is there someway to alleviate this? On 8/23/12, Manson, John <john.man...@mail.house.gov> wrote: > Good explanation of Service Discovery: > http://www.dns-sd.org/ > > Also, Bonjour is a big offender: > http://en.wikipedia.org/wiki/Bonjour_%28software%29 > A lot of Apple apps use it like itunes. > > -----Original Message----- > From: bind-users-bounces+john.manson=mail.house....@lists.isc.org > [mailto:bind-users-bounces+john.manson=mail.house....@lists.isc.org] On > Behalf Of bind-users-requ...@lists.isc.org > Sent: Thursday, August 23, 2012 8:00 AM > To: bind-users@lists.isc.org > Subject: bind-users Digest, Vol 1292, Issue 1 > > Send bind-users mailing list submissions to > bind-users@lists.isc.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/bind-users > or, via email, send a message with subject or body 'help' to > bind-users-requ...@lists.isc.org > > You can reach the person managing the list at > bind-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > > 1. Question about connections to BIND and tcp 443 (Moore, Mark A.) > 2. Re: Question about connections to BIND and tcp 443 (SM) > 3. Re: Question about connections to BIND and tcp 443 (Adam Tkac) > 4. Re: Question about connections to BIND and tcp 443 (Jan-Piet Mens) > 5. What can cause excessive amount of _dns-sd queries? (Eivind Olsen) > 6. Re: What can cause excessive amount of _dns-sd queries? > (Torsten Segner) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 22 Aug 2012 08:38:18 -0600 > From: "Moore, Mark A." <mmo...@osmre.gov> > To: "bind-users@lists.isc.org" <bind-users@lists.isc.org> > Subject: Question about connections to BIND and tcp 443 > Message-ID: > > <600147d5023cd8459b2a5d2861ccf9ee42c88fb...@iesdenrexmb05.eis.doi.net> > Content-Type: text/plain; charset="us-ascii" > > Good afternoon. We are currently running BIND on our RHEL 5.x servers and > see connection attempts from our internal clients to the BIND on tcp 443. > They are currently being block from connecting to 443 since these servers > are only DNS. Is there any reason for clients to connect to tcp 443 for any > type of DNS resolution? Just want to confirm before I dig deeper into this > issue. > > Thx in advance for any assistance provided. > > Mark > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <https://lists.isc.org/pipermail/bind-users/attachments/20120822/179af608/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Wed, 22 Aug 2012 08:06:15 -0700 > From: SM <s...@resistor.net> > To: "Moore, Mark A." <mmo...@osmre.gov> > Cc: bind-users@lists.isc.org > Subject: Re: Question about connections to BIND and tcp 443 > Message-ID: <6.2.5.6.2.20120822080430.09244...@resistor.net> > Content-Type: text/plain; charset="us-ascii"; format=flowed > > At 07:38 22-08-2012, Moore, Mark A. wrote: >>from connecting to 443 since these servers are only DNS. Is there >>any reason for clients to connect to tcp 443 for any type of DNS >>resolution? Just want to confirm before I dig deeper into this issue. > > No. > > Regards, > -sm > > > > ------------------------------ > > Message: 3 > Date: Wed, 22 Aug 2012 11:31:51 -0400 > From: Adam Tkac <at...@redhat.com> > To: "Moore, Mark A." <mmo...@osmre.gov> > Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org> > Subject: Re: Question about connections to BIND and tcp 443 > Message-ID: <20120822153150.ga21...@redhat.com> > Content-Type: text/plain; charset=us-ascii > > On Wed, Aug 22, 2012 at 08:38:18AM -0600, Moore, Mark A. wrote: >> Good afternoon. We are currently running BIND on our RHEL 5.x servers and >> see connection attempts from our internal clients to the BIND on tcp 443. >> They are currently being block from connecting to 443 since these servers >> are only DNS. Is there any reason for clients to connect to tcp 443 for >> any type of DNS resolution? Just want to confirm before I dig deeper into >> this issue. >> >> Thx in advance for any assistance provided. >> >> Mark > > If some of your clients use dnssec-trigger for DNSSEC setup > (http://www.nlnetlabs.nl/projects/dnssec-trigger), it can probe your server > for "DNS-over-SSL". Check dnssec-trigger overview, section "How does it > work" for more details. > > Note this doesn't mean you should allow connections to port 443. > > Regards, Adam > > -- > Adam Tkac, Red Hat, Inc. > > > ------------------------------ > > Message: 4 > Date: Wed, 22 Aug 2012 19:27:23 +0200 > From: Jan-Piet Mens <jpmens....@gmail.com> > To: bind-users@lists.isc.org > Subject: Re: Question about connections to BIND and tcp 443 > Message-ID: <20120822172723.ga81...@jmbp.ww.mens.de> > Content-Type: text/plain; charset=us-ascii > >> They are currently being block from connecting to 443 since these >> servers are only DNS. Is there any reason for clients to connect to >> tcp 443 for any type of DNS resolution? > > Sounds a bit as though your clients think the BIND box is a HTTP origin > server... I'd look into what programs they're running and how those are > configured. Other than that, no: there is no reason for a typical DNS > client to attempt TCP/443 unless your clients are running dnssec-trigger > [1] > > -JP > > [1] http://www.nlnetlabs.nl/projects/dnssec-trigger/ > > > ------------------------------ > > Message: 5 > Date: Thu, 23 Aug 2012 13:43:32 +0200 > From: "Eivind Olsen" <eiv...@aminor.no> > To: bind-users@lists.isc.org > Subject: What can cause excessive amount of _dns-sd queries? > Message-ID: > <f1b6bb7cae5eb19a9c6014f2898661e7.squir...@webmail.aminor.no> > Content-Type: text/plain;charset=iso-8859-1 > > Hello. > > I haven't seen this before.. I'm currently seeing someone (1 ip address) > do about 2.1 million queries / hour where a majority of the queries seem > to be: > > b._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR + > db._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR + > r._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR + > talk.l.google.com IN A + > gmail-pop.l.google.com IN A + > gmail-imap.l.google.com IN A + > > ...and similar variations of these. > > Have any of you seen something like this before? > > Regards > Eivind Olsen > > > > > ------------------------------ > > Message: 6 > Date: Thu, 23 Aug 2012 13:58:57 +0200 > From: Torsten Segner <tors...@segner.eu> > To: bind-users@lists.isc.org > Subject: Re: What can cause excessive amount of _dns-sd queries? > Message-ID: > <20120823135857.5f1cc...@hp-tsegner.adoffice.local.de.easynet.net> > Content-Type: text/plain; charset=US-ASCII > > Am Thu, 23 Aug 2012 13:43:32 +0200 > schrieb "Eivind Olsen" <eiv...@aminor.no>: > >> Hello. >> >> I haven't seen this before.. I'm currently seeing someone (1 ip address) >> do about 2.1 million queries / hour where a majority of the queries seem >> to be: >> >> b._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR + >> db._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR + >> r._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR + >> talk.l.google.com IN A + >> gmail-pop.l.google.com IN A + >> gmail-imap.l.google.com IN A + >> >> ...and similar variations of these. >> >> Have any of you seen something like this before? >> > > > Hi Eivind, > > these seem to be DNS Service Discovery requests and yes, we see loads of > them on our servers. > > > http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt > > > > Ciao > Torsten > > > ------------------------------ > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > End of bind-users Digest, Vol 1292, Issue 1 > ******************************************* > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
