Home / user-250390

John Greene's questions

Martin Hope
John Greene
Asked: 2018-10-20 03:51:50 +0800 CST
  • 7

In a typical hidden-master DNS network layout, there are basically two components:

  • Hidden master DNS server, may be behind a NAT or firewall, or be totally exposed
  • Slave authoritative non-recursive DNS server(s)

Zone files on slave DNS servers often do not (and should not) have information to this hidden master DNS server. But these same slave DNS servers do require the use of certain DNS options like server, allow-update, allow-transfer, and some ACLs.

While at first, those required server and allow-update seem to require an IP address match list. This leaves the named.conf as the primary source of such stealth information (i.e. the IP address of the hidden-master).

Can such exposure of the IP address to the hidden-master DNS server be further limited by using keys instead and not using any IP address in the named.conf file?

The key answer I’m looking for is whether or not we can minimize exposure of hidden-master at the level of its configuration file as well as in zone databases.

domain-name-system
Martin Hope
John Greene
Asked: 2016-10-14 09:39:48 +0800 CST
  • 0

I have two different domains - thisdomain.com and portal.thisdomain.com. But only one public-facing IP address.

Each domains have their own SSL certificates but share same Intermediate CA.

Using the same IP address (and NGINX HTTP server has SNI support), I wanted to offer a different set of TLSv1.2-only cipher/hash/MAC for a different part of the website URL.

Is NGINX able to support different set of cipher/hash/MAC across:

  • different subdomain of the same domain?

or/and

  • different URL subdirectory of the same domain?

while using the same IP address?

In the example of different domain, is https://portal.thisdomain.com/ capable of having its own cipher/hash/MAC set over https://thisdomain.com?

In the example of different URL subdirectory, is https://thisdomain.com/portal capable of having its own cipher/hash/MAC set over https://thisdomain.com/?

ssl nginx openssl
Martin Hope
John Greene
Asked: 2016-04-03 10:43:30 +0800 CST
  • 0

With Debian 8.1, how does one add a second IP address to a bridge interface under systems? Like in "IP Aliasing"?

I tried it this way...

In /etc/systemd/network subdirectory:

File 40-br0.netdev has:

[NetDev]
Name=br0
Kind=bridge

File 41-br0:0.netdev has:

[NetDev]
Name=br0:0
Kind=bridge

File 80-homelan.network:

[Match]
Name=br0

[Network]
Address=172.28.1.1/22
DNS=172.28.1.1
DHCPServer=0

File 81-cable.network:

[Match]
Name=br0:0

[Network]
Address=192.168.1.1/24
DNS=192.168.1.1
DHCPServer=0

The br0:0 does not get created using above scenario.

ip
Martin Hope
John Greene
Asked: 2015-03-16 10:12:41 +0800 CST
  • 1

I have this monitoring network setting for Net-SNMP 5.7.2.1 listening to multiple Ethernet interfaces on my home gateway but it would only take the following combination from the snmpd.conf configuration file:

  • single IP address
  • single IP address, protocol-specific
  • single IP address per unique protocol

such as:

agentAddress  127.0.0.1:161

or

agentAddress  udp:127.0.0.1:161

or

agentAddress  udp:127.0.0.1:161,udp6:[::1],tcp:127.0.0.1:161

But it would not accept multiple IP addresses using the same protocol, as given below as desired:

agentAddress  udp:127.0.0.1:161,udp:172.28.130.1:161

How do I make SNMP daemon (snmpd) listen to TWO (or more) Ethernet interfaces

net-snmp