nanog mailing list archives
Re: Malicious DNS request?
From: Valdis.Kletnieks () vt edu
Date: Thu, 12 May 2005 11:26:48 -0400
On Thu, 12 May 2005 16:43:07 +0200, Brad Knowles said:
At 12:41 PM +0400 2005-05-12, Gadi Evron quoted Joe Shen:I'd suggest dropping requests for domains you don't hold.That's kind of hard to do if you're running a recursive/caching nameserver.
Well.. are you running a recursive/caching nameserver for everybody on the internet to use, or only for your customers? If the request isn't from inside your address space, and it's a "recursion requested" for a zone you don't hold, maybe they're asking the wrong DNS server. (And yes, I know that if you have a roaming user who's outside your address space but has hard-coded your DNS IP's in their resolv.conf, it gets trickier. The right answer here depends on your customer base.) It's often suggested that you have *two* DNS setups - one that only answers requests from inside for recursion and caching, and an authoritative one that faces out and refuses to recurse. The inside one will cache the outside one fast enough in most environments. (No, this doesn't stop all the possible DNS malfeasance, but it certainly raises the bar a good chunk...)
Attachment:
_bin
Description:
Current thread:
- Malicious DNS request? Joe Shen (May 12)
- Re: Malicious DNS request? Suresh Ramasubramanian (May 12)
- Re: Malicious DNS request? Gadi Evron (May 12)
- Re: Malicious DNS request? Brad Knowles (May 12)
- Re: Malicious DNS request? Valdis . Kletnieks (May 12)
- Re: Malicious DNS request? Brad Knowles (May 12)
- Message not available
- Re: Malicious DNS request? Bill Stewart (May 15)
- Re: Malicious DNS request? Brad Knowles (May 12)
- <Possible follow-ups>
- Re: Malicious DNS request? Joe Shen (May 17)
- Re: Malicious DNS request? Paul Vixie (May 17)
- Network Mitigation Devices Kevin Billings (May 17)
- Microsoft broke MTU discovery by last security pathces?? Alexei Roudnev (May 17)
- Re: Microsoft broke MTU discovery by last security pathces?? Mike Tancsa (May 17)
- Re: Malicious DNS request? Paul Vixie (May 17)