In message <20120405090858.ga29...@fantomas.sk>, Matus UHLAR - fantomas writes: > Hello, > > our customer (an ISP) reported that his clients have problems resolving > sites like facebook, youtube, aplestores and that the problems only > affect apple computers. > > I notice many requests for dns service discovery: > > Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844: > query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied > Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019: > query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied > Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647: > query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied > > these requests are denied, because we use private IPS from those ranges > and I don't want to make them available for users. > > Can these requests cause resolving problems on Apple computers?
Well you are leaking RFC 1918 answers. I would close off the leak by using views or different nameservers for your machines. > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Your mouse has moved. Windows NT will now restart for changes to take > to take effect. [OK] > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
