Apple OS and DNS resolution (._dns-sd.udp. requests)
Hello, our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied these requests are denied, because we use private IPS from those ranges and I don't want to make them available for users. Can these requests cause resolving problems on Apple computers? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Apple OS and DNS resolution (._dns-sd.udp. requests)
On 4/5/2012 5:08 AM, Matus UHLAR - fantomas wrote: Hello, our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied these requests are denied, because we use private IPS from those ranges and I don't want to make them available for users. Can these requests cause resolving problems on Apple computers? Those are RFC-2792 service discovery requests, used by Bonjour-- see: http://www.dns-sd.org/ Denying them won't affect normal DNS resolution, although setting up appropriate answers will help Mac (and Windows) clients find resources like printers, proxy servers, and so forth appropriate for the domain they live in. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Apple OS and DNS resolution (._dns-sd.udp. requests)
In message 20120405090858.ga29...@fantomas.sk, Matus UHLAR - fantomas writes: Hello, our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied these requests are denied, because we use private IPS from those ranges and I don't want to make them available for users. Can these requests cause resolving problems on Apple computers? Well you are leaking RFC 1918 answers. I would close off the leak by using views or different nameservers for your machines. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Apple OS and DNS resolution (._dns-sd.udp. requests)
In message 20120405090858.ga29...@fantomas.sk, Matus UHLAR - fantomas writes: our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#32844: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#49019: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#35647: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied these requests are denied, because we use private IPS from those ranges and I don't want to make them available for users. Can these requests cause resolving problems on Apple computers? On 06.04.12 08:09, Mark Andrews wrote: Well you are leaking RFC 1918 answers. I would close off the leak by using views or different nameservers for your machines. I am leaking? :) I am not. client is sending requests and I am denying them. I have in plan to move those zones to different servers to avoid this problem, and clients will get empty results. I was curious if these can't cause the problem reported by user, however it appears not to be the source of it. I'll have to dig further. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Apple OS and DNS resolution (._dns-sd.udp. requests)
In message 20120405221836.ga4...@fantomas.sk, Matus UHLAR - fantomas writes: In message 20120405090858.ga29...@fantomas.sk, Matus UHLAR - fantomas writ es: our customer (an ISP) reported that his clients have problems resolving sites like facebook, youtube, aplestores and that the problems only affect apple computers. I notice many requests for dns service discovery: Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#328 44: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#490 19: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied Apr 5 09:47:20 t03 named[8324]: security: info: client 195.168.157.82#356 47: query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied these requests are denied, because we use private IPS from those ranges and I don't want to make them available for users. Can these requests cause resolving problems on Apple computers? On 06.04.12 08:09, Mark Andrews wrote: Well you are leaking RFC 1918 answers. I would close off the leak by using views or different nameservers for your machines. I am leaking? :) I am not. client is sending requests and I am denying them. I have in plan to move those zones to different servers to avoid this problem, and clients will get empty results. You are *both* leaking RFC 1918 state. The REFUSED is a leak. You solution sounds fine. I was curious if these can't cause the problem reported by user, however it appears not to be the source of it. I'll have to dig further. REFUSED isn't a expected answer. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users