lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <008401c47134$d3e42980$0100000a@c5>
From: aditya.deshmukh at online.gateway.technolabs.net (ALD, [ Aditya Lalit Deshmukh ])
Subject: Question for DNS pros

> I can think of two possibilities:
> 1) At some time in the past, a host *was* serving DNS at that address and 
> some "foreign" hosts have cached the address.

i think your isp should have this info

> 2) Someone somewhere has registered a domain and used our IP address for 
> one of their "nameservers" in the registration.

then his domain is toast anyway as there is not dns server so effectively his domain is offline, 
this will be corrected soon if this is the case.
 
> (If anyone can think of other explanations, please let me know.)
> 
> The best suggestion yet has been to set up a name server at that address 
> with verbose logging.  That's probably what I will do next week.

1. just block of port 53 / udp for that address at the firewall
2. run a dns server that replies to all the quries with localhost or 127.0.0.1 after you have found what is causing this
3. set the refresh time, TTL and other values to -1 this should solve most of the problems as the clients would simply stop querying 

-aditya

??????????????????????????????????????????????????????
?b???v?"?.axZ?x??????Gb?*'??.?[kj???.?j)m???r??


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