Re: [Pdns-users] mwscdn.ru issue

On Mon, Dec 18, 2023 at 08:43:47AM +0100, Pieter Lexis via Pdns-users wrote a message of 41 lines which said: > DNSViz [1] reports that the nameservers respond NXDomain for > queries. And also for any type for which they don't have data. (I tested with CAA, because of the recent Let's En

Re: [Pdns-users] [dnsdist] Second Release Candidate of PowerDNS DNSdist 1.8.0

On Thu, Mar 09, 2023 at 10:25:33AM +0100, Remi Gacogne via dnsdist wrote a message of 94 lines which said: > https://downloads.powerdns.com/releases/dnsdist-8.0-rc2.tar.bz2 404. The correct one seems to be . __

Re: [Pdns-users] Configuring dnsdist

On Sat, May 08, 2021 at 01:28:55PM -0500, Steven Garner wrote a message of 78 lines which said: > I thought recursion was required for a DNS server to communicate > with other DNS servers to determine an IP address and return it to > the client. Hosting "several hundred public domains" is not

Re: [Pdns-users] Configuring dnsdist

On Sat, May 08, 2021 at 01:12:49PM -0500, Steven Garner via Pdns-users wrote a message of 159 lines which said: > I want to provide authoritative dns for several hundred public > domains, for which I understand recursion is required, I don't see why. Could you elaborate?

Re: [Pdns-users] [dnsdist] First alpha release of dnsdist 1.6.0

On Tue, Feb 02, 2021 at 02:10:45PM +0100, Remi Gacogne via dnsdist wrote a message of 149 lines which said: > We are proud to announce the first alpha release of dnsdist 1.6.0. Executive summary: be careful beforce activating out-of-order processing on DoT servers. Read on. Background: I man

Re: [Pdns-users] [dnsdist] Fourth release candidate for dnsdist 1.5.0

On Mon, Jul 20, 2020 at 08:10:50AM +0200, Otto Moerbeek wrote a message of 50 lines which said: > Removing the extra assignment opetor should work. Indeed, it now compiles and runs, thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.co

Re: [Pdns-users] [dnsdist] Fourth release candidate for dnsdist 1.5.0

On Tue, Jul 07, 2020 at 04:41:00PM +0200, Remi Gacogne via dnsdist wrote a message of 84 lines which said: > While we expected the third release candidate for dnsdist 1.5.0 to be > the last one, a race condition that could lead to a crash was discovered > by Tomas Krizek from CZ.NIC with the D

Re: [Pdns-users] DNSSEC-Problems on g.root-servers.net?

On Mon, Sep 17, 2018 at 08:39:38AM +, Christian Renner wrote a message of 23 lines which said: > DNSViz always shows the same behaviour: > > http://dnsviz.net/d/onba.zkb.ch/dnssec/ > http://dnsviz.net/d/www.admin.ch/dnssec/ > > Errors (3) > • ./DNSKEY: No response was received from

Re: [Pdns-users] Queries .domain. Attack to root server?

On Sun, Dec 13, 2015 at 06:14:38PM +, Federico Olivieri wrote a message of 141 lines which said: > Maybe is unrelated Completely unrelated and, as I wrote already, there is no attack: you just made a wrong analysis from the start. ___ Pdns-user

Re: [Pdns-users] Queries .domain. Attack to root server?

On Sun, Dec 13, 2015 at 03:57:17PM +, Federico Olivieri wrote a message of 58 lines which said: > Can you please add more details in your answers? There are NO requests for names ending in .domain. You do not read correctly the output of tcpdump. _

Re: [Pdns-users] Queries .domain. Attack to root server?

On Sun, Dec 13, 2015 at 03:48:05PM +, Federico Olivieri wrote a message of 74 lines which said: > Thanks for the hint. You apparently did not get it. > I wrote and iptables rule but seems not working Completely unrelated to the problem. > I think that I need to specify to block all dom

Re: [Pdns-users] Queries .domain. Attack to root server?

On Sun, Dec 13, 2015 at 03:17:04PM +, Federico Olivieri wrote a message of 131 lines which said: > I did sniff traffic and I saw some strange queries with .domain at the end > of the name Always use tcpdump with -n option... (hint: the last field is the port, 53 in digits, domain in lette

Re: [Pdns-users] DNS amplification attack advice

On Tue, May 29, 2012 at 04:32:23PM +0200, kalpesh thaker wrote a message of 252 lines which said: > - max-tcp-connections set to 60 ... > - setup IPtables with a chain to reject udp/tcp connections ... > they seem to think they these IP address have all been spoofed for > this amplification a

