BIND Security question
Barry Margolin
barmar at bbnplanet.com
Tue Mar 7 15:55:07 UTC 2000
In article <002501bf884c$226f1320$1600a8c0 at bambam>,
Robert Everland III <reverland at orlando.com> wrote:
> Ok the idiots at my ISP are screwing up so many things with my DNS. They
>keep telling me that because they try to run queries on my DNS and it gives
>them the root servers there is something wrong with it. I say it's because I
>put security on my DNS server following the presentation on acmebw.com. Who
>is right? My DNS is NS1.ORLANDO.COM and a domain I have running on it is
>floridatennis.com. I am using Bind 4.9.7 now.
If you're the registered server for a domain, you can't use security
features to block queries in that domain. You *want* people to access your
server.
However, I have no idea what they're talking about. I have no problem
querying your server:
% dig floridatennis.com any @ns1.orlando.com +norecurse
; <<>> DiG 2.2 <<>> floridatennis.com any @ns1.orlando.com +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa; Ques: 1, Ans: 5, Auth: 2, Addit: 0
;; QUESTIONS:
;; floridatennis.com, type = ANY, class = IN
;; ANSWERS:
floridatennis.com. 86400 SOA ns1.orlando.com. webmaster.orlando.com. (
2000020902 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (7 days)
86400 ) ; minimum (1 day)
floridatennis.com. 86400 NS ns1.orlando.com.
floridatennis.com. 86400 NS ns2.orlando.com.
floridatennis.com. 86400 MX 10 mail.orlando.com.
floridatennis.com. 86400 A 216.53.187.176
;; AUTHORITY RECORDS:
floridatennis.com. 86400 NS ns1.orlando.com.
floridatennis.com. 86400 NS ns2.orlando.com.
;; Total query time: 85 msec
;; FROM: tools to SERVER: ns1.orlando.com 216.53.187.189
;; WHEN: Tue Mar 7 10:52:58 2000
;; MSG SIZE sent: 35 rcvd: 193
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list