Re: querying TLD nameservers - limitations

There is no need to post to both the mailing list and the news group. You can safely post only to the list, and it will be sent to the group for you. Rather than us guessing what it is you're trying to accomplish, can you say a little more about it? I can think of some legitimate reasons why a

Re: Suspecious DNS traffic

> > Still not convinced because if i need to allow >1024 port from our > > DNS server to external world(internet).. where is the security? Every UDP and TCP packet has two port numbers, the source port and the destination port. When a resolver sends a request to a distant DNS authority, it send

Re: Dig for link-local

On 25/03/13 17:13, Phil Mayers wrote: On 25/03/13 16:20, Kevin Darcy wrote: Works fine for me on RedHat 5.7 without a scope-identifier in /etc/resolv.conf. I notice, however, that the stock dig (9.3.6-P1-RedHat-9.3.6-16.P1.el5, yeah, I know I should upgrade) shows the scope identifier in its out

Re: Dig for link-local

On 25/03/13 16:20, Kevin Darcy wrote: Works fine for me on RedHat 5.7 without a scope-identifier in /etc/resolv.conf. I notice, however, that the stock dig (9.3.6-P1-RedHat-9.3.6-16.P1.el5, yeah, I know I should upgrade) shows the scope identifier in its output: ;; SERVER: fe80::250:56bf:fe8d:47

Re: Suspecious DNS traffic

babu dheen wrote on 03/25/2013 12:21:30 PM: > Still not convinced because if i need to allow >1024 port from our > DNS server to external world(internet).. where is the security? Total security requires total isolation. It is a matter of accepting some risks to perform the needed task. > I

Re: Suspecious DNS traffic

On 26.03.13 00:21, babu dheen wrote: Hi Matus, please, skip personal replies. this is mailing listand issued should be discussed here. Still not convinced because if i need to allow >1024 port from  our DNS server to external world(internet).. where is the security? If you have statefull f

Re: Suspecious DNS traffic

On 25 Mar 2013, at 16:21, babu dheen wrote: > Still not convinced because if i need to allow >1024 port from our DNS > server to external world(internet).. where is the security? > > I beleive we just need to allow TCP and UDP 53 from our DNS server to > internet(any) which is already done. N

Re: Suspecious DNS traffic

Are you talking about SOURCE or destination ports ? regards ~CArlos On 3/25/13 1:21 PM, babu dheen wrote: > Hi Matus, > > Still not convinced because if i need to allow >1024 port from our DNS > server to external world(internet).. where is the security? > > I beleive we just need to allow TC

Re: Suspecious DNS traffic

Hi Matus, Still not convinced because if i need to allow >1024 port from  our DNS server to external world(internet).. where is the security? I beleive we just need to allow TCP and UDP 53 from our DNS server to internet(any) which is already done. Not sure why we have to open non standard por

Re: Dig for link-local

Works fine for me on RedHat 5.7 without a scope-identifier in /etc/resolv.conf. I notice, however, that the stock dig (9.3.6-P1-RedHat-9.3.6-16.P1.el5, yeah, I know I should upgrade) shows the scope identifier in its output: ;; SERVER: fe80::250:56bf:fe8d:47b%2#53(fe80::250:56bf:fe8d:47b) so

RE: Dig for link-local

Hi Phil This is really awesome! It works for me, my own glibc-2.3 is able to resolve the domain name and fetch me an ip address. I had re'd that scope concept in link-local, but was not sure about using it in resolv.conf. Thank you all for replying. God bless you!! Thanks, Alok -Orig

Re: Setting a timeout for forwarders

On 24.03.13 19:05, Stephen Wood wrote: I have bind set up to forward only. Is it possible to declare a timeout for recursive queries? I can't seem to find a setting BIND tunes this timeout dynamically, you can't tuneit for now. I'm trying to protect against slow or unresponsive DNS that are

Re: querying TLD nameservers - limitations

On 24.03.13 16:55, blrmaani wrote: I am developing a monitoring script for internal use and this requires extensive querying of TLD nameservers (a .. m).tld servers. Why does it need extensive querying of .tld servers? Do you monitor someone's DNS servers without their permission? 2. Are the

Re: Suspecious DNS traffic

On 25.03.13 16:59, babu dheen wrote:  I am able to query one of the PTR record available in my company BIND caching DNS server from internet(ANY IP address) successfully. As per your statement, If I am denying the response, how could I get response successfully? you must allow the packets from

Re: Dig for link-local

On 25/03/13 09:19, Alok Raj wrote: Hi Guys, Basically I am trying to do the following: 1) If I use link-local ipv6 address (of domain controller) in my resolv.conf, my resolver routines (glibc 2.13) is not able to resolve a domain name to an ip address, though I am able to ping that l

RE: Dig for link-local

Hi Sten, Had tried with packet capture (WireShark), there is no request going out at all, so checking @ server side would not help, I suppose. I referred book (IPv6 Advanced Protocols Implementation

Re: Dig for link-local

One question is whether the server will listen and reply on all addresses or only on the global address? I suggest you look into the log file from the server, often there are good clues there. On 25/03/13 10:19, Alok Raj wrote: > Hi Guys, > > Basically I am trying to do the following: > >

RE: Dig for link-local

Hi Guys, Basically I am trying to do the following: 1) If I use link-local ipv6 address (of domain controller) in my resolv.conf, my resolver routines (glibc 2.13) is not able to resolve a domain name to an ip address, though I am able to ping that link- local ipv6 address.

Re: Suspecious DNS traffic

Hi,    I am able to query one of the PTR record available in my company BIND caching DNS server from internet(ANY IP address) successfully. As per your statement, If I am denying the response, how could I get response successfully?   Regards Babu   From: Mark