Home page logo

fulldisclosure logo Full Disclosure mailing list archives

DNS query???
From: "Verma, Sachin" <SVerma () ocwen com>
Date: Tue, 27 Jul 2004 08:01:26 -0400


I have a secondary dns server,which is internal to LAN and on windows 2000
that is generating a lot of queiries for all the 13 root dns servers.The
traffic is blocked by the firewall.But the strange thing that I have noticed
is that the source and destination port being the same i.e 53.Also the
forwarder is correctly set on the DNS server and hence theoritically the
querries need to be forwarded to the next DNS server.

Any body got an idea as to what is this.

S () [|-|i/\/

-----Original Message-----
From: Paul Rolland [mailto:rol () witbe net]
Sent: Tuesday, July 27, 2004 4:11 PM
To: 'Paul Schmehl'; full-disclosure () lists netsys com
Subject: Re: FW: [Full-disclosure] Question for DNS pros


The machine sending the queries is probably configured to use
your server as a complete DNS resolver and transfer all its queries
to your server.

Umm...I don't *have* a server at that address.  In fact, 
there is no live 
host at all at that address.  *That*, after all, is the 
entire point of 
this thread.

Understood, but this doesn't prevent someone from making a mistake
when creating its configuration file... and if the resolver has more
than one host (including yours), then failure from your machine will
simply let him skip to next host, which in fact only slows down DNS
resolution. Thus, people are likely to live with a broken configuration
for long...

Collect the source IP(s), find the admin and send him an email...


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This E-mail message and its attachments (if any) are intended
solely for the use of the addressee hereof. In addition, this 
message and the attachments (if any) may contain information 
that is confidential, privileged and exempt from disclosure 
under applicable law. If you are not the intended recipient of 
this message, you are prohibited from reading, disclosing, 
reproducing, distributing, disseminating or otherwise using 
this transmission. Delivery of this message to any person other 
than the intended recipient is not intended to waive any right 
or privilege. If you have received this message in error, please 
promptly notify the sender by reply E-mail and immediately delete 
this message from your system.

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]