Host/nslookup/dig queries wrong server

2010-02-03 Thread Duncan Berriman 
Hi,

In certain versions of linux I have noticed that the host/nslookup and dig
command query the wrong server.

For instance if the following command is run it should return ;; connection
timed out; no servers could be reached

# host google.co.uk 123.123.123.1

However on certain versions of linux it decides almost instantly since it
can't connect to the server specified it will use the name servers in
resolv.conf, in this case that is the local host.

# host google.co.uk 123.123.123.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

google.co.uk has address 66.102.11.99
google.co.uk has address 66.102.11.104
google.co.uk mail is handled by 10 google.com.s9a1.psmtp.com.
google.co.uk mail is handled by 10 google.com.s9a2.psmtp.com.
google.co.uk mail is handled by 10 google.com.s9b1.psmtp.com.
google.co.uk mail is handled by 10 google.com.s9b2.psmtp.com.

This is clearly not expected behaviour and would therefore appear to be a
bug.

The problem can be reproduced in CentOS release 5.4 (Final) and Fedora 10,
which appear to use bind versions 9.3.6-4.P1.el5_4.2 and
9.5.1-2.P2.fc10.i386. Early and later versions of Fedora work as expected
and return an error.

I had expected both would be running the same version of bind and am
surprised that they are so different.

Any idea how the correct behaviour can be reinstated and why it is
happening.

Apologies if this is the wrong place to ask but it would appear to be a bind
issue.

Thanks
Duncan

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Host/nslookup/dig queries wrong server

2010-02-03 Thread Matus UHLAR - fantomas 
On 03.02.10 10:07, Duncan Berriman wrote:
> In certain versions of linux I have noticed that the host/nslookup and dig
> command query the wrong server.
>
> For instance if the following command is run it should return ;; connection
> timed out; no servers could be reached
> 
> # host google.co.uk 123.123.123.1
> 
> However on certain versions of linux it decides almost instantly since it
> can't connect to the server specified it will use the name servers in
> resolv.conf, in this case that is the local host.
> 
> # host google.co.uk 123.123.123.1
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
[...]

there are two "host" commands, one comes from bind, one from dunnowhere.
check which one do you have installed. 

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states. 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Having multiple name servers - is it really necessary

2010-02-03 Thread Matus UHLAR - fantomas 
On 02.02.10 14:25, Rob Tanner wrote:
> We have two registered name servers to answer internet queries.  One is on
> site and the other is a service of our ISP.  The problem is that every once
> in a while the secondary server doesn¹t successfully complete zone transfers

Ha! a problem!
- check why it's that often unable to complete transfers.
- what kind of transfers are they? Your domain(s)? What about resolving
  internet domains?

> and the data expires.

Another problem!
zone should expire some time after unability to fetch new one. If that
happend "every once in a while", then there's something broken with the zone
- ordinary zones should have expire times 1-4 weeks.

> I¹m not sure what technically how the server answers
> when queried for addresses it no longer thinks are valid, but even after
> it¹s fixed it takes a while for the bad data to go away.

Away from where? if server has a zone configured, it should only provide the
date in zone, not any cached data.

>  What I¹m wondering
> is, what are the consequences of simply not using the secondary server.

you won't be able to resolve if your primary fails.

> Right now we are looking at hardened appliances configured into a high
> availability cluster and I figure the pipe to the outside has a high
> likelihood of going down then does the cluster.  So, if name servers out in
> the internet can¹t even reach our server because our connection is down, is
> that something that also propagates and get¹s cached (i.e. Is no data
> treated the same as bad data by upstream bind servers?

No. However I'd focus on problems of your secondary server.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of. 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Duncan Berriman 
How do I check which one it is? I can't see any option to tell me.

It should be which ever one comes with Fedora 10 or Centos 5.4 and appears
to be the following on Centos

bind-libs-9.3.6-4.P1.el5_4.2
bind-9.3.6-4.P1.el5_4.2
bind-utils-9.3.6-4.P1.el5_4.2
bind-chroot-9.3.6-4.P1.el5_4.2

And the following on Fedora 10
 
bind-9.5.1-2.P2.fc10.i386
bind-libs-9.5.1-2.P2.fc10.i386
bind-utils-9.5.1-2.P2.fc10.i386
bind-chroot-9.5.1-2.P2.fc10.i386

Duncan

> -Original Message-
> From: bind-users-bounces+duncan=dcl.co...@lists.isc.org 
> [mailto:bind-users-bounces+duncan=dcl.co...@lists.isc.org] On 
> Behalf Of Matus UHLAR - fantomas
> Sent: 03 February 2010 11:00
> To: bind-users@lists.isc.org
> Subject: Re: Host/nslookup/dig queries wrong server
> 
> 
> On 03.02.10 10:07, Duncan Berriman wrote:
> > In certain versions of linux I have noticed that the 
> host/nslookup and dig
> > command query the wrong server.
> >
> > For instance if the following command is run it should 
> return ;; connection
> > timed out; no servers could be reached
> > 
> > # host google.co.uk 123.123.123.1
> > 
> > However on certain versions of linux it decides almost 
> instantly since it
> > can't connect to the server specified it will use the name 
> servers in
> > resolv.conf, in this case that is the local host.
> > 
> > # host google.co.uk 123.123.123.1
> > Using domain server:
> > Name: 127.0.0.1
> > Address: 127.0.0.1#53
> > Aliases:
> [...]
> 
> there are two "host" commands, one comes from bind, one from 
> dunnowhere.
> check which one do you have installed. 
> 
> -- 
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> My mind is like a steel trap - rusty and illegal in 37 states. 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Host/nslookup/dig queries wrong server

