BIND Security question
barmar at bbnplanet.com
Tue Mar 7 17:46:31 UTC 2000
In article <002901bf884f$502a0bf0$1600a8c0 at bambam>,
Robert Everland III <reverland at orlando.com> wrote:
>ok sorry let me clear up my problem more. I use 4.9.7 becuase 8.2.2 p5 for
>NT has a bug. It takes the lowest ip on the machine and will only use that
>one ip no others no matter what you do. Now what my ISP keeps telling me is
>becuase they are querying my DNS server for domains not on my server and
>getting a list of root servers is becuase I have misconfigured my DNS. What
>I tell them is the security I have makes it so they can't query any domain
>names NOT on my server. when they query a domain on my server it gives them
>an answer but not if they want to randomly check a domain name. So my domain
>server NS1.ORLANDO.COM is the DNS server and a domain on there
>floridatennis.com is on there so you can check that you can get a domain on
>there but can't check domains not on there. Thanks for any help you guys can
Your ISP is being idiots. If your server is not intended to be used as a
resolver, there's no reason why anyone would need to query your server to
look up things outside the domains you're hosting.
I wonder how you configured this security, though. I don't think BIND 4
had anything like this. With BIND 8 you would use the allow-query or
allow-recursion options, but the resulting behavior would be different (the
response wouldn't contain the root server list).
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users