Re: [Pdns-users] DNS amplification attack advice

On Tue, May 29, 2012 at 04:32:23PM +0200, kalpesh thaker wrote a message of 252 lines which said: > we have been, and still are currently the victims of a terrible DNS > DOS amplification attack. ... > May 28 15:01:13 ns1 pdns[9603]: Not authoritative for 'filezilla.de > '

Re: [Pdns-users] PowerDNSSEC Progress: ready for a first look

On Fri, Jan 07, 2011 at 01:35:59PM +0100, Leen Besselink wrote a message of 58 lines which said: > I would expect it to need authentication tokens too. :-) In almost all registries, this is allowed only to registered registrars. So, even if someone were willing to add an EPP client to PowerDN

Re: [Pdns-users] [Recursor] Resolving large RRsets

On Mon, Dec 13, 2010 at 09:30:18AM +0100, bert hubert wrote a message of 286 lines which said: > Dec 13 09:23:54 [1] all-wikileaks.bortzmeyer.fr.: truncated bit set, > retrying via TCP This is not perfect: with BIND and Unbound, there is no fallback to TCP since they use EDNS0 (with a defau

[Pdns-users] [Recursor] Resolving large RRsets

I do not have access to a PowerDNS Recursor and I would be glad if people could test and see if they can resolve the RRset all-wikileaks.bortzmeyer.fr (2200 bytes) as explained here: http://www.bortzmeyer.org/size-dns-wikileaks.html ___ Pdns-users mailin

Re: [Pdns-users] [recursor] configure could be more user-friendly

On Wed, May 26, 2010 at 07:57:13PM +0200, bert hubert wrote a message of 85 lines which said: > The immediate reason that the pdns-recursor did not have full auto*, > and is unlikely to get it, was the deep dissatisfaction we felt with > this suite of programs. Do note that I was not asking s

Re: [Pdns-users] [recursor] Segmentation fault at startup

On Wed, May 26, 2010 at 11:17:25AM +0200, bert hubert wrote a message of 60 lines which said: > We could probably boil this issue down to a tiny testcase that would > crash on NetBSD. This could then lead to a bugreport to NetBSD. I did so, both on the netbsd-users mailing list and in a threa

Re: [Pdns-users] [recursor] Segmentation fault at startup

[BTW, it would be better to do so on a ticketing system but I cannot find a way to create a new ticket in the PowerDNS Trac.] On Wed, May 26, 2010 at 10:55:47AM +0200, bert hubert wrote a message of 26 lines which said: > Could you split line 1508 as follows: > > NetmaskGroup* oldAllowFrom =

Re: [Pdns-users] [recursor] Segmentation fault at startup

On Wed, May 26, 2010 at 10:08:41AM +0200, bert hubert wrote a message of 33 lines which said: > In fact, this is so little difference that I wonder if it really was > compiled with -g, can you double check? It was properly compiled but the Makefile contains a 'strip $(DESTDIR)/$(SBINDIR)/pdns

[Pdns-users] [recursor] Segmentation fault at startup

% pdns_recursor May 26 09:12:12 PowerDNS recursor 3.2 (C) 2001-2010 PowerDNS.COM BV (May 26 2010, 08:46:38, gcc 4.1.3 20080704 prerelease (NetBSD nb2 20081120)) starting up May 26 09:12:12 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is fre

[Pdns-users] [recursor] configure could be more user-friendly

[Sent here because I cannot find a way to create a new ticket at ] ./configure is not very helpful when it cannot find a library. For instance, if Boost is not found (because it is in /usr/pkg): % ./configure Testing dependencies and compiler. Using gmake to build

Re: [Pdns-users] PowerDNS & DNSSEC!

On Wed, Jul 15, 2009 at 02:59:58AM +1000, Duane at e164 dot org wrote a message of 62 lines which said: > On the other hand do you know of any "exciting" development with DNScurve? What's the relationship? DNSSEC secures the data, DNScurve the channel (like TLS, IPsec, TSIG, etc). So, DNScurv

[Pdns-users] Re: PowerDNS interview on Dutch national radio tonight

On Tue, Jul 08, 2008 at 06:13:04PM +0200, Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote a message of 13 lines which said: > > Microsoft will be releasing more details tonight, > > Apparently done: > > http://www.microsoft.com/technet/security/Bulletin/MS08-020.msp

[Pdns-users] Re: PowerDNS interview on Dutch national radio tonight

On Tue, Jul 08, 2008 at 12:39:33PM +0200, bert hubert <[EMAIL PROTECTED]> wrote a message of 24 lines which said: > Microsoft will be releasing more details tonight, Apparently done: http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx

[Pdns-users] Re: IPv6 testers wanted for snapshot4!

On Sun, Feb 10, 2008 at 10:26:00PM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 35 lines which said: > This version uses ANY-queries to simultaneously retrieve A and > records for resolution, which appears to be new. This is quite dangerous. With a non-authoritative server, A

[Pdns-users] Re: IPv6 testers wanted for snapshot4!

