On Fri, Jun 03, 2011 at 03:09:13PM -0700,
Sri Harsha Yalamanchili <har...@thought-matrix.com> wrote
a message of 145 lines which said:
> o query-source address X.X.X.X port 53;
That's typically a very bad idea because it makes the source port
predictable and therefore makes you much more vulnerable to the
Kaminsky vulnerability.
> forwarders {
> 66.7.224.17; //Telepacific's DNS server
> };
Did you try this forwarder with, for instance, dig? Does it really
work?
> * The whois lookup works as long as we're telepacific's dns
> server.
I don't really understand the sentence but, anyway, remember that
whois and DNS are two different and unrelated protocols. I suggest to
debug them separately.
> We can clearly see that the queries are going out from the query
> log.
BIND logs the outgoing queries? I didn't know. Anyway, I suggest using
tcpdump to see what is really going in and out.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
