query-source
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Thu Jul 12 04:23:11 UTC 2001
First of all, their firewall configuration is broken in
that is not allowing *replies* to packets that it allows
out. Basically they should fix their firewall.
Now if they don't have a stateful firewall then they may
want to fix the source port using query-source.
Mark
>
> We had a problem with some abuse complaints, claiming that our DNS server
> was sending out suspicious probes to their machines (yeah, right).
>
> What was actually happening, I believe, is what we've identified this
> evening (BIND 8.2.4):
>
> Jul 11 23:24:57 dsm /kernel: Connection attempt to UDP 216.67.15.183:2004
> from 216.67.14.5:53
>
> These are actually DNS queries.
>
> While I don't understant the underlying reason that it does this (yet), I
> wonder if the option:
>
> query-source address * port 53;
>
> would solve this problem. ?
>
> Has anyone else encountered this.
>
>
> Thanks....
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list