2010-02-03 Thread Stephane Bortzmeyer 
On Wed, Feb 03, 2010 at 11:42:19AM -,
 Duncan Berriman  wrote 
 a message of 75 lines which said:

> How do I check which one it is? I can't see any option to tell me.

which host
rpm -q -f `which host`
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Duncan Berriman 
# rpm -q -f `which host`
bind-utils-9.3.6-4.P1.el5_4.2

Thanks
Duncan


> -Original Message-
> From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> Sent: 03 February 2010 13:12
> To: Duncan Berriman
> Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> Subject: Re: Host/nslookup/dig queries wrong server
> 
> 
> On Wed, Feb 03, 2010 at 11:42:19AM -,
>  Duncan Berriman  wrote 
>  a message of 75 lines which said:
> 
> > How do I check which one it is? I can't see any option to tell me.
> 
> which host
> rpm -q -f `which host`
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Lightner, Jeff 
rpm -qa |grep bind

Will tell you all the BIND packages you have installed via RPM.

The reason commands check resolv.conf in UNIX/Linux is typically due to
how you've setup /etc/nsswitch.conf.   A line is contained in it similar
to the following:
hosts:  files dns

The above line says to first check files (/etc/hosts typically) for the
name and if not found there then try to use dns (/etc/resolv.conf
defines settings for dns lookups).  There are other options for the file
such as nis which would say to look at nis.  

If you don't want to use dns for lookups you can remove "dns" from the
hosts line in nsswitch.conf.

Note that lookup commands are often designed specifically for name
services so won't necessarily respond from /etc/hosts even if the entry
is there.  The way to verify it's reading /etc/hosts is to do a ping on
it after the lookup.  If the ping works and the lookup appeared not to
then it means it likely found the answer in /etc/hosts.   (HP-UX is an
exception - their implementation of nslookup actually retruns entries
from /etc/hosts as well.)

-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Duncan Berriman
Sent: Wednesday, February 03, 2010 9:45 AM
To: bind-users@lists.isc.org
Subject: RE: Host/nslookup/dig queries wrong server

# rpm -q -f `which host`
bind-utils-9.3.6-4.P1.el5_4.2

Thanks
Duncan


> -Original Message-
> From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> Sent: 03 February 2010 13:12
> To: Duncan Berriman
> Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> Subject: Re: Host/nslookup/dig queries wrong server
> 
> 
> On Wed, Feb 03, 2010 at 11:42:19AM -,
>  Duncan Berriman  wrote 
>  a message of 75 lines which said:
> 
> > How do I check which one it is? I can't see any option to tell me.
> 
> which host
> rpm -q -f `which host`
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Duncan Berriman 
Problem is I am specifying the server on the command line, it is supposed to
use only that server, not randomly decide because it can't connect to that
server to try any others it feels like.

Even the -s option makes no difference.

It should even been looking at files or dns

Duncan

> -Original Message-
> From: Lightner, Jeff [mailto:jlight...@water.com] 
> Sent: 03 February 2010 15:04
> To: Duncan Berriman; bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> 
> rpm -qa |grep bind
> 
> Will tell you all the BIND packages you have installed via RPM.
> 
> The reason commands check resolv.conf in UNIX/Linux is 
> typically due to
> how you've setup /etc/nsswitch.conf.   A line is contained in 
> it similar
> to the following:
> hosts:  files dns
> 
> The above line says to first check files (/etc/hosts 
> typically) for the
> name and if not found there then try to use dns (/etc/resolv.conf
> defines settings for dns lookups).  There are other options 
> for the file
> such as nis which would say to look at nis.  
> 
> If you don't want to use dns for lookups you can remove "dns" from the
> hosts line in nsswitch.conf.
> 
> Note that lookup commands are often designed specifically for name
> services so won't necessarily respond from /etc/hosts even if 
> the entry
> is there.  The way to verify it's reading /etc/hosts is to do 
> a ping on
> it after the lookup.  If the ping works and the lookup appeared not to
> then it means it likely found the answer in /etc/hosts.   (HP-UX is an
> exception - their implementation of nslookup actually retruns entries
> from /etc/hosts as well.)
> 
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> On Behalf
> Of Duncan Berriman
> Sent: Wednesday, February 03, 2010 9:45 AM
> To: bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> # rpm -q -f `which host`
> bind-utils-9.3.6-4.P1.el5_4.2
> 
> Thanks
> Duncan
> 
> 
> > -Original Message-
> > From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> > Sent: 03 February 2010 13:12
> > To: Duncan Berriman
> > Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> > Subject: Re: Host/nslookup/dig queries wrong server
> > 
> > 
> > On Wed, Feb 03, 2010 at 11:42:19AM -,
> >  Duncan Berriman  wrote 
> >  a message of 75 lines which said:
> > 
> > > How do I check which one it is? I can't see any option to tell me.
> > 
> > which host
> > rpm -q -f `which host`
> > 
> > -- 
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>  
> Proud partner. Susan G. Komen for the Cure.
>  
> Please consider our environment before printing this e-mail 
> or attachments.
> --
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or 
> confidential information and is for the sole use of the 
> intended recipient(s). If you are not the intended recipient, 
> any disclosure, copying, distribution, or use of the contents 
> of this information is prohibited and may be unlawful. If you 
> have received this electronic transmission in error, please 
> reply immediately to the sender that you have received the 
> message in error, and delete it. Thank you.
> --
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Lightner, Jeff 
Interesting.

