Hi,
I have some more information. I do a tcpdump of incoming packets of the sources
of request on udp 53 from external IPs :
08:29:32.482475 IP 195.176.219.26.62511 > MY.CACHE.DNS.domain: 12614+ PTR?
167.72.97.76.IN-ADDR.ARPA. (43)
08:29:34.333751 IP 195.176.219.26.25840 > MY.CACHE.DNS.domain:
Hi Jason and Robert,
Sorry for my lack of details.
My firewall has stateful inspection enabled for all port :
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
I permit all outgoing packet. The opened incoming ports are 22 tcp (for all
IP), 53 tcp and udp (filtered for my clients
On Wednesday 18 August 2010 17:42, Ulrich David wrote:
> Hi,
>
> I'm using Bind as a cache (absolutely not authoritative) DNS for a public
> network. I have put a firewall in order to refuse incoming packets from
> people not on my network.
>
> This traffic came from other DNS server in the world.
On 08/18/2010 02:42 PM, Ulrich David wrote:
> Hi,
>
> I'm using Bind as a cache (absolutely not authoritative) DNS for a public
> network. I have put a firewall in order to refuse incoming packets from
> people not on my network.
>
> Today, inspecting logs, I see this :
>
> Aug 18 17:31:44 cn
Hi,
I'm using Bind as a cache (absolutely not authoritative) DNS for a public
network. I have put a firewall in order to refuse incoming packets from people
not on my network.
Today, inspecting logs, I see this :
Aug 18 17:31:44 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=195.176.219.26
DST=M
5 matches
Mail list logo
