Ondřej
By the way, have you ever considered using Redis as an in-memory
cache database? I’ve been thinking about offloading some of the TTL
expiry and cache management to Redis.
In some customer environments, the query volume is extremely high —
we’re using Mellanox CX-6 25G
Ondřej,
I usually include *qname-wait-recurse no* after the *response-policy {
... } *block, hoping to avoid issues where SERVFAILs, lame delegations,
or firewalled authoritative servers might interfere with RPZ responses.
I’m not entirely sure if I’m just being a bit /superstitious/ about tha
Apparently you have 295108 zones, maybe you can try one single rpz zone
with all 295108 fqdn's like
.
12724[.]xyz IN CNAME .
21736[.[xyz IN CNAME .
.
instead of one zone per fqdn, and see if the memory footprint changes
(both VMEM and RES)
Good luck!
Carlos Horowicz
Planisys
On 0
Hello there,
I’m not a BIND developer either, but I was intrigued when you mentioned
/millions of zone entries/. Are you referring to millions of individual
zones, rather than consolidating entries into a single RPZ zone?
Apologies if I misunderstood your setup. I’ve also encountered memory
Hi
The problem seems related to "No zone cut at 90.45.in-addr.arpa." ,
shouldn't trigger a SERVFAIL with qname-minimisation relaxed
This is strange, because the intermediate response has a SOA , and NSEC
seems enough to fail-over to qname-minimisation off .. it seems you're
force to set the
fers backwards
Vincent
On Thu, 1 May 2025, Carlos Horowicz via bind-users wrote:
Hi,
For SERVFAIL to happen, ALL authoritative for the affected domains
must have been in Datacenters in Spain, Portugal or southern France.
I live in Spain, and as 12:33 CET I lost not only power but basic
tele
Hi,
For SERVFAIL to happen, ALL authoritative for the affected domains must
have been in Datacenters in Spain, Portugal or southern France.
I live in Spain, and as 12:33 CET I lost not only power but basic
telephony, cellular telephony and cellular data. Everything. Power
generators were onl
Hi,
you mean "edns-client-subnet yes;" in opensource bind9.18 right ?
("unknown option 'edns-client-subnet'")
-Carlos
On 17/02/2025 18:00, Petr Špaček wrote:
On 14. 02. 25 17:41, Rainer Duffner wrote:
Am 14.02.2025 um 17:39 schrieb Greg Choules
:
Hi.
Is this a question about BIND, or Unb
DoT instead of plaintext UDP/53 , but also zone
transfers over the Internet encrypted with TLS (thus the reference to
certificates).
-Carlos
On 27/01/2025 14:02, Carlos Horowicz via bind-users wrote:
IMHO this has nothing to do with DNSSEC, it sounds more like the urge
to encrypt resolver
IMHO this has nothing to do with DNSSEC, it sounds more like the urge to
encrypt resolver traffic (I guess they're referring to DoT)
On 27/01/2025 13:55, Marc wrote:
FYI - EO 14144 has the following provision related to encrypting DNS:
(c) Encrypting Domain Name System (DNS) traffic in transit
n Internet Draft — there is a helpful
page here: https://authors.ietf.org/en/home
<https://authors.ietf.org/en/home> .
W
Robert Wagner
*From:* bind-users on behalf of
Carlos Horowicz via bind-users
*Sent:* Thu
Hi there,
does anyone know of the bind developers thinking of incorporating
post-quantum cryptography into bind9 , like Cloudflare with
X25519Kyber768 on BoringSSL ?
I'm just curious about if there are thoughts or ongoing work, or if this
is in the near roadmap at all.
Thank you,
Carlos H
Petr Špaček
Internet Systems Consortium
What sort of QPS are each of your servers handling?
Cheers, Greg
On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bind-users
mailto:bind-users@lists.isc.org>> wrote:
On 8/24/24 07:37, Carlos Horowicz via bind-users wrote:
> 2. if RPZ re
rver first.
Hope that helps.
Cheers, Greg
On Fri, 23 Aug 2024 at 20:43, Carlos Horowicz via bind-users
wrote:
Hello List,
an ISP has brought a case where several customers do not agree
with our web interface portal that lets select different RPZ zones
to be activated fo
Hello List,
an ISP has brought a case where several customers do not agree with our web
interface portal that lets select different RPZ zones to be activated for a set
of resolvers that are common to all customers. They even belong to different
countries where some domains are banned.
Given t
Hello List,
an ISP has brought a case where several customers do not agree with our
web interface portal that lets select different RPZ zones to be
activated for a set of resolvers that are common to all customers. They
even belong to different countries where some domains are banned.
Given
16 matches
Mail list logo
