[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Question for DNS pros

To: Paul Schmehl <pauls@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Question for DNS pros
From: Cyril Guibourg <plonk-o-matic@xxxxxxxxx>
Date: Sat, 24 Jul 2004 06:17:21 +0200

Paul Schmehl <pauls@xxxxxxxxxxxx> writes:

> What I want to know is *why* do these "foreign" hosts think an IP on
> my network is serving DNS when there's not even a host at that address.
>
> I can think of two possibilities:
>
> 1) At some time in the past, a host *was* serving DNS at that address
> and some "foreign" hosts have cached the address.
> 2) Someone somewhere has registered a domain and used our IP address
> for one of their "nameservers" in the registration.
>
> (If anyone can think of other explanations, please let me know.)

Some bogus resolver, or forwarder, setup.

> Now how is a reverse lookup going to help you with that?

It won't.

> The best suggestion yet has been to set up a name server at that
> address with verbose logging.  That's probably what I will do next
> week.

Yes, just put no zone at all and log queries. After a while, you should be
able to figure out "why" you receive these queries.

Cheers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Question for DNS pros
  - From: VX Dude
- Re: [Full-Disclosure] Question for DNS pros
  - From: Oliver@xxxxxxxxxx
- Re: [Full-Disclosure] Question for DNS pros
  - From: Paul Schmehl

Prev by Date: [Full-Disclosure] Re: Comcast(tm) Email Manager allows arbitrary java and activex code execution
Next by Date: Re: [Full-Disclosure] Question for DNS pros
Previous by thread: Re: [Full-Disclosure] Question for DNS pros
Next by thread: Re: [Full-Disclosure] Question for DNS pros
Index(es):
- Date
- Thread