Re: named - a very basic question

To: herbert langhans <herbert.raimund%langhans.com.pl@localhost>,netbsd-users%netbsd.org@localhost
Subject: Re: named - a very basic question
From: "Niels Dettenbach (Syndicat IT&Internet)" <nd%syndicat.com@localhost>
Date: Sat, 10 Dec 2011 09:37:59 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256






herbert langhans <herbert.raimund%langhans.com.pl@localhost> schrieb:

>- some request from anywhere in the world asks my server (straight on
>my
>  ip 123.5.5.5): 'Is the domain ticketeur.com on ip 123.5.5.5?'
>
>- my server (or named) aswers: no - access denied, good bye.

No,
it seems somebody asks you server: "pls tell me which IPv4 address has host 
ticketeur.com" - this could usually have these sources:

 - the requester tries to use your DNS as a full DNS (like the DNS from your 
Internet provider) server, serving any DNS information within the internet to 
them and/or as a forwarding DNS

 - the requester assumes that your DNS has the authory to serve ticketeur.com - 
the domain ticketeur.com is delegated to your server


>Maybe I should collect the ip numbers from the logfiles and put them in
>/etc/hosts.deny. But basically I am interested what goes on there.

This makes no real sense as the source of the problem is anywhere other plus 
DNS traffic is very small. It could make sense to block on IP level if your 
named eats to much ressources of them.

Usually a DNS client which did not get any answer is going away after a while. 
I did not know your config nor your DNS application at all, but it may be that 
your server partly serves recursing requests - (i.e. "fresh" ones but not from 
local cache or vice versa) which usually is wrong, but possible to misconfigure 
(if you understand what i mean here).

Use tools like dig and host and/or dnstracer to show how your named works for 
different situations and request scenarios with different target domain names / 
zones / records.


hth
cheers,


Niels.

- --
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iIEEAREIAEEFAk7jGmc6HE5pZWxzIERldHRlbmJhY2ggKFN5bmRpY2F0IElUJklu
dGVybmV0KSA8bmRAc3luZGljYXQuY29tPgAKCRBU3ERlZRyiDfVoAJ9XWdjQs14D
t6qTEaQiK4KjzoN5UwCfQSSZ5wk4P3mFDJ7F5O2y4qV/1iQ=
=B9y/
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: named - a very basic question
  - From: herbert langhans

Prev by Date: Re: named - a very basic question
Next by Date: nfs exports
Previous by Thread: Re: named - a very basic question
Next by Thread: Re: named - a very basic question
Indexes:

Home | Main Index | Thread Index | Old Index