lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87bri62g4u.fsf@blackbox.babasse.net>
From: plonk-o-matic at teaser.fr (Cyril Guibourg)
Subject: Question for DNS pros

Paul Schmehl <pauls@...allas.edu> writes:

> What I want to know is *why* do these "foreign" hosts think an IP on
> my network is serving DNS when there's not even a host at that address.
>
> I can think of two possibilities:
>
> 1) At some time in the past, a host *was* serving DNS at that address
> and some "foreign" hosts have cached the address.
> 2) Someone somewhere has registered a domain and used our IP address
> for one of their "nameservers" in the registration.
>
> (If anyone can think of other explanations, please let me know.)

Some bogus resolver, or forwarder, setup.

> Now how is a reverse lookup going to help you with that?

It won't.

> The best suggestion yet has been to set up a name server at that
> address with verbose logging.  That's probably what I will do next
> week.

Yes, just put no zone at all and log queries. After a while, you should be
able to figure out "why" you receive these queries.

Cheers.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