Re: What is this?

From: Anders (andersajja_at_hotmail.com)
Date: 10/03/05 

Date: Mon, 03 Oct 2005 17:32:53 GMT

Moe Trin wrote:

>
> This fails on a properly set up firewall. If there are no name servers
> meant to be publicly accessible behind the firewall, there is no reason
> to all traffic to port 53 inbound. Where I work, we have three publicly
> accessible DNS servers - one in the DMZ, and two located at our upstream.
> All internal DNS requests go to servers behind the firewall, but as there
> is no reason for external hosts to know internal names, the external DNS
> servers are set to return "generic" answers to requests - so that when a
> request comes in for the name of 192.0.2.2, the answer returned is
> "192.0.2.2.example.com" rather than "file_server.example.com". That
> answer satisfies those who "must" have a "valid" hostname to put into
> their logs - (and if someone does the reverse lookup, and follows it with
> a forward lookup of 192.0.2.2.example.com, they get the 192.0.2.2
> answer), but those answers don't provide useful information about the
> layout of our internal LAN. Creating those zonefiles is trivial - just
> a couple of dumb shell scripts. An external request for a public
> system (such as www.example.com) does return the valid IP address of
> the web server in the DMZ (and a reverse lookup of that IP does
> return the 'www.example.com'), so the public can go there, but no further.
>
> Old guy

Now I have readed the "DNS-HOWTO", and in there was this link to "How to
secure my DNS server"
(http://www.etherboy.com/dns/chrootdns.html) and that will probable
cover secureity issues, but I have not had the time for it rigth now.
But I have "dig" my ISP and that work as it should and also the
localhost (127.0.0.1).

This link did not work (http://www.etherboy.com/dns/chrootdns.html) so
that have I not been able to read up about, maybe it just is down temporary.

Thank You for time taken, and al useful info about DNS and traceroute.

Regards Anders

Relevant Pages

  • Re: Help SMPT Errors
    ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ...
    (microsoft.public.exchange.admin)
  • Re: Windows 2000 logon process
    ... Paul Williams ... when clients are accessing the GPO stored in SYSVOL during logon. ... PW>> Sound's like - that's a combination of DNS and Dfs client pointing ... Global Catalogue servers? ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... on 2 servers out of 4 DNS servers. ... DNS and 2003 DNS and how to set up Conditional Forwarding. ...
    (microsoft.public.windows.server.active_directory)
  • Re: DHCP assinged DNS servers dont work
    ... Although the WinXP firewall is enabled and configured via Group ... The first two DNS servers are AD controllers running ONLY core ... I have 75 WinXP machines on a Win2K3 domain using DHCP for address ...
    (microsoft.public.windows.server.networking)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... You already have 80% of the work setup (DNS Aliases and HostHeaders) on the ... domain accounts (one for each layer) should be sufficient. ... The Application Servers are load balanced clustered, ... as the account name and SPN alias is correctly defined on both nodes. ...
    (microsoft.public.inetserver.iis.security)