naive question; using bind behind a outbound-only firewall
Simon Waters
Simon at wretched.demon.co.uk
Mon Feb 3 11:11:55 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
linda w wrote:
> Hey, I told you it was naive....you're right the firewall is
actually
> keeping track of DNS queries, apparently, and matching them --
its more
> intelligent than I gave it credit for.
>
> So that can't be most of the volume. Hmmm...I seem to be
getting regular
> inbound, BLOCKED, UDP from machines that appear nameservers.
Here's 5
> minutes from the firewall log. Successful DNS queries aren't
logged.
> hhmmss
> 000005-0 <- sec-nom.dns.uk.psi.net17/(udp/port:34123)
The DNS servers listed in this sample are all authoritative for
the "uk" domain name - I just happen to know this as there is no
easy way to find out from the list.
I can't see off hand why you should get a domain specific issue
like this arise.
Are all the bad packets from the same servers - if so you might
brave a few seconds of query logging to see what "UK" domain
names your name server are trying to query. Might point us at
some broken or crazy domain configurations.
(BTW: Is tlinx.org suppose to have a web page - as www.tlinx.org
points to tlinx.org, but tlinx.org has no A record.)
Simon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+Pk55GFXfHI9FVgYRAlzOAKCqijyNwT4OMlTjPIjt3KtQPhluSQCfcG0s
SpE5Q68thwLef/jiO8qwO6o=
=/5NY
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list