[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Question for DNS pros



Paul Schmehl <pauls@xxxxxxxxxxxx> writes:

> What I want to know is *why* do these "foreign" hosts think an IP on
> my network is serving DNS when there's not even a host at that address.
>
> I can think of two possibilities:
>
> 1) At some time in the past, a host *was* serving DNS at that address
> and some "foreign" hosts have cached the address.
> 2) Someone somewhere has registered a domain and used our IP address
> for one of their "nameservers" in the registration.
>
> (If anyone can think of other explanations, please let me know.)

Some bogus resolver, or forwarder, setup.

> Now how is a reverse lookup going to help you with that?

It won't.

> The best suggestion yet has been to set up a name server at that
> address with verbose logging.  That's probably what I will do next
> week.

Yes, just put no zone at all and log queries. After a while, you should be
able to figure out "why" you receive these queries.

Cheers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html