various kinds of failure, etc.

Re: Discover Unreferenced Zones/Records

There might be some zones that are rarely used, you may see those as dead using that method. I was thinking of a script that would take your list of zones (essentially the .conf file) and for each zone do something like a "dig +trace" and look for whether your servers are listed as name servers fo

Re: How to suppress ADDITIONAL SECTION per zone

If these are authoritative DNS servers then just enable minimal-responses, so clients will only ever get the records that they requested. Steve On 1 July 2013 12:02, blrmaani wrote: > We are noticing that a handful of our domains are being used for > amplification attacks and we would like to r

Discover Unreferenced Zones/Records

Hi all,I have discovered that we have an excessive amount of old zones not being used.  Is there a trick, or a simple way to determine which zones have not been referenced in a long time?My best guess is to simply log queries and read the log files.  Would that be the recommended way?Our intent is

Re: How to suppress ADDITIONAL SECTION per zone

We are noticing that a handful of our domains are being used for amplification attacks and we would like to reduce outgoing (DNS response) packet size. One solution is to reduce the additional sections in the response for these handful zones and I would like to know if there is any way to add s

Re: Reverse address entries

On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" wrote: > Hello all, is there any reason to setup reverse address entries for a zone? In article , Charles Swiger wrote: Certainly. Various software performs what's called a double-reverse lookup to confirm that the A and PTR records match. On 0

Re: Reverse address entries

In article , Charles Swiger wrote: > On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" wrote: > > Hello all, is there any reason to setup reverse address entries for a zone? > > Certainly. Various software performs what's called a double-reverse lookup > to confirm that the A and PTR records match