"minimal-any" configuration query

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

"minimal-any" configuration query

ShubhamGoyal
Dear All,
                       We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY query provides complete details instead of providing reduced details .
                                     Please suggest a fix.
                                                                                             Thanks
Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore

150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: "minimal-any" configuration query

Daniel Stirnimann
I believe, "minimal-any" is for authoritative nameservers only and has
no effect on recursive resolvers. Where did you configure "minimal-any yes"?

Daniel

On 08.09.20 13:30, ShubhamGoyal wrote:

> Dear All,
>                        We have enabled " *minimal-any yes;"* in our Bind
> DNS Sever, Yet an ANY query provides complete details instead of
> providing reduced details .
>                                      Please suggest a fix.
>                                                                                             
> Thanks
> Best Regards,
> Shubham Goyal
> Cyber Security Group
> Centre for Development of Advanced Computing
> Bangalore
>
> 150th Anniversary Mahatma Gandhi
>
> ------------------------------------------------------------------------------------------------------------
>
> [ C-DAC is on Social-Media too. Kindly follow us at:
> Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
> ------------------------------------------------------------------------------------------------------------
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: "minimal-any" configuration query

Bob McDonald
In reply to this post by ShubhamGoyal
Without seeing your configuration, I can only suggest trying the minimal-responses option.

Regards,

Bob

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: "minimal-any" configuration query

ShubhamGoyal
In reply to this post by ShubhamGoyal
 
Dear sir,
                                   We are running a public DNS resolver in Centos 8 with bind software . We enable geoip feature at configuration time now I want to know about
 
                                              " How can we implement Geo log in bind for Recursive Resolver"
                                Thanks
Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore
 

150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: "minimal-any" configuration query

Tony Finch
In reply to this post by ShubhamGoyal
ShubhamGoyal <[hidden email]> wrote:

> We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY
> query provides complete details instead of providing reduced details .

Testing minimal-any with dig is tricky and very obscure!

For an example of how to test it, try:

        dig cam.ac.uk any @131.111.8.37
        dig +notcp cam.ac.uk any @131.111.8.37

There's a special case in dig to use TCP by default for ANY queries, so
that naive users can continue to use ANY queries for debugging. This can
be confusing for slightly less naive users who are trying to test
minimal-any - it trips me up sometimes! And there is no indication in
dig's output to tell you whether it used TCP or UDP, so there is no way
you can be expected to find this out from experimentation.

As well as that there is the issue that dig has two TCP-related options,
and you have to know which one to use in which situation.

The +tcp/+notcp option that I used above controls whether TCP is used in
the initial query. But usually in the past it has only been used as +tcp
because the initial query almost always defaults to UDP (the exception was
things like AXFR). If you wanted to suppress TCP, such as when testing
truncation, then usual way was with the +ignore option. But this only
controls retry-over-tcp when dig sees a TC bit.

If you try to use +notcp when testing truncation, it doesn't work - dig
still retries over TCP. If you try to use +ignore when testing
minimal-any, it doesn't work, because there's no TC bit.

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/
democracy, participation, and the co-operative principle
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users