Re: NAMED LOGS
* Mark Andrews [2013-07-23 06:42]: The method is described here (Figure 4): http://homes.cs.washington.edu/~gribble/papers/king.pdf Using a delegation is a technical detail. It's not different than sending a query directly to the zone servers. Send queries for domains that the server is NOT configured to accept is very different to sending queries for domains the server IS configured to accept. You just cost the rw adminstrators time and money investigation the source of unexpected traffic. You cost everyone on the list some time and money helping out the rw administrators. The actual cost of the traffic in inconsequential to the other costs that have resulted from your actions. TLD administrators actually need to look for abnormal traffic as they are high value targets. Ok, I see your point. I will use opt-in for further measurements. Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg smime.p7s Description: S/MIME Kryptografische Unterschrift ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
Hi, Grace Ingabire writes: Does anyone know what is going on here? As I can't understand why we do receive a lot of these messages in our logs. Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied [...] I'm the zone owner of verteiltesysteme.net. What you're seeing there are queries by open resolvers (more accurately: forwarders of open resolvers). This is part of a research project to measure the effect of the DNS injection censorship method. www.minghui.org is a name being blocked by by the Great Firewall of China via DNS injection. By querying for www.minghui.org.SUFFIX we can test whether the open resolver has a clean, uncensored path to your TLD nameservers. I'll add the addresses of .rw to our blacklist, so you won't be seeing any more of these queries. Sorry for inconvenience. Let me know if you have further questions. Regards, Matthäus Wander -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
* Mark Andrews [2013-07-23 03:36]: How do you do that with a broken delegation? Did you think to ask before delegating a zone to a zone not configured for it? What does your Chancellor think about using uninformed third parties for experiments like this? The method is described here (Figure 4): http://homes.cs.washington.edu/~gribble/papers/king.pdf Using a delegation is a technical detail. It's not different than sending a query directly to the zone servers. About sending queries unasked: I thought of the traffic this would cause, which should be a few queries per second on TLD servers and a few queries per minute on open resolvers. I do not expect this to have any negative operational effect. If you're having a different experience, or just don't like it as a matter of principle, let me know and I will stop sending packets to your server. Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users