Re: dealing with multi-homed machine
In message , donovan jeffr ey j writes: > > On Feb 8, 2011, at 5:17 PM, Mark Andrews wrote: > > > > > In message <3ad9c812-cba3-4dcd-a27e-26e63d912...@beth.k12.pa.us>, donovan j > effr > > ey j writes: > >> Greetings > >> > >> I have an external dns server that serves a group of systems. One of the s > yst > >> ems has a secondary interface with private address space. Dns should not b > e r > >> equesting from here but i am seeing these warnings coming from my external > sy > >> stem; > >> > >> security: warning: client 209.96.96.108#49534: view com.basd.DNS.public: R > FC > >> 1918 response from Internet for 108.1.135.10.in-addr.arpa > >> > >> > >> how do I keep that internal zone from being seen ? Do I have to firewall d > ns > >> queries between interfaces on the server ? > >> tia > > > > Please go read the FAQ. http://www.isc.org/software/bind/faq > > thanks mark, > > It appears my case may be a programming error from the server admin. But this > brings up the case of views. > > on my external dns server i should add an empty zone file ? what does that se > nd back to the offending request? It sends back NXDOMAIN responses except for apex queries. This is all the public servers do. > zone "10.IN-ADDR.ARPA" { > type master; > file "empty"; > }; > > is there a way i can redirect him back to the Internal dns server for 1918 re > quests,... ( and i think the answer is ,.. let the internal answer the initia > l request so it never comes up to the outside). The internal DNS servers, handed out by DHCP, should be configured to serve the IN-ADDR.ARPA reverse zones for the RFC 1918 addresses you are using. You can then add PTR records for your internal machines using RFC 1918 addresses. Because they wern't configured to do so the queries leaked out to the Internet and the code to report these leaks kicked in. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dealing with multi-homed machine
On Feb 8, 2011, at 8:44 PM, donovan jeffrey j wrote: > > thanks mark, > > It appears my case may be a programming error from the server admin. But this > brings up the case of views. > > on my external dns server i should add an empty zone file ? what does that > send back to the offending request? > > zone "10.IN-ADDR.ARPA" { >type master; >file "empty"; > }; > this sends a nice query failed (SERVFAIL) for 10.20.135.10.in-addr.arpa/IN/PTR at query.c:3921 thats what i wanted, until I can get that system turned around. thanks -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dealing with multi-homed machine
On Feb 8, 2011, at 5:17 PM, Mark Andrews wrote: > > In message <3ad9c812-cba3-4dcd-a27e-26e63d912...@beth.k12.pa.us>, donovan > jeffr > ey j writes: >> Greetings >> >> I have an external dns server that serves a group of systems. One of the syst >> ems has a secondary interface with private address space. Dns should not be r >> equesting from here but i am seeing these warnings coming from my external sy >> stem; >> >> security: warning: client 209.96.96.108#49534: view com.basd.DNS.public: RFC >> 1918 response from Internet for 108.1.135.10.in-addr.arpa >> >> >> how do I keep that internal zone from being seen ? Do I have to firewall dns >> queries between interfaces on the server ? >> tia > > Please go read the FAQ. http://www.isc.org/software/bind/faq thanks mark, It appears my case may be a programming error from the server admin. But this brings up the case of views. on my external dns server i should add an empty zone file ? what does that send back to the offending request? zone "10.IN-ADDR.ARPA" { type master; file "empty"; }; is there a way i can redirect him back to the Internal dns server for 1918 requests,... ( and i think the answer is ,.. let the internal answer the initial request so it never comes up to the outside). -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dealing with multi-homed machine
In message <3ad9c812-cba3-4dcd-a27e-26e63d912...@beth.k12.pa.us>, donovan jeffr ey j writes: > Greetings > > I have an external dns server that serves a group of systems. One of the syst > ems has a secondary interface with private address space. Dns should not be r > equesting from here but i am seeing these warnings coming from my external sy > stem; > > security: warning: client 209.96.96.108#49534: view com.basd.DNS.public: RFC > 1918 response from Internet for 108.1.135.10.in-addr.arpa > > > how do I keep that internal zone from being seen ? Do I have to firewall dns > queries between interfaces on the server ? > tia Please go read the FAQ. http://www.isc.org/software/bind/faq > -j > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dealing with multi-homed machine
Greetings I have an external dns server that serves a group of systems. One of the systems has a secondary interface with private address space. Dns should not be requesting from here but i am seeing these warnings coming from my external system; security: warning: client 209.96.96.108#49534: view com.basd.DNS.public: RFC 1918 response from Internet for 108.1.135.10.in-addr.arpa how do I keep that internal zone from being seen ? Do I have to firewall dns queries between interfaces on the server ? tia -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users