Bind9 Random Whois and Dig Fails
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Jun 7 14:57:58 UTC 2011
On Fri, Jun 03, 2011 at 03:09:13PM -0700,
Sri Harsha Yalamanchili <harsha at thought-matrix.com> wrote
a message of 145 lines which said:
> o query-source address X.X.X.X port 53;
That's typically a very bad idea because it makes the source port
predictable and therefore makes you much more vulnerable to the
Kaminsky vulnerability.
> forwarders {
> 66.7.224.17; //Telepacific's DNS server
> };
Did you try this forwarder with, for instance, dig? Does it really
work?
> * The whois lookup works as long as we're telepacific's dns
> server.
I don't really understand the sentence but, anyway, remember that
whois and DNS are two different and unrelated protocols. I suggest to
debug them separately.
> We can clearly see that the queries are going out from the query
> log.
BIND logs the outgoing queries? I didn't know. Anyway, I suggest using
tcpdump to see what is really going in and out.
More information about the bind-users
mailing list