On checking a CentOS5 and a RHEL5 system I found I had
bind-utils-9.3.4-10.P1.el5_3.3 and running host with specifying server
did what it should (what you expected).

I then updated the CentOS5 to bind-utils-9.3.6-4.P1.el5_4.2 and now have
the issue you're talking about so it appears to be an issue with the
9.3.6 as released by RedHat (and Fedora - CentOS uses RedHat sources).

-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Duncan Berriman
Sent: Wednesday, February 03, 2010 10:05 AM
To: bind-users@lists.isc.org
Subject: RE: Host/nslookup/dig queries wrong server

Problem is I am specifying the server on the command line, it is
supposed to
use only that server, not randomly decide because it can't connect to
that
server to try any others it feels like.

Even the -s option makes no difference.

It should even been looking at files or dns

Duncan

> -Original Message-
> From: Lightner, Jeff [mailto:jlight...@water.com] 
> Sent: 03 February 2010 15:04
> To: Duncan Berriman; bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> 
> rpm -qa |grep bind
> 
> Will tell you all the BIND packages you have installed via RPM.
> 
> The reason commands check resolv.conf in UNIX/Linux is 
> typically due to
> how you've setup /etc/nsswitch.conf.   A line is contained in 
> it similar
> to the following:
> hosts:  files dns
> 
> The above line says to first check files (/etc/hosts 
> typically) for the
> name and if not found there then try to use dns (/etc/resolv.conf
> defines settings for dns lookups).  There are other options 
> for the file
> such as nis which would say to look at nis.  
> 
> If you don't want to use dns for lookups you can remove "dns" from the
> hosts line in nsswitch.conf.
> 
> Note that lookup commands are often designed specifically for name
> services so won't necessarily respond from /etc/hosts even if 
> the entry
> is there.  The way to verify it's reading /etc/hosts is to do 
> a ping on
> it after the lookup.  If the ping works and the lookup appeared not to
> then it means it likely found the answer in /etc/hosts.   (HP-UX is an
> exception - their implementation of nslookup actually retruns entries
> from /etc/hosts as well.)
> 
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> On Behalf
> Of Duncan Berriman
> Sent: Wednesday, February 03, 2010 9:45 AM
> To: bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> # rpm -q -f `which host`
> bind-utils-9.3.6-4.P1.el5_4.2
> 
> Thanks
> Duncan
> 
> 
> > -Original Message-
> > From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> > Sent: 03 February 2010 13:12
> > To: Duncan Berriman
> > Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> > Subject: Re: Host/nslookup/dig queries wrong server
> > 
> > 
> > On Wed, Feb 03, 2010 at 11:42:19AM -,
> >  Duncan Berriman  wrote 
> >  a message of 75 lines which said:
> > 
> > > How do I check which one it is? I can't see any option to tell me.
> > 
> > which host
> > rpm -q -f `which host`
> > 
> > -- 
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>  
> Proud partner. Susan G. Komen for the Cure.
>  
> Please consider our environment before printing this e-mail 
> or attachments.
> --
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or 
> confidential information and is for the sole use of the 
> intended recipient(s). If you are not the intended recipient, 
> any disclosure, copying, distribution, or use of the contents 
> of this information is prohibited and may be unlawful. If you 
> have received this electronic transmission in error, please 
> reply immediately to the sender that you have received the 
> message in error, and delete it. Thank you.
> --
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Duncan Berriman 
Whats odd is FC8,9 and 11 are ok. 

10 uses 9.5.1
Centos uses 9.3.6

It appears therefore that Redhat are somehow causing the issue when building
certain versions.

Thanks for your help proving what it is at least I can look at upgrading or
downgrading to solve the issue. 

