Problem with named of a network error or problem with the configuration on the interconnecting peers?
Kevin Darcy
kcd at chrysler.com
Thu Aug 14 20:47:02 UTC 2008
Andrey G. Sergeev (AKA Andris) wrote:
> Hello Giannis,
>
>
> Thu, 14 Aug 2008 04:03:50 +0300 Giannis Mantzouranis wrote:
>
>
>> I would like to report a problem I have with bind which is occuring
>> for at least one month. I get this message from the log files. Aug 14
>> 00:49:10 pelops named[4248]: transfer of 'physics.upatras.gr/IN' from
>> xxx .xxx.xxx.xx#53: failed while receiving responses: connection
>> reset The proble occur for at least one month. I do not remember if
>> that message appeared in the log files of my secondary dns before. To
>> be more specific I have compiled and installed bind 9.5.0-P1 at 9 of
>> July and bind 9.5.0-P2 at 2 of August. Since the problem seems to
>> persist through the two installations I wonder if you have any clue
>> or suggestion where to find or where the problem is.
>>
>
> I've tried to transfer your zone physics.upatras.gr from the
> nic.upatras.gr using dig. My attempt was successful and the resulting
> file size is about of 20.1 Kb transferred in 6 packets. I think that you
> should try to understand whether your "pelops" server has the reliable
> Internet connection or not.
>
> I also recommend you to restrict the AXFR queries.
>
>
Why? It's public information, and as you yourself have just
demonstrated, leaving zone transfers open is useful for troubleshooting.
Please don't fall victim to the Security paranoid tunnel vision that
says we should restrict all information as much as possible, without any
thought given to direct consequences and ripple effects. Take that kind
of wrong thinking to its logical conclusion, and we shouldn't be using
DNS at all (since names expose "too much information" about our
conventions, our thinking patterns, our language, our culture, etc.).
- Kevin
More information about the bind-users
mailing list