[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Question for DNS pros
- To: "ALD, [ Aditya Lalit Deshmukh ]" <ald2003@xxxxxxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Question for DNS pros
- From: Paul Schmehl <pauls@xxxxxxxxxxxx>
- Date: Sat, 24 Jul 2004 00:58:42 -0500
--On Saturday, July 24, 2004 9:39 AM +0530 "ALD, [ Aditya Lalit Deshmukh ]"
<aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I can think of two possibilities:
1) At some time in the past, a host *was* serving DNS at that address and
some "foreign" hosts have cached the address.
i think your isp should have this info
Umm..did you look at my address? We own a class B. We don't have an ISP.
then his domain is toast anyway as there is not dns server so effectively
his domain is offline, this will be corrected soon if this is the case.
Not if the "other" DNS server is working. You're required to register two
nameservers; a primary and a secondary. You only need one to answer
queries. If a guy registered a domain and used *his* box for the primary
and just grabbed a random IP to register as a "secondary", why would he
care of the secondary didn't work?
1. just block of port 53 / udp for that address at the firewall
2. run a dns server that replies to all the quries with localhost or
127.0.0.1 after you have found what is causing this 3. set the refresh
time, TTL and other values to -1 this should solve most of the problems
as the clients would simply stop querying
You're misunderstanding the problem. The problem is, we want to make sure
our IPs aren't being used by someone else, even inadvertantly.
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html