> -Original Message-
> From: Lightner, Jeff [mailto:jlight...@water.com] 
> Sent: 03 February 2010 15:37
> To: Duncan Berriman; bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> 
> Interesting.
> 
> On checking a CentOS5 and a RHEL5 system I found I had
> bind-utils-9.3.4-10.P1.el5_3.3 and running host with specifying server
> did what it should (what you expected).
> 
> I then updated the CentOS5 to bind-utils-9.3.6-4.P1.el5_4.2 
> and now have
> the issue you're talking about so it appears to be an issue with the
> 9.3.6 as released by RedHat (and Fedora - CentOS uses RedHat sources).
> 
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> On Behalf
> Of Duncan Berriman
> Sent: Wednesday, February 03, 2010 10:05 AM
> To: bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> Problem is I am specifying the server on the command line, it is
> supposed to
> use only that server, not randomly decide because it can't connect to
> that
> server to try any others it feels like.
> 
> Even the -s option makes no difference.
> 
> It should even been looking at files or dns
> 
> Duncan
> 
> > -Original Message-
> > From: Lightner, Jeff [mailto:jlight...@water.com] 
> > Sent: 03 February 2010 15:04
> > To: Duncan Berriman; bind-users@lists.isc.org
> > Subject: RE: Host/nslookup/dig queries wrong server
> > 
> > 
> > rpm -qa |grep bind
> > 
> > Will tell you all the BIND packages you have installed via RPM.
> > 
> > The reason commands check resolv.conf in UNIX/Linux is 
> > typically due to
> > how you've setup /etc/nsswitch.conf.   A line is contained in 
> > it similar
> > to the following:
> > hosts:  files dns
> > 
> > The above line says to first check files (/etc/hosts 
> > typically) for the
> > name and if not found there then try to use dns (/etc/resolv.conf
> > defines settings for dns lookups).  There are other options 
> > for the file
> > such as nis which would say to look at nis.  
> > 
> > If you don't want to use dns for lookups you can remove 
> "dns" from the
> > hosts line in nsswitch.conf.
> > 
> > Note that lookup commands are often designed specifically for name
> > services so won't necessarily respond from /etc/hosts even if 
> > the entry
> > is there.  The way to verify it's reading /etc/hosts is to do 
> > a ping on
> > it after the lookup.  If the ping works and the lookup 
> appeared not to
> > then it means it likely found the answer in /etc/hosts.   
> (HP-UX is an
> > exception - their implementation of nslookup actually 
> retruns entries
> > from /etc/hosts as well.)
> > 
> > -Original Message-
> > From: bind-users-bounces+jlightner=water@lists.isc.org
> > [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> > On Behalf
> > Of Duncan Berriman
> > Sent: Wednesday, February 03, 2010 9:45 AM
> > To: bind-users@lists.isc.org
> > Subject: RE: Host/nslookup/dig queries wrong server
> > 
> > # rpm -q -f `which host`
> > bind-utils-9.3.6-4.P1.el5_4.2
> > 
> > Thanks
> > Duncan
> > 
> > 
> > > -Original Message-
> > > From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> > > Sent: 03 February 2010 13:12
> > > To: Duncan Berriman
> > > Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> > > Subject: Re: Host/nslookup/dig queries wrong server
> > > 
> > > 
> > > On Wed, Feb 03, 2010 at 11:42:19AM -,
> > >  Duncan Berriman  wrote 
> > >  a message of 75 lines which said:
> > > 
> > > > How do I check which one it is? I can't see any option 
> to tell me.
> > > 
> > > which host
> > > rpm -q -f `which host`
> > > 
> > > -- 
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > 
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >  
> > Proud partner. Susan G. Komen for the Cure.
> >  
> > Please consider our environment before printing this e-mail 
> > or attachments.
> > --
> > CONFIDENTIALITY NOTICE: This e-mail may contain privileged or 
> > confidential information and is for the sole use of the 
> > intended recipient(s). If you are not the intended recipient, 
> > any disclosure, copying, distribution, or use of the contents 
> > of this information is prohibited and may be unlawful. If you 
> > have received this electronic transmission in error, please 
> > reply immediately to the sender that you have received the 
> > message in error, and delete it. Thank you.
> > -

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Lightner, Jeff 
You might want to file a bug report with RedHat.

I just looked through the notifications I got last year from RedHat
regarding various bug and security updates to the bind packages and none
of them mention this change.

Can others on the list verify the default (non-RedHat) bind-utils
package's host command should NOT resolve if server is specified and the
specified server doesn't resolv?

-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Duncan Berriman
Sent: Wednesday, February 03, 2010 10:48 AM
To: bind-users@lists.isc.org
Subject: RE: Host/nslookup/dig queries wrong server

Whats odd is FC8,9 and 11 are ok. 

10 uses 9.5.1
Centos uses 9.3.6

It appears therefore that Redhat are somehow causing the issue when
building
certain versions.

Thanks for your help proving what it is at least I can look at upgrading
or
downgrading to solve the issue. 

