[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Verisign broke my dns WAS RE: [cobalt-users] Speaking of Stopping Spam
- Subject: Verisign broke my dns WAS RE: [cobalt-users] Speaking of Stopping Spam
- From: "Mike Jenkins" <cobalt-users@xxxxxxxxxxxxx>
- Date: Tue Sep 16 02:33:01 2003
- Organization: Poundbury Systems Ltd
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> > Wouldn't a nice entry in the access or .conf file
> > rejecting that IP or IP range do the trick?
> >
>
> I think we need a method to make our servers authoritative for
> 64.94.110.0/24 in named somehow. (Not my field of expertise.) So that
> when Sendmail does it's thing and the sending domain resolves to
> 64.94.110.0/24 the mail will get rejected.
>
> Any ideas out there?
If all you want to do is make your server authoritative for a reverse
domain, add it to the dns config in the gui. Simply create a secondary zone
for that range, and point it to a non-existant primary. Bind thinks it's
authoratitive for the domain, but can't load the records. It won't go
looking anywhere else for them..
RAQ550 - Network Services
- DNS
- edit secondary services
- add 64.94.110.0/24 with something unlikely (like 127.0.0.1)
for a primary
This will make your local server try and load the primary zone for that
range from itself, which won't work because you haven't configured it.
Reverse lookups on that range will then fail:
[admin admin]$ nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> server localhost
Default server: localhost
Address: 127.0.0.1#53
> set q=any
> 1.110.94.64.in-addr.arpa
Server: localhost
Address: 127.0.0.1#53
** server can't find 1.110.94.64.in-addr.arpa: SERVFAIL
But this is breaking the DNS really. You'll also get an error message in
/var/log/messages every couple of minutes:
Sep 16 10:21:29 jude named[29561]: zone 110.94.64.in-addr.arpa/IN: refresh:
unexpected rcode (SERVFAIL) from master 127.0.0.1#53
If you have a raq3/4, then it's the same thing, but it's in control panel,
dns-server parameters, add secondary name service for network.
As always your mileage may vary....
Mike
Poundbury Systems Ltd