Inside and Outside Views

Martin McCormick martin at dc.cis.okstate.edu
Sun May 27 01:26:39 UTC 2001


	I have now set our master and slave dns's so that clients
outside of our networks can only use our name servers for lookups
within our domains.  Insiders get the whole functionality they
have always had.  As much as I can tell, things are working
exactly as desired but I am amazed at the number of hosts we are
refusing to service, now.  Why would so many different hosts be
doing foreign lookups through our name servers?  I have not
received any complaints, yet, but I am sure we will hear from
somebody.  I did reverse lookups on all the IP numbers we
captured over a day and I see hosts from all parts of the world
plus all domains in use.

	I think that shutting off the free dns ride for spammers
and hackers is a good thing, but many of these domains look
perfectly normal and I can't understand why in the world they
aren't using their own dns's.

	We announced the planned change to the university
community several days ago, but some folks are getting a rude
shock today.  If there is a good reason for the traffic, I am
willing to give this up as a good idea gone wrong, but if there
are that many broken clients out there, we need to stand firm but
be helpful as it seems that a lot of this traffic is probably the
result of human error in configuration files.

Martin McCormick WB5AGZ  Stillwater, OK 
OSU Center for Computing and Information Services Data Communications Group


More information about the bind-users mailing list