Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: DNS Concern?

Re: DNS Concern?

Matthew Dillon (dillonapollo.backplane.com)
Mon, 27 Sep 1999 22:34:12 -0700 (PDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Rodney W. Grimes: "Re: dump(8) Insecurity/Misconfiguration"
Previous message: Nate Williams: "DNS Concern?"

:>From my logfile (not modified to protect the innocent..)
:----------------------------------------------
:Sep 24 23:21:26 ns named[17685]: ns_resp: query(hackerz.org) A RR negative cache entry (216.181.127.2:)
:Sep 24 23:21:26 ns named[17685]: ns_resp: query(hackerz.org) All possible A RR's lame
:Sep 24 23:21:26 ns named[17685]: ns_forw: query(hackerz.org) A RR negative cache entry (216.181.127.2:)
:Sep 24 23:21:26 ns named[17685]: ns_forw: query(hackerz.org) All possible A RR's lame
:----------------------------------------------
:
:
:Is this anything to be concerned about?
:
:
:Nate

    No. 216.181.127.2 is listed as a NS record by hackerz.org's two DNS
    sites. hackerz.org must have screwed something up, which doesn't
    surprise me at all. Their NIC listed NS records do not match their
    zone-listed NS records. While this isn't illegal (NIC listed NS
    records are used like a bootstrap), my opinion from reading their zone
    is that they are somewhat confused.

    In anycase, it means that your machine is fine: it's using information
    gotten from the right place rather then information spoofed into your
    DNS cache.

    Your log entry simply indicates that 216.181.127.2 was not returning
    authoritative information on the zone on that day, yet was listed as
    an NS record (i.e. sites which must return authoritative data).
    It looks like they fixed whatever the problem wa, 216.181.127.2 is
    now returning authoritative information.

I find the reverse lookup for 216.181.127.2 to be highly amusing:

        apollo:/home/dillon> nslookup 216.181.127.2
        Server: apollo.backplane.com
        Address: 216.240.41.2

Name: theinternicsucksshit.com
Address: 216.181.127.2

heh heh. There is no forward lookup for theinternicsucksshit.com,
which may also be causing a problem.

                                        -Matt
                                        Matthew Dillon
                                        <dillonbackplane.com>

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Rodney W. Grimes: "Re: dump(8) Insecurity/Misconfiguration"
Previous message: Nate Williams: "DNS Concern?"

This archive was generated by hypermail 2.0b3 on Tue Sep 28 1999 - 00:32:41 CDT