From owner-freebsd-security Sat Jan 29 23: 4:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from bunyip.cc.uq.edu.au (bunyip.cc.uq.edu.au [130.102.2.1]) by hub.freebsd.org (Postfix) with ESMTP id 3E77E15A38 for ; Sat, 29 Jan 2000 23:04:31 -0800 (PST) (envelope-from bc@thehub.com.au) Received: from zinarktei.client.uq.net.au (uq-nosferatu.client.uq.net.au [203.101.254.51]) by bunyip.cc.uq.edu.au (8.9.3/8.9.3) with SMTP id RAA06608; Sun, 30 Jan 2000 17:04:28 +1000 (GMT+1000) Date: Sun, 30 Jan 2000 15:07:14 +1000 (EST) From: Bruce Campbell X-Sender: bc@zinarktei.client.uq.net.au To: freebsd-security@FreeBSD.ORG Cc: Chris Johnson Subject: Re: Continual DNS requests from mysterious IP In-Reply-To: <20000129115451.A14160@palomine.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 29 Jan 2000, Chris Johnson wrote: > On Sat, Jan 29, 2000 at 05:46:54PM +0100, Poul-Henning Kamp wrote: > > Tell named to only recurse for your own IP range (takes code hacking). > > Or use dnscache/tinydns instead of named. It's new, written by Dan Bernstein > (the author of qmail), and it'll give you control over who gets to request what > from your name servers. It's also small, secure, simple, etc., like qmail is. > I'm completely BIND-free now, and haven't had any problems whatsoever. > http://cr.yp.to/dnscache.html Hrm. Last time I checked, cr.yp.to had two nameservers (for yp.to) which happened to have the same IP address. I'm sorry, but I personally wouldn't trust my DNS to software written by someone who hasn't taken note of the suggestions within RFC2182 (Selection and Operation of Secondary DNS Servers) , then again, I've probably got more zones than you ;) --==-- Bruce. Devils Advocate. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message