- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: how to block unwanted domain queries??
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2004 01:06 AM
тАО02-03-2004 01:06 AM
Do you know how to block/drop unwanted DNS-queries which the domains are not belong to us? My DNs servers are not connected to the rest of the world (it is part of a private club network), so my DNS servers are the root in my area(= end point)
I just want my DNs servers will only answer the domains with belong to us, the rest of the dns-queries I want to drop them and send a reply back to the sender that it is not existed insteads of "Servfail error".
Do you know what I have to configure in my DNS??
My DNS server is a HP-UX 11i+Bind 9.2.
Thanks in advance.
Regards,
John
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2004 01:34 AM
тАО02-03-2004 01:34 AM
Re: how to block unwanted domain queries??
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA
Pretty easy install, then configure to drop particular IP addresses from all requests or port 53.
To keep public inquiries off the public internet in total off the box, don't include the external ip address in the domain records and block port 53.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2004 02:24 AM
тАО02-03-2004 02:24 AM
Re: how to block unwanted domain queries??
SEP, in named.conf is an option "allow-query {}" which specifies which hosts are allowed to ask ordinary questions to DNS.
I don't know how to block/drop unwanted DNS-queries. In my opinion it is not possible in Bind 9.2.
Regards,
Sergejs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2004 01:35 AM
тАО02-04-2004 01:35 AM
SolutionRemoving the root hints and configuring a SOA record for the "." domain will make your server the root authority. You├в ll have to configure child domains for COM and NET just as if you ran the real "." authority to get your internal networks to resolve correctly.
Note: this will not prevent someone from accessing the external network, just from resolving names from i
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2004 01:53 AM
тАО02-04-2004 01:53 AM
Re: how to block unwanted domain queries??
searching for BIND on http://www.docs.hp.com/hpux/netcom/index.html#Internet%20Services
I see the options:
- allow-query in Bind 8.)
- blackhole in Bind 9.
Quote:
blackhole
This option is used to specify a list of addresses from which the
server will not accept queries or and does not use them to resolve a
query. Default is none. The syntax of blackhole option in the
├в Options├в statement in the /etc/named.conf file is as shown below:
[ blackhole {address_match_list {; ]
JP.
And read the forum etiquette on assigning points to answers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2004 07:39 AM
тАО02-04-2004 07:39 AM
Re: how to block unwanted domain queries??
I think your solution is what I need. Since I don't know the IP-addresses where they come from, I can not used allow-query or blackhole. You say: Removing the root hints and configuring a SOA record for the "." domain will make your server the root authority. You├Г┬в├В ├В ll have to configure child domains for COM and NET just as if you ran the real "." authority to get your internal networks to resolve correctly.
Can you give me an example please??
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2004 08:06 AM
тАО02-04-2004 08:06 AM
Re: how to block unwanted domain queries??
zone "." {
type hint;
file "named.root";
};
change it to
zone "." {
type master;
file "root.dns";
};
create a new file root.dns that looks like this.
;
; Database file . for . zone
; Zone version: 1
;
@ IN SOA
1 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL
;
; Zone NS records
;
@ NS
net NS
com NS
; host lookup
After that, you'll need to create zone files similar to this for .com and .net and populate the hosts you wish to resolve. Don├в t forget to create the reverse look-ups
Hope this helps, sorry it's not complete.
APPENDIX: I think the posting fairy is going to eat the white space, sorr
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2004 08:10 AM
тАО02-04-2004 08:10 AM
Re: how to block unwanted domain queries??
this solution is best for networks that are PHYSICALLY DISCONNECTED FROM THE PUBLIC INTERNET.
if you have any wish to connect to outside hosts from the internal network THIS IS NOT YOUR SOLUTION.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2004 05:51 PM
тАО02-04-2004 05:51 PM
Re: how to block unwanted domain queries??
although Thomas solution may be the best for you (improving your configuration), I have a remark on the address_match_list. The syntax of such a list allows you to negate a list. So it should be possible to list all valid subnets, and negate the list. Check the man page of named.conf. I cannot test this.
JP.
P.S.: Re-reading your question and Thomas' remark I think the issue is not where the request comes from, but what the request is asking for.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-05-2004 03:31 AM
тАО02-05-2004 03:31 AM
Re: how to block unwanted domain queries??
It works now, only local domains will be answered. All the strange domains will be replied with "NXDOMAIN". But I forget to tell you that I have also forwarder in my named.conf. Now all the forwarders doesn't work anymore..so how can I solve it??
my named.conf file now:::
zone "mnc020.mcc238.gprs" {
type forward;
forwarders {
62.44.191.131;
62.44.191.132;
};
forward only;
};
zone "." {
type master;
file "db.fake";
notify no;
};
Attach is the db.fake file
Hope you can solve my problem
Thanks in advance,
Regards,
john