Sudarshan Raghavan wrote:
> I have tried this on both 2.9.21 and 2.9.22 versions. Should I compile
> any extra module to get this working?
Won't help, this is the intended behaviour, I hit the same "feature"
some time back.
--
Best regards,
Duane
http://www.freeauth
munity
fuming. Especially when you consider that Nominum was one of the
companies affected by the DNS cache poisoning problem of last year,
something PowerDNS, MaraDNS and DJBDNS (all open source) weren't
vulnerable to."
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two
Stephane Bortzmeyer wrote:
> On Wed, Jul 15, 2009 at 02:59:58AM +1000,
> Duane at e164 dot org wrote
> a message of 62 lines which said:
>
>> On the other hand do you know of any "exciting" development with DNScurve?
>
> What's the relationship? DNSSEC
with DNScurve?
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century
"In the long
a packet was sent to when binding to any.""
>
> Ok, so it seems an unix-related problem.
That isn't right, you have to bind a listener to each interface and then
use that specific instance to reply to incoming queries.
--
Best regards,
Duane
http://www.freeauth.org - E
sense to expand things
on the fly if you want quick look ups etc.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global C
DORDAL wrote:
> Should I be worried?
We used to use PDNS to do 10+ M zone transfers...
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Free
> deal more sense.
Without more details I'm only speculating but I'm pretty sure you
haven't considered alternative options.
--
Best regards,
Duane
signature.asc
Description: OpenPGP digital signature
___
Pdns-users mailing li
#x27; since the backslashes are not
> passed correctly.
I've never had a problem with \+ in PDNS...
As for the subranges that's what DNAME is for...
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, netwo
he backend is entirely impractical since we'd
> potentially have to insert hundreds of thousands of records to match a
> single pattern with a backref, depending on the numbering scheme.
I'm assuming you are talking about consecutive numbering, in which case
you just use a wildcard.
Peter Fern wrote:
> Duane wrote:
>> It's pointless trying to expand regular expressions from within the DNS
>> server, either it will increase load unnecessarily or the regular
>> expressions were designed to be expanded by a client requesting the
>> information.
&
Peter Fern wrote:
> Duane wrote:
>> Peter Fern wrote:
>>
>>> Can anyone point me to roughly where I should be looking in the codebase
>>> to patch this out? I imagine somewhere in this new universal parser? I
>>> assume it will only be a couple of li
rips with another codebase
> completely - any pointers in the right direction would be a great help.
The server doesn't, the client does.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http
>
> So from now on you don't have to see those annoying ads anymore!
>
> http://www.fredan.org/nomoreads_pdns-recursor.tar
>
> Please see the included readme file for instuction of how to do this.
squid+adzap+iptables ;)
--
Best regards,
Duane
http://www.freeauth.org
d your point of view, however it still fails in terms of
efficiency, and all name servers would receive copies of the query, this
is something that I've attempted to protect against since the
information in the query can be as important as the returned data.
--
Best regards,
Duane
htt
l to solve using custom code
which we already publish for things like FreePBX.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e
Duane wrote:
> Ardo van Rangelrooij wrote:
>> Did you consider using IPsec? Seems to be fitting the bill perfectly...
>
> The amount of packets would be excessive in comparison, the ID I'm
> putting together in some cases wouldn't have any more packets than a
> reg
Ardo van Rangelrooij wrote:
> Did you consider using IPsec? Seems to be fitting the bill perfectly...
The amount of packets would be excessive in comparison, the ID I'm
putting together in some cases wouldn't have any more packets than a
regular DNS query.
--
Best regards,
uch nothing but silence, even from the likes of BIND authors and other
DNSd coders.
http://www.e164.org/docs/draft-groth-dns-encryption-00.odt
I sort of have this fleshed out a little more, but informally on the
e164.org wiki:
http://www.e164.org/wiki/DNS_Encryption
--
Best regard
IN SOA ns1.mysportsite.com.
support.mysportsite.com. 0 10800 3600 604800 3600
;; Received 86 bytes from 67.222.128.43#53(ns2.mysportsite.com) in 220 ms
# dig +short blog.mysportsite.com @ns1.mysportsite.com
# dig +short blog.mysportsite.com @ns2.mysportsite.com
#
--
Best re
ecords:
www.mysportsite.com.120 IN A 67.222.128.44
Absolute minimum TTL recommended is at least 180 seconds.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywirele
com.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century
"In the long run the p
at on small zones using AXFR's, on much larger zones
things fall down pretty quickly.
The jist of this post is, if you can't easily run MySQL/LDAP replication
then PowerDNS isn't the best option that I would recommend.
--
Best regards,
Duane
http://www.freeauth.org - Enterpris
bert hubert wrote:
> On Sun, Mar 16, 2008 at 12:52:21AM +1100, Duane wrote:
>>> I'm unhappy it doesn't match your needs though, but perhaps you want
>>> something else. Basically you get a lot of ANY queries, instead of queries
>>> for the exact type request
bert hubert wrote:
> Duane - I suggest you ponder it all a bit. We thought long and hard about
> how to separate the backend from the frontend, and this really is the only
> way to do it.
