On Tue, 2012-09-04 at 09:51 -0700, Kevin Oberman wrote: > On Mon, Sep 3, 2012 at 5:24 PM, Mohsen Pahlevanzadeh > <moh...@pahlevanzadeh.org> wrote: > > On Mon, 2012-09-03 at 15:42 -0700, Kevin Oberman wrote: > >> On Sun, Sep 2, 2012 at 10:12 AM, Mohsen Pahlevanzadeh > >> <moh...@pahlevanzadeh.org> wrote: > >> > Dear all, > >> > > >> > I installed bind in Debian/lenny, and i run the following command on > >> > server: > >> > /////////////////////////////////////////////////////////////////////// > >> > root@shared:/etc/bind# dig @localhost yahoo.com > >> > > >> > ; <<>> DiG 9.7.3 <<>> @localhost yahoo.com > >> > ; (2 servers found) > >> > ;; global options: +cmd > >> > ;; Got answer: > >> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24259 > >> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2 > >> > > >> > ;; QUESTION SECTION: > >> > ;yahoo.com. IN A > >> > > >> > ;; ANSWER SECTION: > >> > yahoo.com. 3600 IN A 72.30.38.140 > >> > yahoo.com. 3600 IN A 98.138.253.109 > >> > yahoo.com. 3600 IN A 98.139.183.24 > >> > > >> > ;; AUTHORITY SECTION: > >> > yahoo.com. 172800 IN NS ns6.yahoo.com. > >> > yahoo.com. 172800 IN NS ns2.yahoo.com. > >> > yahoo.com. 172800 IN NS ns1.yahoo.com. > >> > yahoo.com. 172800 IN NS ns4.yahoo.com. > >> > yahoo.com. 172800 IN NS ns8.yahoo.com. > >> > yahoo.com. 172800 IN NS ns5.yahoo.com. > >> > yahoo.com. 172800 IN NS ns3.yahoo.com. > >> > > >> > ;; ADDITIONAL SECTION: > >> > ns6.yahoo.com. 172800 IN A 202.43.223.170 > >> > ns8.yahoo.com. 172800 IN A 202.165.104.22 > >> > > >> > ;; Query time: 136 msec > >> > ;; SERVER: 127.0.0.1#53(127.0.0.1) > >> > ;; WHEN: Sun Sep 2 17:09:03 2012 > >> > ;; MSG SIZE rcvd: 233 > >> > //////////////////////////////////////////////////////////////////////// > >> > According to result, my bind work truly, But when i the same command on > >> > my machine , i get the following result: > >> > ///////////////////////////////////// > >> > root@debian:/home/mohsen# dig yahoo.com @184.22.226.206 > >> > > >> > ; <<>> DiG 9.8.1-P1 <<>> yahoo.com @184.22.226.206 > >> > ;; global options: +cmd > >> > ;; connection timed out; no servers could be reached > >> > > >> > //////////////////////////////// > >> > > >> > What do i set to solve it? > >> Two things that might be the issue: > >> 1. Doe the BIND configuration (named.conf) enable BIND on your > >> external interface? > >> 2. Does a firewall allow access to port 53/UDP? > >> > >> There are other possibilities, depending on thins like you network > >> configuration. Make sure that you can ping the server from the remote > >> system. And, please do not run an open recursive server. (Don't know > >> that you are trying to, but it looked quite possible.) > > Would you like explain more? > > A recursive DNS server that is available to the world can be used as > an amplifier for DDOS attacks. It is generally considered unacceptable > to allow public access to recursive servers. If you have the resources > of a Google, you can build tools to monitor for this and prevent this, > but it is not trivial and does not work with stock BIND or any other > free DNS server of which I am aware. > > Further, if the server is authoritative for some zones and is also > does recursion, it is far more vulnerable to cache poisoning attacks, > so the bast common practice is to run separate authoritative and > recursive servers and limit recursion to internal, and customer > systems. It's beautiful idea...thank you.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
