Problem with query-source

Thu Jan 4 03:26:38 UTC 2001

> 
> Mark.Andrews at nominum.com wrote:
> > 
> >         It's blocking remote queries now:-)
> 
> Yup, that's actually intentional. It's my security policy, there
> shouldn't be anyone out there using me as their DNS - so the default
> policy is "deny everything outside my internal network". I then allow
> queries only for those domains which I want to be visible, as follows:
> (e.g.)
> 
> zone "crazyguyonabike.com" {
> 	type master;
> 	file "crazyguyonabike.com.hosts";
> 	allow-query { any; };
> };
> 
> Sorry I forgot to mention this. I assume that I don't need the
> query-source in this section too, do I?

	No.

> 
> >         Are you sure it is the nameserver and not some other application
> >         running on the box.  If you run lsof on named you will see that
> >         it is only listening on port 53.  If you don't have query-source
> >         set it will be listening on some other port in addition to port
> >         53.
> 
> I will need to look into your suggestion. I am not sure how to read the
> output from lsof, which I have never used before. Thanks for the tip, I
> will be back in touch if I am still sure this is bind... for the hell of
> it, here's the output. I just piped it through grep named initially...
> 
> [root at firewall /root]# lsof | grep named
> named    569 root  cwd    DIR       8,21    4096   163548 /var/named
> named    569 root  rtd    DIR       8,21    4096        2 /
> named    569 root  txt    REG        8,5  716508    49419
> /usr/sbin/named
> named    569 root  mem    REG       8,21  398294   114544 /lib/ld-2.2.so
> named    569 root  mem    REG       8,21 4761074   114553
> /lib/libc-2.2.so
> named    569 root  mem    REG       8,21  231496   114559
> /lib/libnss_files-2.2.so
> named    569 root  mem    REG       8,21  286718   114561
> /lib/libnss_nisplus-2.2.so
> named    569 root  mem    REG       8,21  394210   114557
> /lib/libnsl-2.2.so
> named    569 root  mem    REG       8,21  261834   114560
> /lib/libnss_nis-2.2.so
> named    569 root    0u   CHR        1,3           212585 /dev/null
> named    569 root    1u   CHR        1,3           212585 /dev/null
> named    569 root    2u   CHR        1,3           212585 /dev/null
> named    569 root    3u  unix 0xc772e140              557 socket
> named    569 root    5u  unix 0xc772e6c0              560 /var/run/ndc
> named    569 root   20u  IPv4        564              UDP
> firewall:domain 
> named    569 root   21u  IPv4        565              TCP
> firewall:domain (LISTEN)
> named    569 root   22u  IPv4        566              UDP
> firewall:domain 
> named    569 root   23u  IPv4        567              TCP
> firewall:domain (LISTEN)
> named    569 root   24u  IPv4        568              UDP
> firewall:domain 
> named    569 root   25u  IPv4        569              TCP
> firewall:domain (LISTEN)
> [root at firewall /root]# 
> 
> Does this tell you anything?

	Yes, the query-source was processed.  Note all the ports are
	"domain".

	Note. TCP queries will always come from a random port.  If you
	are still seeing UDP queries from ports other than 53 it's not
	named (or named-xfer) generating them.

	Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com