DNSstuff reports open DNS
Lloyd Thomas
lloydie.t at googlemail.com
Fri Jun 20 20:12:33 EDT 2008
Hi,
I am testing out maraDNS on my windows box to replace
SimpleDNS. I think I am having a problem with my setup of maraDNS
advertising itself as an open DNS server. I am using dnsstuff.com to test
the server. The full text of the problem is below. Any help appreciated.
----------------------------------------
ERROR: One or more of your nameservers reports that it is an open DNS
server. This usually means that anyone in the world can query it for domains
it is not authoritative for (it is possible that the DNS server advertises
that it does recursive lookups when it does not, but that shouldn't happen).
This can cause an excessive load on your DNS server. Also, it is strongly
discouraged to have a DNS server be both authoritative for your domain and
be recursive (even if it is not open), due to the potential for cache
poisoning (with no recursion, there is no cache, and it is impossible to
poison it). Also, the bad guys could use your DNS server as part of an
attack, by forging their IP address. Problem record(s) are:
-------------------------------------------------
I also have a problem with the following error report as well
----------------------------------------------
WARNING: One or more of your DNS servers does not accept TCP connections.
Although rarely used, TCP connections are occasionally used instead of UDP
connections. When firewalls block the TCP DNS connections, it can cause
hard-to-diagnose problems. The problem servers are:
85.234.142.68: Error [Connection refused (10061)]
----------------------------------------------------
Lloydie T
More information about the list
mailing list