From owner-freebsd-questions  Wed Feb  2 21:39:45 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.rdc2.bc.home.com (ha1.rdc2.bc.wave.home.com [24.2.10.68])
	by builder.freebsd.org (Postfix) with ESMTP id DC68842CF
	for <freebsd-questions@FreeBSD.ORG>; Wed,  2 Feb 2000 21:39:41 -0800 (PST)
Received: from home.com ([24.64.219.211]) by mail.rdc2.bc.home.com
          (InterMail v4.01.01.00 201-229-111) with ESMTP
          id <20000203051445.WJLB15971.mail.rdc2.bc.home.com@home.com>
          for <freebsd-questions@FreeBSD.ORG>;
          Wed, 2 Feb 2000 21:14:45 -0800
Message-ID: <38990F7A.EA3A7E68@home.com>
Date: Wed, 02 Feb 2000 21:17:47 -0800
From: Leo Ford <lford@home.com>
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: why are they hitting my DNS?
References: <4.2.0.58.20000202000447.009ac280@mail>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Zone masters will want to talk to the root name servers (in named.root for zone
".")  Changing the type from master to slave (for bind 8.x) will keep it from
initiating the conversation ... unless you have registered your own domain.

Leo

Joe Bo wrote:

> Hi,
>
> I have a fairly typical (?) setup with a FreeBSD v3.2 server being the
> gateway and firewall of a private net of Windows PCs, using natd, two
> network cards, one public ip and a private ip network. I just say ip
> instead of ip address, but you know.. ;-)
>
> in /etc/namedb/named.conf I have:
>          forwarders {
>                  <upstream_DNS_1_ip>; <upstream_DNS_2_ip>;
>          };
> everything else is pretty much commented out
>
> in /etc/namedb/localhost.rev is
> @       IN      SOA     <my_host_name>. root.<my_host_name>.  (
>                                  19990924        ; Serial
>                                  3600    ; Refresh
>                                  900     ; Retry
>                                  3600000 ; Expire
>                                  3600 )  ; Minimum
>          IN      NS      <my_host_name>.
> 1       IN      PTR     localhost.<my_host_name>.
> (this was an autogenerated file).
>
> /etc/resolv.conf has
>     nameserver      127.0.0.1
>
> /etc/rc. has
>    named_enable="YES"  # Run named, the DNS server (or NO).
>
> and ipfw shows
>
> allow udp from <upstream_DNS_1_ip> 53 to <my_host_public_ip>
> allow udp from <upstream_DNS_2_ip> 53 to <my_host_public_ip>
> allow udp from <my_host_public_ip> to any 53
> allow udp from any to <my_host_private_ip> 53 in recv ed0
> allow udp from <my_host_private_ip> 53 to any out xmit ed0
> where ed0 is my private net ethernet card
> and <my_host_private_ip> is the ip associated with that card.
> All the PCs only know <my_host_private_ip>, they don't know or use the
> <my_host_public_ip> or <upstream_DNS_ip>. Anything not specifically allowed
> is denied.
>
> Anyway, all this works really well. Except, I log all failed accesses and
> every once in a while I get an awful lot of hits on my public ip port 53.
> They seem to come in batches every 10 minutes or so, with lots of different
> ip s. This doesn't happen every day, just on occasion. I would like to
> know, is this some kind of probe, or is it possible that I am inviting this
> access because I don't have my DNS set up correctly and I'm advertising or
> something?
>
> Thank you to anyone who can provide any insight,
>
> Joe
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message