I need help?????? dns and nslookup

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Oct 10 12:22:15 UTC 2001 

> please help, when trying to use nslookup on my gauntlet(sun-ux) firewall,
> its default server is pointed to an internal HP-ux box. however I get this
> error
> 
> bash-2.02# nslookup
> 
> *** Can't find server name for address 204.222.186.50: Server failed
> 
> *** Default servers are not available
> 
> my question is where on my sun box do I configure where do I need to edit
> for nslookup to go somewhere else. any help would be greatly appreciated.

	The nameserver at 204.222.186.50 cannot map its IP address back
	into a name.  Looks like there isn't a PTR record.

; <<>> DiG 8.3 <<>> -x ptr 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;	50.186.222.204.in-addr.arpa, type = PTR, class = IN

;; AUTHORITY SECTION:
222.204.in-addr.arpa.	2h59m7s IN SOA	AAA-VIENNA.NIPR.MIL. HOSTMASTER.NIC.MIL. (
					2001100900	; serial
					3H		; refresh
					15M		; retry
					1W		; expiry
					1D )		; minimum


;; Total query time: 1 msec
;; FROM: drugs.dv.isc.org to SERVER: default -- 127.0.0.1
;; WHEN: Wed Oct 10 22:10:32 2001
;; MSG SIZE  sent: 45  rcvd: 115

> 
> also I get this error on my firewall logs. the from is my internal dns box,
> going to the inside interface of my firewall. does anyone know how to
> eliminate this. I am running bind 8.3
> 
> thanks for your help
> 
>  
> 
> Oct 10 08:19:17 thames.naveur.navy.smil.mil unix: securityalert: udp if=hme1
> from 204.222.186.50:53 to 204.222.186.114 on unserved port 61416
	
	This is a reply from your nameserver.  Either block the original
	query or don't bother logging / blocking the response.  A stateful
	firewall is useful to use with udp clients.

	Note: A good firewall will only allow out what it will allow responses
	to back in.

	Mark
> 
>  
> IT1(SW) David R. Turner
> Information Systems Security Advisor
> Ext. 4398
> Comm: +44 (0)207-514-4398 
> Fax: +44 (0) 207-514-4106 
> Email: Unclas:  <mailto:cnen653h at naveur.navy.mil> cnen653h at naveur.navy.mil 
> Siper:  <mailto:cnen653h at naveur.navy.smil.mil> cnen653h at naveur.navy.smil.mil
> "Failure? I never encountered it. All I ever met were temporary setbacks."
> -Dottie Walters
> 
>  
> 
> 
> -- Binary/unsupported file stripped by Listar --
> -- Type: application/octet-stream
> -- File: Turner, David R IT1 (CNE N653H).vcf
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list