Nothing happens with emails
- Thread starter PRB
- Start date
Btw, log:
and so forth...
Code:
2008-10-30 09:24:03 1KvaJD-00045S-IK == *** <***> R=lookuphost defer (-1): host lookup did not complete
2008-10-30 09:31:25 1Kva9v-00041i-Ox == *** R=lookuphost defer (-1): host lookup did not complete
2008-10-30 09:31:45 1KvaAa-000425-SD == *** R=lookuphost defer (-1): host lookup did not complete
2008-10-30 10:01:25 1KvaAa-000425-SD == *** R=lookuphost defer (-1): host lookup did not complete
2008-10-30 10:01:45 1Kva9v-00041i-Ox == *** R=lookuphost defer (-1): host lookup did not completeand so forth...
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Indication that your server cannot resolve other domains.
From a shell login:
If it doesn't resolve, then check this file:
That file needs to have two working resolving (caching) nameservers listed. Test the servers:
where you replace the obvious phony IP#s with the ones listed for the nameservers in your resolv.conf file, to make sure you're using two resolving nameservers.
Jeff
From a shell login:
Code:
$ nslookup directadmin.com
Code:
$ cat /etc/resolv.conf
Code:
$ dig @123.45.67.89 directadmin.com
$ dig @111.222.233.244 directadmin.comJeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
That depends on how you have your nameserver setup.
If you're using your local nameserver for both authoritative and caching (resolving) nameservice, it may be liable to be easily hacked. We do NOT recommend using the same server for both authoritative and caching nameservice.
Jeff
If you're using your local nameserver for both authoritative and caching (resolving) nameservice, it may be liable to be easily hacked. We do NOT recommend using the same server for both authoritative and caching nameservice.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Not quite, though the issue is subtle and you may not have noticed it. We have, and we've duplcated it, and we found it to be something we didn't want to live with.
Let's presume you've got BIND set up to do recursive queries for your local machine and/or your local network.
Let's further presume you or one of your clients sends an email through your server to (for example) an account at earthlink.net, or that you've got DNS lookups turned on for your httpd logs and someone on an earthlink dialup or DSL account browses a site on your server.
Your server, of course is allowed to look it up, and does, and places the lookup in it's local DNS cache.
Now here's the kicker that most of us ignore: Once the earthlink record is in your local cache, your server will serve it to anyone, just as it will do for all the sites for which it's authoritative.
I've checked this; it's repeatable. It happens, or at least it did when we tried it. That's why we no longer allow local lookups on our authoirtative nameservers.
Jeff
Let's presume you've got BIND set up to do recursive queries for your local machine and/or your local network.
Let's further presume you or one of your clients sends an email through your server to (for example) an account at earthlink.net, or that you've got DNS lookups turned on for your httpd logs and someone on an earthlink dialup or DSL account browses a site on your server.
Your server, of course is allowed to look it up, and does, and places the lookup in it's local DNS cache.
Now here's the kicker that most of us ignore: Once the earthlink record is in your local cache, your server will serve it to anyone, just as it will do for all the sites for which it's authoritative.
I've checked this; it's repeatable. It happens, or at least it did when we tried it. That's why we no longer allow local lookups on our authoirtative nameservers.
Jeff
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,275
Jeff I definitely do not expect you to detail how a hacker could get in. I just wanted to verify that the situation you described above could indeed allow a hacker to get in. I don't need to know how. I just want to verify that it is indeed is dangerous.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
And I didn't explain how a hacker could get in 
, only how the server could still be a caching nameserer, at least for some domains.
Jeff
, only how the server could still be a caching nameserer, at least for some domains.Jeff