Apple OS and DNS resolution (._dns-sd.udp. requests)
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Apr 5 22:18:36 UTC 2012
>In message <20120405090858.GA29261 at fantomas.sk>, Matus UHLAR - fantomas writes:
>> our customer (an ISP) reported that his clients have problems resolving
>> sites like facebook, youtube, aplestores and that the problems only
>> affect apple computers.
>>
>> I notice many requests for dns service discovery:
>>
>> Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844:
>> query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>> Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019:
>> query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>> Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647:
>> query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>>
>> these requests are denied, because we use private IPS from those ranges
>> and I don't want to make them available for users.
>>
>> Can these requests cause resolving problems on Apple computers?
On 06.04.12 08:09, Mark Andrews wrote:
>Well you are leaking RFC 1918 answers. I would close off the leak by
>using views or different nameservers for your machines.
I am leaking? :) I am not. client is sending requests and I am denying
them. I have in plan to move those zones to different servers to avoid
this problem, and clients will get empty results.
I was curious if these can't cause the problem reported by user,
however it appears not to be the source of it. I'll have to dig
further.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
More information about the bind-users
mailing list