> -Original Message-
> From: Lightner, Jeff [mailto:jlight...@water.com] 
> Sent: 03 February 2010 15:37
> To: Duncan Berriman; bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> 
> Interesting.
> 
> On checking a CentOS5 and a RHEL5 system I found I had
> bind-utils-9.3.4-10.P1.el5_3.3 and running host with specifying server
> did what it should (what you expected).
> 
> I then updated the CentOS5 to bind-utils-9.3.6-4.P1.el5_4.2 
> and now have
> the issue you're talking about so it appears to be an issue with the
> 9.3.6 as released by RedHat (and Fedora - CentOS uses RedHat sources).
> 
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> On Behalf
> Of Duncan Berriman
> Sent: Wednesday, February 03, 2010 10:05 AM
> To: bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> Problem is I am specifying the server on the command line, it is
> supposed to
> use only that server, not randomly decide because it can't connect to
> that
> server to try any others it feels like.
> 
> Even the -s option makes no difference.
> 
> It should even been looking at files or dns
> 
> Duncan
> 
> > -Original Message-
> > From: Lightner, Jeff [mailto:jlight...@water.com] 
> > Sent: 03 February 2010 15:04
> > To: Duncan Berriman; bind-users@lists.isc.org
> > Subject: RE: Host/nslookup/dig queries wrong server
> > 
> > 
> > rpm -qa |grep bind
> > 
> > Will tell you all the BIND packages you have installed via RPM.
> > 
> > The reason commands check resolv.conf in UNIX/Linux is 
> > typically due to
> > how you've setup /etc/nsswitch.conf.   A line is contained in 
> > it similar
> > to the following:
> > hosts:  files dns
> > 
> > The above line says to first check files (/etc/hosts 
> > typically) for the
> > name and if not found there then try to use dns (/etc/resolv.conf
> > defines settings for dns lookups).  There are other options 
> > for the file
> > such as nis which would say to look at nis.  
> > 
> > If you don't want to use dns for lookups you can remove 
> "dns" from the
> > hosts line in nsswitch.conf.
> > 
> > Note that lookup commands are often designed specifically for name
> > services so won't necessarily respond from /etc/hosts even if 
> > the entry
> > is there.  The way to verify it's reading /etc/hosts is to do 
> > a ping on
> > it after the lookup.  If the ping works and the lookup 
> appeared not to
> > then it means it likely found the answer in /etc/hosts.   
> (HP-UX is an
> > exception - their implementation of nslookup actually 
> retruns entries
> > from /etc/hosts as well.)
> > 
> > -Original Message-
> > From: bind-users-bounces+jlightner=water@lists.isc.org
> > [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> > On Behalf
> > Of Duncan Berriman
> > Sent: Wednesday, February 03, 2010 9:45 AM
> > To: bind-users@lists.isc.org
> > Subject: RE: Host/nslookup/dig queries wrong server
> > 
> > # rpm -q -f `which host`
> > bind-utils-9.3.6-4.P1.el5_4.2
> > 
> > Thanks
> > Duncan
> > 
> > 
> > > -Original Message-
> > > From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> > > Sent: 03 February 2010 13:12
> > > To: Duncan Berriman
> > > Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> > > Subject: Re: Host/nslookup/dig queries wrong server
> > > 
> > > 
> > > On Wed, Feb 03, 2010 at 11:42:19AM -,
> > >  Duncan Berriman  wrote 
> > >  a message of 75 lines which said:
> > > 
> > > > How do I check which one it is? I can't see any option 
> to tell me.
> > > 
> > > which host
> > > rpm -q -f `which host`
> > > 
> > > -- 
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > 
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-user

RE: Host/nslookup/dig queries wrong server

2010-02-03 Thread Duncan Berriman 
Now filed as bug 561299

Whats the easiest way to upgrade/downgrade bind and bind utils on Fedora and
Centos?

