Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Question for DNS pros
From: Cyril Guibourg <plonk-o-matic () teaser fr>
Date: Sat, 24 Jul 2004 06:17:21 +0200

Paul Schmehl <pauls () utdallas edu> writes:

What I want to know is *why* do these "foreign" hosts think an IP on
my network is serving DNS when there's not even a host at that address.

I can think of two possibilities:

1) At some time in the past, a host *was* serving DNS at that address
and some "foreign" hosts have cached the address.
2) Someone somewhere has registered a domain and used our IP address
for one of their "nameservers" in the registration.

(If anyone can think of other explanations, please let me know.)

Some bogus resolver, or forwarder, setup.

Now how is a reverse lookup going to help you with that?

It won't.

The best suggestion yet has been to set up a name server at that
address with verbose logging.  That's probably what I will do next

Yes, just put no zone at all and log queries. After a while, you should be
able to figure out "why" you receive these queries.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]