[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: named - a very basic question
-----BEGIN PGP SIGNED MESSAGE-----
herbert langhans <herbert.raimund%langhans.com.pl@localhost> schrieb:
>- some request from anywhere in the world asks my server (straight on
> ip 126.96.36.199): 'Is the domain ticketeur.com on ip 188.8.131.52?'
>- my server (or named) aswers: no - access denied, good bye.
it seems somebody asks you server: "pls tell me which IPv4 address has host
ticketeur.com" - this could usually have these sources:
- the requester tries to use your DNS as a full DNS (like the DNS from your
Internet provider) server, serving any DNS information within the internet to
them and/or as a forwarding DNS
- the requester assumes that your DNS has the authory to serve ticketeur.com -
the domain ticketeur.com is delegated to your server
>Maybe I should collect the ip numbers from the logfiles and put them in
>/etc/hosts.deny. But basically I am interested what goes on there.
This makes no real sense as the source of the problem is anywhere other plus
DNS traffic is very small. It could make sense to block on IP level if your
named eats to much ressources of them.
Usually a DNS client which did not get any answer is going away after a while.
I did not know your config nor your DNS application at all, but it may be that
your server partly serves recursing requests - (i.e. "fresh" ones but not from
local cache or vice versa) which usually is wrong, but possible to misconfigure
(if you understand what i mean here).
Use tools like dig and host and/or dnstracer to show how your named works for
different situations and request scenarios with different target domain names /
zones / records.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8
-----END PGP SIGNATURE-----
Main Index |
Thread Index |