Re: Where is the open recursion test?
> Date: Mon, 15 Dec 2008 11:52:01 +0100 > From: Peter Dambier > To: bind-users@lists.isc.org > Subject: Re: Where is the open recursion test? > X-FuHaFi: 0.62 > > just try > > dig -t any peter-dambier.de @ > > If it tells you something about denic it is not recursive. > If you get the complete answer it is very likely recursive. > > Something internal could have triggered the query but only > if your server is in /etc/resolv.conf. Peter: Thanks! I ran that and got a full response back. Then I remembered that you cannot check on recursiveness from a trusted interface... I went to my ISP (alt email provider) and ran well% dig -t any peter-dambier.de @64.139.55.108 ; <<>> DiG 2.0 <<>> -t peter-dambier.de @64.139.55.108 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; res_send to server 64.139.55.108: Connection timed out "Connection timed out" is expected. Means that the ACLs are working. Just to make sure, lets test for something that CAN be resolved: well% dig metis.hicks-net.net @64.139.55.108 ; <<>> DiG 2.0 <<>> metis.hicks-net.net @64.139.55.108 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr aa rd; Ques: 1, Ans: 1, Auth: 3, Addit: 1 ;; QUESTIONS: ;; metis.hicks-net.net, type = A, class = IN ;; ANSWERS: metis.hicks-net.net.3600A 64.139.55.108 ;; AUTHORITY RECORDS: hicks-net.net. 3600NS ns1.xname.org. hicks-net.net. 3600NS ns0.xname.org. hicks-net.net. 3600NS ns.hicks-net.net. ;; ADDITIONAL RECORDS: ns.hicks-net.net. 3600A 64.139.55.108 ;; FROM: well to SERVER: 64.139.55.108 ;; WHEN: Mon Dec 15 02:57:50 2008 ;; MSG SIZE sent: 37 rcvd: 131 well% That worked also. (I got the expected results... Yay!) Again, thanks! Regards, Gregory Hicks > > Kind regards > Peter > > > Gregory Hicks wrote: > >> Date: Mon, 15 Dec 2008 06:44:18 -0200 > >> From: Leonardo Rodrigues Magalhães > >> > >> Gregory Hicks escreveu: > >>> Greetings: > >>> > >>> Seeing in my named.log entries for "too many timeouts resolving > >>> ''..." makes me wonder if my server is an > >>> open recursive server. > >>> > >>> Where is the test please for open recursion so I can check? > >> http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl > > > > Thanks! But I tried that about 6 hours earlier today. It said address > > 64.139.55.108 had status "untested". It also said that if I wanted my > > address retested, make a TCP connection to > > dns-surveyor.measurement-factory.com port 999 (e.g., with telnet) from > > the address to be tested. I did THAT also. So far, nothing. > > > > Any other ideas? [...] - Gregory Hicks | Principal Systems Engineer | Direct: 408.569.7928 People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf -- George Orwell The price of freedom is eternal vigilance. -- Thomas Jefferson "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Where is the open recursion test?
just try dig -t any peter-dambier.de @ If it tells you something about denic it is not recursive. If you get the complete answer it is very likely recursive. Something internal could have triggered the query but only if your server is in /etc/resolv.conf. Kind regards Peter Gregory Hicks wrote: >> Date: Mon, 15 Dec 2008 06:44:18 -0200 >> From: Leonardo Rodrigues Magalhães >> >> Gregory Hicks escreveu: >>> Greetings: >>> >>> Seeing in my named.log entries for "too many timeouts resolving >>> ''..." makes me wonder if my server is an >>> open recursive server. >>> >>> Where is the test please for open recursion so I can check? >> http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl > > Thanks! But I tried that about 6 hours earlier today. It said address > 64.139.55.108 had status "untested". It also said that if I wanted my > address retested, make a TCP connection to > dns-surveyor.measurement-factory.com port 999 (e.g., with telnet) from > the address to be tested. I did THAT also. So far, nothing. > > Any other ideas? > > - > Gregory Hicks | Principal Systems Engineer > | Direct: 408.569.7928 > > People sleep peaceably in their beds at night only because rough men > stand ready to do violence on their behalf -- George Orwell > > The price of freedom is eternal vigilance. -- Thomas Jefferson > > "The best we can hope for concerning the people at large is that they > be properly armed." --Alexander Hamilton > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Where is the open recursion test?
> Date: Mon, 15 Dec 2008 06:44:18 -0200 > From: Leonardo Rodrigues Magalhães > > Gregory Hicks escreveu: > > Greetings: > > > > Seeing in my named.log entries for "too many timeouts resolving > > ''..." makes me wonder if my server is an > > open recursive server. > > > > Where is the test please for open recursion so I can check? > > http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl Thanks! But I tried that about 6 hours earlier today. It said address 64.139.55.108 had status "untested". It also said that if I wanted my address retested, make a TCP connection to dns-surveyor.measurement-factory.com port 999 (e.g., with telnet) from the address to be tested. I did THAT also. So far, nothing. Any other ideas? - Gregory Hicks | Principal Systems Engineer | Direct: 408.569.7928 People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf -- George Orwell The price of freedom is eternal vigilance. -- Thomas Jefferson "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Where is the open recursion test?
Gregory Hicks escreveu: Greetings: Seeing in my named.log entries for "too many timeouts resolving ''..." makes me wonder if my server is an open recursive server. Where is the test please for open recursion so I can check? http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Where is the open recursion test?
Greetings: Seeing in my named.log entries for "too many timeouts resolving ''..." makes me wonder if my server is an open recursive server. Where is the test please for open recursion so I can check? Assist appreciated. Regards, GRegory Hicks ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
