DNSSEC and secondary DNS servers
@lbutlr
kremels at kreme.com
Sat Sep 8 17:36:16 UTC 2018
On 08 Sep 2018, at 09:59, Niall O'Reilly <niall.oreilly at ucd.ie> wrote:
> On 8 Sep 2018, at 14:58, @lbutlr wrote:
>
>> so I think there must be something else.
>
> You might need to so some other housekeeping:
>
> https://zonemaster.net/domain_check
> http://dnsviz.net/d/covisp.net/dnssec/
Oh, well, that is interesting. I though Bind always listened on port 53 for both TCP/UDP.
# sockstat -4 -l | grep :53
bind named 48714 21 tcp4 65.121.55.42:53 *:*
bind named 48714 23 tcp4 127.0.0.1:53 *:*
bind named 48714 512 udp4 65.121.55.42:53 *:*
bind named 48714 513 udp4 65.121.55.42:53 *:*
bind named 48714 514 udp4 65.121.55.42:53 *:*
bind named 48714 518 udp4 127.0.0.1:53 *:*
bind named 48714 519 udp4 127.0.0.1:53 *:*
bind named 48714 520 udp4 127.0.0.1:53 *:*
And there’s nothing interesting in pfctl
# pfctl -s rules
block drop in quick on em0 from <sshguard> to any label "sshguardblock"
block drop in quick on em0 from <badguys> to any
pass in quick on em0 proto tcp from <goodguys> to (em0) port = ssh flags S/SA keep state
pass in on em0 proto tcp from any to (em0) port = ssh flags S/SA keep state (source-track rule, max-src-conn 5, max-src-conn-rate 4/300, overload <badguys> flush global, src.track 300)
--
Man is born free, but is everywhere in chains.
More information about the bind-users
mailing list