Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Question for DNS pros
From: "ALD, [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net>
Date: Sat, 24 Jul 2004 09:39:25 +0530

I can think of two possibilities:
1) At some time in the past, a host *was* serving DNS at that address and 
some "foreign" hosts have cached the address.

i think your isp should have this info

2) Someone somewhere has registered a domain and used our IP address for 
one of their "nameservers" in the registration.

then his domain is toast anyway as there is not dns server so effectively his domain is offline, 
this will be corrected soon if this is the case.
(If anyone can think of other explanations, please let me know.)

The best suggestion yet has been to set up a name server at that address 
with verbose logging.  That's probably what I will do next week.

1. just block of port 53 / udp for that address at the firewall
2. run a dns server that replies to all the quries with localhost or after you have found what is causing this
3. set the refresh time, TTL and other values to -1 this should solve most of the problems as the clients would simply 
stop querying 



Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]