On 4/19/18 7:44 PM, Francois Gouget wrote:
So I'm running a bind server and while it works I ran into a domain name
that it refuses to resolve: maibokun.com.
Digging into it, it looks like one DNS server is refusing to talk to me:
On my box:
$ host maibokun.com
;; connection timed out; no servers could be reached
$ host maibokun.com 210.143.111.171
;; connection timed out; no servers could be reached
Same thing on my laptop. But if I connect the laptop to another Wifi
network (thus changing it public IP address) or run the command on a
computer on the other side of the atlantic I get:
$ host maibokun.com
maibokun.com has address 210.188.220.102
maibokun.com mail is handled by 10 mail.maibokun.com.
$ host maibokun.com 210.143.111.171
Using domain server:
Name: 210.143.111.171
Address: 210.143.111.171#53
Aliases:
maibokun.com has address 210.188.220.102
maibokun.com mail is handled by 10 mail.maibokun.com.
Are DNS servers banning queries from some residential addresses or
something like this? Anyone else seeing the same issue?
Try having bind forward the requests to another public DNS server like opendns.
You could even protect yourself by having opendns block malware and other bad
sites. My bind named.conf.options file has the forwarding setup like this.
forwarders {
// opendns
// 208.67.222.222;
// 208.67.220.220;
127.0.2.1;
};
forward only;
If you are really worried that your DNS queries are being diverted by man in the
middle attacks use dnscrypt-proxy. I have dnscrypt-proxy listening on 127.0.2.1
(as above shows) and forwarding bind's DNS queries to opendns (cisco) over a
secure channel. I even redirect all DNS (port 53 udp) queries to any server to
my bind with a shorewall redirect rule (firewall).
This setup returns this from a host command:
host maibokun.com
maibokun.com has address 210.188.220.102
maibokun.com mail is handled by 10 mail.maibokun.com.
--
*...Bob*
