DNS problem - please help! {Scanned}

SW wppiphoto at wppi.com
Wed Dec 31 15:14:24 UTC 2003


The only thing I can see in /var/log/messages for named is the following:

Dec 31 08:07:07 ns1 named[4862]: denied query from [199.165.157.121].32839
for "wppi.com" IN
Dec 31 08:07:43 ns1 named[4862]: denied query from [205.189.41.5].1025 for
"mcbc-dc.org" IN
Dec 31 08:07:45 ns1 named[4862]: denied query from [192.139.81.6].1024 for
"mcbc-dc.org" IN
Dec 31 08:12:44 ns1 named[4862]: denied query from [205.189.41.25].33410 for
"mcbc-dc.org" IN
Dec 31 08:13:30 ns1 named[4862]: denied query from [64.241.242.56].51720 for
"ns1.wppi.net" IN
Dec 31 08:13:30 ns1 named[4862]: denied query from [64.241.242.56].51720 for
"ns2.wppi.net" IN
Dec 31 08:13:30 ns1 named[4862]: denied query from [64.241.242.56].51720 for
"ns1.wppi.net" IN
Dec 31 08:13:30 ns1 named[4862]: denied query from [64.241.242.56].51720 for
"ns2.wppi.net" IN
Dec 31 08:13:37 ns1 named[4862]: denied query from [64.241.242.55].57652 for
"www.wppi.com" IN
Dec 31 08:20:29 ns1 named[4862]: denied query from [209.137.160.2].44144 for
"wppi.com" IN
Dec 31 08:20:29 ns1 named[4862]: denied query from [209.137.160.2].51651 for
"mail.wppi.com" IN
Dec 31 08:20:38 ns1 named[4862]: denied query from [209.137.160.3].12782 for
"wppi.com" IN
Dec 31 08:33:56 ns1 named[4862]: denied query from [207.67.140.58].1263 for
"wppi.com" IN
Dec 31 08:41:34 ns1 named[4862]: denied query from [209.124.86.130].60561
for "mail.wppi.com" IN
Dec 31 08:41:44 ns1 named[4862]: denied query from [209.124.86.130].15340
for "mail.wppi.com" IN
Dec 31 08:41:44 ns1 named[4862]: denied query from [209.124.86.130].46902
for "mail.wppi.com" IN
Dec 31 08:44:14 ns1 named[4862]: denied query from [80.0.70.57].55229 for
"mcbc-dc.org" IN
Dec 31 08:55:58 ns1 named[4862]: denied query from [207.67.140.58].1263 for
"wppi.com" IN
Dec 31 08:57:46 ns1 named[4862]: denied query from [209.154.198.82].1369 for
"ns2.wppi.net" IN
Dec 31 08:58:56 ns1 named[4862]: denied query from [209.154.198.82].1369 for
"ns1.wppi.net" IN
--------------
The denied query above are due to adding the allow-query directive in
/etc/named.conf:

options {
        directory "/etc/named";
        allow-recursion { xxx.xxx.xxx.xx/27; localhost; };
        allow-query { xxx.xxx.xxx.xx/27; localhost; };
        version "WPPi Name Server - NA";
        allow-transfer { xxx.xxx.xxx.xx; };
-----------
xxx.xxx.xxx.xx a bove is our ip block
----------
We added the allow-query option after running a security check which
recommened we add 'allow-recursion' and 'allow-query' to bind to prevent
various vulabilities. But I thought these changes will still allow users to
get dns info for mail and httpd info, etc.

Thanks,

SW

----- Original Message ----- 
From: "Pete Ehlke" <pde at ehlke.net>
To: "SW" <wppiphoto at wppi.com>
Cc: <bind-users at isc.org>
Sent: Wednesday, December 31, 2003 9:58 AM
Subject: Re: DNS problem - please help! {Scanned}


On Wed, Dec 31, 2003 at 09:45:30AM -0500, SW wrote:
> KB,
>
> It doesn't work for other domains which the dns server is authortative
which
> don't have hyphen. What's making this problem even more diffucult to
narrow
> down is that if I try to resolve domains which this dns server keeps
records
> for that some domains resolve and others don't.
>
Well, of your two name servers, one is not responding at all, and the
other is refusing queries:

ucan[~]$ dig mcbc-dc.org ns @ns1.wppi.net.

; <<>> DiG 9.2.2rc1 <<>> mcbc-dc.org ns @ns1.wppi.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 60940
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mcbc-dc.org.                   IN      NS

;; Query time: 93 msec
;; SERVER: 68.166.149.45#53(ns1.wppi.net.)
;; WHEN: Wed Dec 31 06:54:16 2003
;; MSG SIZE  rcvd: 29

ucan[~]$ ^1^2
dig mcbc-dc.org ns @ns2.wppi.net.

; <<>> DiG 9.2.2rc1 <<>> mcbc-dc.org ns @ns2.wppi.net.
;; global options:  printcmd
;; connection timed out; no servers could be reached
ucan[~]$


Makes it pretty hard to resolve mcbc-dc.org.

Fix the packet filter or routing problem with ns2.wppi.net so that
queries can actually get to it, then allow the world to query your
zones. What does named.conf look like on ns1?

-Pete

-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------




-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------



More information about the bind-users mailing list