BIND Security question

Barry Margolin barmar at bbnplanet.com
Tue Mar 7 15:55:07 UTC 2000


In article <002501bf884c$226f1320$1600a8c0 at bambam>,
Robert Everland III <reverland at orlando.com> wrote:
>	Ok the idiots at my ISP are screwing up so many things with my DNS. They
>keep telling me that because they try to run queries on my DNS and it gives
>them the root servers there is something wrong with it. I say it's because I
>put security on my DNS server following the presentation on acmebw.com. Who
>is right? My DNS is NS1.ORLANDO.COM and a domain I have running on it is
>floridatennis.com. I am using Bind 4.9.7 now.

If you're the registered server for a domain, you can't use security
features to block queries in that domain.  You *want* people to access your
server.

However, I have no idea what they're talking about.  I have no problem
querying your server:

% dig floridatennis.com any @ns1.orlando.com +norecurse

; <<>> DiG 2.2 <<>> floridatennis.com any @ns1.orlando.com +norecurse 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa; Ques: 1, Ans: 5, Auth: 2, Addit: 0
;; QUESTIONS:
;;	floridatennis.com, type = ANY, class = IN

;; ANSWERS:
floridatennis.com.	86400	SOA	ns1.orlando.com. webmaster.orlando.com. (
			2000020902	; serial
			10800	; refresh (3 hours)
			3600	; retry (1 hour)
			604800	; expire (7 days)
			86400 )	; minimum (1 day)
floridatennis.com.	86400	NS	ns1.orlando.com.
floridatennis.com.	86400	NS	ns2.orlando.com.
floridatennis.com.	86400	MX	10 mail.orlando.com.
floridatennis.com.	86400	A	216.53.187.176

;; AUTHORITY RECORDS:
floridatennis.com.	86400	NS	ns1.orlando.com.
floridatennis.com.	86400	NS	ns2.orlando.com.

;; Total query time: 85 msec
;; FROM: tools to SERVER: ns1.orlando.com  216.53.187.189
;; WHEN: Tue Mar  7 10:52:58 2000
;; MSG SIZE  sent: 35  rcvd: 193

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.



More information about the bind-users mailing list