Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Question for DNS pros
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 24 Jul 2004 00:58:42 -0500

--On Saturday, July 24, 2004 9:39 AM +0530 "ALD, [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net> wrote:
I can think of two possibilities:
1) At some time in the past, a host *was* serving DNS at that address and
some "foreign" hosts have cached the address.

i think your isp should have this info

Umm..did you look at my address?  We own a class B.  We don't have an ISP.

then his domain is toast anyway as there is not dns server so effectively
his domain is offline,  this will be corrected soon if this is the case.

Not if the "other" DNS server is working. You're required to register two nameservers; a primary and a secondary. You only need one to answer queries. If a guy registered a domain and used *his* box for the primary and just grabbed a random IP to register as a "secondary", why would he care of the secondary didn't work?

1. just block of port 53 / udp for that address at the firewall
2. run a dns server that replies to all the quries with localhost or
127.0.0.1 after you have found what is causing this 3. set the refresh
time, TTL and other values to -1 this should solve most of the problems
as the clients would simply stop querying

You're misunderstanding the problem. The problem is, we want to make sure our IPs aren't being used by someone else, even inadvertantly.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault