Re: Suspecious DNS traffic

@lists.isc.org Sent: Monday, 25 March 2013 7:46 PM Subject: Re: Suspecious DNS traffic On 26.03.13 00:21, babu dheen wrote: Hi Matus, please, skip personal replies. this is mailing listand issued should be discussed here. Still not convinced because if i need to allow 1024 port from  our DNS

Re: Suspecious DNS traffic

...@yahoo.co.in Cc: bind-users@lists.isc.org bind-users@lists.isc.org Sent: Monday, 25 March 2013 7:48 PM Subject: Re: Suspecious DNS traffic babu dheen wrote on 03/25/2013 12:21:30 PM: Still not convinced because if i need to allow 1024 port from  our DNS server to external world(internet

Re: Suspecious DNS traffic

server on non standard destination Port?   Regards Babu       From: Vernon Schryver v...@rhyolite.com To: bind-users@lists.isc.org Sent: Monday, 25 March 2013 8:40 PM Subject: Re: Suspecious DNS traffic Still not convinced because if i need to allow 1024 port from

Re: Suspecious DNS traffic

dheen babudh...@yahoo.co.in Cc: bind-users@lists.isc.org bind-users@lists.isc.org Sent: Monday, 25 March 2013 7:48 PM Subject: Re: Suspecious DNS traffic babu dheen wrote on 03/25/2013 12:21:30 PM: Still not convinced because if i need to allow 1024 port from our DNS server

Re: Suspecious DNS traffic

standard destination port? Regards Babu *From:* wbr...@e1b.org wbr...@e1b.org *To:* babu dheen babudh...@yahoo.co.in *Cc:* bind-users@lists.isc.org bind-users@lists.isc.org *Sent:* Monday, 25 March 2013 7:48 PM *Subject:* Re: Suspecious DNS traffic babu dheen wrote on 03/25/2013 12:21:30 PM

Re: Suspecious DNS traffic

the connection to remote DNS server on non standard destination Port? Regards Babu *From:* Vernon Schryver v...@rhyolite.com *To:* bind-users@lists.isc.org *Sent:* Monday, 25 March 2013 8:40 PM *Subject:* Re: Suspecious DNS traffic Still not convinced because if i need to allow 1024 port

Re: Suspecious DNS traffic

*Subject:* Re: Suspecious DNS traffic Still not convinced because if i need to allow 1024 port from our DNS server to external world(internet).. where is the security? Every UDP and TCP packet has two port numbers, the source port and the destination port. When a resolver sends a request

Re: Suspecious DNS traffic

i need to now look? Regards Papdheen M From: Matus UHLAR - fantomas uh...@fantomas.sk To: bind-users@lists.isc.org Sent: Monday, 25 March 2013 7:46 PM Subject: Re: Suspecious DNS traffic On 26.03.13 00:21, babu dheen wrote: Hi Matus, please, skip personal replies

Re: Suspecious DNS traffic

Andrews ma...@isc.org To: babu dheen babudh...@yahoo.co.in Cc: bind-users@lists.isc.org bind-us...@isc.org Sent: Monday, 25 March 2013 12:33 AM Subject: Re: Suspecious DNS traffic In message 1364140396.42023.yahoomail...@web190806.mail.sg3.yahoo.com, babu d heen writes: Dear, We have

Re: Suspecious DNS traffic

On 25.03.13 16:59, babu dheen wrote:  I am able to query one of the PTR record available in my company BIND caching DNS server from internet(ANY IP address) successfully. As per your statement, If I am denying the response, how could I get response successfully? you must allow the packets

Re: Suspecious DNS traffic

port from our DNS server to internet? Kindly provide some details. Regards Babu From: Matus UHLAR - fantomas uh...@fantomas.sk To: bind-users@lists.isc.org Sent: Monday, 25 March 2013 3:30 PM Subject: Re: Suspecious DNS traffic On 25.03.13 16:59, babu dheen

Re: Suspecious DNS traffic

- fantomas uh...@fantomas.sk *To:* bind-users@lists.isc.org *Sent:* Monday, 25 March 2013 3:30 PM *Subject:* Re: Suspecious DNS traffic On 25.03.13 16:59, babu dheen wrote: I am able to query one of the PTR record available in my company BIND caching DNS server from internet(ANY IP address

Re: Suspecious DNS traffic

On 25 Mar 2013, at 16:21, babu dheen wrote: Still not convinced because if i need to allow 1024 port from our DNS server to external world(internet).. where is the security? I beleive we just need to allow TCP and UDP 53 from our DNS server to internet(any) which is already done. Not

Re: Suspecious DNS traffic

On 26.03.13 00:21, babu dheen wrote: Hi Matus, please, skip personal replies. this is mailing listand issued should be discussed here. Still not convinced because if i need to allow 1024 port from  our DNS server to external world(internet).. where is the security? If you have statefull

Re: Suspecious DNS traffic

babu dheen wrote on 03/25/2013 12:21:30 PM: Still not convinced because if i need to allow 1024 port from our DNS server to external world(internet).. where is the security? Total security requires total isolation. It is a matter of accepting some risks to perform the needed task. I

Re: Suspecious DNS traffic

Still not convinced because if i need to allow 1024 port from our DNS server to external world(internet).. where is the security? Every UDP and TCP packet has two port numbers, the source port and the destination port. When a resolver sends a request to a distant DNS authority, it sends to

Suspecious DNS traffic

Dear, We have Caching DNS server and certain PTR record(reverse entry verification purpose) only is allowed from internet. But I am observing suspicious DNS traffic from my BIND caching DNS server towards 67.215.80.15,67.215.80.13,207.192.69.4,67.227.239.85 IP address  on destination port

Re: Suspecious DNS traffic

In message 1364140396.42023.yahoomail...@web190806.mail.sg3.yahoo.com, babu d heen writes: Dear, We have Caching DNS server and certain PTR record(reverse entry verification purpose) only is allowed from internet. But I am observing suspicious DNS traffic from my BIND caching DNS server