[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Modify one PTR in existing bind9 setup?

Michelle Konzack <linux4michelle@tamay-dogan.net> writes:

> Hello lee,
> Am 2011-06-22 22:48:58, hacktest Du folgendes herunter:
>> When the router is already asking <dns1.private> for the IP addresses of
>> the NTP servers the router wants to connect to, what prevents you from
>> making DNS entries on <dns1.private> which will resolve the queries of
>> the router to the IP addresses of your private NTP server?
> Because this route makes weird traffic.  Since the router OS it  is  not
> Linux based I can not do very much as analyzing as best as possibel.
> It seems, the router has hardcoded routes  and  if  I  tell  it  to  use
> <dns1.private> it makes lookups on it, but then I get  connections  from
> my router else where...  asking for <> and <>.

,---- [ Message-ID: <[🔎] 20110622150732.GO4017@michelle1> ]
| The current setup is:
| <dns1@tamay-dogan.net>-+                       +--<dns.private>
| <dns2@tamay-dogan.net>-+                       +--<ntp.private>
|                        |                       +--<samba.private>
|              INTERNET  +---- router with a ----+
|                        |   crappy NTP Client   +--<michelle1.private>
| <ntp1_by_IP>-----------+                       +--<devel.private>
| <ntp2_by_IP>-----------+
| capturing uncontrolled
| data from my router

As long as your router is connected to the internet directly, I think
there isn´t anything you could do to prevent it from making connections
to hosts on the internet the way it wants to, unless you can make
settings in the router itself that would prevent it from doing so.

I don´t understand what this has to do with routing:

1.) If the router uses IP addresses of NTP servers instead of looking up
    the IPs by hostnames, it doesn´t need to query your name server.

2.) If it queries your name server for IP addresses of NTP servers,
    receives the IP addresses of them and then still connects to
    different IP addresses than those given by your name server to send
    NTP requests to, the router is broken (Or perhaps restarting it

That leaves you with some options, listed in no particular order:

1.) replace the router

2.) Omit the router and use one of the hosts on the right side of your
    schematic to replace it.

3.) Don´t connect the router to the internet directly but through one of
    the hosts on the left side of your schematic. The host would capture
    the NTP traffic and operate as a router for the router. (probably
    not feasible)

4.) like 3.), but connecting the router to one of the hosts on the right
    rather than on the left side

5.) leave it as it is

6.) turn off NTP in the router

7.) Make the manufacturer of the router fix the NTP client.

8.) If the router allows you to set static routes, set static routes for
    the two IPs it sends NTP requests to. Add two network cards to one
    of the hosts on the right side the static routes point to and give
    them the IPs the router is sending its requests to. Attaching two
    more IPs to an existing network card should suffice, though. The
    disadvantage is that the hosts outside of your network which have
    these IPs become unreachable from inside your network.

Reply to: