testing vulnerability against secondary NS
Barry Margolin
barmar at alum.mit.edu
Tue Aug 12 01:04:05 UTC 2008
In article <g7qi0d$6cj$1 at sf1.isc.org>,
"Chris Henderson" <henders254 at gmail.com> wrote:
> I am testing the recent DNS vulnerability against my secondary name server
> from my local machine
> ("dig @<ip_of_nameserver> +short porttest.dns-oarc.net TXT" and also
> "nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net.")
>
> But strangely it is giving me the result of my primary name server! Every time
> I try to query, it gives me back my primary name server's result. I also tried
> doxpara.com and https://www.dns-oarc.net/oarc/services/dnsentropy
>
> My local machine's /etc/resolv.conf has only one nameserver entry - my
> secondary name server.
>
> Also, if I try to resolve a hostname I can query my secondary name server and
> get the answer back. So I know my secondary name server is working.
Are you sure your secondary server isn't forwarding to the primary?
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list