Apple OS and DNS resolution (._dns-sd.udp. requests)
Mark Andrews
marka at isc.org
Thu Apr 5 22:09:36 UTC 2012
In message <20120405090858.GA29261 at fantomas.sk>, Matus UHLAR - fantomas writes:
> Hello,
>
> our customer (an ISP) reported that his clients have problems resolving
> sites like facebook, youtube, aplestores and that the problems only
> affect apple computers.
>
> I notice many requests for dns service discovery:
>
> Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844:
> query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
> Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019:
> query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
> Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647:
> query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>
> these requests are denied, because we use private IPS from those ranges
> and I don't want to make them available for users.
>
> Can these requests cause resolving problems on Apple computers?
Well you are leaking RFC 1918 answers. I would close off the leak by
using views or different nameservers for your machines.
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Your mouse has moved. Windows NT will now restart for changes to take
> to take effect. [OK]
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list