[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Question for DNS pros
- To: Paul Schmehl <pauls@xxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Question for DNS pros
- From: Cyril Guibourg <plonk-o-matic@xxxxxxxxx>
- Date: Sat, 24 Jul 2004 06:17:21 +0200
Paul Schmehl <pauls@xxxxxxxxxxxx> writes:
> What I want to know is *why* do these "foreign" hosts think an IP on
> my network is serving DNS when there's not even a host at that address.
>
> I can think of two possibilities:
>
> 1) At some time in the past, a host *was* serving DNS at that address
> and some "foreign" hosts have cached the address.
> 2) Someone somewhere has registered a domain and used our IP address
> for one of their "nameservers" in the registration.
>
> (If anyone can think of other explanations, please let me know.)
Some bogus resolver, or forwarder, setup.
> Now how is a reverse lookup going to help you with that?
It won't.
> The best suggestion yet has been to set up a name server at that
> address with verbose logging. That's probably what I will do next
> week.
Yes, just put no zone at all and log queries. After a while, you should be
able to figure out "why" you receive these queries.
Cheers.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html