How 2 stop unapproved updates?

mycos at my-deja.com mycos at my-deja.com
Mon Apr 17 18:39:12 UTC 2000


In article <006101bfa891$e00b1450$7cc2a8ce at WALTERB>,
  "Cricket Liu" <cricket at acmebw.com> wrote:
> > How do I keep the following from happening?  Is there a port I can
block?
> > What effect does the following have on my DNS?
>
> See http://www.acmebw.com/askmrdns/bind-messages.htm#idx_u.

I didn't find the answer there as to which port is used... I've looked
for this information as well. In fact, RFC 2136 (someone correct me if
that's not the latest/best RFC for DDNS stuff) doesn't mention a port
number anywhere that I can find, so my guess is that it's all happening
over 53 (or whatever is specified in named.conf).

My understanding is that by default queries happen over udp/53 and
xfers over tcp/53. So lacking any other easy answers I ran tcpdump and
tried an update (from .1 to .69 as shown below, this is _only_ UDP)

192.168.1.1.1079 > 192.168.1.69.53: 28553 op5 [1n] SOA?
bogustestdomain.com. (52)
EPq|575<Po(bogustestdomaincomrecord?

192.168.1.69.53 > 192.168.1.1.1079: 28553 op5 Refused 0/1/0 (52)
EP'z57<obogustestdomaincomrecord?

So I think that the short answer to the question "Can I block DDNS
updates at the port level" is no, not if you want your server to still
answer regular queries on udp 53.

mYcos





Sent via Deja.com http://www.deja.com/
Before you buy.



More information about the bind-users mailing list