Thanks
Duncan

> -Original Message-
> From: Lightner, Jeff [mailto:jlight...@water.com] 
> Sent: 03 February 2010 15:59
> To: Duncan Berriman; bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> 
> You might want to file a bug report with RedHat.
> 
> I just looked through the notifications I got last year from RedHat
> regarding various bug and security updates to the bind 
> packages and none
> of them mention this change.
> 
> Can others on the list verify the default (non-RedHat) bind-utils
> package's host command should NOT resolve if server is 
> specified and the
> specified server doesn't resolv?
> 
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> On Behalf
> Of Duncan Berriman
> Sent: Wednesday, February 03, 2010 10:48 AM
> To: bind-users@lists.isc.org
> Subject: RE: Host/nslookup/dig queries wrong server
> 
> Whats odd is FC8,9 and 11 are ok. 
> 
> 10 uses 9.5.1
> Centos uses 9.3.6
> 
> It appears therefore that Redhat are somehow causing the issue when
> building
> certain versions.
> 
> Thanks for your help proving what it is at least I can look 
> at upgrading
> or
> downgrading to solve the issue. 
> 
> > -Original Message-
> > From: Lightner, Jeff [mailto:jlight...@water.com] 
> > Sent: 03 February 2010 15:37
> > To: Duncan Berriman; bind-users@lists.isc.org
> > Subject: RE: Host/nslookup/dig queries wrong server
> > 
> > 
> > Interesting.
> > 
> > On checking a CentOS5 and a RHEL5 system I found I had
> > bind-utils-9.3.4-10.P1.el5_3.3 and running host with 
> specifying server
> > did what it should (what you expected).
> > 
> > I then updated the CentOS5 to bind-utils-9.3.6-4.P1.el5_4.2 
> > and now have
> > the issue you're talking about so it appears to be an issue with the
> > 9.3.6 as released by RedHat (and Fedora - CentOS uses 
> RedHat sources).
> > 
> > -Original Message-
> > From: bind-users-bounces+jlightner=water@lists.isc.org
> > [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> > On Behalf
> > Of Duncan Berriman
> > Sent: Wednesday, February 03, 2010 10:05 AM
> > To: bind-users@lists.isc.org
> > Subject: RE: Host/nslookup/dig queries wrong server
> > 
> > Problem is I am specifying the server on the command line, it is
> > supposed to
> > use only that server, not randomly decide because it can't 
> connect to
> > that
> > server to try any others it feels like.
> > 
> > Even the -s option makes no difference.
> > 
> > It should even been looking at files or dns
> > 
> > Duncan
> > 
> > > -Original Message-
> > > From: Lightner, Jeff [mailto:jlight...@water.com] 
> > > Sent: 03 February 2010 15:04
> > > To: Duncan Berriman; bind-users@lists.isc.org
> > > Subject: RE: Host/nslookup/dig queries wrong server
> > > 
> > > 
> > > rpm -qa |grep bind
> > > 
> > > Will tell you all the BIND packages you have installed via RPM.
> > > 
> > > The reason commands check resolv.conf in UNIX/Linux is 
> > > typically due to
> > > how you've setup /etc/nsswitch.conf.   A line is contained in 
> > > it similar
> > > to the following:
> > > hosts:  files dns
> > > 
> > > The above line says to first check files (/etc/hosts 
> > > typically) for the
> > > name and if not found there then try to use dns (/etc/resolv.conf
> > > defines settings for dns lookups).  There are other options 
> > > for the file
> > > such as nis which would say to look at nis.  
> > > 
> > > If you don't want to use dns for lookups you can remove 
> > "dns" from the
> > > hosts line in nsswitch.conf.
> > > 
> > > Note that lookup commands are often designed specifically for name
> > > services so won't necessarily respond from /etc/hosts even if 
> > > the entry
> > > is there.  The way to verify it's reading /etc/hosts is to do 
> > > a ping on
> > > it after the lookup.  If the ping works and the lookup 
> > appeared not to
> > > then it means it likely found the answer in /etc/hosts.   
> > (HP-UX is an
> > > exception - their implementation of nslookup actually 
> > retruns entries
> > > from /etc/hosts as well.)
> > > 
> > > -Original Message-
> > > From: bind-users-bounces+jlightner=water@lists.isc.org
> > > [mailto:bind-users-bounces+jlightner=water@lists.isc.org] 
> > > On Behalf
> > > Of Duncan Berriman
> > > Sent: Wednesday, February 03, 2010 9:45 AM
> > > To: bind-users@lists.isc.org
> > > Subject: RE: Host/nslookup/dig queries wrong server
> > > 
> > > # rpm -q -f `which host`
> > > bind-utils-9.3.6-4.P1.el5_4.2
> > > 
> > > Thanks
> > > Duncan
> > > 
> > > 
> > > > -Original Message-
> > > > From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr] 
> > > > Sent: 03 February 2010 13:12
> > > > To: Duncan Berriman
> > > > Cc: 'Matus UHLAR - fantomas'; bind-users@lists.isc.org
> > >

BIND 9.6.2 Release Candidate 1 is now available.

2010-02-03 Thread Mark Andrews 

BIND 9.6.2 Release Candidate 1 is now available.

BIND 9.6.2rc1 is a maintenance release candidate for BIND 9.6.

BIND 9.6.2rc1 can be downloaded from

ftp://ftp.isc.org/isc/bind9/9.6.2rc1/bind-9.6.2rc1.tar.gz

The PGP signature of the distribution is at

ftp://ftp.isc.org/isc/bind9/9.6.2rc1/bind-9.6.2rc1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/bind-9.6.2rc1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/bind-9.6.2rc1.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at .

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at

ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.zip
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.debug.zip

The PGP signature of the binary kit is at

ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.zip.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.6.2rc1/BIND9.6.2rc1.debug.zip.sha512.asc

Changes since 9.6.0:

--- 9.6.2rc1 released ---

2838.   [func]  Backport support for SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512, from BIND 9.7.  (This
incorporates changes 2726 and 2738 from that
release branch.) [RT #20871]

2837.   [port]  Prevent Linux spurious warnings about fwrite().
[RT #20812]

2831.   [security]  Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]

2828.   [security]  Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]

2827.   [security]  Bogus NXDOMAIN could be cached as if valid. [RT #20712]

2825.   [bug]   Changing the setting of OPTOUT in a NSEC3 chain that
was in the process of being created was not properly
recorded in the zone. [RT #20786]

2823.   [bug]   rbtdb.c:getsigningtime() was missing locks. [RT #20781]

2819.   [cleanup]   Removed unnecessary DNS_POINTER_MAXHOPS define
[RT #20771]

