[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: [RAQ4] Denying specific IP from DNS traffic

Subject: RE: [cobalt-security] Re: [RAQ4] Denying specific IP from DNS traffic
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Thu, 20 Feb 2003 07:05:13 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Guys

(Just read back through this thread, I've been away)

They're *updates*, not zone transfer attempts. That almost certainly indicates someone who has (for some reason) setup a Windows server, is running DNS on it, and has the 'target' domain setup on there also. The dumb server is then attempting to auto-update the master DNS server with dynamic updates.

You'll see it more and more often as time goes by. Ignore it, or alternatively simply setup a logging category for updates to channel "null". Read the BIND documentation or refer to the O'Reilly "DNS and BIND" book for details on how to do it.

In almost all cases, it's easier to understand the cause rather than try to build a big firewall ruleset to prevent it happening!

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: [cobalt-security] Proftpd Security Update 2.0.1 - New
Next by Date: Re: [cobalt-security] HDD problems
Previous by thread: Re: [cobalt-security] Re: [RAQ4] Denying specific IP from DNS traffic
Next by thread: [cobalt-security] j root server

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index