Problem with query-source
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Thu Jan 4 03:26:38 UTC 2001
>
> Mark.Andrews at nominum.com wrote:
> >
> > It's blocking remote queries now:-)
>
> Yup, that's actually intentional. It's my security policy, there
> shouldn't be anyone out there using me as their DNS - so the default
> policy is "deny everything outside my internal network". I then allow
> queries only for those domains which I want to be visible, as follows:
> (e.g.)
>
> zone "crazyguyonabike.com" {
> type master;
> file "crazyguyonabike.com.hosts";
> allow-query { any; };
> };
>
> Sorry I forgot to mention this. I assume that I don't need the
> query-source in this section too, do I?
No.
>
> > Are you sure it is the nameserver and not some other application
> > running on the box. If you run lsof on named you will see that
> > it is only listening on port 53. If you don't have query-source
> > set it will be listening on some other port in addition to port
> > 53.
>
> I will need to look into your suggestion. I am not sure how to read the
> output from lsof, which I have never used before. Thanks for the tip, I
> will be back in touch if I am still sure this is bind... for the hell of
> it, here's the output. I just piped it through grep named initially...
>
> [root at firewall /root]# lsof | grep named
> named 569 root cwd DIR 8,21 4096 163548 /var/named
> named 569 root rtd DIR 8,21 4096 2 /
> named 569 root txt REG 8,5 716508 49419
> /usr/sbin/named
> named 569 root mem REG 8,21 398294 114544 /lib/ld-2.2.so
> named 569 root mem REG 8,21 4761074 114553
> /lib/libc-2.2.so
> named 569 root mem REG 8,21 231496 114559
> /lib/libnss_files-2.2.so
> named 569 root mem REG 8,21 286718 114561
> /lib/libnss_nisplus-2.2.so
> named 569 root mem REG 8,21 394210 114557
> /lib/libnsl-2.2.so
> named 569 root mem REG 8,21 261834 114560
> /lib/libnss_nis-2.2.so
> named 569 root 0u CHR 1,3 212585 /dev/null
> named 569 root 1u CHR 1,3 212585 /dev/null
> named 569 root 2u CHR 1,3 212585 /dev/null
> named 569 root 3u unix 0xc772e140 557 socket
> named 569 root 5u unix 0xc772e6c0 560 /var/run/ndc
> named 569 root 20u IPv4 564 UDP
> firewall:domain
> named 569 root 21u IPv4 565 TCP
> firewall:domain (LISTEN)
> named 569 root 22u IPv4 566 UDP
> firewall:domain
> named 569 root 23u IPv4 567 TCP
> firewall:domain (LISTEN)
> named 569 root 24u IPv4 568 UDP
> firewall:domain
> named 569 root 25u IPv4 569 TCP
> firewall:domain (LISTEN)
> [root at firewall /root]#
>
> Does this tell you anything?
Yes, the query-source was processed. Note all the ports are
"domain".
Note. TCP queries will always come from a random port. If you
are still seeing UDP queries from ports other than 53 it's not
named (or named-xfer) generating them.
Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list