On 4/19/18 7:44 PM, Francois Gouget
wrote:
So I'm running a bind server and while it works I ran into a domain name that it refuses to resolve: maibokun.com. Digging into it, it looks like one DNS server is refusing to talk to me: On my box: $ host maibokun.com ;; connection timed out; no servers could be reached $ host maibokun.com 210.143.111.171 ;; connection timed out; no servers could be reached Same thing on my laptop. But if I connect the laptop to another Wifi network (thus changing it public IP address) or run the command on a computer on the other side of the atlantic I get: $ host maibokun.com maibokun.com has address 210.188.220.102 maibokun.com mail is handled by 10 mail.maibokun.com. $ host maibokun.com 210.143.111.171 Using domain server: Name: 210.143.111.171 Address: 210.143.111.171#53 Aliases: maibokun.com has address 210.188.220.102 maibokun.com mail is handled by 10 mail.maibokun.com. Are DNS servers banning queries from some residential addresses or something like this? Anyone else seeing the same issue? Try having bind forward the requests to another public DNS server
like opendns. You could even protect yourself by having opendns
block malware and other bad sites. My bind named.conf.options
file has the forwarding setup like this. forwarders { If you are really worried that your DNS queries are being diverted by man in the middle attacks use dnscrypt-proxy. I have dnscrypt-proxy listening on 127.0.2.1 (as above shows) and forwarding bind's DNS queries to opendns (cisco) over a secure channel. I even redirect all DNS (port 53 udp) queries to any server to my bind with a shorewall redirect rule (firewall). This setup returns this from a host command: host maibokun.com
--
...Bob |