Use of DNS servers
Brad Knowles
brad.knowles at skynet.be
Thu Jun 28 21:53:33 UTC 2001
At 11:31 AM -0400 6/28/01, Forrest Aldrich wrote:
> So, before we draw conclusions about this usage, I'm wondering if someone
> can shed some light on how this might occur, and perhaps what other people
> have done about it.
Some people out there actively search for nameservers owned by
other people that will answer their recursive queries. They use this
information for a variety of things, some of them use it to help them
break into the sites in question.
In terms of people "innocently" using your nameservers, they
almost certainly asked a question on a mailing list, newsgroup, or
IRC channel somewhere, and the answer involved changing the
nameservers that they are configured to use. Since the fix "worked",
they kept them without realizing that they were abusing your
nameservers inappropriately.
> At this point, we dropped in ACLs in named.conf. We will next drop in some
> packet filters.
Everyone should start off with appropriate ACLs on their
caching/recursive nameservers.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list