Re: named on lenny

To: Leonardo Boselli <leo@dicea.unifi.it>
Cc: debian-isp@lists.debian.org
Subject: Re: named on lenny
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Tue, 10 Mar 2009 22:52:56 -0300
Message-id: <[🔎] 20090311015256.GB8637@khazad-dum.debian.net>
In-reply-to: <[🔎] Pine.LNX.4.21.0903080945170.1466-100000@student.dicea.unifi.it>
References: <[🔎] Pine.LNX.4.21.0903080945170.1466-100000@student.dicea.unifi.it>

On Sun, 08 Mar 2009, Leonardo Boselli wrote:
> After udate to lenny two DNS stopped workin, better, they bagan to have a
> behaviour  "a la SMTP" .
> hosts are in a.b.c.0/24 .
> if a query arrive from an host in their localnet all ok, otherwise if the
> querying machine is outside their localnet[s] the they supply the address
> only if the supplied address in in a zone for which they are
> official primary or secondary DNS.
> otherwise no lich and in the log i find:
> 
> Mar  7 23:37:25 mydnsserver named[2248]: client 
>      151.16.***.***#34363: query
>      (cache) 'www.google.it/A/IN' denied
> 
> i copied etch configuration files ... did i make some error ?
> 
> they have to supply dns service to everyone.

That will make you a DoS amplification point, and yet another problem for
the Internet at large.  Do not do it.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: named on lenny
  - From: Marek Podmaka <marki@marki-online.net>

References:
- named on lenny
  - From: Leonardo Boselli <leo@dicea.unifi.it>

Prev by Date: Re: mysql log/realtime analyzer
Next by Date: Re: named on lenny
Previous by thread: Re: named on lenny
Next by thread: Re: named on lenny
Index(es):
- Date
- Thread