From owner-freebsd-security Sat Jan 29 16:42:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id AAC0F1530F for ; Sat, 29 Jan 2000 16:42:44 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id RAA07787; Sat, 29 Jan 2000 17:42:35 -0700 (MST) Message-Id: <4.2.2.20000129173939.0410f700@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sat, 29 Jan 2000 17:42:31 -0700 To: "Michael Bryan" , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: Continual DNS requests from mysterious IP In-Reply-To: <200001290842460680.22E3EFC9@quaggy.ursine.com> References: <200001291634.IAA36101@floozy.zytek.com> <200001291634.IAA36101@floozy.zytek.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:42 AM 1/29/2000 , Michael Bryan wrote: >If somebody has manually setup their system to use you as a DNS resolver, >then you will get packets for any and all DNS requests they make, no matter >where they are on the Internet. Which brings up a question I've had for a long time. When I set up a system as a NAT router, I would like to assign names to the internal machines (e.g. on 10.x.x.x) so that the POP server and other programs that do DNS queries are happy. (It also makes the logs more readable.) However, I don't want anyone OUTSIDE to be able to do forward or reverse DNS for those machines. Is there an easy way to do this? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message