Apple OS and DNS resolution (._dns-sd.udp. requests)

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Apr 5 22:18:36 UTC 2012


>In message <20120405090858.GA29261 at fantomas.sk>, Matus UHLAR - fantomas writes:
>> our customer (an ISP) reported that his clients have problems resolving
>> sites like facebook, youtube, aplestores and that the problems only
>> affect apple computers.
>>
>> I notice many requests for dns service discovery:
>>
>> Apr  5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844:
>>  query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>> Apr  5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019:
>>  query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>> Apr  5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647:
>>  query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
>>
>> these requests are denied, because we use private IPS from those ranges
>> and I don't want to make them available for users.
>>
>> Can these requests cause resolving problems on Apple computers?

On 06.04.12 08:09, Mark Andrews wrote:
>Well you are leaking RFC 1918 answers.  I would close off the leak by
>using views or different nameservers for your machines.

I am leaking? :) I am not. client is sending requests and I am denying 
them. I have in plan to move those zones to different servers to avoid 
this problem, and clients will get empty results.

I was curious if these can't cause the problem reported by user, 
however it appears not to be the source of it. I'll have to dig 
further.


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)



More information about the bind-users mailing list