Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Jan 2000 11:54:51 -0500
From:      Chris Johnson <cjohnson@palomine.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: Continual DNS requests from mysterious IP
Message-ID:  <20000129115451.A14160@palomine.net>
In-Reply-To: <13429.949164414@critter.freebsd.dk>; from Poul-Henning Kamp on Sat, Jan 29, 2000 at 05:46:54PM %2B0100
References:  <200001290842460680.22E3EFC9@quaggy.ursine.com> <13429.949164414@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Jan 29, 2000 at 05:46:54PM +0100, Poul-Henning Kamp wrote:
> In message <200001290842460680.22E3EFC9@quaggy.ursine.com>, "Michael Bryan" wri
> tes:
> >
> >
> >On 1/29/00 at 8:34 AM Samara McCord wrote:
> >
> >>But this also brings up my other
> >>point.  Correct me if I'm wrong, but my DNS servers shouldn't ever have
> >>to deliver the MX records for aol.com (or any domain for which I don't
> >>serve), except to my own internal machines and for my own customers, right?
> >
> >If somebody has manually setup their system to use you as a DNS resolver,
> >then you will get packets for any and all DNS requests they make, no matter
> >where they are on the Internet.  Not a very smart way to do things, mind
> >you, but I've seen it before, usually from customers of mine who moved a
> >computer from work or another ISP and kept their old DNS settings.  I don't
> >think that's what's going on in your case, though...
> 
> Tell named to only recurse for your own IP range (takes code hacking).

Or use dnscache/tinydns instead of named. It's new, written by Dan Bernstein
(the author of qmail), and it'll give you control over who gets to request what
from your name servers.  It's also small, secure, simple, etc., like qmail is.
I'm completely BIND-free now, and haven't had any problems whatsoever.

http://cr.yp.to/dnscache.html

Chris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000129115451.A14160>