2818.   [cleanup]   rndc could return an incorrect error code 
when a zone was not found. [RT #20767]

2815.   [bug]   Exclusively lock the task when freezing a zone.
[RT #19838]

2814.   [func]  Provide a definitive error message when a master
zone is not loaded. [RT #20757]

--- 9.6.2b1 released ---

2797.   [bug]   Don't decrement the dispatch manager's maxbuffers.
[RT #20613]

2790.   [bug]   Handle DS queries to stub zones. [RT #20440]

2789.   [bug]   Fixed an INSIST in dispatch.c [RT #20576]

2786.   [bug]   Additional could be promoted to answer. [RT #20663]

2784.   [bug]   TC was not always being set when required glue was
dropped. [RT #20655]

2783.   [func]  Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less.  [RT #20654]

2782.   [port]  win32: use getaddrinfo() for hostname lookups.
[RT #20650]

2777.   [contrib]   DLZ MYSQL auto reconnect support discovery was wrong.

2772.   [security]  When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]

2765.   [bug]   Skip masters for which the TSIG key cannot be found.
[RT #20595]

2760.   [cleanup]   Corrected named-compilezone usage summary. [RT #20533]

2759.   [doc]   Add information about .jbk/.jnw files to
the ARM. [RT #20303]

2758.   [bug]   win32: Added a workaround for a windows 2008 bug
that could cause the UDP client handler to shut
down. [RT #19176]

2757.   [bug]   dig: assertion failure could occur in connect
timeout. [RT #20599]

2755.   [doc]   Clarify documentation of keyset- files in
dnssec-signzone man page. [RT #19810]

2754.   [bug]   Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]

2750.   [bug]   dig: assertion failure could occur when a server

dns server is attacked

2010-02-03 Thread Makara 
Hi,

I'm dns administrator, please give me an excuse if it's not the right place
to ask the question. My dns server is attacked, below are the log

Feb  4 06:26:29 ns01 named[7791]: client 204.194.238.15#42502: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 196.14.64.145#54363: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.33.216.129#58386: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 62.141.32.3#10049: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 203.220.10.226#27558: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 117.102.98.253#4696: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 208.69.34.8#52506: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 64.27.31.126#23550: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 195.25.5.65#49345: query (cache)
'110.25.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 208.65.201.98#20322: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 82.108.95.210#2104: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 65.39.178.17#53701: query (cache)
'200.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: FORMERR resolving '
ns1.pendingrenewaldeletion.com//IN': 205.178.190.51#53
Feb  4 06:26:29 ns01 named[7791]: unexpected RCODE (REFUSED) resolving '
cheappaintballgunstore.com/A/IN': 74.53.26.66#53
Feb  4 06:26:29 ns01 named[7791]: client 85.115.52.190#24528: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 83.103.75.172#19067: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.119.189.138#63190: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 194.206.126.15#49858: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 72.232.214.226#10860: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: FORMERR resolving '
ns2.pendingrenewaldeletion.com//IN': 205.178.190.51#53
Feb  4 06:26:29 ns01 named[7791]: client 83.243.8.6#26089: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 97.64.179.210#19383: query (cache)
'200.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 81.4.88.10#24179: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.33.216.208#8796: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.119.189.138#34887: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 208.67.219.11#39638: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied


I'm using BIND 9.3.3rc2, any idea or advise how to solve the problem? it's
response so slow and some time is not response
-- 
The person who loves others will also be loved.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dns server is attacked

2010-02-03 Thread Mark Andrews 

In message , 
Makara writes:
> Hi,
> 
> I'm dns administrator, please give me an excuse if it's not the right place
> to ask the question. My dns server is attacked, below are the log

You are not being attacked.  The zone 26.178.115.in-addr.arpa is
delegated to you but you are not configured to serve it.

26.178.115.in-addr.arpa. 86400  IN  NS  ns01.digi.com.kh.
26.178.115.in-addr.arpa. 86400  IN  NS  ns02.digi.com.kh.

You are seeing other nameservers performing reverse lookups on the
address in 26.178.115.in-addr.arpa.  This will usually be because
you made a connection to a service which uses these servers for
reverse DNS lookups for access control or just logging where the
request came from.
 
Either remove the delegation or serve the 26.178.115.in-addr.arpa zone.

