FW: Blocking invalid DNS requests

Simon Waters Simon at wretched.demon.co.uk
Wed Jun 27 20:08:22 UTC 2001


Ed Davidson wrote:
> 
> I am seeing traffic that should be going to a WINS server coming into my BIND server.

You probably have clients using NetBios over TCPIP.
 
> As and example, I see requests for SERVER1.
> 
> Obviously this is not a valid DNS request, however my BIND server goes ahead and passes
> it onto the ROOT server, which denys the request.

This is the correct behaviour for the DNS server if it
receives a request for which it doesn't know the answer.

Assuming it has negative caching enabled you should not pass
on too many requests to the root nameservers.
 
> How do I stop these requests at my DNS server, so that they don't get forwarded to the ROOT
> server?

I guess you could delegate a zone "SERVER1" - but I don't
think you want to do that.

>  I can't keep the users from making these requests

Hmm well presumably someone is responsible for the correct
configuration of your Windows systems?! I mean they clearly
want to talk to server1 for a purpose?! If your using DHCP
it is probably a one line change (Followed by hundreds of
reboots *8-)

> and I find that allowing my DNS
> server to query WINS doesn't help either.  I am running a port of BIND 8.2.x.

I wasn't aware that BIND could query WINS servers, must be
an unusual port. Are you sure you aren't just adding in
pointless WINS records? 

I know some 3rd party versions of BIND support WINS, however
the clients would still have to have the correct domain
information for the DNS server to know which WINS server to
query. Sounds like one for "desktop support" to me.
 
	HTH

	Simon
-- 
Simon Waters
Are you using the Internet to best effect ?
www.eighth-layer.com
Tel: +44(0)1395 232769      ICQ: 116952768
Moderated discussion of teleworking issues at
news:uk.business.telework


More information about the bind-users mailing list