Accuracy of DNSStuff reports
Stephen John Smoogen
smooge at gmail.com
Tue Nov 28 20:53:40 UTC 2006
On 11/28/06, Barry Margolin <barmar at alum.mit.edu> wrote:
> In article <ekgq85$2dbm$1 at sf1.isc.org>, Res <res at ausics.net> wrote:
>
> > On Mon, 27 Nov 2006, Barry Margolin wrote:
> >
> > > My personal bugaboo with DNSReport is the red FAIL it reports for open
> > > recursive servers. While it's certainly a bad idea for authoritative
> >
> > Actually I think it;s good idea, it alerts the admin who set it up they
> > are open to exploitation and abuse.
>
> So make it a warning.
>
> The problem is that it confuses OTHER people who are trying to
> troubleshoot problems accessing the domain. They see the big red FAIL
> and think that it's due to the DNS misconfiguration.
>
Well it all depends on the point of view. After finding out that some
spambot net is using your servers for DNS AND backdoor commands AND
using up your bandwidth to do so.. it might want to be looked as a Red
these days.
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the bind-users
mailing list