All problems have multiple solutions, if this works best for you and
most of your users tha
tween dumbing things down and making a dumb
interface, knowing the dns type requested doesn't mean you have to know
DNS logic to the nth degree.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network loc
uitable for the criteria,
PDNS was mostly ok, but in the end I was forced to roll my own out of
frustration because most free DNS daemons don't handle large zone files
in an efficient manner, or they leave the handling up to a backend like
LDAP or a SQL server.
--
Best regar
kend was different then when asked by the user.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
ss,
but the shortened IPs is the only corner case I can think of that might
cause issues.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
htt
if
> one ever needs to add a DNS record 'on the fly' via his mobile phone ;)
I can see the latter as a possibility, maybe not adding, but perhaps you
administer a cluster of web servers and one dies and you use a simple
DNS round-robin scheme, so you just take the dead one
Rudolph Bott wrote:
> requested features even partially exclude each other (e.g. "AJAX" and
> "Must allow working with lynx/w3m on text consoles). Besides that it's a
These aren't as mutually exclusive as you may think, you can use the
tags for browsers with no JS support, or JS disabled, and us
and I'm hitting the same
bug you found, I'm trying to debug it at present.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e
ne version and not the new version. It was a very long time
ago so details are a bit hazy.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
htt
enes to something PDNS can deal with at this
point in time.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa
ems with zone transfers.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"I
mpted input, rather then expect the user to know it.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a
e initial results and would appreciate any input from the
> PDNS community for configuration.
Oh and tinydns won't perform any/much better with a ram drive etc
because it compresses the data file/memory to use less resources it will
eat up all the CPU it can instead.
--
Best regar
o reduce reloads on zone files that change often, no idea.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa
+short
200 10 "u" "E2U+SIP"
"!^\\+1800(.*)$!sip:[EMAIL PROTECTED]" .
200 10 "u" "E2U+SIP" "!^\\+1800(.*)$!sip:[EMAIL PROTECTED]" .
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
ht
from the powerdns.com site.
Also the other thing I forgot to write down was viewing all records for
a domain, you could do a view, stored proc or just a simple join.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally,
mean to disuade the person that has coded this, but imho isn't
the best way to go when dealing with MySQL specifically.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com
r bugs to creep in, and an extra
point of failure.
I've seen the point of failure happen with some versions of ODBC.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneyw
uthority
part of memcache, not the recursor and it should work perfectly well for
the task of a cluster of systems.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecomm
gs/parents in DNS?
It seems to work well as far as I've seen.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e
If the file doesn't exist, or corrupted or something, the backend looses
the plot a little bit and won't bother trying later even if the file is
fully there/no longer corrupt if pdns_control reload is called. The only
fix is to stop and restart pdns.
--
Best regards,
D
bert hubert wrote:
> On Tue, Sep 25, 2007 at 10:42:38PM +1000, Duane wrote:
>> By default these packages run as root, where as the debian packages drop
>> privileges by default.
>
> That is correct. We don't want to create new users.
Any particular reason why not to c
By default these packages run as root, where as the debian packages drop
privileges by default.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications
James Cloos wrote:
>>>>>> "Duane" == Duane <[EMAIL PROTECTED]> writes:
>
>>> (I never did get NAPTR to work.)
>
> Duane> For what it's worth we're running PDNS with a lot of NAPTR records
> Duane> (and not just SIP et
some of the root name servers (H, K and L)
these are anycast servers and all the servers for that root run the same
software afaik.
All other root servers run BIND.
http://en.wikipedia.org/wiki/Root_nameserver
So I think it is very much used ;)
--
Best regards,
Duane
http://www.freeau
er did get NAPTR to work.)
>
> (gpgsql backend; debian box; deb's debs.)
For what it's worth we're running PDNS with a lot of NAPTR records (and
not just SIP et al).
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.node
l this support for bare vs. quoted TXT records? Is it
> supposed to be automatic?
It's not just the TXT records I upgraded recently to the deb packages on
powerdns.com and it kept breaking on NAPTR records as well in the end I
gave up and fixed rsync properly so I don't have a problem an
fatih cerit wrote:
3- if your clients registering sip.example.com at 172.16.0.1 and
server down then your clients going to register sip.example.com at
172.16.30.40 if you have a failover rotation rule at DNS level. But if
you have a dynamic fail over rule you can say some clients register
sip.
fatih cerit wrote:
Hi
Is it possible to query requesting client's ip address in backend query
like %s ??? I am looking for dynamic load balancing of my clients on sip
network but first I must authenticate them. If I get the requesting
client ip address/natted ip address in the backend querie
special case a
> few records, you can either use the 'geo backend', which does complete
> global distributing of answers based on a map of IP addresses.
Ummm correct me if I'm wrong, but couldn't this person pre-load the
cache with local info, and have pdns distribute n
ed, type 99. As to how you
> insert that in PowerDNS, I don't know.
In the real world how much software uses type 99 though?
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywire
Richard Vernooij wrote:
> Received: from dedicated ([127.0.0.1]) by dedicated.domain.com with
> Reporting-MTA: dns;[EMAIL PROTECTED]
> Received-From-MTA: dns;dedicated
The problem seems like it's MTA related...
--
Best regards,
Duane
http://www.cacert.org - Free Security Cer
56 matches
Mail list logo