[Bind-users] Why server output from disallowed interface?

Remko Lodder remko at elvandar.org
Mon Feb 23 19:46:33 UTC 2004 

it could be that your dns server tries to fetch records from the remote
host,
since it could be too big for udp queries. So i'd guess that you resolve
domains
on
Name:    ns1.univie.ac.at
Address:  193.171.255.2

and it needs to switch to tcp since it's too big.

The reason going on the internet interface,is that there is the default
gateway,
it just fetches info from other dns servers. I think.

Note that i am not a dns guru, otherwise i get slapped again by mr Jim R.

Cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

mrtg.grunn.org Dutch mirror of MRTG

-----Oorspronkelijk bericht-----
Van: bind-users-bounces at lists.elvandar.org
[mailto:bind-users-bounces at lists.elvandar.org]Namens Spam Averse
Verzonden: zaterdag 21 februari 2004 6:28
Aan: comp-protocols-dns-bind at isc.org
Onderwerp: [Bind-users] Why server output from disallowed interface?


I'm running BIND v9.2.1 on a (Red Hat v9) Linux box.  I have configured bind
to only respond to queries on interface eth0, yet it seems that there are
outbound zone transfers on eth1.

Here's a snippet of my named.conf:

   listen-on { 127.0.0.1; 192.168.0.1; };
   allow-query { 127.0.0.1; 192.168.0/24; };

Interface eth0 is on 192.168.0/24, while eth1 is the interface to the
internet.  My server is authoratative for my network and acts as a caching
server for all other queries.

My understanding is that TCP is only used when a zone transfer is too big to
fit in a a UDP packet.  Thus I should only *transmit* on TCP to transfer
zone info to other machines on my network, right?

So why do I get TCP output from my internet interface?  Here's a couple of
examples, logged by Linux's iptables firewall (with my source address
removed):

Feb 20 11:42:04 nemesis kernel: PKTCHK:IN= OUT=eth1 SRC=aaa.bbb.ccc.ddd
DST=64.246.26.64 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42343 DF PROTO=TCP
SPT=33424 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0

Feb 20 14:15:52 nemesis kernel: PKTCHK:IN= OUT=eth1 SRC=aa.bbb.ccc.ddd
DST=193.171.255.2 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42343 DF PROTO=TCP
SPT=33763 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0

Note that the protocol is TCP and the destination port is 53.

According to my understanding this is a zone transfer to the machine shown
as the destination address.  As shown about, though, I have not permitted
the answering of queries on the interface on which this data is being sent.

Can someone please explain to me what's going on here?

Thanks.


--
Please respond to the group, not by e-mail.

_______________________________________________
Bind-users mailing list
Bind-users at lists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/bind-users

More information about the bind-users mailing list