Need help to know about ROOT DNS query
Warren Kumari
warren at kumari.net
Thu Mar 17 15:20:12 UTC 2011
Nah, that's fine (and normal).
BIND comes configured with the roots so that it can start resolution. I guess I don't fully understand your concern here -- is it that you are worried that the root might see queries and so know your internal hostnames?
W
Warren Kumari
------
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On Mar 17, 2011, at 7:20 AM, babu dheen <babudheen at yahoo.co.in> wrote:
> Hi,
>
> We have two internal Windows DNS servers which answer all DNS query by forwarding it to gateway DNS server running in Redhat BIND. But i have a query regarding allowing ROOT DNS query on internal DNS server.
>
> Can anyone let me know whether company Internal DNS server should respond to ROOT DNS query. When i execute # dig . NS @my-company-name-server query I am getting complete response
>
> Let me know whether enabling ROOT DNS query is a security threat. For more informaton can you read and help us to securely configure our company internal Windows DNS server and its impact of disabling it.
>
>
> ; <<>> DiG 9.3.3rc2 <<>> . NS @10.0.0.1
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34899
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 10
> ;; QUESTION SECTION:
> ;. IN NS
> ;; ANSWER SECTION:
> . 49842 IN NS j.root-servers.net.
> . 49842 IN NS k.root-servers.net.
> . 49842 IN NS l.root-servers.net.
> . 49842 IN NS m.root-servers.net.
> . 49842 IN NS a.root-servers.net.
> . 49842 IN NS b.root-servers.net.
> . 49842 IN NS c.root-servers.net.
> . 49842 IN NS d.root-servers.net.
> . 49842 IN NS e.root-servers.net.
> . 49842 IN NS f.root-servers.net.
> . 49842 IN NS g.root-servers.net.
> . 49842 IN NS h.root-servers.net.
> . 49842 IN NS i.root-servers.net.
> ;; ADDITIONAL SECTION:
> j.root-servers.net. 49842 IN A 192.58.128.30
> a.root-servers.net. 49842 IN A 198.41.0.4
> b.root-servers.net. 49842 IN A 192.228.79.201
> c.root-servers.net. 49842 IN A 192.33.4.12
> d.root-servers.net. 49842 IN A 128.8.10.90
> e.root-servers.net. 49842 IN A 192.203.230.10
> f.root-servers.net. 49842 IN A 192.5.5.241
> g.root-servers.net. 49842 IN A 192.112.36.4
> h.root-servers.net. 49842 IN A 128.63.2.53
> i.root-servers.net. 49842 IN A 192.36.148.17
> ;; Query time: 34 msec
> ;; SERVER: 10.0.0.1#53(10.132.1.13)
> ;; WHEN: Thu Mar 17 17:16:18 2011
> ;; MSG SIZE rcvd: 401
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110317/201446ba/attachment.html>
More information about the bind-users
mailing list