Re: nameservers open to world - with test output
You could always firewall out port 53 on your external interface.
On Sat, Nov 03, 2001 at 01:56:34PM -0500, Thedore Knab wrote:
> It has recently came to my attention that anyone can use our company's nameservers.
>
> I recently setup my home machine to use the company's nameserver to confirm this.
>
> I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ?
>
> Would the extra traffic generated cause any problems on our network that I may not be aware of ?
>
> ------------------------------------------------
> Test Confirmation that our NS is open to world: |
> ------------------------------------------------
>
> -----------------------
> Step one: lookup name |
> -----------------------
>
> mylinux machine$ whois ourdomain.com
> Whois Server Version 1.3
>
> Domain names in the .com, .net, and .org domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> Domain Name: ournameserver.com
> Registrar: NETWORK SOLUTIONS, INC.
> Whois Server: whois.networksolutions.com
> Referral URL: http://www.networksolutions.com
> Name Server: NS1.ournameserver.net
> Name Server: NS2.ournameserver.net
> Updated Date: 27-oct-2001
>
> ----------------------------------------------------
> Step two: change /etc/resolv.conf to the following |
> ----------------------------------------------------
>
> search ournameserver.com
> nameserver 123.123.123.123 # nameserver1
> nameserver 123.123.123.134 # nameserver2
>
> -------------------------
> Step three: sample run |
> -------------------------
>
> mylinux machine$ nslookup www.debian.org
>
> Server: ournameserver.com
> Address: 123.123.123.123
>
> Non-authoritative answer:
> Name: www.debian.org
> Address: 198.186.203.20
>
> mylinux machine$
>
> ----------------------
> GNU PGP public key
> http://www.annapolislinux.org/docs/public_key/GnuPG.txt
> ---------------------
> Ted Knab
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
Nick Jennings
Reply to: