I need help?????? dns and nslookup
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Oct 10 12:22:15 UTC 2001
> please help, when trying to use nslookup on my gauntlet(sun-ux) firewall,
> its default server is pointed to an internal HP-ux box. however I get this
> error
>
> bash-2.02# nslookup
>
> *** Can't find server name for address 204.222.186.50: Server failed
>
> *** Default servers are not available
>
> my question is where on my sun box do I configure where do I need to edit
> for nslookup to go somewhere else. any help would be greatly appreciated.
The nameserver at 204.222.186.50 cannot map its IP address back
into a name. Looks like there isn't a PTR record.
; <<>> DiG 8.3 <<>> -x ptr
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 50.186.222.204.in-addr.arpa, type = PTR, class = IN
;; AUTHORITY SECTION:
222.204.in-addr.arpa. 2h59m7s IN SOA AAA-VIENNA.NIPR.MIL. HOSTMASTER.NIC.MIL. (
2001100900 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; Total query time: 1 msec
;; FROM: drugs.dv.isc.org to SERVER: default -- 127.0.0.1
;; WHEN: Wed Oct 10 22:10:32 2001
;; MSG SIZE sent: 45 rcvd: 115
>
> also I get this error on my firewall logs. the from is my internal dns box,
> going to the inside interface of my firewall. does anyone know how to
> eliminate this. I am running bind 8.3
>
> thanks for your help
>
>
>
> Oct 10 08:19:17 thames.naveur.navy.smil.mil unix: securityalert: udp if=hme1
> from 204.222.186.50:53 to 204.222.186.114 on unserved port 61416
This is a reply from your nameserver. Either block the original
query or don't bother logging / blocking the response. A stateful
firewall is useful to use with udp clients.
Note: A good firewall will only allow out what it will allow responses
to back in.
Mark
>
>
> IT1(SW) David R. Turner
> Information Systems Security Advisor
> Ext. 4398
> Comm: +44 (0)207-514-4398
> Fax: +44 (0) 207-514-4106
> Email: Unclas: <mailto:cnen653h at naveur.navy.mil> cnen653h at naveur.navy.mil
> Siper: <mailto:cnen653h at naveur.navy.smil.mil> cnen653h at naveur.navy.smil.mil
> "Failure? I never encountered it. All I ever met were temporary setbacks."
> -Dottie Walters
>
>
>
>
> -- Binary/unsupported file stripped by Listar --
> -- Type: application/octet-stream
> -- File: Turner, David R IT1 (CNE N653H).vcf
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list