In message <20120405090858.ga29...@fantomas.sk>, Matus UHLAR - fantomas writes:
our customer (an ISP) reported that his clients have problems resolving
sites like facebook, youtube, aplestores and that the problems only
affect apple computers.
I notice many requests for dns service discovery:
Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844:
query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019:
query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647:
query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
these requests are denied, because we use private IPS from those ranges
and I don't want to make them available for users.
Can these requests cause resolving problems on Apple computers?
On 06.04.12 08:09, Mark Andrews wrote:
Well you are leaking RFC 1918 answers. I would close off the leak by
using views or different nameservers for your machines.
I am leaking? :) I am not. client is sending requests and I am denying
them. I have in plan to move those zones to different servers to avoid
this problem, and clients will get empty results.
I was curious if these can't cause the problem reported by user,
however it appears not to be the source of it. I'll have to dig
further.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
