You could always firewall out port 53 on your external interface. On Sat, Nov 03, 2001 at 01:56:34PM -0500, Thedore Knab wrote: > It has recently came to my attention that anyone can use our company's > nameservers. > > I recently setup my home machine to use the company's nameserver to confirm > this. > > I was wondering if there was anyway to prevent people from using our > company's NS for their personal servers ? > > Would the extra traffic generated cause any problems on our network that I > may not be aware of ? > > ------------------------------------------------ > Test Confirmation that our NS is open to world: | > ------------------------------------------------ > > ----------------------- > Step one: lookup name | > ----------------------- > > mylinux machine$ whois ourdomain.com > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: ournameserver.com > Registrar: NETWORK SOLUTIONS, INC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: NS1.ournameserver.net > Name Server: NS2.ournameserver.net > Updated Date: 27-oct-2001 > > ---------------------------------------------------- > Step two: change /etc/resolv.conf to the following | > ---------------------------------------------------- > > search ournameserver.com > nameserver 123.123.123.123 # nameserver1 > nameserver 123.123.123.134 # nameserver2 > > ------------------------- > Step three: sample run | > ------------------------- > > mylinux machine$ nslookup www.debian.org > > Server: ournameserver.com > Address: 123.123.123.123 > > Non-authoritative answer: > Name: www.debian.org > Address: 198.186.203.20 > > mylinux machine$ > > ---------------------- > GNU PGP public key > http://www.annapolislinux.org/docs/public_key/GnuPG.txt > --------------------- > Ted Knab > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
-- Nick Jennings
