[Novalug] tcpdump questions [where is all my traffic going?]
plarsen at famlarsen.homelinux.com
Sat Oct 15 21:51:09 EDT 2011
On Sat, 2011-10-15 at 21:28 -0400, Nick Danger wrote:
> On 10/15/2011 06:16 PM, Peter Larsen wrote:
> > In regards to DNS/bind I would recommend you turn on query logging. A
> > common mistake in setting up DNS servers is to allow external requests
> > to resolve. Once discovered attackers can use your "hidden" DNS to hide
> > their movements from ISP DNS records which can be subpoenaed. Once
> > found, the address is easily shared and you may see a lot of traffic
> > coming in.
> Do you mean recursive DNS or something else?
The recursion is required unless you're a A, B, C ... type of domain.
The question is who can make queries against your bind for either
internal or external addresses. Most likely you only want your DNS
server to only resolve internal addresses to the world (no recursion),
and only do recursion when used by an internal address since your bind
server is their default DNS server. If you allow recursion to the world,
you're providing a free service (thank you very much) and be prepared to
be used/abused because of it.
Wise words of the day:
abuse me. I'm so lame I sent a bug report to debian-devel-changes
-- Seen on #Debian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://calypso.tux.org/pipermail/novalug/attachments/20111015/0985f43f/attachment.bin
More information about the Novalug