Re: OT: Open DNS Server / Recursion
On Thursday 26 October 2006 19:14, Eric Haskins wrote: Dont block DNS requests at the firewall. Your customers wont be happy when their sites dont resolve :) 90% of the time it's cheaper and easier to have someone else run the DNS. -- Tom Chiverton Helping to autoschediastically architect exceptional market-growth This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258418 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Open DNS Server / Recursion
The problem is that with Recursion enabled on a DNS server hosting domain is it allows IP forging for spammers. (From what I have read.) I have some pillock spammer forging my IP through this method. I have been told by my hosting company that I need to sort this out. With recursion turned off it means the mail server won't work as it won't be able to look up non-local domains. So, I need to be able to restrict the facility of recursive lookups to the local IPs. I can't see any way to do that. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: 26 October 2006 19:17 To: CF-Talk Subject: RE: Open DNS Server / Recursion Easy... don't disable recursive lookups. Without recursive lookups, your DNS server will only respond to queries about things that it knows... i.e. the dns entries hosted on your server. In order for it to resolve domains that it knows nothing about, it must go and do a recursive lookup using other dns servers. Russ -Original Message- From: Jenny Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 8:44 AM To: CF-Talk Subject: OT: Open DNS Server / Recursion Totally off topic. I run DNS servers for a number of domains and also mail servers for those domains. I have a problem in that when I disable Recursive look ups the DNS servers then fail to answer DNS queries from the local IP addresses. Any ideas anyone please? Jenny Jennifer Gavin-Wear Fast Track Online Tel: 01262 602013 http://www.fasttrackonline.co.uk/ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.11/497 - Release Date: 25/10/2006 ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258222 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Open DNS Server / Recursion
Run a second internal recursive DNS server for your local users. Then set your DNS Server for your domains without recursion. Eric Haskins Web Systems Developer Rooms To Go On 10/27/06, Jenny Gavin-Wear [EMAIL PROTECTED] wrote: The problem is that with Recursion enabled on a DNS server hosting domain is it allows IP forging for spammers. (From what I have read.) I have some pillock spammer forging my IP through this method. I have been told by my hosting company that I need to sort this out. With recursion turned off it means the mail server won't work as it won't be able to look up non-local domains. So, I need to be able to restrict the facility of recursive lookups to the local IPs. I can't see any way to do that. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: 26 October 2006 19:17 To: CF-Talk Subject: RE: Open DNS Server / Recursion Easy... don't disable recursive lookups. Without recursive lookups, your DNS server will only respond to queries about things that it knows... i.e. the dns entries hosted on your server. In order for it to resolve domains that it knows nothing about, it must go and do a recursive lookup using other dns servers. Russ -Original Message- From: Jenny Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 8:44 AM To: CF-Talk Subject: OT: Open DNS Server / Recursion Totally off topic. I run DNS servers for a number of domains and also mail servers for those domains. I have a problem in that when I disable Recursive look ups the DNS servers then fail to answer DNS queries from the local IP addresses. Any ideas anyone please? Jenny Jennifer Gavin-Wear Fast Track Online Tel: 01262 602013 http://www.fasttrackonline.co.uk/ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.11/497 - Release Date: 25/10/2006 ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258260 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Open DNS Server / Recursion
I have a problem in that when I disable Recursive look
ups the DNS servers then fail to answer DNS queries
from the local IP addresses.
In BIND you can set the bind.conf file to only allow certain IP address to
be able to initiate a recursive query.
The directive is in the options section:
options {
directory c:\bind\etc;
// version statement for security to avoid hacking known weaknesses
version not disclosed;
// disables all zone transfer requests except for local network
allow-transfer{12.199.124.0/23;};
// Allow anyone to query
// only allow the local net to issue recursive queries
allow-query {any;};
allow-recursion {12.199.124.0/23;};
};
Best Regards,
Dennis Powers
UXB Internet - A website design and Hosting Company
690 Wolcott Road
P.O. Box 6029
Wolcott, CT 06716
Tel: (203)879-2844
http://www.uxbinternet.com/
http://www.uxb.net/
~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258282
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
OT: Open DNS Server / Recursion
Totally off topic. I run DNS servers for a number of domains and also mail servers for those domains. I have a problem in that when I disable Recursive look ups the DNS servers then fail to answer DNS queries from the local IP addresses. Any ideas anyone please? Jenny Jennifer Gavin-Wear Fast Track Online Tel: 01262 602013 http://www.fasttrackonline.co.uk/ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.11/497 - Release Date: 25/10/2006 ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258093 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: Open DNS Server / Recursion
On Thursday 26 October 2006 13:43, Jenny Gavin-Wear wrote: I have a problem in that when I disable Recursive look ups the DNS servers then fail to answer DNS queries from the local IP addresses. Any ideas anyone please? Don't turn recursive lookups off :-) They are what makes your DNS server go off and ask other ones, so when you turn if off *bam* no resolved hosts apart whatever the server itself knows about. A more normal solution is to block incoming DNS requests at the firewall. -- Tom Chiverton Helping to competently architect web-enabled initiatives This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258100 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT: Open DNS Server / Recursion
Dont block DNS requests at the firewall. Your customers wont be happy when their sites dont resolve :) We have recursion turned off on our DotCom DNS because we only host 6 Domains. All our coporate users use a Recursing DNS server to do their surfing. So if it is for both Surfing and Hosting then you need recursive lookups. If the server will only answer requests for your domains then turn off recursive lookups to save some traffic. In either case dont block port 53 at the firewall or by bye websites :) Eric Haskins Web Systems Developer Rooms To Go On 10/26/06, Tom Chiverton [EMAIL PROTECTED] wrote: On Thursday 26 October 2006 13:43, Jenny Gavin-Wear wrote: I have a problem in that when I disable Recursive look ups the DNS servers then fail to answer DNS queries from the local IP addresses. Any ideas anyone please? Don't turn recursive lookups off :-) They are what makes your DNS server go off and ask other ones, so when you turn if off *bam* no resolved hosts apart whatever the server itself knows about. A more normal solution is to block incoming DNS requests at the firewall. -- Tom Chiverton Helping to competently architect web-enabled initiatives This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258147 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Open DNS Server / Recursion
Easy... don't disable recursive lookups. Without recursive lookups, your DNS server will only respond to queries about things that it knows... i.e. the dns entries hosted on your server. In order for it to resolve domains that it knows nothing about, it must go and do a recursive lookup using other dns servers. Russ -Original Message- From: Jenny Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 8:44 AM To: CF-Talk Subject: OT: Open DNS Server / Recursion Totally off topic. I run DNS servers for a number of domains and also mail servers for those domains. I have a problem in that when I disable Recursive look ups the DNS servers then fail to answer DNS queries from the local IP addresses. Any ideas anyone please? Jenny Jennifer Gavin-Wear Fast Track Online Tel: 01262 602013 http://www.fasttrackonline.co.uk/ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.11/497 - Release Date: 25/10/2006 ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258148 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
