Am getting errors with my zone files. Any pointers?
Brad Knowles
brad.knowles at skynet.be
Fri Jul 13 06:59:49 UTC 2001
At 3:51 AM +0000 7/13/01, Daniel Keith Du Vall wrote:
> Jul 12 20:06:22 quadlinux named[937]: sysquery: findns error (NXDOMAIN) on
> ns.quadtrax.net?
Is quadlinux the same machine as ns.quadtrax.com? If so, then it
needs to show up in the DNS as resolving to the same IP address, in
which case BIND should be able to figure out that this is the same
machine.
> Jul 12 20:46:01 quadlinux named[937]: sysquery: findns error (NXDOMAIN) on
> ns.quadtrax.net?
>
> I have not yet found anything that lets me know what this is caused from.
> Should i be concerned by it or is it just something that is.
> Thanks in advance.
BTW, your nameserver is running recursively & caching. This
makes you vulnerable to cache poisoning attacks, and abuseable to
virtually "host" any domain out there that wants to list you as an
authoritative server (all they have to do is periodically refresh
your memory of what that zone looks like).
Also, your nameserver is not protected against zone transfers.
This means I can get a complete copy of your zone, which you probably
don't want to allow people to have:
% dig @ns.quadtrax.net. quadtrax.net. axfr
; <<>> DiG 9.1.2 <<>> @ns.quadtrax.net. quadtrax.net. axfr
;; global options: printcmd
quadtrax.net. 86400 IN SOA ns.quadtrax.net.
sysop.quadtrax.com. 2001070901 3600 3600 604800 3600
quadtrax.net. 86400 IN NS ns.quadtrax.net.
quadtrax.net. 86400 IN NS ns1.granitecanyon.com.
quadtrax.net. 86400 IN NS ns2.granitecanyon.com.
quadtrax.net. 86400 IN MX 10 mail.quadtrax.net.
ftp.quadtrax.net. 86400 IN A 216.216.115.27
telnet.quadtrax.net. 86400 IN A 216.216.115.27
mail.quadtrax.net. 86400 IN A 216.216.115.27
www.quadtrax.net. 86400 IN A 216.216.115.27
quadtrax.net. 86400 IN SOA ns.quadtrax.net.
sysop.quadtrax.com. 2001070901 3600 3600 604800 3600
;; Query time: 247 msec
;; SERVER: 216.216.115.27#53(ns.quadtrax.net.)
;; WHEN: Fri Jul 13 02:56:39 2001
;; XFR size: 11 records
You really should fix both of these security issues.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list