Prev-20 Home Next-20 4 msg Problem with Authoritative PTR Records 4 msg ACLs as external files 2 msg generate the same answer to any query 2 msg nsupdate strangeness v 9.2.3 vs. 9.3.x / 9.4.x 3 msg Strange DNS Queries 2 msg bind9.4 3 msg problems reaching google 2 msg Statistics query 2 msg Bind Configuration in fedora core 6 16 msg Are underscores no longer supported in Bind 9.4? 11 msg BIND sending quesries to 127.0.0.2? 2 msg bind 9.2 9.3 different behavior reverse DNS sub... 4 msg rndc reload doesn't update zone 2 msg Force reload when include changes 3 msg Question about nameserver selection mechanism 3 msg high availability configuration error? 1 msg cache cleaner could not create iterator: out of... 8 msg recursive queries fail with high load? Unexpected behaviour from the B root servers? A... \ Stephen John Smoogen (25 Feb 2007) . \ Mark Andrews (26 Feb 2007) . . \ Stephen John Smoogen (26 Feb 2007) . \ Peter Dambier (26 Feb 2007) 8 msg Denial of Service Prev-20 Home Next-20

Prev-Msg Prev-Thread Bind-users Feb-2007 Next-Thread Next-Msg Subject: Re: Unexpected behaviour from the B root servers? Am I setup wrong? Group: Bind-users From: Stephen John Smoogen Date: 26 Feb 2007 On 2/25/07, Mark Andrews <Mark_Andrews> wrote: > > > I am only seeing this with the B systems at the moment.. and I am > > trying to figure out how I should 'fix' my firewall or backbone DNS > > server to deal with it. > > > > Our campus DNS servers will 'proxy' a request to the backbone DNS > > servers and when it talks to the B servers, we get requests back from > > different IP address from what we sent to (thus our firewall drops it > > as a bad session). > > > > 129.24.8.1.32768 > 192.228.79.201.domain > > 192.228.79.200.domain > 129.24.8.1.32768 > > 192.228.79.202.domain > 129.24.8.1.32768 > > 192.228.79.201.domain > 129.24.8.1.32768 > > > > This really picked up on Saturday when pretty much every send to the > > 192.228.79.201 server got 1 to 2 other returns from b1.ip4.int, > > b2.ip4.int etc. > > > > The only other servers that the firewall seems to be dropping are some > > 'questionable' ones in Romania that showed up over the weekend. > > The first thing you need to do is figure out where the > "duplication" is occuring. > > As a datapoint, I don't see it from here when talking to > "b2". > Thanks Mark I ran a tcpdump overnight to see when it was occuring and it seems to occur every 10-30 queries. So my guess is that Peter Bambier's comment about a load-balancer on the B side may be the issue. Looking at the full packet capture the packets I am getting from 200,202,203 are all the same as the ones I get from 201. Hope you are having a good summer. Stephen > 15:45:37.180796 220.239.253.18.60656 > 192.228.79.201.53: 36120 TXT CHAOS? hostname.bind. (31) > 15:45:37.337522 192.228.79.201.53 > 220.239.253.18.60656: 36120*- 1/1/0 CHAOS TXT b2 (60) (DF) > -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" Prev-Msg Prev-Thread Bind-users Feb-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com