Re: nameservers open to world - with test output

To: Thedore Knab <tjk@annapolislinux.org>
Cc: <debian-isp@lists.debian.org>
Subject: Re: nameservers open to world - with test output
From: Martin 'pisi' Paljak <pisi@pisitek.com>
Date: Sat, 3 Nov 2001 22:31:11 +0200 (EET)
Message-id: <[🔎] Pine.LNX.4.33.0111032220110.26321-100000@manhattan.pisitek.com>
In-reply-to: <[🔎] 20011103135634.A14363@annapolislinux.org>

Hello!

You can reconfigure BIND so that it only answers to requests from your
company's network only. If recursiv resolving is what you mean. I suggest
you to use D. J. Bernstein's djbdns. It's small, fast, reliable and
secure. check it out - cr.yp.to/djbdns.html
I use it myself and suggest it to others also.. You will save yourself
soem time if you use djbdns. It's way simpler to manage tinydns data
files than it is to mess around with BIND zone files.

-- 
Martin 'pisi' Paljak / freelancer consultant
pisi@pisitek.com / pisi.pisitek.com
www.pisitek.com


On Sat, 3 Nov 2001, Thedore Knab wrote:

> It has recently came to my attention that anyone can use our company's nameservers.
>
> I recently setup my home machine to use the company's nameserver to confirm this.
>
> I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ?
>
> Would the extra traffic generated cause any problems on our network that I may not be aware of ?
>
> ------------------------------------------------
> Test Confirmation that our NS is open to world: |
> ------------------------------------------------
>
> -----------------------
> Step one: lookup name |
> -----------------------
>
> mylinux machine$ whois ourdomain.com
> Whois Server Version 1.3
>
> Domain names in the .com, .net, and .org domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
>  Domain Name: ournameserver.com
>  Registrar: NETWORK SOLUTIONS, INC.
>  Whois Server: whois.networksolutions.com
>  Referral URL: http://www.networksolutions.com
>  Name Server: NS1.ournameserver.net
>  Name Server: NS2.ournameserver.net
>  Updated Date: 27-oct-2001
>
> ----------------------------------------------------
> Step two: change /etc/resolv.conf to the following |
> ----------------------------------------------------
>
> search ournameserver.com
> nameserver 123.123.123.123 # nameserver1
> nameserver 123.123.123.134 # nameserver2
>
> -------------------------
> Step three: sample run  |
> -------------------------
>
> mylinux machine$ nslookup www.debian.org
>
> Server: ournameserver.com
> Address: 123.123.123.123
>
> Non-authoritative answer:
> Name:   www.debian.org
> Address: 198.186.203.20
>
> mylinux machine$
>
> ----------------------
> GNU PGP public key
> http://www.annapolislinux.org/docs/public_key/GnuPG.txt
> ---------------------
> Ted Knab
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

References:
- nameservers open to world - with test output
  - From: Thedore Knab <tjk@annapolislinux.org>

Prev by Date: nameservers open to world - with test output
Next by Date: Re: nameservers open to world - with test output
Previous by thread: nameservers open to world - with test output
Next by thread: Re: nameservers open to world - with test output
Index(es):
- Date
- Thread