On Mon, Feb 11, 2008 at 10:37:09AM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 13 lines which said: > > This is quite dangerous. With a non-authoritative server, ANY only > > returns what's in the cache which may be only the A or only the . > > That only hits mis-configured d

[Pdns-users] Re: third-party DNS tests fail with fatal errors

On Wed, Feb 06, 2008 at 11:40:38AM -0800, Eugene Pefti <[EMAIL PROTECTED]> wrote a message of 54 lines which said: > [TEST coherence between SOA and ANY records]: server failure (IN/ANY: > premiere1.com.) Besides the excellent diagnostic from Bert, let me explain what Zonecheck does here: * i

[Pdns-users] Re: Problem with powerdns(master) -> bind(slave)

On Mon, Jan 21, 2008 at 11:38:30AM -0500, Matt Pounsett <[EMAIL PROTECTED]> wrote a message of 43 lines which said: > You can't mix a CNAME with other data. Other persons said so but it should be noted that it is no longer completely true. RFC 4034 (published in march 2005) says: Because

[Pdns-users] Supermaster with BIND (Was: Stupid subject (Was: Please Help me..Bert Hubert help me!!

On Tue, Jun 05, 2007 at 10:35:48AM +, Ale * <[EMAIL PROTECTED]> wrote a message of 59 lines which said: > I’d like to add new zone (records) or modify an existent zone > (records) and i'd want that this changes are sended to master ... > Somebody told me that is it impossible because su

[Pdns-users] Sourceforge DNS issues

[It *seems* that the name servers are PowerDNS machines, hence the message.] Sourceforge currently experiences DNS problems (they claim it is a DoS, http://sourceforge.net/docs/A04). Names like echoping.svn.sourceforge.net cannot be resolved from most sites (server failure, while you would expect

[Pdns-users] Re: PowerDNS releases?

On Sun, Feb 25, 2007 at 11:19:05PM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 23 lines which said: > We still consider it difficult to fix and not important as it only > "affects" people who provision domains but neglect to add records. Wrong (and the use of "neglect" is not nic

[Pdns-users] Re: recursor cache storage?

On Thu, Feb 22, 2007 at 09:25:35AM -0500, Mike W <[EMAIL PROTECTED]> wrote a message of 46 lines which said: > Everything works great, except I can't figure out a way to store my > cached DNS entries. For example, when I stop pdns_recursor and > start it again, I lose all the entries that were

[Pdns-users] ICANN needs you

PowerDNS recursor was no tested yet, apparently: http://www.icann.org/committees/security/sac017.htm Testing Recursive Name Servers for IPv6 and EDNS0 Support Background The DNS Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC) are jointly

[Pdns-users] Re: how PDNS must reply to malformed query

On Fri, Feb 02, 2007 at 02:43:08PM +0100, Joyce LAMBERT <[EMAIL PROTECTED]> wrote a message of 54 lines which said: > I try to make some malformed queries on PowerDNS and Bind. > dig @localhost 'w w @ \\. test.com' In what way is it malformed? > - PowerDNS don't reply Bad. > - Bind reply w

[Pdns-users] Re: Force reload of MySQL-data

On Tue, Jan 23, 2007 at 12:03:38PM +, Mark Watts <[EMAIL PROTECTED]> wrote a message of 58 lines which said: > I'm guessing it does that every time it gets a new query? For PostgreSQL, certainly not (enabling the log of statements in the DBMS allow to see that PowerDNS caches - a good thin

[Pdns-users] Re: Export pdns database to records file

On Fri, Jan 19, 2007 at 10:39:00AM +0100, Arjan Schrijver <[EMAIL PROTECTED]> wrote a message of 18 lines which said: > For backup and fallback purposes, I have to be able to export the > PowerDNS database to a plain records file. This is a very sensible rule. What format is "plain records"? R

[Pdns-users] Re: Reverse DNS - sqlite backend

On Thu, Jan 18, 2007 at 08:57:28AM +0200, Andy Rabagliati <[EMAIL PROTECTED]> wrote a message of 44 lines which said: > I have been reading RFC 2317, and I do not believe I need to slave > the entire class C 196.21.78.* in order to be authoritative for our > /28, Right. [And classes have been

[Pdns-users] Re: Cannot compile because of MySQL even if I do not want MySql support

On Wed, Jan 17, 2007 at 03:23:21PM +0100, Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > ./configure --with-modules="gpgsql" --disable-mysql > > (Yes, both with-modules and disable-mysql) Same thing with the official release of

[Pdns-users] Re: Cannot compile because of MySQL even if I do not want MySql support

On Wed, Jan 17, 2007 at 03:34:07PM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 22 lines which said: > Is this from the SVN HEAD? HEAD > Building from SVN can be tricky, Yes, I see, I'll go back to releases :-) ___ Pdns-users mailing

[Pdns-users] Re: Cannot compile because of MySQL even if I do not want MySql support

On Wed, Jan 17, 2007 at 02:40:17PM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 19 lines which said: > Try --with-modules="" Apparently, I need: ./configure --with-modules="gpgsql" --disable-mysql (Yes, both with-modules and disable-mysql) It seems to work but it fails later

[Pdns-users] Re: Cannot compile because of MySQL even if I do not want MySql support

On Wed, Jan 17, 2007 at 12:38:45PM +0100, Ralf van der Enden <[EMAIL PROTECTED]> wrote a message of 39 lines which said: > I use ./configure --disable-mysql in the FreeBSD port of PowerDNS. Maybe > that will help you as well. No, --disable changes nothing: checking for MySQL library director

[Pdns-users] Cannot compile because of MySQL even if I do not want MySql support

PowerDNS (Subversion version of today, r949) cannot compile: checking for MySQL library directory... configure: error: Didn't find the mysql library dir in '/usr/local/mysql/lib/mysql /usr/local/lib/mysql /opt/mysql/lib/mysql /usr/lib/mysql /usr/local/mysql/lib /usr/local/lib /opt

[Pdns-users] Re: Domains with binary (e.g. UTF-8) labels

On Wed, Dec 20, 2006 at 10:06:02AM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 41 lines which said: > End to end UTF-8 DNS w/o IDN is not around the corner, and not just > because of PowerDNS. Certainly (IDN was invented for a reason). The Web page http://cr.yp.to/djbdns/idn.html

[Pdns-users] Re: Domains with binary (e.g. UTF-8) labels

On Sat, Dec 16, 2006 at 10:17:23PM +0100, bert hubert <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > To encode utf-8 domains so that they work, use 'IDN'. IDN is mandatory for host names but should not be for domain names without hosts. > Read for example paragraph 3.5 of RFC

[Pdns-users] Re: IDN Support - malformed qdomain

On Mon, Nov 27, 2006 at 04:25:26PM +0100, Franc Rodriguez <[EMAIL PROTECTED]> wrote a message of 41 lines which said: > Nov 27 16:04:02 Received a malformed qdomain from 192.168.1.1, > 'www.caça.cat': dropping Isn't it simply the fault of the client, that does not speak IDN and which sent the

[Pdns-users] Empty nonterminals and NXDOMAIN (Was: Verify PowerDNS answers?

On Fri, Oct 13, 2006 at 04:33:45PM +0200, bert hubert <[EMAIL PROTECTED]> wrote a message of 37 lines which said: > Perhaps someone else, smarter than I am, can come up with a > solution. As nobody noticed our possible non-compliance for 7 years > straight, I'm rather unwilling to overhaul thin

[Pdns-users] Re: have some commandline management system for powerdns?

On Tue, Oct 10, 2006 at 02:30:52PM +0800, huang mingyou <[EMAIL PROTECTED]> wrote a message of 10 lines which said: >I want use a command line management system to manage the > powerdns domains and records, have some good free software for this? What backend do you use? If it is a DBMS

[Pdns-users] Re: Verify PowerDNS answers?

On Fri, Oct 06, 2006 at 03:41:42PM +0200, bert hubert <[EMAIL PROTECTED]> wrote a message of 23 lines which said: > DJB states the following, based on RFC 2308: He is certainly not an authority on DNS and I find nothing in RFC 2308 which corroborates his claims (do note he is careful not to in

[Pdns-users] Re: authoritative answers or not?

On Fri, Oct 06, 2006 at 03:25:52PM +0200, Alex van den Bogaerdt <[EMAIL PROTECTED]> wrote a message of 25 lines which said: > By the way: I believe this to be true for NS records as well, but > both pdns and bind agree on this and give a non authoritative > answer. The NS records in the zone a

[Pdns-users] Re: Verify PowerDNS answers?

On Fri, Oct 06, 2006 at 03:31:20AM +0200, Alex van den Bogaerdt <[EMAIL PROTECTED]> wrote a message of 20 lines which said: > > We would like to migrate our existing BIND setup to PowerDNS, but > > I first need to prove that PowerDNS will return the same answers > > that BIND does for a given s

[Pdns-users] Re: PowerDNS vs. TopLayer - Response not RFC compliant?

On Thu, Sep 21, 2006 at 04:51:16PM +0200, Jonathan (Listserv Account) <[EMAIL PROTECTED]> wrote a message of 51 lines which said: > More specifically, the QDCOUNT field of the packet (which > corresponds to the Question Count field) has a value that is not > equal to "1" - the only define