Bind listening on IPs it shouldn't
Mike Cardwell
bind-users at lists.grepular.com
Fri Feb 15 14:40:47 UTC 2008
I'm using bind 9.3.4-2 on Debian Etch:
root at clayman:~# dpkg -l|grep "bind9 "
ii bind9 9.3.4-2etch1 Internet Domain Name Server
root at clayman:~#
In my named.conf I have this:
options {
directory "/var/cache/bind";
query-source address * port 53;
auth-nxdomain no;
listen-on port 53 { 127.0.0.1; 10.77.0.1; 91.186.18.103; };
};
So... Bind should only listen on those 3 IP addresses right? Well, it's
ok for tcp:
root at clayman:~# netstat -lanp|grep named|grep "^tcp "
tcp 0 0 10.77.0.1:53 0.0.0.0:*
LISTEN 5594/named
tcp 0 0 91.186.18.103:53 0.0.0.0:*
LISTEN 5594/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 5594/named
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 5594/named
root at clayman:~#
But for udp:
root at clayman:~# netstat -lanp|grep named|grep "^udp "
udp 0 0 0.0.0.0:53 0.0.0.0:*
5594/named
udp 0 0 10.77.0.1:53 0.0.0.0:*
5594/named
udp 0 0 91.186.18.103:53 0.0.0.0:*
5594/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
5594/named
root at clayman:~#
Where did that "0.0.0.0:53" come from? It's stopping me from running an
alternative DNS service on another IP on my server... Specifically, rbldnsd
Mike
More information about the bind-users
mailing list