https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636986#M89803 Hi,<BR /><BR />This could be a security issue if the parent server of your DNS is not secure(I think it should be out oy your own network). For example a hacker can hang that DNS and substitute it so he would be able to send you wherever he wants(for example a false page of Deutsche Bank). This can happen in any DNS from your DNS to the root servers but you can??t make anything about this. If you need to comunicate with some web site in a secure way use certificates.<BR /><BR />I hope this help.<BR /><BR /><BR /><BR /> Fri, 04 Jan 2002 15:05:03 GMT oiram 2002-01-04T15:05:03Z https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636984#M89801 I have installed a linux box in the dmz and added the relative domain and dns entries in resolv.conf. When I run nslookup from the linux box to a sub-dns inside the firewall I get non-authoritative answer which I understand means the sub-dns is not cached in the DMZ DNS database, correct? My question is, is this a security issue? Mon, 31 Dec 2001 14:44:04 GMT https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636984#M89801 lastgreatone 2001-12-31T14:44:04Z https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636985#M89802 Hi,<BR />Its very natural to behave in this way, and ther is no obvious security implications to it. You can have a look at the security and vulnerability trends at<BR /><A href="http://www.cert.org/present/cert-overview-trends/" target="_blank">http://www.cert.org/present/cert-overview-trends/</A><BR /><BR />Manoj Wed, 02 Jan 2002 06:55:35 GMT https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636985#M89802 Manoj Kumar Sarangi 2002-01-02T06:55:35Z https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636986#M89803 Hi,<BR /><BR />This could be a security issue if the parent server of your DNS is not secure(I think it should be out oy your own network). For example a hacker can hang that DNS and substitute it so he would be able to send you wherever he wants(for example a false page of Deutsche Bank). This can happen in any DNS from your DNS to the root servers but you can??t make anything about this. If you need to comunicate with some web site in a secure way use certificates.<BR /><BR />I hope this help.<BR /><BR /><BR /><BR /> Fri, 04 Jan 2002 15:05:03 GMT https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636986#M89803 oiram 2002-01-04T15:05:03Z https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636987#M89804 Hello,<BR /><BR />I completely agree with the previous answer.<BR /><BR />What I would suggest :<BR /><BR />Never put the reference DNS zones (aka primary or master or authoritative) in the DMZ. The Linux box in your DMZ should be a secondary (secondary) DNS server. It should synchronize with a primary server in your intranet through the firewall.<BR /><BR />To achieve this synchronization in a secure way, use cryptographic keys (available with BIND 8 and above). Read the named.conf manpage to learn more on this.<BR /><BR />Good luck.<BR /><BR />Kodjo<BR /> Tue, 08 Jan 2002 00:45:09 GMT https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636987#M89804 Kodjo Agbenu 2002-01-08T00:45:09Z https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636988#M89805 Hi,<BR /> What nslookup is telling you is that the DNS server for the machine you are running nslookup on, is not one of the registered authoritative nameservers for your domain. When nslookup starts, it lists the nameserver it is using as a default. By rights that wont be one of your registered nameservers.<BR />If it is, you need to check your Internic records. If it is you need to<BR />check your zone files and particularly the NAMED.CONF file to make sure the<BR />sure file are being loaded (primary) or transferred (secondary)<BR /><BR /><BR />Regds<BR />Ramesh Thu, 10 Jan 2002 04:29:23 GMT https://community.hpe.com/t5/operating-system-linux/non-authoritative-answer/m-p/2636988#M89805 ramesh_6 2002-01-10T04:29:23Z