Doh: Lame server on '' (in ''?) , plus some security stuff.

Lincoln Yeoh lyeoh at pop.jaring.nospam.my
Tue Mar 21 19:03:15 UTC 2000 

On 21 Mar 2000 10:26:15 -0800, Barry Margolin <barmar at bbnplanet.com> wrote:

>Since you're not hooked up to the Internet, you're not able to get the
>authoritative list of root servers from one of the root servers, so they
>all seem lame.

Ah. Well our darn Cisco 1601 power supply went poof [1] :(. That's lame too
;).

Would that be a FAQ? Or most people have working Net connections :).

>Because the code that displays domain names always leaves off the last "."
>in the fully-qualified name.  When you do that with the "." domain, you get
>"".  The code should probably check for this special case and display '.',
>but it doesn't.

I'd rather they just leave the trailing '.' in, but that's me wanting to
see everything, warts and all, but I guess certain apps may not like it.

>>with forwarder set to the External server. But how do I only allow
>>recursive queries by internals and at the same time prevent recursive
>>queries by outsiders? 
>
>Like I said above, the "allow-recursion" option.

Thanks! How'd I miss that option.. Doh :). 

Whilst there I also saw allow-query in a new light...
Now gonna restrict allow-query (only let outsiders ask about my public
domains, and not others). Wonder if I'll need to restrict allow-recursion
then. Nev mind restrict first, just in case I screw up somewhere..

Woohoo, now I can set things up in my fav ultraparanoid outsider unfriendly
mode :).

>BIND's security problems haven't been of the type that allow root access,
>but just things like cache poisoning (because it's fairly easy to spoof DNS
>replies).

Still, they've been popping up a bit more often than I'd like. <sigh>. 
e.g. http://www.isc.org/products/BIND/bind-security-19991108.html

Would what I'm doing help reduce the chances of cache poisoning? I'm
thinking that by restricting queries, the attacker cannot easily query my
server and make it get info from elsewhere. Only way then is if it stumbles
onto poison because of internal user queries.

Thanks very much again,

Link.

[1]  The power LED goes on for a while, then goes off, and then I hear a
very high pitched whine which slowly drops in frequency and then off when I
cut the mains. After that, the power LED stays off, even when I turn the
mains back on. Grrr.
****************************
Reply to:     @Spam to
lyeoh at      @people at uu.net
pop.jaring.my @ 
*******************************

More information about the bind-users mailing list