Mark

> Feb  4 06:26:29 ns01 named[7791]: client 204.194.238.15#42502:
query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
4 06:26:29 ns01 named[7791]: client 196.14.64.145#54363: query
(cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4
06:26:29 ns01 named[7791]: client 66.33.216.129#58386: query (cache)
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
ns01 named[7791]: client 62.141.32.3#10049: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 203.220.10.226#27558: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 117.102.98.253#4696: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 208.69.34.8#52506: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 64.27.31.126#23550: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 195.25.5.65#49345: query (cache) >
'110.25.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 208.65.201.98#20322: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 82.108.95.210#2104: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 65.39.178.17#53701: query (cache) >
'200.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: FORMERR resolving ' > ns1.pendingrenewaldeletion.com//IN':
205.178.190.51#53 > Feb  4 06:26:29 ns01 named[7791]: unexpected
RCODE (REFUSED) resolving ' > cheappaintballgunstore.com/A/IN':
74.53.26.66#53 > Feb  4 06:26:29 ns01 named[7791]: client
85.115.52.190#24528: query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN'
denied > Feb  4 06:26:29 ns01 named[7791]: client 83.103.75.172#19067:
query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
4 06:26:29 ns01 named[7791]: client 66.119.189.138#63190: query
(cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4
06:26:29 ns01 named[7791]: client 194.206.126.15#49858: query (cache)
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
ns01 named[7791]: client 72.232.214.226#10860: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: FORMERR resolving ' > ns2.pendingrenewaldeletion.com//IN':
205.178.190.51#53 > Feb  4 06:26:29 ns01 named[7791]: client
83.243.8.6#26089: query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN'
denied > Feb  4 06:26:29 ns01 named[7791]: client 97.64.179.210#19383:
query (cache) > '200.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
4 06:26:29 ns01 named[7791]: client 81.4.88.10#24179: query (cache)
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
ns01 named[7791]: client 66.33.216.208#8796: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 66.119.189.138#34887: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
named[7791]: client 208.67.219.11#39638: query (cache) >
'118.26.178.115.in-addr.arpa/PTR/IN' denied > > > I'm using BIND
9.3.3rc2, any idea or advise how to solve the problem? it's >
response so slow and some time is not response > -- > The person
who loves others will also be loved.  -- Mark Andrews, ISC 1 Seymour
St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742
INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dns server is attacked

2010-02-03 Thread Makara 
Hi Mark,

Thank you every much for you help. I can solve the problem now.

On Thu, Feb 4, 2010 at 7:52 AM, Mark Andrews  wrote:

>
> In message ,
> Makara writes:
> > Hi,
> >
> > I'm dns administrator, please give me an excuse if it's not the right
> place
> > to ask the question. My dns server is attacked, below are the log
>
> You are not being attacked.  The zone 26.178.115.in-addr.arpa is
> delegated to you but you are not configured to serve it.
>
> 26.178.115.in-addr.arpa. 86400  IN  NS  ns01.digi.com.kh.
> 26.178.115.in-addr.arpa. 86400  IN  NS  ns02.digi.com.kh.
>
> You are seeing other nameservers performing reverse lookups on the
> address in 26.178.115.in-addr.arpa.  This will usually be because
> you made a connection to a service which uses these servers for
> reverse DNS lookups for access control or just logging where the
> request came from.
>
> Either remove the delegation or serve the 26.178.115.in-addr.arpa zone.
>
> Mark
>
> > Feb  4 06:26:29 ns01 named[7791]: client 204.194.238.15#42502:
> query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
> 4 06:26:29 ns01 named[7791]: client 196.14.64.145#54363: query
> (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4
> 06:26:29 ns01 named[7791]: client 66.33.216.129#58386: query (cache)
> > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
> ns01 named[7791]: client 62.141.32.3#10049: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 203.220.10.226#27558: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 117.102.98.253#4696: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 208.69.34.8#52506: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 64.27.31.126#23550: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 195.25.5.65#49345: query (cache) >
> '110.25.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 208.65.201.98#20322: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 82.108.95.210#2104: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 65.39.178.17#53701: query (cache) >
> '200.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: FORMERR resolving ' > ns1.pendingrenewaldeletion.com//IN
> ':
> 205.178.190.51#53 > Feb  4 06:26:29 ns01 named[7791]: unexpected
> RCODE (REFUSED) resolving ' > cheappaintballgunstore.com/A/IN':
> 74.53.26.66#53 > Feb  4 06:26:29 ns01 named[7791]: client
> 85.115.52.190#24528: query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN'
> denied > Feb  4 06:26:29 ns01 named[7791]: client 83.103.75.172#19067:
> query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
> 4 06:26:29 ns01 named[7791]: client 66.119.189.138#63190: query
> (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4
> 06:26:29 ns01 named[7791]: client 194.206.126.15#49858: query (cache)
> > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
> ns01 named[7791]: client 72.232.214.226#10860: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: FORMERR resolving ' > ns2.pendingrenewaldeletion.com//IN
> ':
> 205.178.190.51#53 > Feb  4 06:26:29 ns01 named[7791]: client
> 83.243.8.6#26089: query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN'
> denied > Feb  4 06:26:29 ns01 named[7791]: client 97.64.179.210#19383:
> query (cache) > '200.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
> 4 06:26:29 ns01 named[7791]: client 81.4.88.10#24179: query (cache)
> > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
> ns01 named[7791]: client 66.33.216.208#8796: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 66.119.189.138#34887: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 208.67.219.11#39638: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > > > I'm using BIND
> 9.3.3rc2, any idea or advise how to solve the problem? it's >
> response so slow and some time is not response > -- > The person
> who loves others will also be loved.  -- Mark Andrews, ISC 1 Seymour
> St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742
> INTERNET: ma...@isc.org
>



-- 
The person who loves others will also be loved.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users